ADWARE/InstallCore.Gen erneut da
Hallo ihr guten Seelen,
ich wollte mir heute einen MP3Converter runterladen und plötzlich waren diverse Programme mehr auf meinem PC.
Schritt1 Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:21 on 04/01/2014 (Basti)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Schritt2 Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by Basti (administrator) on HP on 04-01-2014 19:24:11
Running from C:\Users\Basti\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(HP) C:\Program Files (x86)\HP SimplePass\BioMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6463592 2012-02-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-02-24] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-10] (Easybits)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-13] ()
HKLM-x32\...\Runonce: [freem4atomp3converterzxvb] - [x]
HKLM-x32\...\Runonce: [Del9915532] - cmd.exe /Q /D /c del "C:\Users\Basti\AppData\Local\Temp\0.del" [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Basti\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134648 2013-10-28] ()
HKCU\...\Runonce: [Del9915532] - cmd.exe /Q /D /c del "C:\Users\Basti\AppData\Local\Temp\0.del"
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
AppInit_DLLs: C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2603312 2014-01-04] ()
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll [2869720 2013-10-29] ()
Startup: C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Re-markit - {4d5c5a63-c98f-4693-a3dc-5cf708212045} - C:\Program Files (x86)\Re-markit\150.dll No File
BHO-x32: HP SimplePass Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - HP SimplePass Toolbar - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\y0btifz5.default
FF user.js: detected! => C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\y0btifz5.default\user.js
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software (Adobereader alternative)\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Basti\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\Basti\AppData\Roaming\Mozilla\Plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Foxtab Speed Dial - C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\y0btifz5.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
FF Extension: CookieCuller - C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\y0btifz5.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Docs) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (Google Search) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Website Logon) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh\1.5_0
CHR Extension: (Google Wallet) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [jpfgjjhcgfbfkkoelpepohanhmbhdanh] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
==================== Services (Whitelisted) =================
R2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe [143488 2014-01-04] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [260424 2011-12-11] (HP)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [269640 2011-12-09] (AuthenTec, Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-02-24] (Synaptics Incorporated)
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-04 19:24 - 2014-01-04 19:25 - 00016238 _____ C:\Users\Basti\Downloads\FRST.txt
2014-01-04 19:23 - 2014-01-04 19:23 - 01931368 _____ (Farbar) C:\Users\Basti\Downloads\FRST64.exe
2014-01-04 19:23 - 2014-01-04 19:23 - 00000000 ____D C:\Users\Basti\Documents\Optimizer Pro
2014-01-04 19:23 - 2014-01-04 19:23 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Optimizer Pro
2014-01-04 19:23 - 2014-01-04 19:23 - 00000000 ____D C:\FRST
2014-01-04 19:21 - 2014-01-04 19:22 - 00000000 ____D C:\Users\Basti\Desktop\trojaner
2014-01-04 19:20 - 2014-01-04 19:20 - 00000000 _____ C:\Users\Basti\defogger_reenable
2014-01-04 19:19 - 2014-01-04 19:19 - 00050477 _____ C:\Users\Basti\Downloads\Defogger.exe
2014-01-04 19:16 - 2014-01-04 19:16 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-01-04 19:16 - 2014-01-04 19:16 - 00000000 ____D C:\Users\Basti\AppData\Roaming\FoxTab
2014-01-04 19:16 - 2014-01-04 19:16 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-04 19:15 - 2014-01-04 19:15 - 00000000 ____D C:\Program Files (x86)\OpenIt
2014-01-04 19:15 - 2014-01-04 19:15 - 00000000 ____D C:\Program Files (x86)\Foxtab
2014-01-04 19:12 - 2014-01-04 19:12 - 00673048 _____ ( ) C:\Users\Basti\Downloads\ZipExtractorSetup.exe
2014-01-04 17:21 - 2014-01-04 17:21 - 00000113 _____ C:\Users\Basti\AppData\Roaming\WB.CFG
2014-01-04 17:21 - 2014-01-04 17:21 - 00000005 _____ C:\Users\Basti\AppData\Roaming\WBPU-TTL.DAT
2014-01-04 17:02 - 2014-01-04 17:02 - 00002251 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-04 17:01 - 2014-01-04 19:21 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-04 17:01 - 2014-01-04 17:21 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-04 17:01 - 2014-01-04 17:16 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-04 17:01 - 2014-01-04 17:16 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-04 17:01 - 2014-01-04 17:02 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-04 17:01 - 2014-01-04 17:01 - 00001160 _____ C:\Users\Public\Desktop\Express Rip.lnk
2014-01-04 17:01 - 2014-01-04 17:01 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2014-01-04 17:01 - 2014-01-04 17:01 - 00000000 ____D C:\ProgramData\NCH Software
2014-01-04 17:01 - 2014-01-04 17:01 - 00000000 ____D C:\Program Files (x86)\NCH Software
2014-01-04 16:59 - 2014-01-04 16:59 - 00614784 _____ C:\Users\Basti\Downloads\express-rip-1-94(1).exe
2014-01-04 16:51 - 2014-01-04 16:51 - 00614784 _____ C:\Users\Basti\Downloads\express-rip-1-94.exe
2014-01-04 16:38 - 2014-01-04 16:38 - 00001155 _____ C:\Users\Basti\Desktop\Free M4a to MP3 Converter.lnk
2014-01-04 16:38 - 2014-01-04 16:38 - 00001150 _____ C:\Users\Basti\Desktop\My Music Tools.lnk
2014-01-04 16:38 - 2014-01-04 16:38 - 00000000 ____D C:\Program Files (x86)\Free M4a to MP3 Converter
2014-01-04 16:36 - 2014-01-04 16:36 - 05834488 _____ (ManiacTools.com ) C:\Users\Basti\Downloads\m4a-to80-mp3-converter.exe
2014-01-04 16:22 - 2014-01-04 19:22 - 00000000 ____D C:\Users\Basti\AppData\Local\Mobogenie
2014-01-04 16:22 - 2014-01-04 16:22 - 00000000 ____D C:\Users\Basti\Documents\Mobogenie
2014-01-04 16:21 - 2014-01-04 19:17 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2014-01-04 16:21 - 2014-01-04 19:16 - 00003216 _____ C:\Windows\System32\Tasks\FoxTab
2014-01-04 16:21 - 2014-01-04 19:16 - 00000288 _____ C:\Windows\Tasks\FoxTab.job
2014-01-04 16:20 - 2014-01-04 16:23 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer
2014-01-04 16:20 - 2014-01-04 16:20 - 00000000 ____D C:\Program Files (x86)\VideoConverter
2014-01-04 16:17 - 2014-01-04 16:17 - 00673240 _____ ( ) C:\Users\Basti\Downloads\VideoConverterSetup.exe
2014-01-04 15:37 - 2014-01-04 16:06 - 00000000 ____D C:\Users\Basti\Desktop\stik
2014-01-03 10:04 - 2014-01-03 10:04 - 00000000 ____D C:\Users\Basti\AppData\Roaming\OpenOffice
2013-12-28 17:48 - 1997-05-29 16:31 - 00315904 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2013-12-27 20:52 - 2013-12-27 20:52 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-27 20:47 - 2013-12-27 20:47 - 00000885 _____ C:\Users\Basti\Desktop\Jagged Alliance 2.lnk
2013-12-27 20:47 - 2013-12-27 20:47 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jagged Alliance 2
2013-12-27 20:44 - 2013-12-27 20:51 - 00000000 ____D C:\Program Files (x86)\Ja2
2013-12-26 10:04 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAT.DLL
2013-12-26 09:47 - 2013-12-26 09:47 - 00000000 ____D C:\Users\Basti\AppData\Local\Tracker Software
2013-12-25 11:30 - 2013-12-25 11:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-25 11:30 - 2013-12-25 11:30 - 00000000 ____D C:\ProgramData\Oracle
2013-12-25 11:30 - 2013-12-25 11:30 - 00000000 ____D C:\Program Files\Java
2013-12-25 11:29 - 2013-12-25 11:29 - 30694824 _____ (Oracle Corporation) C:\Users\Basti\Downloads\jre-7u45-windows-x64.exe
2013-12-25 11:21 - 2013-12-25 11:21 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-12-25 11:20 - 2013-12-25 11:20 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-25 11:09 - 2013-12-25 11:09 - 00000000 ____D C:\Users\Basti\AppData\Local\Secunia PSI
2013-12-25 11:09 - 2013-12-25 11:09 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-12-25 11:08 - 2013-12-25 11:09 - 05329480 _____ (Secunia) C:\Users\Basti\Downloads\PSISetup_3.0.0.9016.exe
2013-12-25 11:04 - 2014-01-04 19:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-25 11:04 - 2013-12-25 11:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-25 11:04 - 2013-12-25 11:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-25 11:04 - 2013-12-25 11:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-25 10:59 - 2013-12-25 10:59 - 00001200 _____ C:\Users\Public\Desktop\PDF-Viewer.lnk
2013-12-25 10:58 - 2013-12-25 10:59 - 00000000 ____D C:\Program Files\Tracker Software (Adobereader alternative)
2013-12-25 10:56 - 2013-12-25 10:56 - 16530904 _____ (Tracker Software Products Ltd ) C:\Users\Basti\Downloads\PDFXVwer_252131.exe
2013-12-25 10:49 - 2013-12-25 10:49 - 05329480 _____ (Secunia) C:\Users\Basti\Downloads\PSISetup.exe
2013-12-25 10:38 - 2013-12-25 10:38 - 477265185 _____ C:\Windows\MEMORY.DMP
2013-12-25 10:38 - 2013-12-25 10:38 - 00279968 _____ C:\Windows\Minidump\122513-56550-01.dmp
2013-12-25 10:38 - 2013-12-25 10:38 - 00000000 ____D C:\Windows\Minidump
2013-12-25 10:24 - 2013-12-25 10:25 - 00001693 _____ C:\DelFix.txt
2013-12-24 16:58 - 2013-12-24 16:58 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-24 16:56 - 2013-12-24 16:56 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Malwarebytes
2013-12-23 18:25 - 2013-12-25 10:24 - 00000000 ____D C:\Windows\ERUNT
2013-12-23 16:08 - 2013-12-24 17:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-23 16:08 - 2013-12-23 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 14:06 - 2013-12-23 14:06 - 00377856 _____ C:\Users\Basti\Downloads\gmer_2.1.19163.exe
2013-12-23 13:31 - 2013-12-23 13:31 - 00000000 ____D C:\AuthLog
2013-12-23 13:17 - 2014-01-04 19:17 - 00000000 ____D C:\Users\Basti\AppData\Local\genienext
2013-12-23 13:17 - 2014-01-04 16:32 - 00000000 ____D C:\Users\Basti\AppData\Roaming\newnext.me
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\AppData\Local\cache
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\.android
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 _____ C:\Users\Basti\daemonprocess.txt
2013-12-23 13:15 - 2014-01-04 19:16 - 00003220 _____ C:\Windows\System32\Tasks\Digital Sites
2013-12-23 13:15 - 2014-01-04 19:15 - 00000292 _____ C:\Windows\Tasks\Digital Sites.job
2013-12-23 13:15 - 2013-12-23 13:15 - 00000000 ____D C:\Users\Basti\AppData\Roaming\DigitalSites
2013-12-21 21:37 - 2013-12-21 21:37 - 00000000 _____ C:\autoexec.bat
2013-12-21 21:34 - 2013-12-21 21:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-15 19:59 - 2013-12-16 18:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-13 08:18 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 08:18 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 08:18 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 08:18 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 08:16 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 08:16 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 08:16 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-13 08:16 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-13 08:16 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-13 08:16 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 08:16 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 08:16 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-13 08:16 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 08:16 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 08:16 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 08:16 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-13 08:16 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-13 08:16 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-13 08:16 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 08:16 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 08:16 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-13 08:16 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 08:16 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 08:16 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 08:16 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 08:16 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 08:16 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 08:16 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 08:16 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-13 08:16 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 08:16 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 08:16 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-13 08:15 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 08:15 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 08:15 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 18:34 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 18:34 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 18:34 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 18:34 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 18:34 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 18:34 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 18:34 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 18:34 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 18:34 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 18:34 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 18:34 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 18:34 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 18:34 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 18:34 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 18:34 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 18:34 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 18:34 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 18:34 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 18:34 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-10 22:29 - 2013-12-10 22:36 - 00000000 ____D C:\ProgramData\Easybits Magic Desktop for HP
2013-12-06 15:47 - 2013-12-06 15:47 - 00018456 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_amd64.sys
==================== One Month Modified Files and Folders =======
2014-01-04 19:25 - 2014-01-04 19:24 - 00016238 _____ C:\Users\Basti\Downloads\FRST.txt
2014-01-04 19:23 - 2014-01-04 19:23 - 01931368 _____ (Farbar) C:\Users\Basti\Downloads\FRST64.exe
2014-01-04 19:23 - 2014-01-04 19:23 - 00000000 ____D C:\Users\Basti\Documents\Optimizer Pro
2014-01-04 19:23 - 2014-01-04 19:23 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Optimizer Pro
2014-01-04 19:23 - 2014-01-04 19:23 - 00000000 ____D C:\FRST
2014-01-04 19:22 - 2014-01-04 19:21 - 00000000 ____D C:\Users\Basti\Desktop\trojaner
2014-01-04 19:22 - 2014-01-04 16:22 - 00000000 ____D C:\Users\Basti\AppData\Local\Mobogenie
2014-01-04 19:21 - 2014-01-04 17:01 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-04 19:20 - 2014-01-04 19:20 - 00000000 _____ C:\Users\Basti\defogger_reenable
2014-01-04 19:20 - 2012-11-01 10:54 - 00000000 ____D C:\Users\Basti
2014-01-04 19:19 - 2014-01-04 19:19 - 00050477 _____ C:\Users\Basti\Downloads\Defogger.exe
2014-01-04 19:17 - 2014-01-04 16:21 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2014-01-04 19:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\AppData\Local\genienext
2014-01-04 19:16 - 2014-01-04 19:16 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-01-04 19:16 - 2014-01-04 19:16 - 00000000 ____D C:\Users\Basti\AppData\Roaming\FoxTab
2014-01-04 19:16 - 2014-01-04 19:16 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2014-01-04 19:16 - 2014-01-04 16:21 - 00003216 _____ C:\Windows\System32\Tasks\FoxTab
2014-01-04 19:16 - 2014-01-04 16:21 - 00000288 _____ C:\Windows\Tasks\FoxTab.job
2014-01-04 19:16 - 2013-12-23 13:15 - 00003220 _____ C:\Windows\System32\Tasks\Digital Sites
2014-01-04 19:15 - 2014-01-04 19:15 - 00000000 ____D C:\Program Files (x86)\OpenIt
2014-01-04 19:15 - 2014-01-04 19:15 - 00000000 ____D C:\Program Files (x86)\Foxtab
2014-01-04 19:15 - 2013-12-23 13:15 - 00000292 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-04 19:14 - 2013-12-25 11:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-04 19:12 - 2014-01-04 19:12 - 00673048 _____ ( ) C:\Users\Basti\Downloads\ZipExtractorSetup.exe
2014-01-04 17:21 - 2014-01-04 17:21 - 00000113 _____ C:\Users\Basti\AppData\Roaming\WB.CFG
2014-01-04 17:21 - 2014-01-04 17:21 - 00000005 _____ C:\Users\Basti\AppData\Roaming\WBPU-TTL.DAT
2014-01-04 17:21 - 2014-01-04 17:01 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-04 17:16 - 2014-01-04 17:01 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-04 17:16 - 2014-01-04 17:01 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-04 17:02 - 2014-01-04 17:02 - 00002251 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-04 17:02 - 2014-01-04 17:01 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-04 17:01 - 2014-01-04 17:01 - 00001160 _____ C:\Users\Public\Desktop\Express Rip.lnk
2014-01-04 17:01 - 2014-01-04 17:01 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2014-01-04 17:01 - 2014-01-04 17:01 - 00000000 ____D C:\ProgramData\NCH Software
2014-01-04 17:01 - 2014-01-04 17:01 - 00000000 ____D C:\Program Files (x86)\NCH Software
2014-01-04 17:01 - 2013-10-31 20:15 - 00000000 ____D C:\Users\Basti\AppData\Local\Google
2014-01-04 16:59 - 2014-01-04 16:59 - 00614784 _____ C:\Users\Basti\Downloads\express-rip-1-94(1).exe
2014-01-04 16:51 - 2014-01-04 16:51 - 00614784 _____ C:\Users\Basti\Downloads\express-rip-1-94.exe
2014-01-04 16:47 - 2013-10-31 20:17 - 00000000 ____D C:\Users\Basti\AppData\Roaming\vlc
2014-01-04 16:41 - 2009-07-14 05:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-04 16:41 - 2009-07-14 05:45 - 00031248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-04 16:38 - 2014-01-04 16:38 - 00001155 _____ C:\Users\Basti\Desktop\Free M4a to MP3 Converter.lnk
2014-01-04 16:38 - 2014-01-04 16:38 - 00001150 _____ C:\Users\Basti\Desktop\My Music Tools.lnk
2014-01-04 16:38 - 2014-01-04 16:38 - 00000000 ____D C:\Program Files (x86)\Free M4a to MP3 Converter
2014-01-04 16:36 - 2014-01-04 16:36 - 05834488 _____ (ManiacTools.com ) C:\Users\Basti\Downloads\m4a-to80-mp3-converter.exe
2014-01-04 16:33 - 2013-06-22 19:39 - 00000000 ___RD C:\Users\Basti\Dropbox
2014-01-04 16:33 - 2013-06-22 19:36 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Dropbox
2014-01-04 16:33 - 2012-11-01 09:00 - 01514764 _____ C:\Windows\WindowsUpdate.log
2014-01-04 16:32 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\AppData\Roaming\newnext.me
2014-01-04 16:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-04 16:31 - 2009-07-14 05:51 - 00100304 _____ C:\Windows\setupact.log
2014-01-04 16:30 - 2010-11-21 04:47 - 00662508 _____ C:\Windows\PFRO.log
2014-01-04 16:23 - 2014-01-04 16:20 - 00000000 ____D C:\Program Files (x86)\PC Speed Maximizer
2014-01-04 16:22 - 2014-01-04 16:22 - 00000000 ____D C:\Users\Basti\Documents\Mobogenie
2014-01-04 16:22 - 2013-05-01 11:06 - 00003906 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{965606AF-5B0A-4D2E-A70A-F1CFFCD8E5C2}
2014-01-04 16:20 - 2014-01-04 16:20 - 00000000 ____D C:\Program Files (x86)\VideoConverter
2014-01-04 16:17 - 2014-01-04 16:17 - 00673240 _____ ( ) C:\Users\Basti\Downloads\VideoConverterSetup.exe
2014-01-04 16:06 - 2014-01-04 15:37 - 00000000 ____D C:\Users\Basti\Desktop\stik
2014-01-04 15:40 - 2012-03-15 06:32 - 00700134 _____ C:\Windows\system32\perfh007.dat
2014-01-04 15:40 - 2012-03-15 06:32 - 00149984 _____ C:\Windows\system32\perfc007.dat
2014-01-04 15:40 - 2009-07-14 06:13 - 01622236 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-03 10:44 - 2012-11-01 11:08 - 00000000 ____D C:\Users\Basti\AppData\Roaming\SoftGrid Client
2014-01-03 10:04 - 2014-01-03 10:04 - 00000000 ____D C:\Users\Basti\AppData\Roaming\OpenOffice
2014-01-03 09:24 - 2012-11-03 12:39 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-28 18:10 - 2013-01-25 18:49 - 00000000 ____D C:\Users\Basti\AppData\Local\CrashDumps
2013-12-27 20:52 - 2013-12-27 20:52 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-27 20:51 - 2013-12-27 20:44 - 00000000 ____D C:\Program Files (x86)\Ja2
2013-12-27 20:47 - 2013-12-27 20:47 - 00000885 _____ C:\Users\Basti\Desktop\Jagged Alliance 2.lnk
2013-12-27 20:47 - 2013-12-27 20:47 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jagged Alliance 2
2013-12-26 09:59 - 2012-11-01 11:08 - 01596516 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-26 09:47 - 2013-12-26 09:47 - 00000000 ____D C:\Users\Basti\AppData\Local\Tracker Software
2013-12-25 22:19 - 2013-10-31 20:16 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-25 14:12 - 2012-11-01 11:18 - 00064024 _____ C:\Users\Basti\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-25 14:11 - 2009-07-14 05:45 - 00294712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-25 11:30 - 2013-12-25 11:30 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-25 11:30 - 2013-12-25 11:30 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-25 11:30 - 2013-12-25 11:30 - 00000000 ____D C:\ProgramData\Oracle
2013-12-25 11:30 - 2013-12-25 11:30 - 00000000 ____D C:\Program Files\Java
2013-12-25 11:29 - 2013-12-25 11:29 - 30694824 _____ (Oracle Corporation) C:\Users\Basti\Downloads\jre-7u45-windows-x64.exe
2013-12-25 11:21 - 2013-12-25 11:21 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-12-25 11:20 - 2013-12-25 11:20 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-12-25 11:18 - 2012-11-01 10:58 - 00000000 ___RD C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-25 11:09 - 2013-12-25 11:09 - 00000000 ____D C:\Users\Basti\AppData\Local\Secunia PSI
2013-12-25 11:09 - 2013-12-25 11:09 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-12-25 11:09 - 2013-12-25 11:08 - 05329480 _____ (Secunia) C:\Users\Basti\Downloads\PSISetup_3.0.0.9016.exe
2013-12-25 11:04 - 2013-12-25 11:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-25 11:04 - 2013-12-25 11:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-25 11:04 - 2013-12-25 11:04 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-25 11:04 - 2012-12-27 10:49 - 00000000 ____D C:\Users\Basti\AppData\Local\Adobe
2013-12-25 10:59 - 2013-12-25 10:59 - 00001200 _____ C:\Users\Public\Desktop\PDF-Viewer.lnk
2013-12-25 10:59 - 2013-12-25 10:58 - 00000000 ____D C:\Program Files\Tracker Software (Adobereader alternative)
2013-12-25 10:56 - 2013-12-25 10:56 - 16530904 _____ (Tracker Software Products Ltd ) C:\Users\Basti\Downloads\PDFXVwer_252131.exe
2013-12-25 10:54 - 2012-03-14 22:29 - 00000000 ____D C:\ProgramData\Adobe
2013-12-25 10:49 - 2013-12-25 10:49 - 05329480 _____ (Secunia) C:\Users\Basti\Downloads\PSISetup.exe
2013-12-25 10:38 - 2013-12-25 10:38 - 477265185 _____ C:\Windows\MEMORY.DMP
2013-12-25 10:38 - 2013-12-25 10:38 - 00279968 _____ C:\Windows\Minidump\122513-56550-01.dmp
2013-12-25 10:38 - 2013-12-25 10:38 - 00000000 ____D C:\Windows\Minidump
2013-12-25 10:25 - 2013-12-25 10:24 - 00001693 _____ C:\DelFix.txt
2013-12-25 10:24 - 2013-12-23 18:25 - 00000000 ____D C:\Windows\ERUNT
2013-12-24 17:37 - 2013-12-23 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-24 16:58 - 2013-12-24 16:58 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-24 16:56 - 2013-12-24 16:56 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Malwarebytes
2013-12-23 18:15 - 2012-11-01 10:58 - 00000995 _____ C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-23 16:08 - 2013-12-23 16:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-23 14:06 - 2013-12-23 14:06 - 00377856 _____ C:\Users\Basti\Downloads\gmer_2.1.19163.exe
2013-12-23 13:42 - 2012-03-14 22:24 - 00000000 ____D C:\ProgramData\Skype
2013-12-23 13:36 - 2013-01-05 17:06 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Skype
2013-12-23 13:33 - 2013-05-09 20:05 - 00000000 ____D C:\Program Files (x86)\ACR
2013-12-23 13:31 - 2013-12-23 13:31 - 00000000 ____D C:\AuthLog
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\AppData\Local\cache
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 ____D C:\Users\Basti\.android
2013-12-23 13:17 - 2013-12-23 13:17 - 00000000 _____ C:\Users\Basti\daemonprocess.txt
2013-12-23 13:15 - 2013-12-23 13:15 - 00000000 ____D C:\Users\Basti\AppData\Roaming\DigitalSites
2013-12-22 09:15 - 2012-11-03 15:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 21:37 - 2013-12-21 21:37 - 00000000 _____ C:\autoexec.bat
2013-12-21 21:35 - 2013-12-21 21:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 17:47 - 2013-06-22 19:39 - 00000979 _____ C:\Users\Basti\Desktop\Dropbox.lnk
2013-12-19 17:47 - 2013-06-22 19:36 - 00000000 ____D C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-18 20:52 - 2013-05-07 18:53 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-12-18 20:52 - 2013-03-31 12:13 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-12-18 20:52 - 2013-03-31 12:13 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-16 18:09 - 2013-12-15 19:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-12-14 15:52 - 2013-08-16 14:09 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 15:50 - 2012-11-03 13:12 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 13:37 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-10 22:36 - 2013-12-10 22:29 - 00000000 ____D C:\ProgramData\Easybits Magic Desktop for HP
2013-12-06 15:47 - 2013-12-06 15:47 - 00018456 _____ (Secunia) C:\Windows\system32\Drivers\psi_mf_amd64.sys
Some content of TEMP:
====================
C:\Users\Basti\AppData\Local\Temp\73668uninstall.exe
C:\Users\Basti\AppData\Local\Temp\avgnt.exe
C:\Users\Basti\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Basti\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\Basti\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Basti\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\Basti\AppData\Local\Temp\Mobogenie_Setup_2.1.23_515.exe
C:\Users\Basti\AppData\Local\Temp\Sqlite3.dll
C:\Users\Basti\AppData\Local\Temp\vlc-2.1.2-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-25 10:18
==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2014
Ran by Basti at 2014-01-04 19:25:25
Running from C:\Users\Basti\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
AuthenTec TrueAPI 64-bit (Version: 1.5.0.165 - AuthenTec, Inc.) Hidden
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (x32 Version: - )
Canon Easy-WebPrint EX (x32 Version: - )
Canon IJ Network Scanner Selector EX (x32 Version: - )
Canon IJ Network Tool (x32 Version: - )
Canon MG5300 series Benutzerregistrierung (x32 Version: - )
Canon MG5300 series MP Drivers (Version: - )
Canon MG5300 series On-screen Manual (x32 Version: - )
Canon MP Navigator EX 5.0 (x32 Version: - )
Canon My Printer (x32 Version: - )
Canon Solution Menu EX (x32 Version: - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU Version: 2.4.10 - Dropbox, Inc.)
Druckerdeinstallation für EPSON S22 Series (Version: - SEIKO EPSON Corporation)
Epson Easy Photo Print 2 (x32 Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000 - SEIKO EPSON CORPORATION)
EPSON S22 Series Handbuch (x32 Version: - )
ESU for Microsoft Windows 7 SP1 (x32 Version: 5.1.3 - Hewlett-Packard)
Evernote v. 4.5.2 (x32 Version: 4.5.2.5904 - Evernote Corp.)
Express Rip (x32 Version: 1.94 - NCH Software)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Flatcast Viewer Plugin 5.3.0.784 (x32 Version: - 1 mal 1 Software GmbH)
Foxtab (x32 Version: - FoxTab) <==== ATTENTION
Free M4a to MP3 Converter 8.0 (x32 Version: - ManiacTools.com)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.1.0.0 - Hewlett-Packard)
HP Games (x32 Version: 1.0.2.5 - WildTangent)
HP Launch Box (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (x32 Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (x32 Version: 1.4.8 - Hewlett-Packard Company)
HP Quick Launch (x32 Version: 2.7.2 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (Version: 3.0.2 - Hewlett-Packard Company)
HP Setup (x32 Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP SimplePass PE (x32 Version: 5.4.0.402 - Hewlett-Packard)
HP Software Framework (x32 Version: 4.5.6.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 6.1.12.1 - Hewlett-Packard Company)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (x32 Version: - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.23.605.1 - Intel Corporation)
Jagged Alliance 2 (x32 Version: - )
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mobogenie (x32 Version: - Mobogenie.com)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Open It! (x32 Version: 1.1.1 - OpenIt)
OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Optimizer Pro v3.2 (x32 Version: - PC Utilities Software Limited) <==== ATTENTION
PDF-Viewer (Version: 2.5.213.1 - Tracker Software Products Ltd)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Ralink RT5390R 802.11b/g/n 1x1 Wi-Fi Adapter (x32 Version: 3.02.07.0 - Ralink)
Realtek Ethernet Controller Driver (x32 Version: 7.51.116.2012 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6577 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.9016) (x32 Version: 3.0.0.9016 - Secunia)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 16.0.1.0 - Synaptics Incorporated)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Unity Web Player (HKCU Version: - Unity Technologies ApS)
Update for Zip Extractor (HKCU Version: - Update for Zip Extractor) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VIS (x32 Version: - )
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Restore Points =========================
25-12-2013 09:24:50 Ende der Bereinigung
25-12-2013 09:35:49 Windows Update
25-12-2013 09:41:31 Windows Update
25-12-2013 09:53:10 Removed Adobe Reader X (10.1.8) MUI.
25-12-2013 10:17:20 OpenOffice 4.0.0 wird installiert
25-12-2013 10:30:11 Installed Java 7 Update 45 (64-bit)
26-12-2013 08:51:32 Windows-Sicherung
26-12-2013 08:52:08 Windows-Sicherung
26-12-2013 08:57:15 Windows Update
26-12-2013 09:01:28 Windows Update
29-12-2013 19:37:30 Windows-Sicherung
01-01-2014 10:14:51 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {423B4D29-AF96-43E2-85B3-AECCA704F4F5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {483A0301-236A-4241-A722-8170D299AA28} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-25] (Adobe Systems Incorporated)
Task: {568C07D1-73AF-47F4-84E2-1DF5F1CC78A4} - System32\Tasks\NCH Software\ExpressRipSevenDays => C:\Program Files (x86)\NCH Software\ExpressRip\expressrip.exe [2013-07-18] (NCH Software)
Task: {6B4FE882-31AB-4953-BBA5-A69BDDEF6F9F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {859802CD-FF5A-4D41-A4EA-FD5DF6474545} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {91B3BE1C-9ADF-4846-8AD4-2EEA12A3E54F} - System32\Tasks\Digital Sites => C:\Users\Basti\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {9A245832-5691-4A54-8546-BE6D9FEA9BB9} - System32\Tasks\FoxTab => C:\Users\Basti\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {9AD91BFF-A482-4C6E-9AB3-97B1CA375D18} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {9F66F12C-A99F-43F4-AB39-644988899AC7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-04] (Google Inc.)
Task: {B88F59EE-6CBE-4A5F-A08E-B945A3FBE029} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {E93AFF5F-DCA6-4782-9030-2F0E46CAF08D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-04] (Google Inc.)
Task: {EC2D81DB-0B05-4BF0-89FA-052AC9F55EB0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {FA9E8664-A051-45C0-9240-75A098C450DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Basti\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\Basti\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-02-14 18:53 - 2012-02-14 18:53 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-08 13:49 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Basti\AppData\Roaming\Dropbox\bin\libcef.dll
2013-08-26 17:41 - 2013-08-26 17:41 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\991a8d378a3e64b31c0f4770ba9ae071\IsdiInterop.ni.dll
2012-06-20 15:06 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-06-20 15:11 - 2012-02-08 02:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-01-04 19:16 - 2013-10-29 14:08 - 02869720 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2013-12-21 21:34 - 2013-12-21 21:34 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/04/2014 07:04:21 PM) (Source: Application Hang) (User: )
Description: Programm psi.exe, Version 3.0.0.9016 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 13e4
Startzeit: 01cf09773e0aac48
Endzeit: 15
Anwendungspfad: C:\Program Files (x86)\Secunia\PSI\psi.exe
Berichts-ID: 9b99ab77-756a-11e3-bc35-a0b3cccc72bf
Error: (01/04/2014 05:01:27 PM) (Source: MsiInstaller) (User: HP)
Description: Fehler beim Starten einer Windows Installer-Transaktion: {86D4B82A-ABED-442A-BE86-96357B70F4FE}. Fehler 1618 beim Starten der Transaktion.
Error: (01/04/2014 04:31:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/04/2014 03:31:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/04/2014 11:35:17 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 05:00:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 02:39:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 09:14:40 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 10:25:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 00:37:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/03/2014 09:19:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.165.1076.0)
Error: (01/01/2014 11:19:01 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597 (Definition 1.165.887.0)
Error: (12/26/2013 10:11:28 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%-2147024882
Error: (12/25/2013 10:16:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/25/2013 10:16:36 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (12/25/2013 10:16:36 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (12/25/2013 10:15:39 PM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (12/25/2013 10:15:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (12/25/2013 10:15:39 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (12/25/2013 10:38:32 AM) (Source: BugCheck) (User: )
Description: 0x00000050 (0xfffff80000000030, 0x0000000000000000, 0xfffff80002ec3afa, 0x0000000000000000)C:\Windows\MEMORY.DMP122513-56550-01
Microsoft Office Sessions:
=========================
Error: (01/04/2014 07:04:21 PM) (Source: Application Hang)(User: )
Description: psi.exe3.0.0.901613e401cf09773e0aac4815C:\Program Files (x86)\Secunia\PSI\psi.exe9b99ab77-756a-11e3-bc35-a0b3cccc72bf
Error: (01/04/2014 05:01:27 PM) (Source: MsiInstaller)(User: HP)
Description: {86D4B82A-ABED-442A-BE86-96357B70F4FE}1618(NULL)(NULL)(NULL)(NULL)
Error: (01/04/2014 04:31:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/04/2014 03:31:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/04/2014 11:35:17 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 05:00:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 02:39:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/03/2014 09:14:40 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 10:25:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/02/2014 00:37:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 46%
Total physical RAM: 3996.36 MB
Available physical RAM: 2138.47 MB
Total Pagefile: 7990.9 MB
Available Pagefile: 5898.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:277.83 GB) (Free:209.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.97 GB) (Free:2.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D2E3023C)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=278 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
==================== End Of Log ============================
Schritt3 Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2014-01-04 20:20:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.AX00 298,09GB
Running: gmer_2.1.19163(1).exe; Driver: C:\Users\Basti\AppData\Local\Temp\pxldipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
.text ... * 2
.text C:\Program Files (x86)\HP SimplePass\TouchControl.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
.text C:\Program Files (x86)\HP SimplePass\TouchControl.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2632] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
.text ... * 2
.text C:\Windows\SysWOW64\rundll32.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
.text C:\Windows\SysWOW64\rundll32.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
.text ... * 2
.text C:\Users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe[3160] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076d81465 2 bytes [D8, 76]
.text C:\Users\Basti\AppData\Roaming\Dropbox\bin\Dropbox.exe[3160] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076d814bb 2 bytes [D8, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\ntdll.dll [1736:1740] 000000000134d1f6
Thread C:\Windows\SysWOW64\ntdll.dll [1736:4080] 000000007242a7e0
Thread C:\Windows\SysWOW64\ntdll.dll [1736:3292] 0000000073468960
Thread C:\Windows\SysWOW64\ntdll.dll [1736:3296] 0000000073468960
Thread C:\Windows\SysWOW64\ntdll.dll [1736:3288] 0000000073468960
Thread C:\Windows\SysWOW64\ntdll.dll [1736:3284] 0000000073464090
---- EOF - GMER 2.1 ----
Schritt4 Code:
Typ: Datei
Quelle: C:\Users\Basti\AppData\Local\Temp\is1590112554\9879725_stp\uninstaller.exe
Status: Infiziert
Quarantäne-Objekt: 5be9c282.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.166
Virendefinitionsdatei: 7.11.123.138
Gefunden: ADWARE/InstallCore.Gen
Datum/Uhrzeit: 04.01.2014, 19:17
Code:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 4. Januar 2014 19:16
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : HP
Versionsinformationen:
BUILD.DAT : 14.0.2.286 55547 Bytes 09.12.2013 11:37:00
AVSCAN.EXE : 14.0.2.254 1032760 Bytes 18.12.2013 19:52:10
AVSCANRC.DLL : 14.0.2.180 62008 Bytes 18.12.2013 19:52:10
LUKE.DLL : 14.0.2.234 65592 Bytes 18.12.2013 19:52:30
AVSCPLR.DLL : 14.0.2.254 124472 Bytes 18.12.2013 19:52:10
AVREG.DLL : 14.0.2.212 250424 Bytes 18.12.2013 19:52:09
avlode.dll : 14.0.2.254 540216 Bytes 18.12.2013 19:52:08
avlode.rdf : 13.0.1.62 56973 Bytes 09.12.2013 19:18:23
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 15:22:20
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 14:53:08
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 18:10:07
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 15:51:40
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 14:34:19
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 18:21:17
VBASE006.VDF : 7.11.103.230 2293248 Bytes 24.09.2013 13:39:48
VBASE007.VDF : 7.11.116.38 5485568 Bytes 28.11.2013 17:27:13
VBASE008.VDF : 7.11.120.140 1154560 Bytes 19.12.2013 16:45:35
VBASE009.VDF : 7.11.120.141 2048 Bytes 19.12.2013 16:45:36
VBASE010.VDF : 7.11.120.142 2048 Bytes 19.12.2013 16:45:37
VBASE011.VDF : 7.11.120.143 2048 Bytes 19.12.2013 16:45:38
VBASE012.VDF : 7.11.120.144 2048 Bytes 19.12.2013 16:45:38
VBASE013.VDF : 7.11.120.145 2048 Bytes 19.12.2013 16:45:39
VBASE014.VDF : 7.11.121.19 126976 Bytes 21.12.2013 16:52:00
VBASE015.VDF : 7.11.121.147 122880 Bytes 24.12.2013 07:38:28
VBASE016.VDF : 7.11.121.233 115712 Bytes 25.12.2013 21:20:01
VBASE017.VDF : 7.11.122.57 325120 Bytes 27.12.2013 14:50:55
VBASE018.VDF : 7.11.122.123 199680 Bytes 28.12.2013 16:39:05
VBASE019.VDF : 7.11.122.219 368640 Bytes 01.01.2014 16:34:20
VBASE020.VDF : 7.11.123.39 182272 Bytes 03.01.2014 16:04:46
VBASE021.VDF : 7.11.123.40 2048 Bytes 03.01.2014 16:04:47
VBASE022.VDF : 7.11.123.41 2048 Bytes 03.01.2014 16:04:47
VBASE023.VDF : 7.11.123.42 2048 Bytes 03.01.2014 16:04:47
VBASE024.VDF : 7.11.123.43 2048 Bytes 03.01.2014 16:04:47
VBASE025.VDF : 7.11.123.44 2048 Bytes 03.01.2014 16:04:47
VBASE026.VDF : 7.11.123.45 2048 Bytes 03.01.2014 16:04:47
VBASE027.VDF : 7.11.123.46 2048 Bytes 03.01.2014 16:04:47
VBASE028.VDF : 7.11.123.47 2048 Bytes 03.01.2014 16:04:47
VBASE029.VDF : 7.11.123.48 2048 Bytes 03.01.2014 16:04:47
VBASE030.VDF : 7.11.123.49 2048 Bytes 03.01.2014 16:04:47
VBASE031.VDF : 7.11.123.138 201216 Bytes 04.01.2014 16:39:35
Engineversion : 8.2.12.166
AEVDF.DLL : 8.1.3.4 102774 Bytes 13.06.2013 15:27:40
AESCRIPT.DLL : 8.1.4.176 520574 Bytes 19.12.2013 16:45:56
AESCN.DLL : 8.1.10.6 131447 Bytes 11.12.2013 16:54:32
AESBX.DLL : 8.2.16.26 1245560 Bytes 23.08.2013 19:26:02
AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 15:59:43
AEPACK.DLL : 8.3.3.8 762232 Bytes 19.12.2013 16:45:54
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 09.08.2013 16:32:05
AEHEUR.DLL : 8.1.4.830 6386042 Bytes 19.12.2013 16:45:53
AEHELP.DLL : 8.1.27.10 266618 Bytes 22.11.2013 16:15:36
AEGEN.DLL : 8.1.7.20 446839 Bytes 13.11.2013 16:26:12
AEEXP.DLL : 8.4.1.138 418168 Bytes 14.12.2013 12:40:44
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.33.0 225657 Bytes 11.12.2013 16:54:31
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 14.0.2.180 23608 Bytes 18.12.2013 19:51:59
AVPREF.DLL : 14.0.2.180 48696 Bytes 18.12.2013 19:52:09
AVREP.DLL : 14.0.2.180 175672 Bytes 18.12.2013 19:52:09
AVARKT.DLL : 14.0.2.254 256056 Bytes 18.12.2013 19:52:03
AVEVTLOG.DLL : 14.0.2.180 165944 Bytes 18.12.2013 19:52:06
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 14.0.2.180 60472 Bytes 18.12.2013 19:52:11
NETNT.DLL : 14.0.2.180 13368 Bytes 18.12.2013 19:52:30
RCIMAGE.DLL : 14.0.2.180 4786744 Bytes 18.12.2013 19:52:00
RCTEXT.DLL : 14.0.2.270 73272 Bytes 18.12.2013 19:52:00
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_52c8295c\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Reparieren
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Samstag, 4. Januar 2014 19:16
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrueSuiteService.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '158' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'AERTSr64.exe' - '8' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'ezSharedSvcHost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPDrvMntSvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPWMISVC.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'PSIA.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'TouchControl.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '185' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'BioMonitor.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkNGUI64.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'BJMYPRT.EXE' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'psi_tray.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNSEMAIN.EXE' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNMNSST.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SYNTPHELPER.EXE' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'splwow64.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNSEUPDT.EXE' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpsa_service.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICReinstall_ZipExtractorSetup.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'setup.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'setup.tmp' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'Mobogenie_Setup_UN.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'OptProCrash.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Basti\AppData\Local\Temp\is1590112554\9879725_stp\uninstaller.exe'
C:\Users\Basti\AppData\Local\Temp\is1590112554\9879725_stp\uninstaller.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/InstallCore.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5be9c282.qua' verschoben!
Ende des Suchlaufs: Samstag, 4. Januar 2014 19:17
Benötigte Zeit: 00:46 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
4041 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
4040 Dateien ohne Befall
41 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Ich hoffe mir ist noch zu helfen:pfeiff::pfeiff: |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
