Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2013 Ran by Media (administrator) on MEDIA-PC on 03-09-2013 14:39:50 Running from C:\Users\Media\Downloads Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Fujitsu Siemens Computers GmbH) C:\Program Files\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe () C:\Program Files\HP\HP UT\bin\hppusg.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe () C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Emsi Software GmbH) C:\Program Files\a-squared Free\a2service.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Akamai Technologies, Inc.) C:\Users\Media\AppData\Local\Akamai\netsession_win.exe (B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Microsoft) C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe (Fujitsu Siemens Computers) C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (cake bake) C:\Program Files\Tepfel\WebCakeDesktop.Updater.exe (Bake Cake) C:\Users\Media\AppData\Roaming\Tepfel\WebCakeDesktop.exe (Smartbar) C:\Users\Media\AppData\Local\Smartbar\Application\SnapDo.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (TuneUp Software) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (Akamai Technologies, Inc.) C:\Users\Media\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6335008 2008-10-13] (Realtek Semiconductor) HKLM\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [EnergySettings] - C:\Program Files\Fujitsu Siemens Computers\Energy Settings\EnergySettings.exe [113664 2008-09-19] (Fujitsu Siemens Computers GmbH) HKLM\...\Run: [TrayServer] - C:\Program Files\MAGIX\Video_deluxe_17_Plus_Sonderedition\TrayServer.exe [90112 2008-08-07] (MAGIX AG) HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2008-10-13] (Realtek Semiconductor Corp.) HKLM\...\Run: [HPUsageTracking] - C:\Program Files\HP\HP UT\bin\hppusg.exe [36864 2007-10-17] () HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-05-04] (Samsung Electronics Co., Ltd.) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG) HKLM\...\Policies\Explorer: [NoDrives] 0 HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKCU\...\Run: [KiesPDLR] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2012-05-04] () HKCU\...\Run: [KiesHelper] - C:\Program Files\Samsung\Kies\KiesHelper.exe [955792 2012-05-04] (Samsung) HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Media\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKCU\...\Run: [WebCake Desktop] - C:\Users\Media\AppData\Roaming\Tepfel\WebCakeDesktop.exe [52504 2013-08-10] (Bake Cake) HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\Media\AppData\Local\Smartbar\Application\SnapDo.exe [21024 2013-08-04] (Smartbar) HKCU\...\Policies\Explorer: [NoDriveAutorun] 0 HKCU\...\Policies\Explorer: [NoDrives] 0 HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?publisher=SoftPublisherYB&dpid=sfp1&co=DE&userid=0c50fb81-7660-4b75-88c8-19a78a68c525&searchtype=hp&installDate={installDate} HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SoftPublisherYB&dpid=sfp1&co=DE&userid=0c50fb81-7660-4b75-88c8-19a78a68c525&searchtype=ds&q={searchTerms}&installDate={installDate} SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=SoftPublisherYB&dpid=sfp1&co=DE&userid=0c50fb81-7660-4b75-88c8-19a78a68c525&searchtype=ds&q={searchTerms}&installDate={installDate} BHO: MHTBPos00 Class - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll () BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: No Name - {FFFFFFA2-C40D-475D-8C91-9A9876ACFCDD} - C:\PROGRA~1\klickTel\KLICKT~2\KTTOOL~1.DLL (klickTel AG) Toolbar: HKLM - &klickTel Toolbar - {FFFF8BAD-BB43-4A08-8258-BFB40A29FBD7} - C:\PROGRA~1\klickTel\KLICKT~2\KTTOOL~1.DLL (klickTel AG) DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\38jne52j.default FF user.js: detected! => C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\38jne52j.default\user.js FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF DefaultSearchEngine: Web Search FF SelectedSearchEngine: Web Search FF Homepage: hxxp://feed.snapdo.com/?publisher=SoftPublisherYB&dpid=sfp1&co=DE&userid=0c50fb81-7660-4b75-88c8-19a78a68c525&searchtype=hp&installDate={installDate} FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=SoftPublisherYB&dpid=sfp1&co=DE&userid=0c50fb81-7660-4b75-88c8-19a78a68c525&searchtype=ds&installDate={installDate}&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\38jne52j.default\searchplugins\Web Search.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\38jne52j.default\Extensions\126c9ec1-e913-410f-94df-6262dd70e044@94392a4b-d7bd-4563-8bcd-ba96cf8055b2.com FF Extension: No Name - C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\38jne52j.default\Extensions\75c9b989-a6e6-4455-971f-45304161eb23@02648b91-49b2-4d7f-99ef-7e959a8e6505.com FF Extension: Flagfox - C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\38jne52j.default\Extensions\info@flagfox.net FF Extension: Cooliris - C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\38jne52j.default\Extensions\piclens@cooliris.com FF Extension: WebCake - C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\38jne52j.default\Extensions\plugin@getwebcake.com FF Extension: Microsoft .NET Framework Assistant - C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\38jne52j.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: YouTube Downloader for Facebook - C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\38jne52j.default\Extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a} FF Extension: No Name - C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\38jne52j.default\Extensions\{7c5389aa-57f7-4ca8-88c3-6293de8ccec5} FF Extension: PriceGong - C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\38jne52j.default\Extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} FF Extension: toolbar - C:\Users\Media\AppData\Roaming\Mozilla\Firefox\Profiles\38jne52j.default\Extensions\toolbar@web.de.xpi FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF Extension: Family Toolbar - C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} FF Extension: BasicServe - C:\Program Files\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKCU\...\Firefox\Extensions: [finder@meingutscheincode.de] C:\Program Files\Mein Gutscheincode Finder\Firefox FF HKCU\...\Firefox\Extensions: [{0ce6ac61-48e9-426f-9268-6f1e8ece06da}] C:\Program Files\LyricsSeeker\131.xpi FF Extension: No Name - C:\Program Files\LyricsSeeker\131.xpi Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchURL: (Web) - http://feed.snapdo.com/?publisher=SoftPublisherYB&dpid=sfp1&co=DE&userid=0c50fb81-7660-4b75-88c8-19a78a68c525&searchtype=ds&q={searchTerms}&installDate={installDate} CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\pdf.dll () CHR Plugin: (Microsoft00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) CHR Plugin: (Picasa) - C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Extension: (Google Docs) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1 CHR Extension: (Flagfox) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid\4.2.781_1 CHR Extension: (Google Search) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1 CHR Extension: (Web Cake) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0 CHR Extension: (Plus-HD-2.5) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.24.52_0 CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0 CHR Extension: (Lyrics Seeker) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgoiojnjnacbjngolldkokokgpcjbgjj\1.131_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_1 CHR Extension: (Gmail) - C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2 CHR HKLM\...\Chrome\Extension: [bkomkajifikmkfnjgphkjcfeepbnojok] - C:\Program Files\PriceGong\2.6.12\pricegong.crx CHR HKLM\...\Chrome\Extension: [cfdfamfnacokbbbnmpdfmhonipnhmbid] - C:\Users\Media\AppData\LocalLow\Flagfox\CHROME\Flagfox.crx CHR HKLM\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files\Tepfel\WebCakeLayers.crx CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx CHR HKLM\...\Chrome\Extension: [jgfpelakfkbbkkdchaaaknckhoadkcbo] - C:\Program Files\Mein Gutscheincode Finder\Chrome\chrome-extension.crx CHR HKLM\...\Chrome\Extension: [lgoiojnjnacbjngolldkokokgpcjbgjj] - C:\Program Files\LyricsSeeker\131.crx ========================== Services (Whitelisted) ================= R2 a2free; C:\Program Files\a-squared Free\a2service.exe [1872320 2013-09-01] (Emsi Software GmbH) R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG) R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [122512 2006-12-28] (B.H.A Corporation) S3 de_serv; C:\Program Files\Common Files\AVM\de_serv.exe [315392 2005-11-21] (AVM Berlin) R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) S2 gupdate1c99b5e868c2096; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-03-02] (Google Inc.) R2 NetFxUpdate_v1.1.4322; C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [73728 2007-01-15] (Microsoft) S3 npggsvc; C:\Windows\system32\GameMon.des [3608448 2010-07-01] (INCA Internet Co., Ltd.) R2 TestHandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [303104 2008-04-25] (Fujitsu Siemens Computers) R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [1514304 2011-12-14] (TuneUp Software) S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) R2 WebCakeUpdater; C:\Program Files\Tepfel\WebCakeDesktop.Updater.exe [51992 2013-08-10] (cake bake) ==================== Drivers (Whitelisted) ==================== S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) R0 AFS; C:\Windows\System32\Drivers\AFS.sys [79052 2009-01-31] (Oak Technology Inc.) R0 ahcix86s; C:\Windows\System32\drivers\ahcix86s.sys [173576 2008-05-27] (AMD Technologies Inc.) S3 APL531; C:\Windows\System32\Drivers\ov550i.sys [580992 2009-02-22] (Omnivision Technologies, Inc.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136672 2013-09-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-05-06] (Avira Operations GmbH & Co. KG) R1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation) R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation) S3 GrabsterSeries.X86; C:\Windows\System32\DRIVERS\GrabsterSeries.X86.SYS [310016 2007-11-28] () S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard) R0 JRAID; C:\Windows\System32\drivers\jraid.sys [76688 2008-04-03] (JMicron Technology Corp.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-06] (Avira GmbH) R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44384 2009-02-21] (Acronis) R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [10064 2011-12-12] (TuneUp Software) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation) S3 catchme; \??\C:\setup\catchme.sys [x] S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-03 12:34 - 2013-09-03 12:34 - 01084685 _____ (Farbar) C:\Users\Media\Downloads\FRST.exe 2013-09-02 19:24 - 2013-09-02 19:24 - 00021982 _____ C:\ComboFix.txt 2013-09-02 18:58 - 2013-09-02 18:58 - 00002337 _____ C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2013-09-02 18:56 - 2013-09-02 19:19 - 00000000 ____D C:\Users\Media\AppData\Local\Smartbar 2013-09-02 18:56 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-02 18:56 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-02 18:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-02 18:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-02 18:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-02 18:56 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-02 18:56 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-02 18:56 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-02 18:55 - 2013-09-02 19:24 - 00000000 ____D C:\Qoobox 2013-09-02 18:54 - 2013-09-02 19:22 - 00000000 ____D C:\Windows\erdnt 2013-09-02 18:54 - 2013-09-02 19:10 - 00000000 ____D C:\Program Files\Uniblue 2013-09-02 18:54 - 2013-09-02 18:54 - 00000925 _____ C:\Users\Public\Desktop\SpeedUpMyPC.lnk 2013-09-02 18:54 - 2013-09-02 18:54 - 00000000 ____D C:\Users\Media\AppData\Roaming\Uniblue 2013-09-02 18:53 - 2013-09-03 12:24 - 00000000 ____D C:\Users\Media\AppData\Roaming\Tepfel 2013-09-02 18:53 - 2013-09-02 18:53 - 00000000 ____D C:\Program Files\Tepfel 2013-09-02 18:48 - 2013-09-02 18:48 - 00456240 _____ (Company) C:\Users\Media\Downloads\setup.exe 2013-09-02 15:54 - 2013-09-02 15:57 - 00038502 _____ C:\Users\Media\Downloads\Addition.txt 2013-09-02 15:53 - 2013-09-02 15:53 - 00000000 ____D C:\FRST 2013-09-02 15:40 - 2013-09-02 15:40 - 00000634 _____ C:\Users\Media\Desktop\JRT.txt 2013-09-02 13:59 - 2013-09-02 13:59 - 00000000 ____D C:\Windows\ERUNT 2013-09-02 13:58 - 2013-09-02 13:58 - 01028757 _____ (Thisisu) C:\Users\Media\Downloads\JRT.exe 2013-09-02 13:33 - 2013-09-02 13:33 - 01037134 _____ C:\Users\Media\Downloads\adwcleaner (1).exe 2013-09-02 12:45 - 2013-09-02 12:45 - 00000912 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-02 12:45 - 2013-09-02 12:45 - 00000000 ____D C:\Users\Media\AppData\Roaming\Malwarebytes 2013-09-02 12:45 - 2013-09-02 12:45 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-02 12:45 - 2013-09-02 12:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-09-02 12:45 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-09-02 12:36 - 2013-09-02 12:36 - 00000000 ____D C:\Users\Media\AppData\Local\avgchrome 2013-09-02 12:34 - 2013-09-02 13:20 - 00000000 ____D C:\Program Files\LyricsSeeker 2013-09-01 22:43 - 2013-09-01 22:43 - 00012805 _____ C:\Users\Media\Downloads\AdwCleaner[S1].txt 2013-09-01 22:28 - 2013-09-03 12:23 - 00000376 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Media.job 2013-09-01 22:27 - 2013-09-01 23:02 - 00000370 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Media.job 2013-09-01 22:27 - 2013-09-01 23:02 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Media.job 2013-09-01 22:26 - 2013-09-01 22:26 - 00000674 _____ C:\EamClean.log 2013-09-01 20:08 - 2013-09-02 12:43 - 00000000 ____D C:\Users\Media\Documents\Anti-Malware 2013-09-01 20:08 - 2013-09-02 12:43 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware 2013-09-01 20:02 - 2013-09-01 20:06 - 196326528 _____ (Emsisoft GmbH ) C:\Users\Media\Downloads\EmsisoftAntiMalwareSetup.exe 2013-09-01 19:53 - 2013-09-01 19:57 - 00000000 ____D C:\Program Files\a-squared Free 2013-09-01 19:53 - 2013-09-01 19:53 - 00000794 _____ C:\Users\Media\Desktop\a-squared Free.lnk 2013-09-01 19:53 - 2013-09-01 19:53 - 00000776 _____ C:\Users\Public\Desktop\a-squared Free.lnk 2013-09-01 19:53 - 2013-09-01 19:53 - 00000000 ____D C:\Users\Media\Documents\a-squared Free 2013-09-01 19:44 - 2013-09-01 19:46 - 83704128 _____ (Emsi Software GmbH ) C:\Users\Media\Downloads\a2FreeSetup27.exe 2013-08-29 19:34 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-26 16:13 - 2013-09-02 15:29 - 00000000 ____D C:\AdwCleaner 2013-08-26 16:13 - 2013-08-26 16:13 - 00994642 _____ C:\Users\Media\Downloads\adwcleaner3001(1).exe 2013-08-26 16:10 - 2013-08-26 16:10 - 00994642 _____ C:\Users\Media\Downloads\adwcleaner3001.exe 2013-08-26 15:56 - 2013-08-26 15:56 - 00994642 _____ C:\Users\Media\Downloads\adwcleaner.exe 2013-08-26 15:44 - 2013-08-26 15:44 - 00000852 _____ C:\Users\Media\Desktop\Mozilla Firefox.lnk 2013-08-26 15:42 - 2013-08-26 15:42 - 00000852 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-08-26 15:42 - 2013-08-26 15:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-08-26 15:41 - 2013-08-26 15:42 - 22240760 _____ (Mozilla) C:\Users\Media\Downloads\Firefox_Setup_23.0.1 (1).exe 2013-08-26 15:41 - 2013-08-26 15:41 - 22240760 _____ (Mozilla) C:\Users\Media\Downloads\Firefox_Setup_23.0.1.exe 2013-08-24 19:27 - 2013-09-01 18:49 - 00001977 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-08-24 19:18 - 2013-08-24 19:18 - 00000000 ____D C:\ProgramData\Mozilla 2013-08-18 12:58 - 2013-08-18 12:58 - 00048128 _____ C:\Users\Media\Downloads\halbjahr-kalender-2013-2014-hochformat.xls 2013-08-16 09:43 - 2013-08-16 09:43 - 01643788 _____ C:\Users\Media\Downloads\Flyer Titel.xps 2013-08-16 09:43 - 2013-08-16 09:43 - 01643788 _____ C:\Users\Media\Downloads\Flyer Titel (1).xps 2013-08-16 09:35 - 2013-08-16 09:35 - 00001930 _____ C:\Users\Public\Desktop\Acrobat Distiller 6.0.lnk 2013-08-16 09:35 - 2013-08-16 09:35 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF 6.0 2013-08-15 23:10 - 2013-08-15 23:13 - 00000000 ____D C:\Windows\system32\MRT 2013-08-15 23:01 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-15 23:01 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-15 23:01 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-15 23:01 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-15 23:01 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-15 23:01 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-08-15 23:01 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-08-15 23:01 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-15 23:01 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-15 23:01 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-15 23:01 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-15 23:01 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-08-15 23:01 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-08-15 23:01 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-15 23:01 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-15 23:01 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-08-15 22:53 - 2013-07-10 11:47 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-15 22:52 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-15 22:52 - 2013-07-09 14:10 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-15 22:52 - 2013-07-08 06:55 - 03603904 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-08-15 22:52 - 2013-07-08 06:55 - 03551680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-15 22:52 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-15 22:52 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-15 22:52 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-15 22:52 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-15 22:52 - 2013-07-05 06:53 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-15 22:52 - 2013-06-15 15:22 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2013-08-15 22:52 - 2013-06-15 13:23 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys ==================== One Month Modified Files and Folders ======= 2013-09-03 14:37 - 2013-09-03 14:37 - 00000211 _____ C:\Users\Media\Downloads\Search.txt 2013-09-03 14:23 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-03 14:23 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-03 13:49 - 2008-12-17 13:48 - 01202120 _____ C:\Windows\WindowsUpdate.log 2013-09-03 13:45 - 2012-04-23 12:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-03 13:41 - 2009-07-05 13:51 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-03 13:41 - 2009-07-05 13:51 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-03 12:34 - 2013-09-03 12:34 - 01084685 _____ (Farbar) C:\Users\Media\Downloads\FRST.exe 2013-09-03 12:29 - 2013-05-06 18:45 - 00136672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-09-03 12:29 - 2013-05-06 18:45 - 00088840 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-09-03 12:24 - 2013-09-02 18:53 - 00000000 ____D C:\Users\Media\AppData\Roaming\Tepfel 2013-09-03 12:23 - 2013-09-01 22:28 - 00000376 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Media.job 2013-09-03 12:23 - 2011-12-27 19:16 - 00000000 ____D C:\Program Files\Common Files\Akamai 2013-09-03 12:22 - 2008-11-20 18:23 - 00000000 ____D C:\ProgramData\NVIDIA 2013-09-03 12:22 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-02 21:02 - 2006-11-02 15:01 - 00032510 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-02 19:24 - 2013-09-02 19:24 - 00021982 _____ C:\ComboFix.txt 2013-09-02 19:24 - 2013-09-02 18:55 - 00000000 ____D C:\Qoobox 2013-09-02 19:24 - 2006-11-02 13:18 - 00000000 __RHD C:\Users\Default 2013-09-02 19:24 - 2006-11-02 13:18 - 00000000 ___RD C:\Users\Public 2013-09-02 19:22 - 2013-09-02 18:54 - 00000000 ____D C:\Windows\erdnt 2013-09-02 19:19 - 2013-09-02 18:56 - 00000000 ____D C:\Users\Media\AppData\Local\Smartbar 2013-09-02 19:15 - 2006-11-02 12:23 - 00000215 _____ C:\Windows\system.ini 2013-09-02 19:14 - 2011-11-05 15:58 - 00045734 _____ C:\Windows\PFRO.log 2013-09-02 19:13 - 2006-11-02 12:22 - 63700992 _____ C:\Windows\system32\config\SOFTWARE.bak 2013-09-02 19:13 - 2006-11-02 12:22 - 47972352 _____ C:\Windows\system32\config\SYSTEM.bak 2013-09-02 19:13 - 2006-11-02 12:22 - 44040192 _____ C:\Windows\system32\config\COMPON~2.bak 2013-09-02 19:13 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak 2013-09-02 19:13 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\SAM.bak 2013-09-02 19:13 - 2006-11-02 12:22 - 00262144 _____ C:\Windows\system32\config\DEFAULT.bak 2013-09-02 19:10 - 2013-09-02 18:54 - 00000000 ____D C:\Program Files\Uniblue 2013-09-02 18:58 - 2013-09-02 18:58 - 00002337 _____ C:\Users\Media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2013-09-02 18:54 - 2013-09-02 18:54 - 00000925 _____ C:\Users\Public\Desktop\SpeedUpMyPC.lnk 2013-09-02 18:54 - 2013-09-02 18:54 - 00000000 ____D C:\Users\Media\AppData\Roaming\Uniblue 2013-09-02 18:53 - 2013-09-02 18:53 - 00000000 ____D C:\Program Files\Tepfel 2013-09-02 18:48 - 2013-09-02 18:48 - 00456240 _____ (Company) C:\Users\Media\Downloads\setup.exe 2013-09-02 15:57 - 2013-09-02 15:54 - 00038502 _____ C:\Users\Media\Downloads\Addition.txt 2013-09-02 15:53 - 2013-09-02 15:53 - 00000000 ____D C:\FRST 2013-09-02 15:40 - 2013-09-02 15:40 - 00000634 _____ C:\Users\Media\Desktop\JRT.txt 2013-09-02 15:29 - 2013-08-26 16:13 - 00000000 ____D C:\AdwCleaner 2013-09-02 13:59 - 2013-09-02 13:59 - 00000000 ____D C:\Windows\ERUNT 2013-09-02 13:58 - 2013-09-02 13:58 - 01028757 _____ (Thisisu) C:\Users\Media\Downloads\JRT.exe 2013-09-02 13:33 - 2013-09-02 13:33 - 01037134 _____ C:\Users\Media\Downloads\adwcleaner (1).exe 2013-09-02 13:20 - 2013-09-02 12:34 - 00000000 ____D C:\Program Files\LyricsSeeker 2013-09-02 13:20 - 2013-06-21 16:00 - 00000000 ____D C:\Program Files\Plus-HD-2.5 2013-09-02 13:20 - 2013-06-21 15:30 - 00000000 ____D C:\Program Files\Mein Gutscheincode 2013-09-02 12:45 - 2013-09-02 12:45 - 00000912 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-02 12:45 - 2013-09-02 12:45 - 00000000 ____D C:\Users\Media\AppData\Roaming\Malwarebytes 2013-09-02 12:45 - 2013-09-02 12:45 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-02 12:45 - 2013-09-02 12:45 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-09-02 12:43 - 2013-09-01 20:08 - 00000000 ____D C:\Users\Media\Documents\Anti-Malware 2013-09-02 12:43 - 2013-09-01 20:08 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware 2013-09-02 12:36 - 2013-09-02 12:36 - 00000000 ____D C:\Users\Media\AppData\Local\avgchrome 2013-09-01 23:02 - 2013-09-01 22:27 - 00000370 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_Media.job 2013-09-01 23:02 - 2013-09-01 22:27 - 00000366 _____ C:\Windows\Tasks\ReclaimerUpdateXML_Media.job 2013-09-01 22:43 - 2013-09-01 22:43 - 00012805 _____ C:\Users\Media\Downloads\AdwCleaner[S1].txt 2013-09-01 22:26 - 2013-09-01 22:26 - 00000674 _____ C:\EamClean.log 2013-09-01 20:06 - 2013-09-01 20:02 - 196326528 _____ (Emsisoft GmbH ) C:\Users\Media\Downloads\EmsisoftAntiMalwareSetup.exe 2013-09-01 19:57 - 2013-09-01 19:53 - 00000000 ____D C:\Program Files\a-squared Free 2013-09-01 19:53 - 2013-09-01 19:53 - 00000794 _____ C:\Users\Media\Desktop\a-squared Free.lnk 2013-09-01 19:53 - 2013-09-01 19:53 - 00000776 _____ C:\Users\Public\Desktop\a-squared Free.lnk 2013-09-01 19:53 - 2013-09-01 19:53 - 00000000 ____D C:\Users\Media\Documents\a-squared Free 2013-09-01 19:46 - 2013-09-01 19:44 - 83704128 _____ (Emsi Software GmbH ) C:\Users\Media\Downloads\a2FreeSetup27.exe 2013-09-01 18:49 - 2013-08-24 19:27 - 00001977 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-09-01 18:25 - 2008-01-21 09:16 - 01568464 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-29 19:32 - 2013-07-16 10:24 - 00000000 ____D C:\GWGAESTEK 2013-08-26 16:13 - 2013-08-26 16:13 - 00994642 _____ C:\Users\Media\Downloads\adwcleaner3001(1).exe 2013-08-26 16:10 - 2013-08-26 16:10 - 00994642 _____ C:\Users\Media\Downloads\adwcleaner3001.exe 2013-08-26 15:56 - 2013-08-26 15:56 - 00994642 _____ C:\Users\Media\Downloads\adwcleaner.exe 2013-08-26 15:44 - 2013-08-26 15:44 - 00000852 _____ C:\Users\Media\Desktop\Mozilla Firefox.lnk 2013-08-26 15:42 - 2013-08-26 15:42 - 00000852 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-08-26 15:42 - 2013-08-26 15:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-08-26 15:42 - 2013-08-26 15:41 - 22240760 _____ (Mozilla) C:\Users\Media\Downloads\Firefox_Setup_23.0.1 (1).exe 2013-08-26 15:42 - 2009-03-16 21:01 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-26 15:41 - 2013-08-26 15:41 - 22240760 _____ (Mozilla) C:\Users\Media\Downloads\Firefox_Setup_23.0.1.exe 2013-08-24 19:27 - 2009-01-13 19:21 - 00000000 ____D C:\Program Files\Google 2013-08-24 19:18 - 2013-08-24 19:18 - 00000000 ____D C:\ProgramData\Mozilla 2013-08-24 19:10 - 2009-01-13 19:22 - 00000000 ____D C:\Users\Media\AppData\Local\Google 2013-08-23 10:45 - 2012-04-23 12:40 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2013-08-23 10:45 - 2011-05-19 16:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-08-18 12:58 - 2013-08-18 12:58 - 00048128 _____ C:\Users\Media\Downloads\halbjahr-kalender-2013-2014-hochformat.xls 2013-08-16 10:19 - 2009-03-02 19:43 - 00000974 _____ C:\Windows\Tasks\Google Software Updater.job 2013-08-16 09:46 - 2008-11-20 18:12 - 00000000 ____D C:\Program Files\Common Files\Adobe 2013-08-16 09:43 - 2013-08-16 09:43 - 01643788 _____ C:\Users\Media\Downloads\Flyer Titel.xps 2013-08-16 09:43 - 2013-08-16 09:43 - 01643788 _____ C:\Users\Media\Downloads\Flyer Titel (1).xps 2013-08-16 09:35 - 2013-08-16 09:35 - 00001930 _____ C:\Users\Public\Desktop\Acrobat Distiller 6.0.lnk 2013-08-16 09:35 - 2013-08-16 09:35 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF 6.0 2013-08-16 09:34 - 2008-11-20 18:12 - 00000000 ____D C:\Program Files\Adobe 2013-08-16 08:49 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache 2013-08-16 08:49 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-08-16 08:29 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\system32\de-DE 2013-08-15 23:13 - 2013-08-15 23:10 - 00000000 ____D C:\Windows\system32\MRT 2013-08-15 23:10 - 2006-11-02 12:24 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2013-08-15 23:08 - 2009-01-31 18:17 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-08 15:40 - 2008-11-20 18:12 - 00000000 ____D C:\ProgramData\Adobe 2013-08-08 15:37 - 2009-01-13 19:26 - 00000000 ____D C:\Users\Media\AppData\Roaming\Adobe 2013-08-07 15:44 - 2011-11-20 12:00 - 00002079 _____ C:\Users\Public\Desktop\Google Earth.lnk 2013-08-07 04:22 - 2009-10-16 18:42 - 00238872 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe Files to move or delete: ==================== C:\Users\Media\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-03 12:52 ==================== End Of Log ============================