| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Entfernen von wssetup.exe von PerionWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.06.2013, 06:04
| #16 |
 |  Entfernen von wssetup.exe von Perion Fertig gescannt. Schritt 1 Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.19.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Micha :: MICHA-PC [Administrator] Schutz: Aktiviert 19.06.2013 17:15:14 mbam-log-2013-06-19 (17-15-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 354785 Laufzeit: 8 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Micha\Downloads\Zipper.exe (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Schritt 2 Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4bd443472276d04abeab2091addbcc94
# engine=14113
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-19 09:06:54
# local_time=2013-06-19 11:06:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1044 16777213 100 88 8448 58813598 0 0
# compatibility_mode=5893 16776574 100 94 2557873 123305864 0 0
# scanned=156364
# found=0
# cleaned=0
# scan_time=2142
Schritt 3 Code:
ATTFilter Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` AVG AntiVirus 2013 Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Reader XI Google Chrome 22.0.1229.95 Google Chrome 27.0.1453.110 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Ich denke, dass mein System jetzt frei von Schädlingen aller Art ist, vielen Dank dafür!  Aber mein System hat wohl das scannen und cleanen nicht ohne Schatten überstanden.  Das Systemfenster für den Adobe Flash Player habe ich immer noch, bei jedem Computer Start. Und bei einigen Programmen, nicht nur dem aol-Browser. Deinstallieren und neu installieren hatte, wie gesagt, keinen Effekt. Das Fenster kommt auch, wenn der Flash Player deinstalliert ist. Für Hilfe in diesem Fall wäre ich auch sehr dankbar. Oder gibt es hier auf dem Board eine spezielle Abteilung dafür? Oder generell eine Anlaufstelle? Servus Meder |
|
20.06.2013, 08:24
| #17 |
| /// TB-Ausbilder  | Entfernen von wssetup.exe von Perion Ich vermute stark, dass es an der AOL Software liegt, brauchst du diese denn unbedingt?
__________________
__________________ |
|
20.06.2013, 08:56
| #18 |
| | Entfernen von wssetup.exe von Perion Die aol-software läuft aber nicht automatisch. Wenn ich den Computer starte, dann ist die aol software nicht aktiv und sitzt auch nicht irgendwie im autostart. Und auch dann kommt das Fenster mit dem Flash Player.
__________________Auch andere Programme ziehen das Fenster hoch, z.B. starte ich ein mmorpg (in dem Fall Allods), geht zeitgleich das Fenster auf, für den adobe Flash Player. Ich denke nicht, dass das Entfernen der aol Software das Problem löst. Ich brauch sie nicht, aber meine Frau würde ungern darauf verzichten. Servus Meder |
|
20.06.2013, 09:25
| #19 |
| /// TB-Ausbilder | Entfernen von wssetup.exe von Perion Ich will mir das nochmal anders ansehen: Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.06.2013, 16:48
| #20 |
| | Entfernen von wssetup.exe von Perion Ahh, gottseidank geht´s weiter (irgendwie) Vielen Dank fürs dranbleiben. Hier die Dateien: FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2013
Ran by Micha (administrator) on 20-06-2013 17:43:23
Running from C:\Users\Micha\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(AOL, LLC.) C:\Program Files (x86)\AOL 9.0 VR\waol.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1354041708\ee\aolsoftware.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AOL, LLC.) C:\Program Files (x86)\AOL 9.0 VR\shellmon.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1354041708\ee\aolupdates.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6463592 2012-02-03] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [2991856 2013-02-21] (Logitech, Inc.)
HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415816 2010-06-11] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2413128 2010-06-11] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4725320 2010-06-11] (Logitech Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [AOL Fast Start] "C:\Program Files (x86)\AOL 9.0 VR\AOL.EXE" -b [50480 2007-06-21] (AOL, LLC.)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263512 2012-11-01] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1354041708\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
DPF: HKLM-x32 {1B00725B-C455-4DE6-BFB6-AD540AD427CD} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Extension: (YouTube) - C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Logitech SetPoint) - C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR Extension: (Gmail) - C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MSICDSetup; \??\D:\CDriver64.sys [x]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-20 17:43 - 2013-06-20 17:43 - 00000000 ____D C:\FRST
2013-06-20 17:42 - 2013-06-20 17:42 - 01929572 ____A (Farbar) C:\Users\Micha\Downloads\FRST64.exe
2013-06-20 16:26 - 2013-06-20 17:39 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Systweak
2013-06-20 16:26 - 2013-01-29 18:17 - 00020336 ____A (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot64.exe
2013-06-20 16:25 - 2013-06-20 16:25 - 04328856 ____A (Systweak Inc ) C:\Users\Micha\Downloads\rcpsetup_25752.exe
2013-06-20 05:01 - 2013-06-20 05:01 - 00890839 ____A C:\Users\Micha\Downloads\SecurityCheck.exe
2013-06-19 22:26 - 2013-06-19 22:26 - 02347384 ____A (ESET) C:\Users\Micha\Downloads\esetsmartinstaller_enu.exe
2013-06-19 17:13 - 2013-06-19 17:13 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Malwarebytes
2013-06-19 17:11 - 2013-06-19 17:11 - 00001109 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-19 17:11 - 2013-06-19 17:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-19 17:11 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-19 17:09 - 2013-06-19 17:10 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Micha\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-19 08:51 - 2013-06-19 08:51 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-06-19 08:51 - 2013-06-19 08:51 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-06-18 17:56 - 2013-06-18 17:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-18 17:56 - 2013-06-18 17:56 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-18 17:53 - 2013-06-18 17:53 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-06-18 17:52 - 2013-06-18 17:52 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Micha\Downloads\Shockwave_Installer_Slim.exe
2013-06-18 17:47 - 2013-06-18 17:47 - 00001327 ____A C:\AdwCleaner[S4].txt
2013-06-18 17:46 - 2013-06-18 17:46 - 00001264 ____A C:\AdwCleaner[R1].txt
2013-06-17 18:07 - 2013-06-20 17:38 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-17 18:07 - 2013-06-20 17:17 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-17 18:07 - 2013-06-17 18:18 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-17 18:07 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-16 23:25 - 2013-06-16 23:25 - 00000000 ____D C:\Users\Micha\Downloads\TargetsManager
2013-06-16 23:24 - 2013-06-16 23:24 - 00000000 ____D C:\Users\Micha\Downloads\AlchemyPRO
2013-06-16 12:13 - 2013-06-16 12:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-16 12:12 - 2013-06-16 12:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-16 12:05 - 2013-06-16 12:05 - 13169742 ____A C:\Users\Micha\Documents\mbar-1.06.0.1003.zip
2013-06-16 12:02 - 2013-06-16 12:02 - 00000000 ____D C:\Users\Micha\mbar-1.06.0.1003
2013-06-16 03:00 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 03:00 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 03:00 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 03:00 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 03:00 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 03:00 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 03:00 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 03:00 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 03:00 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 03:00 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 03:00 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 03:00 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 21:08 - 2013-06-14 21:08 - 00032859 ____A C:\ComboFix.txt
2013-06-14 21:04 - 2013-06-14 21:08 - 00000000 ____D C:\Qoobox
2013-06-14 21:04 - 2013-06-14 21:08 - 00000000 ____D C:\ComboFix
2013-06-14 21:04 - 2013-06-14 21:07 - 00000000 ____D C:\Windows\erdnt
2013-06-14 21:04 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-14 21:04 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-14 21:04 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-14 21:04 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-14 21:04 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-14 21:04 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-14 21:04 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-14 21:04 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-14 21:02 - 2013-06-14 21:02 - 05080197 ____R (Swearware) C:\Users\Micha\Downloads\ComboFix.exe
2013-06-14 15:48 - 2013-06-14 15:48 - 00700783 ____R (Swearware) C:\Users\Micha\Downloads\dds+.exe
2013-06-12 23:04 - 2013-06-12 23:04 - 00000938 ____A C:\AdwCleaner[S3].txt
2013-06-12 23:00 - 2013-06-12 23:00 - 00010727 ____A C:\AdwCleaner[S2].txt
2013-06-12 22:59 - 2013-06-12 23:00 - 00000144 ____A C:\Windows\DeleteOnReboot.bat
2013-06-12 22:59 - 2013-06-12 22:59 - 00000367 ____A C:\AdwCleaner[S1].txt
2013-06-12 22:58 - 2013-06-12 22:58 - 00648201 ____A C:\Users\Micha\Downloads\adwcleaner.exe
2013-06-12 22:53 - 2013-06-12 22:53 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-12 22:39 - 2013-06-12 22:42 - 00000000 ____D C:\Users\Micha\AppData\Local\Downloaded Installations
2013-06-12 22:38 - 2013-06-12 22:38 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-12 22:38 - 2013-06-12 22:38 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-12 22:38 - 2013-06-12 22:38 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Zip Opener Packages
2013-06-12 22:38 - 2013-06-12 22:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-12 22:38 - 2013-06-12 22:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-12 22:38 - 2013-06-12 22:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-06-12 22:37 - 2013-06-17 18:07 - 00000000 ____D C:\Users\Micha\AppData\Local\Google
2013-06-12 22:36 - 2013-06-12 22:36 - 00793536 ____A C:\Users\Micha\Downloads\ZipOpenerSetup.exe
2013-06-12 19:49 - 2013-06-12 19:59 - 00053378 ____A C:\Users\Micha\Downloads\Extras.Txt
2013-06-12 19:49 - 2013-06-12 19:58 - 00066504 ____A C:\Users\Micha\Downloads\OTL.Txt
2013-06-12 19:40 - 2013-06-12 19:40 - 00602112 ____A (OldTimer Tools) C:\Users\Micha\Downloads\OTL.exe
2013-06-12 05:45 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 05:45 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 05:45 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 05:45 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 05:45 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 05:45 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 05:45 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 05:45 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 05:45 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 05:45 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 05:45 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 05:45 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 05:45 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 05:45 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 05:45 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 05:45 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 05:45 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 05:45 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 05:45 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 04:46 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 04:46 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 04:46 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 04:46 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 04:46 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 04:46 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 04:46 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 04:46 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 04:46 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 04:46 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 04:46 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 04:46 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 04:46 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 04:46 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 04:46 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 04:46 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 04:46 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 04:46 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 04:46 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-10 19:07 - 2013-06-10 19:07 - 00000000 ____D C:\Users\Micha\Downloads\AstralInfo-r27.2
2013-06-10 18:49 - 2013-06-10 18:50 - 00000000 ____D C:\Users\Micha\Downloads\Jun_2013
2013-06-10 18:48 - 2013-06-10 18:48 - 00000000 ____D C:\Users\Micha\Downloads\EnchantedAM
2013-06-10 18:48 - 2013-06-10 18:48 - 00000000 ____D C:\Users\Micha\Downloads\BuildManager
2013-06-10 18:41 - 2013-06-10 18:41 - 00000000 ____D C:\Users\Micha\Downloads\alt
2013-06-10 16:59 - 2013-06-10 18:44 - 00074180 ____A C:\Users\Micha\Downloads\PreciousStone (3).pak
2013-06-06 05:07 - 2013-06-06 05:07 - 00000000 ____D C:\Users\Micha\gPotato.eu
2013-05-27 11:49 - 2013-05-27 11:49 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-05-22 00:16 - 2013-05-22 00:16 - 00000000 ____D C:\Users\Micha\AppData\Roaming\AVG2013
2013-05-22 00:15 - 2013-06-20 09:59 - 00000981 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-05-22 00:15 - 2013-05-22 00:15 - 00000000 ___HD C:\$AVG
2013-05-22 00:15 - 2013-05-22 00:15 - 00000000 ____D C:\ProgramData\AVG2013
2013-05-22 00:15 - 2013-05-22 00:15 - 00000000 ____D C:\Program Files (x86)\AVG
2013-05-22 00:12 - 2013-06-20 16:45 - 00000000 ____D C:\ProgramData\MFAData
2013-05-22 00:12 - 2013-05-22 00:18 - 00000000 ____D C:\Users\Micha\AppData\Local\Avg2013
2013-05-22 00:12 - 2013-05-22 00:12 - 00000000 ____D C:\Users\Micha\AppData\Local\MFAData
==================== One Month Modified Files and Folders =======
2013-06-20 17:43 - 2013-06-20 17:43 - 00000000 ____D C:\FRST
2013-06-20 17:42 - 2013-06-20 17:42 - 01929572 ____A (Farbar) C:\Users\Micha\Downloads\FRST64.exe
2013-06-20 17:42 - 2012-05-15 06:47 - 00654150 ____A C:\Windows\System32\perfh007.dat
2013-06-20 17:42 - 2012-05-15 06:47 - 00130022 ____A C:\Windows\System32\perfc007.dat
2013-06-20 17:42 - 2009-07-14 07:13 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-20 17:39 - 2013-06-20 16:26 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Systweak
2013-06-20 17:38 - 2013-06-17 18:07 - 00001104 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-20 17:38 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-20 17:38 - 2009-07-14 06:51 - 00090307 ____A C:\Windows\setupact.log
2013-06-20 17:37 - 2012-05-14 20:57 - 01269588 ____A C:\Windows\WindowsUpdate.log
2013-06-20 17:17 - 2013-06-17 18:07 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-20 16:45 - 2013-05-22 00:12 - 00000000 ____D C:\ProgramData\MFAData
2013-06-20 16:28 - 2009-07-14 06:45 - 00025824 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-20 16:28 - 2009-07-14 06:45 - 00025824 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-20 16:25 - 2013-06-20 16:25 - 04328856 ____A (Systweak Inc ) C:\Users\Micha\Downloads\rcpsetup_25752.exe
2013-06-20 09:59 - 2013-05-22 00:15 - 00000981 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-20 07:00 - 2010-11-21 05:47 - 00024688 ____A C:\Windows\PFRO.log
2013-06-20 05:01 - 2013-06-20 05:01 - 00890839 ____A C:\Users\Micha\Downloads\SecurityCheck.exe
2013-06-19 22:26 - 2013-06-19 22:26 - 02347384 ____A (ESET) C:\Users\Micha\Downloads\esetsmartinstaller_enu.exe
2013-06-19 22:07 - 2012-11-27 21:11 - 00000000 ____D C:\Users\Micha\AppData\Roaming\TS3Client
2013-06-19 17:13 - 2013-06-19 17:13 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Malwarebytes
2013-06-19 17:11 - 2013-06-19 17:11 - 00001109 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-19 17:11 - 2013-06-19 17:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-19 17:10 - 2013-06-19 17:09 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Micha\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-19 08:51 - 2013-06-19 08:51 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2013-06-19 08:51 - 2013-06-19 08:51 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2013-06-18 17:56 - 2013-06-18 17:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-18 17:56 - 2013-06-18 17:56 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-18 17:55 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-18 17:53 - 2013-06-18 17:53 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-06-18 17:52 - 2013-06-18 17:52 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Micha\Downloads\Shockwave_Installer_Slim.exe
2013-06-18 17:47 - 2013-06-18 17:47 - 00001327 ____A C:\AdwCleaner[S4].txt
2013-06-18 17:46 - 2013-06-18 17:46 - 00001264 ____A C:\AdwCleaner[R1].txt
2013-06-17 18:18 - 2013-06-17 18:07 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-17 18:07 - 2013-06-17 18:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-17 18:07 - 2013-06-12 22:37 - 00000000 ____D C:\Users\Micha\AppData\Local\Google
2013-06-17 18:05 - 2012-11-28 09:20 - 00000000 ____D C:\Users\Micha\AppData\Local\Adobe
2013-06-16 23:25 - 2013-06-16 23:25 - 00000000 ____D C:\Users\Micha\Downloads\TargetsManager
2013-06-16 23:24 - 2013-06-16 23:24 - 00000000 ____D C:\Users\Micha\Downloads\AlchemyPRO
2013-06-16 12:18 - 2013-06-16 12:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-16 12:12 - 2013-06-16 12:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-16 12:12 - 2012-11-27 19:23 - 00000000 ____D C:\users\Micha
2013-06-16 12:05 - 2013-06-16 12:05 - 13169742 ____A C:\Users\Micha\Documents\mbar-1.06.0.1003.zip
2013-06-16 12:02 - 2013-06-16 12:02 - 00000000 ____D C:\Users\Micha\mbar-1.06.0.1003
2013-06-14 21:08 - 2013-06-14 21:08 - 00032859 ____A C:\ComboFix.txt
2013-06-14 21:08 - 2013-06-14 21:04 - 00000000 ____D C:\Qoobox
2013-06-14 21:08 - 2013-06-14 21:04 - 00000000 ____D C:\ComboFix
2013-06-14 21:07 - 2013-06-14 21:04 - 00000000 ____D C:\Windows\erdnt
2013-06-14 21:07 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-14 21:02 - 2013-06-14 21:02 - 05080197 ____R (Swearware) C:\Users\Micha\Downloads\ComboFix.exe
2013-06-14 15:48 - 2013-06-14 15:48 - 00700783 ____R (Swearware) C:\Users\Micha\Downloads\dds+.exe
2013-06-12 23:04 - 2013-06-12 23:04 - 00000938 ____A C:\AdwCleaner[S3].txt
2013-06-12 23:00 - 2013-06-12 23:00 - 00010727 ____A C:\AdwCleaner[S2].txt
2013-06-12 23:00 - 2013-06-12 22:59 - 00000144 ____A C:\Windows\DeleteOnReboot.bat
2013-06-12 22:59 - 2013-06-12 22:59 - 00000367 ____A C:\AdwCleaner[S1].txt
2013-06-12 22:58 - 2013-06-12 22:58 - 00648201 ____A C:\Users\Micha\Downloads\adwcleaner.exe
2013-06-12 22:53 - 2013-06-12 22:53 - 00000000 ____D C:\Windows\System32\appmgmt
2013-06-12 22:42 - 2013-06-12 22:39 - 00000000 ____D C:\Users\Micha\AppData\Local\Downloaded Installations
2013-06-12 22:38 - 2013-06-12 22:38 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-06-12 22:38 - 2013-06-12 22:38 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-06-12 22:38 - 2013-06-12 22:38 - 00000000 ____D C:\Users\Micha\AppData\Roaming\Zip Opener Packages
2013-06-12 22:38 - 2013-06-12 22:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-12 22:38 - 2013-06-12 22:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-12 22:38 - 2013-06-12 22:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-06-12 22:36 - 2013-06-12 22:36 - 00793536 ____A C:\Users\Micha\Downloads\ZipOpenerSetup.exe
2013-06-12 19:59 - 2013-06-12 19:49 - 00053378 ____A C:\Users\Micha\Downloads\Extras.Txt
2013-06-12 19:58 - 2013-06-12 19:49 - 00066504 ____A C:\Users\Micha\Downloads\OTL.Txt
2013-06-12 19:40 - 2013-06-12 19:40 - 00602112 ____A (OldTimer Tools) C:\Users\Micha\Downloads\OTL.exe
2013-06-12 07:19 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 05:45 - 2012-05-14 15:41 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-10 23:29 - 2012-11-27 23:23 - 00000000 ____D C:\Users\Micha\Allods
2013-06-10 19:07 - 2013-06-10 19:07 - 00000000 ____D C:\Users\Micha\Downloads\AstralInfo-r27.2
2013-06-10 18:50 - 2013-06-10 18:49 - 00000000 ____D C:\Users\Micha\Downloads\Jun_2013
2013-06-10 18:48 - 2013-06-10 18:48 - 00000000 ____D C:\Users\Micha\Downloads\EnchantedAM
2013-06-10 18:48 - 2013-06-10 18:48 - 00000000 ____D C:\Users\Micha\Downloads\BuildManager
2013-06-10 18:44 - 2013-06-10 16:59 - 00074180 ____A C:\Users\Micha\Downloads\PreciousStone (3).pak
2013-06-10 18:41 - 2013-06-10 18:41 - 00000000 ____D C:\Users\Micha\Downloads\alt
2013-06-08 16:08 - 2013-06-16 03:00 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-16 03:00 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-16 03:00 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-16 03:00 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-16 03:00 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-16 03:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-16 03:00 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-16 03:00 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-16 03:00 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-16 03:00 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-16 03:00 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-16 03:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 05:07 - 2013-06-06 05:07 - 00000000 ____D C:\Users\Micha\gPotato.eu
2013-05-27 11:49 - 2013-05-27 11:49 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-05-22 00:18 - 2013-05-22 00:12 - 00000000 ____D C:\Users\Micha\AppData\Local\Avg2013
2013-05-22 00:16 - 2013-05-22 00:16 - 00000000 ____D C:\Users\Micha\AppData\Roaming\AVG2013
2013-05-22 00:15 - 2013-05-22 00:15 - 00000000 ___HD C:\$AVG
2013-05-22 00:15 - 2013-05-22 00:15 - 00000000 ____D C:\ProgramData\AVG2013
2013-05-22 00:15 - 2013-05-22 00:15 - 00000000 ____D C:\Program Files (x86)\AVG
2013-05-22 00:15 - 2012-11-27 19:58 - 00000000 ____D C:\Users\Micha\AppData\Roaming\TuneUp Software
2013-05-22 00:12 - 2013-05-22 00:12 - 00000000 ____D C:\Users\Micha\AppData\Local\MFAData
2013-05-21 23:58 - 2012-11-27 19:55 - 00000000 ____D C:\Users\Micha\AppData\Roaming\DivX
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-13 12:03
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2013 Ran by Micha at 2013-06-20 17:43:35 Run: Running from C:\Users\Micha\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03) Adobe Shockwave Player 12.0 (Version: 12.0.2.122) Amazon Kindle AMD Accelerated Video Transcoding (Version: 2.00.0002) AMD APP SDK Runtime (Version: 10.0.923.1) AMD Catalyst Install Manager (Version: 8.0.873.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.70405.2224) AOL Deinstallation AOL Uninstaller (Choose which Products to Remove) AVG 2013 (Version: 13.0.3199) AVG 2013 (Version: 13.0.3345) AVG 2013 (Version: 2013.0.3345) Canon MP550 series MP Drivers Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center (Version: 2012.0405.2205.37728) Catalyst Control Center Graphics Previews Common (Version: 2012.0405.2205.37728) Catalyst Control Center InstallProxy (Version: 2012.0405.2205.37728) Catalyst Control Center Localization All (Version: 2012.0405.2205.37728) CCC Help Chinese Standard (Version: 2012.0405.2204.37728) CCC Help Chinese Traditional (Version: 2012.0405.2204.37728) CCC Help Czech (Version: 2012.0405.2204.37728) CCC Help Danish (Version: 2012.0405.2204.37728) CCC Help Dutch (Version: 2012.0405.2204.37728) CCC Help English (Version: 2012.0405.2204.37728) CCC Help Finnish (Version: 2012.0405.2204.37728) CCC Help French (Version: 2012.0405.2204.37728) CCC Help German (Version: 2012.0405.2204.37728) CCC Help Greek (Version: 2012.0405.2204.37728) CCC Help Hungarian (Version: 2012.0405.2204.37728) CCC Help Italian (Version: 2012.0405.2204.37728) CCC Help Japanese (Version: 2012.0405.2204.37728) CCC Help Korean (Version: 2012.0405.2204.37728) CCC Help Norwegian (Version: 2012.0405.2204.37728) CCC Help Polish (Version: 2012.0405.2204.37728) CCC Help Portuguese (Version: 2012.0405.2204.37728) CCC Help Russian (Version: 2012.0405.2204.37728) CCC Help Spanish (Version: 2012.0405.2204.37728) CCC Help Swedish (Version: 2012.0405.2204.37728) CCC Help Thai (Version: 2012.0405.2204.37728) CCC Help Turkish (Version: 2012.0405.2204.37728) ccc-utility64 (Version: 2012.0405.2205.37728) DivX-Setup (Version: 2.6.1.22) eReg (Version: 1.20.138.34) Foundation Factory 2 Geeks3D.com FurMark 1.9.0 Google Chrome (Version: 27.0.1453.110) Google Update Helper (Version: 1.3.21.145) Intel(R) Management Engine Components (Version: 8.0.1.1399) Intel(R) USB 3.0 eXtensible Host Controller Driver (Version: 1.0.3.214) Intel® Trusted Connect Service Client (Version: 1.23.219.2) Logitech GamePanel Software 3.05.151 (Version: 3.05.151) Logitech SetPoint 6.52 (Version: 6.52.74) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Office Standard Edition 2003 (Version: 11.0.5614.0) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft VC9 runtime libraries (Version: 1.0.0) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Might & Magic Heroes VI (Version: 1.0) Opera 12.15 (Version: 12.15.1748) PDF Architect (Version: 1.0.41.8362) PDFCreator (Version: 1.6.0) Realtek Ethernet Controller Driver (Version: 7.50.1123.2011) Realtek High Definition Audio Driver (Version: 6.0.1.6564) swMSM (Version: 12.0.0.1) TeamSpeak 3 Client (Version: 3.0.10.1) Ubisoft Game Launcher (Version: 1.0.0.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) Zip Opener Packages Zip Opener Packages 35 ==================== Restore Points ========================= 29-05-2013 05:59:04 Geplanter Prüfpunkt 05-06-2013 16:22:52 Geplanter Prüfpunkt 12-06-2013 03:44:51 Windows Update 12-06-2013 17:44:05 OTL Restore Point - 12.06.2013 19:44:04 14-06-2013 19:04:29 ComboFix created restore point 16-06-2013 01:00:10 Windows Update 17-06-2013 16:05:17 Removed Adobe Reader XI (11.0.03) - Deutsch. 20-06-2013 14:27:23 RegClean Pro Do, Jun 20, 13 16:27 ==================== Scheduled Tasks (whitelisted) ============= Task: {0634D4AA-26F7-488B-88F6-4009DD6BE4DA} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [2013-01-24] (Microsoft Corporation) Task: {2C59683B-59A7-46D8-93FF-98205FB0DAF6} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation) Task: {3F8398AF-C127-40A5-BB57-39A6854C0514} - System32\Tasks\DealPly => C:\Users\Micha\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE No File Task: {764CD076-4768-4FFB-83A0-2AD59DDEC18C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17] (Google Inc.) Task: {858CC76B-2DE7-4855-A8F5-95BCA82F9346} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-17] (Google Inc.) Task: {ABC23E06-67FE-4857-A261-685730CCF9B9} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {B4120B46-1B84-4650-8864-347A6A9B090C} - System32\Tasks\EPUpdater => C:\Users\Micha\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File Task: {DFA48C7B-F1CF-4801-8157-FECFF50D1A36} - System32\Tasks\DealPlyUpdate => C:\Program No File ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/20/2013 05:39:55 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 04:23:27 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 02:01:53 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 01:46:43 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 11:10:11 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 09:54:39 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 07:02:45 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 04:58:36 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/20/2013 00:30:20 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (06/19/2013 10:28:54 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (06/20/2013 05:37:32 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (06/20/2013 02:09:08 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (06/20/2013 01:47:54 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (06/20/2013 11:58:40 AM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (06/20/2013 11:18:22 AM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (06/20/2013 10:46:13 AM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (06/20/2013 07:13:32 AM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (06/19/2013 03:57:04 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (06/19/2013 00:09:27 PM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (06/19/2013 08:18:45 AM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Microsoft Office Sessions: ========================= Error: (06/20/2013 05:39:55 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 04:23:27 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 02:01:53 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 01:46:43 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 11:10:11 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 09:54:39 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 07:02:45 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/20/2013 04:58:36 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (06/20/2013 00:30:20 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe Error: (06/19/2013 10:28:54 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Micha\Downloads\esetsmartinstaller_enu.exe CodeIntegrity Errors: =================================== Date: 2013-06-14 21:06:43.646 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-06-14 21:06:43.614 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 16337.6 MB Available physical RAM: 14269.21 MB Total Pagefile: 32673.38 MB Available Pagefile: 30313.35 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:223.47 GB) (Free:128.95 GB) NTFS (Disk=1 Partition=2) Drive e: (Volume) (Fixed) (Total:1397.26 GB) (Free:1396.94 GB) NTFS (Disk=0 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: C5F000C8) Partition 1: (Not Active) - (Size=-698723860480) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 224 GB) (Disk ID: F41078FD) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Meder |
|
20.06.2013, 16:58
| #21 |
| /// TB-Ausbilder | Entfernen von wssetup.exe von Perion Ja es geht weiter aber ich kann dir nicht mehr sagen als das ... ich sehe nichts, was er zeugen könnte. Ich würde jetzt die AOL Software entfernen.
__________________ --> Entfernen von wssetup.exe von Perion |
|
22.06.2013, 19:45
| #22 |
| /// TB-Ausbilder | Entfernen von wssetup.exe von Perion Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
25.06.2013, 19:05
| #23 |
| /// TB-Ausbilder | Entfernen von wssetup.exe von Perion Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Keine Logfiles einsenden, nur kurzer Hinweis, nachdem du deine Logfiles hier eingestellt hast. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Entfernen von wssetup.exe von Perion |
| adobe reader xi, autorun, bho, browser, canon, converter, entfernen, error, excel, fast start, firefox, flash player, format, homepage, iexplore.exe, install.exe, msiexec.exe, programm, realtek, registry, rundll, scan, security, software, starten, svchost.exe, teamspeak, udp, usb, visual studio, windows |
Linear-Darstellung
