System Care Antivirus

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-08-2013
Ran by SYSTEM on 26-08-2013 10:27:05
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b]

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610872 2009-08-25] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-11-13] (Sun Microsystems, Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2023936 2009-08-03] (Eastman Kodak Company)
HKLM\...\Run: [Ocs_SM] - C:\Users\Martha\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2012-12-23] (OCS)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$a5b1b08ee35e07cc92b886d33d89d186\n. ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPCam_Menu] - c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [x]
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2023936 2009-08-03] (Eastman Kodak Company)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKU\Gast\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\Gast\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-19] (Google Inc.)
HKU\Martha\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\Martha\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\Martha\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-19] (Google Inc.)
HKU\Martha\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\Martha\...\Run: [Spotify] - C:\Users\Martha\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-07-05] (Spotify Ltd)
HKU\Martha\...\Run: [Spotify Web Helper] - C:\Users\Martha\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-05] (Spotify Ltd)
HKU\Martha\...\Policies\system: [DisableLockWorkstation] 0
HKU\Martha\...\Policies\system: [DisableChangePassword] 0
HKU\Martha\...\Winlogon: [Shell] explorer.exe, "C:\Users\Martha\AppData\Roaming\Microsoft\Windows\msshell.exe" <==== ATTENTION 
AppInit_DLLs-x32: c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll  [2162280 2012-12-14] ()
Startup: C:\Users\Martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Martha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.5.1005.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2469992 2012-12-14] ()
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
S2 SearchAnonymizer; C:\Users\Martha\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2012-12-23] ()
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-28] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-28] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
S4 eabfiltr; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-26 10:26 - 2013-08-26 10:26 - 00000000 ____D C:\FRST
2013-08-16 10:56 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-16 10:56 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-16 10:56 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-16 10:56 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-16 10:56 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-16 10:56 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-16 10:56 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-16 10:56 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 11:28 - 2013-08-15 11:28 - 00001161 _____ C:\Users\Gast\Desktop\Fixlist.txt
2013-08-15 11:28 - 2013-08-15 11:28 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Avira
2013-08-15 11:24 - 2013-08-15 11:27 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Google
2013-08-15 11:24 - 2013-08-15 11:25 - 00000000 ____D C:\Users\Gast\AppData\Local\Google
2013-08-15 11:24 - 2013-08-15 11:24 - 00090480 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-15 11:24 - 2013-08-15 11:24 - 00000000 ____D C:\Users\Gast\AppData\Roaming\ATI
2013-08-15 11:24 - 2013-08-15 11:24 - 00000000 ____D C:\Users\Gast\AppData\Local\ATI
2013-08-15 11:23 - 2013-08-15 11:23 - 00000000 ____D C:\Users\Gast\Documents\Audible
2013-08-15 11:23 - 2013-08-15 11:23 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia
2013-08-15 11:23 - 2013-08-15 11:23 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Apple Computer
2013-08-15 11:23 - 2013-08-15 11:23 - 00000000 _____ C:\Users\Gast\AppData\Local\QSwitch.txt
2013-08-15 11:23 - 2013-08-15 11:23 - 00000000 _____ C:\Users\Gast\AppData\Local\DSwitch.txt
2013-08-15 11:23 - 2013-08-15 11:23 - 00000000 _____ C:\Users\Gast\AppData\Local\AtStart.txt
2013-08-15 11:22 - 2013-08-15 11:22 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-08-15 11:21 - 2013-08-15 11:21 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-08-15 11:20 - 2013-08-15 11:22 - 00000000 ____D C:\users\Gast
2013-08-15 11:20 - 2013-08-15 11:20 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-08-15 11:20 - 2010-05-24 11:03 - 00000000 ____D C:\Users\Gast\AppData\Local\Microsoft Help
2013-08-15 11:10 - 2013-08-15 11:10 - 00714352 _____ C:\Users\Martha\Desktop\FRST.exe
2013-08-15 10:36 - 2013-08-15 10:36 - 00002048 _____ C:\Users\Martha\Desktop\System Care Antivirus.lnk
2013-08-15 07:38 - 2013-08-17 02:11 - 00000000 ____D C:\ProgramData\5A4A0A28F819CAA700005A49AFE7D332
2013-08-14 23:54 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-14 23:54 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 23:53 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-14 23:53 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-14 23:53 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-14 23:53 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-14 23:53 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-14 23:53 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-14 23:53 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-14 23:53 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 23:53 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 23:53 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 23:53 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 23:53 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 23:53 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 23:53 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-14 23:53 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 23:52 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-14 23:52 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-14 23:52 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-14 23:52 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-14 23:52 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-14 23:52 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-14 23:52 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-14 23:52 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-14 23:52 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 23:52 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 23:52 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 23:52 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 23:52 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 23:52 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 23:52 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 23:52 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 23:44 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 23:44 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 23:44 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-14 23:44 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-08-26 10:26 - 2013-08-26 10:26 - 00000000 ____D C:\FRST
2013-08-23 13:06 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-23 13:06 - 2009-07-13 20:51 - 00216708 _____ C:\Windows\setupact.log
2013-08-17 02:14 - 2010-05-19 12:29 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-17 02:11 - 2013-08-15 07:38 - 00000000 ____D C:\ProgramData\5A4A0A28F819CAA700005A49AFE7D332
2013-08-17 02:11 - 2009-12-14 16:23 - 01357190 _____ C:\Windows\WindowsUpdate.log
2013-08-17 02:11 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-17 02:11 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-17 02:10 - 2013-06-30 07:52 - 00000000 ____D C:\Users\Martha\AppData\Roaming\Spotify
2013-08-17 02:09 - 2013-03-17 02:13 - 00000000 ___RD C:\Users\Martha\Dropbox
2013-08-17 02:09 - 2013-03-17 02:10 - 00000000 ____D C:\Users\Martha\AppData\Roaming\Dropbox
2013-08-17 02:09 - 2012-08-10 13:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-17 02:09 - 2011-10-29 05:53 - 00000000 ____D C:\Users\Martha\Tracing
2013-08-16 11:00 - 2009-11-13 15:29 - 00654400 _____ C:\Windows\System32\perfh007.dat
2013-08-16 11:00 - 2009-11-13 15:29 - 00130240 _____ C:\Windows\System32\perfc007.dat
2013-08-16 11:00 - 2009-07-13 21:13 - 01498742 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-15 15:20 - 2010-05-19 12:29 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-15 11:28 - 2013-08-15 11:28 - 00001161 _____ C:\Users\Gast\Desktop\Fixlist.txt
2013-08-15 11:28 - 2013-08-15 11:28 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Avira
2013-08-15 11:27 - 2013-08-15 11:24 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Google
2013-08-15 11:25 - 2013-08-15 11:24 - 00000000 ____D C:\Users\Gast\AppData\Local\Google
2013-08-15 11:24 - 2013-08-15 11:24 - 00090480 _____ C:\Users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-15 11:24 - 2013-08-15 11:24 - 00000000 ____D C:\Users\Gast\AppData\Roaming\ATI
2013-08-15 11:24 - 2013-08-15 11:24 - 00000000 ____D C:\Users\Gast\AppData\Local\ATI
2013-08-15 11:23 - 2013-08-15 11:23 - 00000000 ____D C:\Users\Gast\Documents\Audible
2013-08-15 11:23 - 2013-08-15 11:23 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Macromedia
2013-08-15 11:23 - 2013-08-15 11:23 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Apple Computer
2013-08-15 11:23 - 2013-08-15 11:23 - 00000000 _____ C:\Users\Gast\AppData\Local\QSwitch.txt
2013-08-15 11:23 - 2013-08-15 11:23 - 00000000 _____ C:\Users\Gast\AppData\Local\DSwitch.txt
2013-08-15 11:23 - 2013-08-15 11:23 - 00000000 _____ C:\Users\Gast\AppData\Local\AtStart.txt
2013-08-15 11:22 - 2013-08-15 11:22 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Adobe
2013-08-15 11:22 - 2013-08-15 11:20 - 00000000 ____D C:\users\Gast
2013-08-15 11:21 - 2013-08-15 11:21 - 00000000 ____D C:\Users\Gast\AppData\Local\VirtualStore
2013-08-15 11:20 - 2013-08-15 11:20 - 00000020 ___SH C:\Users\Gast\ntuser.ini
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Vorlagen
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Startmenü
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Netzwerkumgebung
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Lokale Einstellungen
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Eigene Dateien
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Druckumgebung
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Musik
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Documents\Eigene Bilder
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Verlauf
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\AppData\Local\Anwendungsdaten
2013-08-15 11:20 - 2013-08-15 11:20 - 00000000 _SHDL C:\Users\Gast\Anwendungsdaten
2013-08-15 11:10 - 2013-08-15 11:10 - 00714352 _____ C:\Users\Martha\Desktop\FRST.exe
2013-08-15 10:36 - 2013-08-15 10:36 - 00002048 _____ C:\Users\Martha\Desktop\System Care Antivirus.lnk
2013-08-14 23:51 - 2009-11-13 07:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-14 15:44 - 2009-07-13 18:34 - 00000499 _____ C:\Windows\win.ini
2013-08-13 03:55 - 2013-06-30 07:52 - 00000000 ____D C:\Users\Martha\AppData\Local\Spotify
2013-08-10 11:45 - 2010-05-18 04:51 - 00000000 ____D C:\Users\Martha\AppData\Roaming\Skype
2013-08-10 11:41 - 2010-05-18 04:51 - 00000000 ____D C:\ProgramData\Skype
2013-08-09 09:50 - 2011-10-28 07:04 - 00000000 _____ C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-08-09 09:50 - 2010-05-20 09:13 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-09 03:59 - 2010-05-18 03:21 - 00000000 ____D C:\users\Martha
2013-08-04 08:24 - 2011-02-14 10:44 - 00404480 ___SH C:\Users\Martha\Documents\Thumbs.db
2013-08-03 23:59 - 2009-12-14 16:26 - 00373890 _____ C:\Windows\PFRO.log

ZeroAccess:
C:\Windows\Installer\{a5b1b08e-e35e-07cc-92b8-86d33d89d186}
C:\Windows\Installer\{a5b1b08e-e35e-07cc-92b8-86d33d89d186}\@
C:\Windows\Installer\{a5b1b08e-e35e-07cc-92b8-86d33d89d186}\U\00000001.@
C:\Windows\Installer\{a5b1b08e-e35e-07cc-92b8-86d33d89d186}\U\80000000.@
C:\Windows\Installer\{a5b1b08e-e35e-07cc-92b8-86d33d89d186}\U\800000cb.@

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-61307413-3815528119-1459799623-1000\$a5b1b08ee35e07cc92b886d33d89d186

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$a5b1b08ee35e07cc92b886d33d89d186

ZeroAccess:
C:\Users\Martha\AppData\Local\{a5b1b08e-e35e-07cc-92b8-86d33d89d186}
C:\Users\Martha\AppData\Local\{a5b1b08e-e35e-07cc-92b8-86d33d89d186}\@

Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Users\Martha\5503949.dll
C:\Users\Martha\taskmgr.exe
C:\Users\Martha\AppData\Local\Temp\7r6r6udw.dll
C:\Users\Martha\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Martha\AppData\Local\Temp\contentDATs.exe
C:\Users\Martha\AppData\Local\Temp\DSSExp.exe
C:\Users\Martha\AppData\Local\Temp\Extract.exe
C:\Users\Martha\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Martha\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Martha\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Martha\AppData\Local\Temp\Resource.exe
C:\Users\Martha\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Martha\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Martha\AppData\Local\Temp\SP48488.exe
C:\Users\Martha\AppData\Local\Temp\sp54620.exe
C:\Users\Martha\AppData\Local\Temp\sp58915.exe
C:\Users\Martha\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Martha\AppData\Local\Temp\{2ECA3C16-FDCF-4CAB-9779-0502684965E7}\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\InstallHelper.dll
C:\Users\Martha\AppData\Local\Temp\{2D69EF53-9166-47BD-86BE-48DF00E24A5C}\ICQ7.exe
C:\Users\Martha\AppData\Local\Temp\{10822F7E-B57A-414F-8825-3403C4F283F6}\ISBEW64.exe
C:\Users\Martha\AppData\Local\Temp\x86\HPWarrantyIDDll.dll
C:\Users\Martha\AppData\Local\Temp\x64\HPWarrantyIDDll.dll
C:\Users\Martha\AppData\Local\Temp\Temporary Internet Files\Content.IE5\XPUOBT0W\2[1].exe
C:\Users\Martha\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OZL81ETB\g[1].exe
C:\Users\Martha\AppData\Local\Temp\RarSFX0\avmres.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\avwebloader.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\avwebloader.exe
C:\Users\Martha\AppData\Local\Temp\RarSFX0\avwebloadergui.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\msvcp100.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\msvcr100.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcimage.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_de.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_en.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_es.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_fr.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_it.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_jp.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_ko.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_nl.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_pt.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_ru.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_tr.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_zhcn.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_zhtw.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\scewxmlw.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\update.dll
C:\Users\Martha\AppData\Local\Temp\OCS\ICSharpCode.SharpZipLib.dll
C:\Users\Martha\AppData\Local\Temp\OCS\ocs_v6r.exe
C:\Users\Martha\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\c4d410f80408ec7b7223bdca2c6ead32\speedupmypc.exe
C:\Users\Martha\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\a3c2caa9cc4cdb568568c06b47f7fb36\SearchAnonymizerStarter.exe
C:\Users\Martha\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\9c01e5d71e442bf564f271e62b1d5357\AmazonIconInstaller.exe
C:\Users\Martha\AppData\Local\Temp\nsv3C87.tmp\DropboxNSISTools.dll
C:\Users\Martha\AppData\Local\Temp\nsv3C87.tmp\UAC.dll
C:\Users\Martha\AppData\Local\Temp\nsq7234.tmp\DropboxNSISTools.dll
C:\Users\Martha\AppData\Local\Temp\nsq7234.tmp\UAC.dll
C:\Users\Martha\AppData\Local\Temp\nsbE57.tmp\DropboxNSISTools.dll
C:\Users\Martha\AppData\Local\Temp\nsbE57.tmp\UAC.dll
C:\Users\Martha\AppData\Local\Temp\nsaF2C8.tmp\DropboxNSISTools.dll
C:\Users\Martha\AppData\Local\Temp\nsaF2C8.tmp\UAC.dll
C:\Users\Martha\AppData\Local\Temp\mtcmn\sqlite3.dll
C:\Users\Martha\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
C:\Users\Martha\AppData\Local\Temp\Ceement\src\setup.exe
C:\Users\Martha\AppData\Local\Temp\25CB.dir\InstallFlashPlayer.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-11 13:37:52
Restore point made on: 2013-07-11 23:03:43
Restore point made on: 2013-07-12 13:52:27
Restore point made on: 2013-07-13 00:58:58
Restore point made on: 2013-08-04 00:10:46
Restore point made on: 2013-08-11 09:00:30
Restore point made on: 2013-08-14 15:43:47
Restore point made on: 2013-08-14 23:47:58
Restore point made on: 2013-08-15 15:22:35
Restore point made on: 2013-08-16 11:02:20

==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 4092.2 MB
Available physical RAM: 3366.47 MB
Total Pagefile: 4090.35 MB
Available Pagefile: 3354.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:451.79 GB) (Free:336.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:13.68 GB) (Free:2.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive h: () (Removable) (Total:3.85 GB) (Free:3.85 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 726396AC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=452 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-08-05 01:44

==================== End Of Log ============================

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$a5b1b08ee35e07cc92b886d33d89d186\n. ATTENTION! ====> ZeroAccess?
HKU\Martha\...\Winlogon: [Shell] explorer.exe, "C:\Users\Martha\AppData\Roaming\Microsoft\Windows\msshell.exe" <==== ATTENTION 
AppInit_DLLs-x32: c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll  [2162280 2012-12-14] ()
C:\Users\Martha\AppData\Roaming\Microsoft\Windows
2013-08-15 10:36 - 2013-08-15 10:36 - 00002048 _____ C:\Users\Martha\Desktop\System Care Antivirus.lnk
2013-08-15 07:38 - 2013-08-17 02:11 - 00000000 ____D C:\ProgramData\5A4A0A28F819CAA700005A49AFE7D332
ZeroAccess:
C:\Windows\Installer\{a5b1b08e-e35e-07cc-92b8-86d33d89d186}
C:\Windows\Installer\{a5b1b08e-e35e-07cc-92b8-86d33d89d186}\@
C:\Windows\Installer\{a5b1b08e-e35e-07cc-92b8-86d33d89d186}\U\00000001.@
C:\Windows\Installer\{a5b1b08e-e35e-07cc-92b8-86d33d89d186}\U\80000000.@
C:\Windows\Installer\{a5b1b08e-e35e-07cc-92b8-86d33d89d186}\U\800000cb.@

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-61307413-3815528119-1459799623-1000\$a5b1b08ee35e07cc92b886d33d89d186

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$a5b1b08ee35e07cc92b886d33d89d186

ZeroAccess:
C:\Users\Martha\AppData\Local\{a5b1b08e-e35e-07cc-92b8-86d33d89d186}
C:\Users\Martha\AppData\Local\{a5b1b08e-e35e-07cc-92b8-86d33d89d186}\@
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\Users\Martha\5503949.dll
C:\Users\Martha\taskmgr.exe
C:\Users\Martha\AppData\Local\Temp\7r6r6udw.dll
C:\Users\Martha\AppData\Local\Temp\BearShare_setup.exe
C:\Users\Martha\AppData\Local\Temp\contentDATs.exe
C:\Users\Martha\AppData\Local\Temp\DSSExp.exe
C:\Users\Martha\AppData\Local\Temp\Extract.exe
C:\Users\Martha\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Martha\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Martha\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Martha\AppData\Local\Temp\Resource.exe
C:\Users\Martha\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Martha\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Martha\AppData\Local\Temp\SP48488.exe
C:\Users\Martha\AppData\Local\Temp\sp54620.exe
C:\Users\Martha\AppData\Local\Temp\sp58915.exe
C:\Users\Martha\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Martha\AppData\Local\Temp\{2ECA3C16-FDCF-4CAB-9779-0502684965E7}\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\InstallHelper.dll
C:\Users\Martha\AppData\Local\Temp\{2D69EF53-9166-47BD-86BE-48DF00E24A5C}\ICQ7.exe
C:\Users\Martha\AppData\Local\Temp\{10822F7E-B57A-414F-8825-3403C4F283F6}\ISBEW64.exe
C:\Users\Martha\AppData\Local\Temp\x86\HPWarrantyIDDll.dll
C:\Users\Martha\AppData\Local\Temp\x64\HPWarrantyIDDll.dll
C:\Users\Martha\AppData\Local\Temp\Temporary Internet Files\Content.IE5\XPUOBT0W\2[1].exe
C:\Users\Martha\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OZL81ETB\g[1].exe
C:\Users\Martha\AppData\Local\Temp\RarSFX0\avmres.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\avwebloader.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\avwebloader.exe
C:\Users\Martha\AppData\Local\Temp\RarSFX0\avwebloadergui.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\msvcp100.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\msvcr100.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcimage.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_de.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_en.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_es.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_fr.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_it.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_jp.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_ko.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_nl.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_pt.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_ru.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_tr.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_zhcn.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\rcnwload_zhtw.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\scewxmlw.dll
C:\Users\Martha\AppData\Local\Temp\RarSFX0\update.dll
C:\Users\Martha\AppData\Local\Temp\OCS\ICSharpCode.SharpZipLib.dll
C:\Users\Martha\AppData\Local\Temp\OCS\ocs_v6r.exe
C:\Users\Martha\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\c4d410f80408ec7b7223bdca2c6ead32\speedupmypc.exe
C:\Users\Martha\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\a3c2caa9cc4cdb568568c06b47f7fb36\SearchAnonymizerStarter.exe
C:\Users\Martha\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\9c01e5d71e442bf564f271e62b1d5357\AmazonIconInstaller.exe
C:\Users\Martha\AppData\Local\Temp\nsv3C87.tmp\DropboxNSISTools.dll
C:\Users\Martha\AppData\Local\Temp\nsv3C87.tmp\UAC.dll
C:\Users\Martha\AppData\Local\Temp\nsq7234.tmp\DropboxNSISTools.dll
C:\Users\Martha\AppData\Local\Temp\nsq7234.tmp\UAC.dll
C:\Users\Martha\AppData\Local\Temp\nsbE57.tmp\DropboxNSISTools.dll
C:\Users\Martha\AppData\Local\Temp\nsbE57.tmp\UAC.dll
C:\Users\Martha\AppData\Local\Temp\nsaF2C8.tmp\DropboxNSISTools.dll
C:\Users\Martha\AppData\Local\Temp\nsaF2C8.tmp\UAC.dll
C:\Users\Martha\AppData\Local\Temp\mtcmn\sqlite3.dll
C:\Users\Martha\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
C:\Users\Martha\AppData\Local\Temp\Ceement\src\setup.exe
C:\Users\Martha\AppData\Local\Temp\25CB.dir\InstallFlashPlayer.exe