| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hochWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.07.2013, 17:24
| #16 |
| /// the machine /// TB-Ausbilder    |  Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Frisches FRST bitte. IE wieder resetten wenn er muckt.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.07.2013, 18:07
| #17 |
 | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Bitte .....
__________________FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Kiki (administrator) on 06-07-2013 19:04:57
Running from C:\Users\Kiki\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(NETGATE Technologies s.r.o.) C:\Programme\Spy Emergency 2008\SpyEmergencySrv.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(Akamai Technologies, Inc.) C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(TuneUp Software) C:\Windows\System32\TUProgSt.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(Akamai Technologies, Inc.) C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1278064 2013-03-13] (McAfee, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] ()
HKLM\...\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe" [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [19604072 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Policies\system: [disableregistrytools] 0
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
SearchScopes: HKLM - {041E2009-2712-4AD9-A4AC-50F9D8539177} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130706180158.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\02q6kx1u.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=0.9.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\Kiki\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.gif
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.src
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files\Common Files\McAfee\SystemCore
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
S3 Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SpyEmrgSrv; C:\Programme\Spy Emergency 2008\SpyEmergencySrv.exe [727608 2009-01-19] (NETGATE Technologies s.r.o.)
R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361288 2011-12-07] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604488 2011-12-07] (TuneUp Software)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
==================== Drivers (Whitelisted) ====================
R2 ACEDRV08; C:\Windows\system32\drivers\ACEDRV08.sys [108768 2009-12-22] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows (R) Win 7 DDK provider)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
S3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [22016 2005-01-19] (Labtec Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210608 2013-02-19] (McAfee, Inc.)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [211712 2005-01-19] (Labtec Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-02-21] (Duplex Secure Ltd.)
R1 SpyEmrg; C:\Windows\System32\Drivers\spyemrg.sys [12344 2008-02-05] (NETGATE Technologies s.r.o.)
R3 SpyEmrgAccess; C:\Windows\System32\Drivers\spyemrg_access.sys [15288 2008-08-11] (NETGATE Technologies s.r.o.)
R3 SpyEmrgGuard; C:\Windows\System32\Drivers\spyemrg_guard.sys [14392 2008-02-05] (NETGATE Technologies s.r.o.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
S3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [x]
S3 catchme; \??\C:\Users\Kiki\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U3 mfeavfk01; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-06 17:57 - 2013-07-06 17:57 - 00001886 ____A C:\Windows\PFRO.log
2013-07-06 16:56 - 2013-07-06 17:07 - 00000000 ___SD C:\ComboFix
2013-07-06 16:49 - 2013-07-06 16:49 - 05086173 ____R (Swearware) C:\Users\Kiki\Desktop\ComboFix.exe
2013-07-06 12:16 - 2013-07-06 12:16 - 00009844 ____A C:\Users\Kiki\Desktop\JRT.txt
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\JRT
2013-07-06 11:53 - 2013-07-06 11:53 - 00039692 ____A C:\AdwCleaner[S1].txt
2013-07-06 11:46 - 2013-07-06 11:46 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Kiki\Desktop\JRT.exe
2013-07-06 11:45 - 2013-07-06 11:45 - 00650027 ____A C:\Users\Kiki\Desktop\adwcleaner.exe
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Windows\erdnt
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Qoobox
2013-07-05 19:43 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-05 19:43 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-05 19:43 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-05 19:42 - 2013-07-06 16:56 - 00000000 ___SD C:\32788R22FWJFW
2013-07-04 22:52 - 2013-07-04 23:17 - 00000001 ____A C:\Users\Kiki\Desktop\Addition.txt
2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:52 - 2013-07-06 18:07 - 00219972 ____A C:\Windows\WindowsUpdate.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-06-30 21:14 - 2013-06-30 21:15 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-29 12:12 - 2013-07-06 08:38 - 00000000 ____D C:\ProgramData\AOL
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:11 - 2013-06-29 12:12 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:20 - 2013-06-27 19:51 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:41 - 2013-06-26 17:41 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ___RD C:\Program Files\Skype
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-26 17:38 - 2013-06-26 17:39 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:14 - 2013-06-15 10:20 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-13 08:47 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:47 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:47 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 08:47 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 08:47 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 08:47 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:47 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 08:47 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 08:47 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 08:46 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 08:46 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 08:46 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 08:46 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 08:46 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 09:31 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 09:31 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 09:31 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:31 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-10 23:56 - 2013-06-11 00:01 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-09 08:14 - 2013-07-06 18:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm Tribe 2
==================== One Month Modified Files and Folders ========
2013-07-06 19:00 - 2011-12-07 15:25 - 00000522 ____A C:\Windows\Tasks\1-Klick-Wartung.job
2013-07-06 18:55 - 2012-04-04 18:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-06 18:54 - 2013-01-06 00:12 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Skype
2013-07-06 18:29 - 2011-09-16 11:51 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-06 18:07 - 2013-07-03 19:52 - 00219972 ____A C:\Windows\WindowsUpdate.log
2013-07-06 18:02 - 2012-04-04 19:03 - 00001741 ____A C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2013-07-06 18:01 - 2013-06-09 08:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-06 17:59 - 2012-06-04 11:54 - 00000000 ____D C:\Users\Kiki\AppData\Local\Htc
2013-07-06 17:58 - 2011-09-16 11:51 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-06 17:58 - 2011-08-13 21:10 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-07-06 17:58 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-06 17:58 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-06 17:58 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-06 17:57 - 2013-07-06 17:57 - 00001886 ____A C:\Windows\PFRO.log
2013-07-06 17:07 - 2013-07-06 16:56 - 00000000 ___SD C:\ComboFix
2013-07-06 16:56 - 2013-07-05 19:42 - 00000000 ___SD C:\32788R22FWJFW
2013-07-06 16:49 - 2013-07-06 16:49 - 05086173 ____R (Swearware) C:\Users\Kiki\Desktop\ComboFix.exe
2013-07-06 13:01 - 2006-11-02 15:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-06 12:16 - 2013-07-06 12:16 - 00009844 ____A C:\Users\Kiki\Desktop\JRT.txt
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\JRT
2013-07-06 11:57 - 2012-12-15 04:08 - 00262144 ____A C:\Windows\System32\config\ELAM
2013-07-06 11:53 - 2013-07-06 11:53 - 00039692 ____A C:\AdwCleaner[S1].txt
2013-07-06 11:53 - 2008-11-12 16:51 - 00000000 ____D C:\ProgramData\ICQ
2013-07-06 11:46 - 2013-07-06 11:46 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Kiki\Desktop\JRT.exe
2013-07-06 11:45 - 2013-07-06 11:45 - 00650027 ____A C:\Users\Kiki\Desktop\adwcleaner.exe
2013-07-06 08:38 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Windows\erdnt
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Qoobox
2013-07-05 19:41 - 2010-11-19 20:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-05 17:17 - 2008-01-21 09:16 - 01456404 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 17:16 - 2008-10-06 12:04 - 00123904 ____A C:\Users\Kiki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-04 23:17 - 2013-07-04 22:52 - 00000001 ____A C:\Users\Kiki\Desktop\Addition.txt
2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:13 - 2010-11-19 20:54 - 00001091 ____A C:\Users\Kiki\Desktop\Spybot - Search & Destroy.lnk
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:46 - 2013-07-03 19:45 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:46 - 2013-07-03 19:45 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-03 19:45 - 2008-10-06 11:46 - 00000000 ___AD C:\users\Kiki
2013-07-03 18:05 - 2013-02-23 21:52 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Dropbox
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-06-30 21:19 - 2012-04-25 21:08 - 00000847 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-06-30 21:19 - 2012-04-25 21:07 - 00000000 ____D C:\Program Files\Calibre2
2013-06-30 21:15 - 2013-06-30 21:14 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 10:48 - 2008-10-06 13:17 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Winamp
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-30 07:05 - 2011-06-13 20:09 - 00000000 ____D C:\Windows\Minidump
2013-06-29 19:47 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Usenet.nl
2013-06-29 19:38 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\Documents\Usenet.nl
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:12 - 2013-06-29 12:11 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 18:53 - 2011-11-10 04:01 - 00000000 ____D C:\Users\Kiki\AppData\Local\Akamai
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:51 - 2013-06-27 19:20 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:56 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\twain_32
2013-06-26 17:41 - 2013-06-26 17:41 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ___RD C:\Program Files\Skype
2013-06-26 17:41 - 2013-06-26 17:41 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-06-26 17:41 - 2013-01-06 00:11 - 00000000 ____D C:\ProgramData\Skype
2013-06-26 17:39 - 2013-06-26 17:38 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-26 15:34 - 2012-09-13 16:40 - 00001977 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 18:56 - 2012-02-26 05:30 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\AlawarEntertainment
2013-06-15 18:51 - 2012-12-30 13:13 - 00000000 ____D C:\Program Files\GameforgeLive
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:20 - 2013-06-15 10:14 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-15 08:07 - 2013-02-23 21:55 - 00000922 ____A C:\Users\Kiki\Desktop\Dropbox.lnk
2013-06-13 17:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 08:49 - 2008-02-25 10:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 08:42 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-11 23:56 - 2012-04-04 18:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 23:56 - 2011-06-13 20:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-11 00:01 - 2013-06-10 23:56 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 20:22 - 2008-10-27 20:54 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\cerasus.media
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-09 10:29 - 2012-05-04 06:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm Tribe 2
Files to move or delete:
====================
C:\ProgramData\go_0molg.pad
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-06 18:08
==================== End Of Log ============================
--- --- --- --- --- --- Erstmal Danke für Deine Mühen... Gute Nacht schlafe gut    lg Tizzia  |
|
07.07.2013, 05:55
| #18 |
| /// the machine /// TB-Ausbilder | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.
__________________Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\go_0molg.pad
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST LOg bitte. noch Probleme? 
__________________ |
|
07.07.2013, 11:35
| #19 |
| | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Hallo.... hast Du kein Bett??? *g* Ich werde mich dann mal an deine Aufgaben machen... vielen Dank... lg Tizzia Weitermachen ????? Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-07-2013
Ran by Kiki at 2013-07-07 12:49:11 Run:1
Running from C:\Users\Kiki\Desktop
Boot Mode: Normal
==============================================
C:\ProgramData\go_0molg.pad => Moved successfully.
==== End of Fixlog ====
Geändert von Tizzia (07.07.2013 um 11:53 Uhr) |
|
07.07.2013, 12:34
| #20 |
| /// the machine /// TB-Ausbilder | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Immer weiter, alle Logs auf einmal posten
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.07.2013, 19:06
| #21 |
| | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hochCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=79d341bdc757c24ea45c1d315a0ee6dc
# engine=14304
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-07 04:45:59
# local_time=2013-07-07 06:45:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=5122 16777213 100 97 10435738 121998155 0 0
# compatibility_mode=5892 16776574 100 100 175331 210748287 0 0
# scanned=265578
# found=6
# cleaned=0
# scan_time=13964
sh=47D58BF1531FA23BFF318C7A986B1D4A511AE293 ft=0 fh=0000000000000000 vn="a variant of Android/PJApps.F trojan" ac=I fn="E:\Kiki-Daten\Neuer Ordner (2)\Best 3500 Android Apps, Games, Live Wallpapers (20\3500 Android Application and Tools and Games\cooltexter_ver1.9.apk"
sh=CA2FB758C0351E1BCEB7117AB2A1E9B3F4017992 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="E:\Kiki-Daten\Neuer Ordner (2)\Best 3500 Android Apps, Games, Live Wallpapers (20\3500 Android Application and Tools and Games\flashrec.apk"
sh=C4A8BB0A0F0A2CE4592656972B7043FC9B3A56D2 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.AP trojan" ac=I fn="E:\Kiki-Daten\Neuer Ordner (2)\Best 3500 Android Apps, Games, Live Wallpapers (20\3500 Android Application and Tools and Games\instantroot.apk"
sh=E3B108EDD12161120FF81175E12778A85A5FAC79 ft=0 fh=0000000000000000 vn="Android/TrojanSMS.Bosm.C trojan" ac=I fn="E:\Kiki-Daten\Neuer Ordner (2)\Best 3500 Android Apps, Games, Live Wallpapers (20\3500 Android Application and Tools and Games\sms bomber_1.6.apk"
sh=E3B108EDD12161120FF81175E12778A85A5FAC79 ft=0 fh=0000000000000000 vn="Android/TrojanSMS.Bosm.C trojan" ac=I fn="E:\Kiki-Daten\Neuer Ordner (2)\Best 3500 Android Apps, Games, Live Wallpapers (20\3500 Android Application and Tools and Games\sms.bomber.paid.apk"
sh=1700F496D3E58545564CF4BD45E94481CC152DAE ft=0 fh=0000000000000000 vn="Android/TrojanSMS.Bosm.A trojan" ac=I fn="E:\Kiki-Daten\Neuer Ordner (2)\Best 3500 Android Apps, Games, Live Wallpapers (20\3500 Android Application and Tools and Games\smsbomber.apk"
Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-07-2013
Ran by Kiki at 2013-07-07 20:26:36 Run:2
Running from C:\Users\Kiki\Desktop
Boot Mode: Normal
==============================================
"C:\ProgramData\go_0molg.pad" => File/Directory not found.
==== End of Fixlog ====
Wenn ich es richtig gesehen habe befinden sich auf meiner externen Festplatte......ein Trojaner..... Lg Tizzia Geändert von Tizzia (07.07.2013 um 19:32 Uhr) |
|
07.07.2013, 20:42
| #22 |
| /// the machine /// TB-Ausbilder | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Den Android-Müll würd ich löschen, ja. Frisches FRST Log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.07.2013, 21:12
| #23 |
| | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Kiki (administrator) on 07-07-2013 22:09:37
Running from C:\Users\Kiki\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(TuneUp Software) C:\Windows\System32\TUProgSt.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Akamai Technologies, Inc.) C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Akamai Technologies, Inc.) C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1278064 2013-03-13] (McAfee, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] ()
HKLM\...\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe" [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\system: [disableregistrytools] 0
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
SearchScopes: HKLM - {041E2009-2712-4AD9-A4AC-50F9D8539177} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130707154305.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\02q6kx1u.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=0.9.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\Kiki\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.gif
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.src
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files\Common Files\McAfee\SystemCore
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Flatcast Viewer Plugin 5.2.2.454) - C:\Program Files\Mozilla Firefox\plugins\NpFv522.dll (1 mal 1 Software GmbH)
CHR Plugin: (Flatcast Viewer Plugin 5.3.0.784) - C:\Program Files\Mozilla Firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Zylom Plugin) - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
S3 Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361288 2011-12-07] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604488 2011-12-07] (TuneUp Software)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
==================== Drivers (Whitelisted) ====================
R2 ACEDRV08; C:\Windows\system32\drivers\ACEDRV08.sys [108768 2009-12-22] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows (R) Win 7 DDK provider)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
S3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [22016 2005-01-19] (Labtec Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210608 2013-02-19] (McAfee, Inc.)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [211712 2005-01-19] (Labtec Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-02-21] (Duplex Secure Ltd.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
S3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [x]
S3 catchme; \??\C:\Users\Kiki\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U3 mfeavfk01; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-07 20:24 - 2013-07-07 20:24 - 00000029 ____A C:\Users\Kiki\Desktop\Fixlist2.txt
2013-07-07 12:58 - 2013-07-07 12:58 - 00890988 ____A C:\Users\Kiki\Desktop\SecurityCheck.exe
2013-07-07 12:55 - 2013-07-07 12:56 - 00448512 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\TFC.exe
2013-07-06 19:28 - 2013-07-07 15:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-06 17:57 - 2013-07-06 19:18 - 00002660 ____A C:\Windows\PFRO.log
2013-07-06 16:56 - 2013-07-06 17:07 - 00000000 ___SD C:\ComboFix
2013-07-06 16:49 - 2013-07-06 16:49 - 05086173 ____R (Swearware) C:\Users\Kiki\Desktop\ComboFix.exe
2013-07-06 12:16 - 2013-07-06 12:16 - 00009844 ____A C:\Users\Kiki\Desktop\JRT.txt
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\JRT
2013-07-06 11:53 - 2013-07-06 11:53 - 00039692 ____A C:\AdwCleaner[S1].txt
2013-07-06 11:46 - 2013-07-06 11:46 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Kiki\Desktop\JRT.exe
2013-07-06 11:45 - 2013-07-06 11:45 - 00650027 ____A C:\Users\Kiki\Desktop\adwcleaner.exe
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Windows\erdnt
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Qoobox
2013-07-05 19:43 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-05 19:43 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-05 19:43 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-05 19:42 - 2013-07-06 16:56 - 00000000 ___SD C:\32788R22FWJFW
2013-07-04 22:52 - 2013-07-04 23:17 - 00000001 ____A C:\Users\Kiki\Desktop\Addition.txt
2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:52 - 2013-07-07 14:38 - 00275055 ____A C:\Windows\WindowsUpdate.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-06-30 21:14 - 2013-06-30 21:15 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-29 12:12 - 2013-07-06 08:38 - 00000000 ____D C:\ProgramData\AOL
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:11 - 2013-06-29 12:12 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:20 - 2013-06-27 19:51 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:38 - 2013-06-26 17:39 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:14 - 2013-06-15 10:20 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-13 08:47 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:47 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:47 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 08:47 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 08:47 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 08:47 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:47 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 08:47 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 08:47 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 08:46 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 08:46 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 08:46 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 08:46 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 08:46 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 09:31 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 09:31 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 09:31 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:31 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-10 23:56 - 2013-06-11 00:01 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm Tribe 2
==================== One Month Modified Files and Folders ========
2013-07-07 22:07 - 2013-07-03 19:52 - 00275055 ____A C:\Windows\WindowsUpdate.log
2013-07-07 20:32 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-07 20:32 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-07 20:24 - 2013-07-07 20:24 - 00000029 ____A C:\Users\Kiki\Desktop\Fixlist2.txt
2013-07-07 20:02 - 2012-04-04 19:03 - 00001741 ____A C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2013-07-07 19:00 - 2011-12-07 15:25 - 00000522 ____A C:\Windows\Tasks\1-Klick-Wartung.job
2013-07-07 18:55 - 2012-04-04 18:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-07 18:34 - 2011-09-16 11:51 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-07 15:43 - 2013-07-06 19:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-07 14:46 - 2008-01-21 09:16 - 01456404 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-07 14:32 - 2012-06-04 11:54 - 00000000 ____D C:\Users\Kiki\AppData\Local\Htc
2013-07-07 14:32 - 2011-09-16 11:51 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-07 14:32 - 2011-08-13 21:10 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-07-07 14:32 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 14:31 - 2006-11-02 15:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-07 12:58 - 2013-07-07 12:58 - 00890988 ____A C:\Users\Kiki\Desktop\SecurityCheck.exe
2013-07-07 12:56 - 2013-07-07 12:55 - 00448512 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\TFC.exe
2013-07-07 07:53 - 2012-05-04 06:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-06 22:32 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Usenet.nl
2013-07-06 22:31 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\Documents\Usenet.nl
2013-07-06 19:18 - 2013-07-06 17:57 - 00002660 ____A C:\Windows\PFRO.log
2013-07-06 19:16 - 2013-01-06 00:11 - 00000000 ____D C:\ProgramData\Skype
2013-07-06 18:54 - 2013-01-06 00:12 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Skype
2013-07-06 17:07 - 2013-07-06 16:56 - 00000000 ___SD C:\ComboFix
2013-07-06 16:56 - 2013-07-05 19:42 - 00000000 ___SD C:\32788R22FWJFW
2013-07-06 16:49 - 2013-07-06 16:49 - 05086173 ____R (Swearware) C:\Users\Kiki\Desktop\ComboFix.exe
2013-07-06 12:16 - 2013-07-06 12:16 - 00009844 ____A C:\Users\Kiki\Desktop\JRT.txt
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\JRT
2013-07-06 11:57 - 2012-12-15 04:08 - 00262144 ____A C:\Windows\System32\config\ELAM
2013-07-06 11:53 - 2013-07-06 11:53 - 00039692 ____A C:\AdwCleaner[S1].txt
2013-07-06 11:53 - 2008-11-12 16:51 - 00000000 ____D C:\ProgramData\ICQ
2013-07-06 11:46 - 2013-07-06 11:46 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Kiki\Desktop\JRT.exe
2013-07-06 11:45 - 2013-07-06 11:45 - 00650027 ____A C:\Users\Kiki\Desktop\adwcleaner.exe
2013-07-06 08:38 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Windows\erdnt
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Qoobox
2013-07-05 19:41 - 2010-11-19 20:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-05 17:16 - 2008-10-06 12:04 - 00123904 ____A C:\Users\Kiki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-04 23:17 - 2013-07-04 22:52 - 00000001 ____A C:\Users\Kiki\Desktop\Addition.txt
2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:13 - 2010-11-19 20:54 - 00001091 ____A C:\Users\Kiki\Desktop\Spybot - Search & Destroy.lnk
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:46 - 2013-07-03 19:45 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:46 - 2013-07-03 19:45 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-03 19:45 - 2008-10-06 11:46 - 00000000 ___AD C:\users\Kiki
2013-07-03 18:05 - 2013-02-23 21:52 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Dropbox
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-06-30 21:19 - 2012-04-25 21:08 - 00000847 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-06-30 21:19 - 2012-04-25 21:07 - 00000000 ____D C:\Program Files\Calibre2
2013-06-30 21:15 - 2013-06-30 21:14 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 10:48 - 2008-10-06 13:17 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Winamp
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-30 07:05 - 2011-06-13 20:09 - 00000000 ____D C:\Windows\Minidump
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:12 - 2013-06-29 12:11 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 18:53 - 2011-11-10 04:01 - 00000000 ____D C:\Users\Kiki\AppData\Local\Akamai
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:51 - 2013-06-27 19:20 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:56 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\twain_32
2013-06-26 17:39 - 2013-06-26 17:38 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-26 15:34 - 2012-09-13 16:40 - 00001977 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 18:56 - 2012-02-26 05:30 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\AlawarEntertainment
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:20 - 2013-06-15 10:14 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-15 08:07 - 2013-02-23 21:55 - 00000922 ____A C:\Users\Kiki\Desktop\Dropbox.lnk
2013-06-13 17:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 08:49 - 2008-02-25 10:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 08:42 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-11 23:56 - 2012-04-04 18:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 23:56 - 2011-06-13 20:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-11 00:01 - 2013-06-10 23:56 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 20:22 - 2008-10-27 20:54 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\cerasus.media
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm Tribe 2
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-07 14:39
==================== End Of Log ============================
--- --- --- --- --- --- FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-07-2013
Ran by Kiki (administrator) on 07-07-2013 22:09:37
Running from C:\Users\Kiki\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(TuneUp Software) C:\Windows\System32\TUProgSt.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Microsoft Corporation) C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Akamai Technologies, Inc.) C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Akamai Technologies, Inc.) C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(McAfee, Inc.) C:\Program Files\McAfee.com\Agent\mcagent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1278064 2013-03-13] (McAfee, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [651264 2012-04-17] ()
HKLM\...\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto [1507328 2007-06-18] (Interactive Digital Media)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\Kiki\AppData\Local\Akamai\netsession_win.exe" [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Policies\system: [disableregistrytools] 0
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-01-29] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
SearchScopes: HKLM - {041E2009-2712-4AD9-A4AC-50F9D8539177} URL = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130707154305.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Kiki\AppData\Roaming\Mozilla\Firefox\Profiles\02q6kx1u.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=0.9.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\Kiki\AppData\Roaming\Mozilla\plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.gif
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\WebSearchober18681135.src
FF Extension: No Name - C:\Users\Kiki\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files\Common Files\McAfee\SystemCore
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Flatcast Viewer Plugin 5.2.2.454) - C:\Program Files\Mozilla Firefox\plugins\NpFv522.dll (1 mal 1 Software GmbH)
CHR Plugin: (Flatcast Viewer Plugin 5.3.0.784) - C:\Program Files\Mozilla Firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Zylom Plugin) - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2007-12-25] (TOSHIBA CORPORATION)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [172416 2013-02-19] (McAfee, Inc.)
S3 Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [361288 2011-12-07] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [604488 2011-12-07] (TuneUp Software)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
==================== Drivers (Whitelisted) ====================
R2 ACEDRV08; C:\Windows\system32\drivers\ACEDRV08.sys [108768 2009-12-22] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-19] (McAfee, Inc.)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [560640 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2008-04-17] (Hauppauge Computer Works, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows (R) Win 7 DDK provider)
R3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [17408 2008-10-09] (Windows (R) Codename Longhorn DDK provider)
S3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [22016 2005-01-19] (Labtec Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-19] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-19] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-09-16] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-09-16] (McAfee, Inc.)
R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210608 2013-02-19] (McAfee, Inc.)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [211712 2005-01-19] (Labtec Inc.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-02-21] (Duplex Secure Ltd.)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2010-04-27] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2010-04-27] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2010-04-27] (MCCI Corporation)
S3 AVFSFilter; system32\DRIVERS\avfsfilter.sys [x]
S3 catchme; \??\C:\Users\Kiki\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U3 mfeavfk01; No ImagePath
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-07 20:24 - 2013-07-07 20:24 - 00000029 ____A C:\Users\Kiki\Desktop\Fixlist2.txt
2013-07-07 12:58 - 2013-07-07 12:58 - 00890988 ____A C:\Users\Kiki\Desktop\SecurityCheck.exe
2013-07-07 12:55 - 2013-07-07 12:56 - 00448512 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\TFC.exe
2013-07-06 19:28 - 2013-07-07 15:43 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-06 17:57 - 2013-07-06 19:18 - 00002660 ____A C:\Windows\PFRO.log
2013-07-06 16:56 - 2013-07-06 17:07 - 00000000 ___SD C:\ComboFix
2013-07-06 16:49 - 2013-07-06 16:49 - 05086173 ____R (Swearware) C:\Users\Kiki\Desktop\ComboFix.exe
2013-07-06 12:16 - 2013-07-06 12:16 - 00009844 ____A C:\Users\Kiki\Desktop\JRT.txt
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\JRT
2013-07-06 11:53 - 2013-07-06 11:53 - 00039692 ____A C:\AdwCleaner[S1].txt
2013-07-06 11:46 - 2013-07-06 11:46 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Kiki\Desktop\JRT.exe
2013-07-06 11:45 - 2013-07-06 11:45 - 00650027 ____A C:\Users\Kiki\Desktop\adwcleaner.exe
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Windows\erdnt
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Qoobox
2013-07-05 19:43 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-05 19:43 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-05 19:43 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-05 19:43 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-05 19:42 - 2013-07-06 16:56 - 00000000 ___SD C:\32788R22FWJFW
2013-07-04 22:52 - 2013-07-04 23:17 - 00000001 ____A C:\Users\Kiki\Desktop\Addition.txt
2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:52 - 2013-07-07 14:38 - 00275055 ____A C:\Windows\WindowsUpdate.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:45 - 2013-07-03 19:46 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-06-30 21:14 - 2013-06-30 21:15 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-29 12:12 - 2013-07-06 08:38 - 00000000 ____D C:\ProgramData\AOL
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:11 - 2013-06-29 12:12 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:20 - 2013-06-27 19:51 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:38 - 2013-06-26 17:39 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:14 - 2013-06-15 10:20 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-13 08:47 - 2013-05-17 00:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 08:47 - 2013-05-17 00:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 08:47 - 2013-05-17 00:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 08:47 - 2013-05-17 00:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 08:47 - 2013-05-17 00:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 08:47 - 2013-05-17 00:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 08:47 - 2013-05-17 00:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 08:47 - 2013-05-17 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 08:47 - 2013-05-17 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 08:47 - 2013-05-17 00:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 08:46 - 2013-05-17 01:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 08:46 - 2013-05-17 00:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 08:46 - 2013-05-17 00:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 08:46 - 2013-05-17 00:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 08:46 - 2013-05-17 00:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 09:31 - 2013-05-08 06:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 09:31 - 2013-05-02 06:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 09:31 - 2013-05-02 06:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:31 - 2013-04-24 06:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:31 - 2013-04-24 03:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 09:30 - 2013-05-03 00:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-10 23:56 - 2013-06-11 00:01 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm Tribe 2
==================== One Month Modified Files and Folders ========
2013-07-07 22:07 - 2013-07-03 19:52 - 00275055 ____A C:\Windows\WindowsUpdate.log
2013-07-07 20:32 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-07 20:32 - 2006-11-02 14:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-07 20:24 - 2013-07-07 20:24 - 00000029 ____A C:\Users\Kiki\Desktop\Fixlist2.txt
2013-07-07 20:02 - 2012-04-04 19:03 - 00001741 ____A C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2013-07-07 19:00 - 2011-12-07 15:25 - 00000522 ____A C:\Windows\Tasks\1-Klick-Wartung.job
2013-07-07 18:55 - 2012-04-04 18:59 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-07 18:34 - 2011-09-16 11:51 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-07 15:43 - 2013-07-06 19:28 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-07 14:46 - 2008-01-21 09:16 - 01456404 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-07 14:32 - 2012-06-04 11:54 - 00000000 ____D C:\Users\Kiki\AppData\Local\Htc
2013-07-07 14:32 - 2011-09-16 11:51 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-07 14:32 - 2011-08-13 21:10 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-07-07 14:32 - 2006-11-02 15:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-07 14:31 - 2006-11-02 15:01 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-07 12:58 - 2013-07-07 12:58 - 00890988 ____A C:\Users\Kiki\Desktop\SecurityCheck.exe
2013-07-07 12:56 - 2013-07-07 12:55 - 00448512 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\TFC.exe
2013-07-07 07:53 - 2012-05-04 06:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-06 22:32 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Usenet.nl
2013-07-06 22:31 - 2011-04-15 13:06 - 00000000 ____D C:\Users\Kiki\Documents\Usenet.nl
2013-07-06 19:18 - 2013-07-06 17:57 - 00002660 ____A C:\Windows\PFRO.log
2013-07-06 19:16 - 2013-01-06 00:11 - 00000000 ____D C:\ProgramData\Skype
2013-07-06 18:54 - 2013-01-06 00:12 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Skype
2013-07-06 17:07 - 2013-07-06 16:56 - 00000000 ___SD C:\ComboFix
2013-07-06 16:56 - 2013-07-05 19:42 - 00000000 ___SD C:\32788R22FWJFW
2013-07-06 16:49 - 2013-07-06 16:49 - 05086173 ____R (Swearware) C:\Users\Kiki\Desktop\ComboFix.exe
2013-07-06 12:16 - 2013-07-06 12:16 - 00009844 ____A C:\Users\Kiki\Desktop\JRT.txt
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\Windows\ERUNT
2013-07-06 12:13 - 2013-07-06 12:13 - 00000000 ____D C:\JRT
2013-07-06 11:57 - 2012-12-15 04:08 - 00262144 ____A C:\Windows\System32\config\ELAM
2013-07-06 11:53 - 2013-07-06 11:53 - 00039692 ____A C:\AdwCleaner[S1].txt
2013-07-06 11:53 - 2008-11-12 16:51 - 00000000 ____D C:\ProgramData\ICQ
2013-07-06 11:46 - 2013-07-06 11:46 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Kiki\Desktop\JRT.exe
2013-07-06 11:45 - 2013-07-06 11:45 - 00650027 ____A C:\Users\Kiki\Desktop\adwcleaner.exe
2013-07-06 08:38 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Windows\erdnt
2013-07-05 19:43 - 2013-07-05 19:43 - 00000000 ____D C:\Qoobox
2013-07-05 19:41 - 2010-11-19 20:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-05 17:16 - 2008-10-06 12:04 - 00123904 ____A C:\Users\Kiki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-04 23:17 - 2013-07-04 22:52 - 00000001 ____A C:\Users\Kiki\Desktop\Addition.txt
2013-07-04 22:49 - 2013-07-04 22:49 - 00000000 ____D C:\FRST
2013-07-04 21:15 - 2013-07-04 21:15 - 01373373 ____A (Farbar) C:\Users\Kiki\Desktop\FRST.exe
2013-07-03 21:50 - 2013-07-03 21:50 - 00005282 ____A C:\Users\Kiki\Documents\GMER.log
2013-07-03 21:50 - 2013-07-03 21:50 - 00003017 ____A C:\Users\Kiki\Documents\GMER 2.log
2013-07-03 20:51 - 2013-07-03 20:51 - 00103680 ____A (GMER) C:\pxlyafow.sys
2013-07-03 20:38 - 2013-07-03 20:38 - 00063682 ____A C:\Users\Kiki\Desktop\Extras.Txt
2013-07-03 20:37 - 2013-07-03 20:37 - 00180128 ____A C:\Users\Kiki\Desktop\OTL.Txt
2013-07-03 20:13 - 2010-11-19 20:54 - 00001091 ____A C:\Users\Kiki\Desktop\Spybot - Search & Destroy.lnk
2013-07-03 20:03 - 2013-07-03 20:03 - 00377856 ____A C:\Users\Kiki\Desktop\gmer_2.1.19163.exe
2013-07-03 20:01 - 2013-07-03 20:01 - 00602112 ____A (OldTimer Tools) C:\Users\Kiki\Desktop\OTL.exe
2013-07-03 19:46 - 2013-07-03 19:45 - 00000630 ____A C:\Users\Kiki\Downloads\defogger_disable.log
2013-07-03 19:46 - 2013-07-03 19:45 - 00000020 ____A C:\Users\Kiki\defogger_reenable
2013-07-03 19:45 - 2013-07-03 19:45 - 00050477 ____A C:\Users\Kiki\Desktop\Defogger.exe
2013-07-03 19:45 - 2008-10-06 11:46 - 00000000 ___AD C:\users\Kiki
2013-07-03 18:05 - 2013-02-23 21:52 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Dropbox
2013-07-02 00:56 - 2013-07-02 00:56 - 00004036 ____A C:\Users\Kiki\Downloads\c977f4972ad8a2eab3432e0113bf9be4.dlc
2013-06-30 21:19 - 2012-04-25 21:08 - 00000847 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-06-30 21:19 - 2012-04-25 21:07 - 00000000 ____D C:\Program Files\Calibre2
2013-06-30 21:15 - 2013-06-30 21:14 - 52086272 ____A C:\Users\Kiki\Downloads\calibre-0.9.37.msi
2013-06-30 12:31 - 2013-06-30 12:31 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f (1).dlc
2013-06-30 12:30 - 2013-06-30 12:30 - 00004804 ____A C:\Users\Kiki\Downloads\cc16aaf39bfc2850d7ddfe040113004f.dlc
2013-06-30 12:28 - 2013-06-30 12:28 - 00005188 ____A C:\Users\Kiki\Downloads\4dd1b9c6875dc7374f44106f36cd3cdf.dlc
2013-06-30 10:48 - 2008-10-06 13:17 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\Winamp
2013-06-30 08:07 - 2013-06-30 08:07 - 00002500 ____A C:\Users\Kiki\Downloads\acfd7416390d25d5d0b220573f1cda4a.dlc
2013-06-30 07:05 - 2011-06-13 20:09 - 00000000 ____D C:\Windows\Minidump
2013-06-29 12:12 - 2013-06-29 12:12 - 00000000 ____D C:\ProgramData\AOL OCP
2013-06-29 12:12 - 2013-06-29 12:11 - 00000446 ___AH C:\IPH.PH
2013-06-29 12:07 - 2013-06-29 12:07 - 00000041 ____A C:\Users\Kiki\Downloads\12775.asx
2013-06-29 09:08 - 2013-06-29 09:08 - 00003888 ____A C:\Users\Kiki\Downloads\00bw860a1t42705-ul.to.dlc
2013-06-29 09:03 - 2013-06-29 09:03 - 00001112 ____A C:\Users\Kiki\Downloads\c9hgt58rf26382b.dlc
2013-06-29 06:45 - 2013-06-29 06:45 - 00026160 ____A C:\Users\Kiki\Downloads\4d90db1e7b014a93b3f69deb2d4be2db.dlc
2013-06-28 18:53 - 2011-11-10 04:01 - 00000000 ____D C:\Users\Kiki\AppData\Local\Akamai
2013-06-28 16:48 - 2013-06-28 16:48 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\ArtifexMundi
2013-06-27 19:51 - 2013-06-27 19:20 - 00000000 ____D C:\Users\Kiki\Desktop\Bücher
2013-06-26 23:04 - 2013-06-26 23:04 - 00003312 ____A C:\Users\Kiki\Downloads\75aa965832ce71c749c703bc128d48be.dlc
2013-06-26 17:56 - 2013-06-26 17:56 - 00001394 ____A C:\Windows\System32\lvcoinst.log
2013-06-26 17:56 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\twain_32
2013-06-26 17:39 - 2013-06-26 17:38 - 23416832 ____A C:\Users\Kiki\Downloads\SkypeSetup_6.5.32.158.msi
2013-06-26 15:34 - 2012-09-13 16:40 - 00001977 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-16 07:45 - 2013-06-16 07:45 - 00001368 ____A C:\Users\Kiki\Downloads\7e1205abbc7d9f29e1c56cc801107dd4.dlc
2013-06-16 07:43 - 2013-06-16 07:43 - 00001368 ____A C:\Users\Kiki\Downloads\bf86151731dd28ed0107992a01975a75.dlc
2013-06-15 18:56 - 2012-02-26 05:30 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\AlawarEntertainment
2013-06-15 10:20 - 2013-06-15 10:20 - 00011489 ____A C:\Users\Kiki\Desktop\PW DTAG.xlsx
2013-06-15 10:20 - 2013-06-15 10:14 - 00011497 ____A C:\Users\Kiki\Downloads\Passwörter (2).xlsx
2013-06-15 08:07 - 2013-02-23 21:55 - 00000922 ____A C:\Users\Kiki\Desktop\Dropbox.lnk
2013-06-13 17:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:44 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 08:49 - 2008-02-25 10:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-13 08:42 - 2006-11-02 12:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-11 23:56 - 2012-04-04 18:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-11 23:56 - 2011-06-13 20:49 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 23:46 - 2013-06-11 23:46 - 00004100 ____A C:\Users\Kiki\Downloads\430b688dfa28a714e695674e73f9c74b.dlc
2013-06-11 00:01 - 2013-06-11 00:01 - 00001263 ____A C:\Users\Kiki\Desktop\The Keepers 2.lnk
2013-06-11 00:01 - 2013-06-11 00:01 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\BlamGames
2013-06-11 00:01 - 2013-06-10 23:56 - 00000000 ____D C:\Program Files\The Keepers 2 - Das Geheimnis des Waechterordens SA
2013-06-09 20:22 - 2008-10-27 20:54 - 00000000 ____D C:\Users\Kiki\AppData\Roaming\cerasus.media
2013-06-09 12:50 - 2013-06-09 12:50 - 00003120 ____A C:\Users\Kiki\Downloads\f52e53a14bc5c607cb844a30e7df4321.dlc
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\ProgramData\CrioGames
2013-06-07 16:16 - 2013-06-07 16:16 - 00000000 ____D C:\Program Files\Farm Tribe 2
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-07 14:39
==================== End Of Log ============================
--- --- --- --- --- ---Also im Energiesparmodus bleibt der Rechner....ohne neu zu booten.... Bis hierhin vielen lieben Dank... lg Tizzia Geändert von Tizzia (07.07.2013 um 21:20 Uhr) |
|
08.07.2013, 07:29
| #24 | |
| /// the machine /// TB-Ausbilder | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hochZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.07.2013, 09:53
| #25 |
| |  Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Hallo schrauber... ja der Rechner bleibt im Energiesparmodus ohne neu zu starten.... vielen lieben Dank für Deine Hilfe ... eine entspannte Woche ..... lg Tizzia   |
|
08.07.2013, 09:56
| #26 |
| /// the machine /// TB-Ausbilder | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.07.2013, 11:10
| #27 |
| |  Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Hallo, ich habe mich leider zu früh gefreut, leider mußte ich fest stellen das sich der Trojaner auf meiner zweiten Partition der Festplatte also Laufwerk G....befindet.was soll ich machen. Kann ich diesen Ordner einfach löschen....ist lange her das ich diesen geöffnet habe!  lg Tizzia die ein Brett vor dem Kopf hat... |
|
08.07.2013, 11:30
| #28 |
| /// the machine /// TB-Ausbilder | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Wenn Du den Ordner nicht brauchst klaar, lösche in einfach
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.07.2013, 18:25
| #29 |
| | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Hallo schrauber Ordner habe ich gelöscht keine Probleme, habe die Updates von Windows gemacht und schon ging das Theater los, der Rechner fuhr nicht mehr hoch, nach einigen Versuchen...kam dann schwarzer Bildschirm, mit Windows normal starten, oder mit Startcheck starten....es funktionierte dann nur über Startcheck, das ganz mindestens 3x dann fuhr der Rechner wieder hoch .... Shit Updates..... Ach jetzt startet der Rechner wieder selbstständig.....aus dem Energiesparmodus.... lg Tizzia |
|
11.07.2013, 19:28
| #30 |
| /// the machine /// TB-Ausbilder | Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch Mach am besten ne komplette Reparaturinstallation, Daten bleiben erhalten dabei.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Ernergiesparmodus wird eingeschaltet spätestens nach 3 Minuten fährt der Rechner wieder hoch |
| adobe, adobe flash player, akamai, autorun, bho, defender, ebay, error, explorer, firefox, flash player, format, freeze, gmx.net, home, infiziert, logfile, mindspark, mindspark toolbar, mozilla, plug-in, programme, realtek, registry, safer networking, scan, search the web, senden, software, temp, thomas, vista |
Linear-Darstellung
