| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: meldung kostenlos -> stargames.comWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.07.2013, 10:07
| #61 |
 |  meldung kostenlos -> stargames.com so das neuste ohne w updates , mit firefox FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013
Ran by juergi (administrator) on 29-07-2013 11:04:14
Running from C:\Users\juergi\Desktop
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
==================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [105040 2009-04-22] (AMD)
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-04-22] (AMD)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-29 11:31 - 2013-07-29 11:31 - 00000000 ____D C:\Windows.old.000
2013-07-29 11:03 - 2013-07-29 11:03 - 01780547 _____ (Farbar) C:\Users\juergi\Downloads\FRST64.exe
2013-07-29 11:03 - 2013-07-29 11:03 - 01780547 _____ (Farbar) C:\Users\juergi\Desktop\FRST64.exe
2013-07-29 11:01 - 2013-07-29 11:02 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Mozilla
2013-07-29 11:01 - 2013-07-29 11:01 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-29 11:01 - 2013-07-29 11:01 - 00000000 ____D C:\Users\juergi\AppData\Local\Mozilla
2013-07-29 11:01 - 2013-07-29 11:01 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-29 11:01 - 2013-07-29 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-29 11:01 - 2013-07-29 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-29 10:50 - 2013-07-29 10:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-29 10:50 - 2013-07-29 10:50 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-07-29 10:50 - 2013-04-10 11:09 - 00849992 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2013-07-29 10:50 - 2013-04-10 11:09 - 00108104 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2013-07-29 10:50 - 2013-04-10 11:09 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2013-07-29 10:49 - 2013-07-26 10:54 - 06095405 ____R C:\realtek_pcielan_7_mb.zip
2013-07-29 10:47 - 2013-07-29 10:47 - 00001445 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-29 10:47 - 2013-07-29 10:47 - 00001411 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-29 10:47 - 2013-07-29 10:47 - 00000000 ___RD C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-29 10:47 - 2013-07-29 10:47 - 00000000 ___RD C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-29 10:47 - 2013-07-29 10:47 - 00000000 ____D C:\Users\juergi\AppData\Local\VirtualStore
2013-07-29 10:46 - 2013-07-29 11:03 - 00027177 _____ C:\Windows\WindowsUpdate.log
2013-07-29 10:46 - 2013-07-29 10:47 - 00000000 ____D C:\Users\juergi
2013-07-29 10:46 - 2013-07-29 10:46 - 00000020 ___SH C:\Users\juergi\ntuser.ini
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Vorlagen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Startmenü
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Netzwerkumgebung
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Lokale Einstellungen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Eigene Dateien
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Druckumgebung
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Documents\Eigene Musik
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Documents\Eigene Bilder
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\AppData\Local\Verlauf
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\AppData\Local\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Favoriten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-07-29 10:46 - 2009-04-22 11:09 - 00000000 ___RD C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-07-29 10:46 - 2009-04-22 11:04 - 00000000 ___RD C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-07-29 10:43 - 2013-07-29 10:43 - 00001313 _____ C:\Windows\TSSysprep.log
2013-07-29 10:42 - 2013-07-29 10:42 - 418407253 _____ C:\Windows\MEMORY.DMP
2013-07-29 10:42 - 2013-07-29 10:42 - 00275344 _____ C:\Windows\Minidump\072913-23852-01.dmp
2013-07-29 10:42 - 2013-07-29 10:42 - 00000000 ____D C:\Windows\Minidump
2013-07-26 13:07 - 2013-07-26 13:07 - 00009314 _____ C:\AdwCleaner[S1].txt
2013-07-26 13:05 - 2013-07-26 13:05 - 00009262 _____ C:\AdwCleaner[R1].txt
2013-07-26 12:25 - 2013-07-26 12:25 - 00000000 ____D C:\loader
2013-07-26 12:05 - 2013-07-26 12:25 - 00000000 ____D C:\treiber
2013-07-26 11:44 - 2013-07-26 11:44 - 00000000 ____D C:\FRST
2013-07-26 11:24 - 2013-07-26 11:24 - 00000000 ____D C:\Windows.old
2013-07-12 02:56 - 2013-07-26 12:28 - 00000000 ____D C:\totalcmd
2013-07-12 02:55 - 2013-07-29 11:01 - 00000000 ____D C:\dateien
2013-07-05 17:19 - 2013-07-05 18:14 - 00000000 ____D C:\AMD
2013-07-05 16:09 - 2013-07-29 10:46 - 00000000 __SHD C:\Recovery
2013-07-05 16:09 - 2013-07-05 16:09 - 00000000 _SHDL C:\Programme
2013-07-05 16:09 - 2013-07-05 16:09 - 00000000 _SHDL C:\Dokumente und Einstellungen
122
==================== One Month Modified Files and Folders =======
2013-07-29 11:41 - 2009-04-22 11:45 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2013-07-29 11:31 - 2013-07-29 11:31 - 00000000 ____D C:\Windows.old.000
2013-07-29 11:03 - 2013-07-29 11:03 - 01780547 _____ (Farbar) C:\Users\juergi\Downloads\FRST64.exe
2013-07-29 11:03 - 2013-07-29 11:03 - 01780547 _____ (Farbar) C:\Users\juergi\Desktop\FRST64.exe
2013-07-29 11:03 - 2013-07-29 10:46 - 00027177 _____ C:\Windows\WindowsUpdate.log
2013-07-29 11:02 - 2013-07-29 11:01 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Mozilla
2013-07-29 11:01 - 2013-07-29 11:01 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-29 11:01 - 2013-07-29 11:01 - 00000000 ____D C:\Users\juergi\AppData\Local\Mozilla
2013-07-29 11:01 - 2013-07-29 11:01 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-29 11:01 - 2013-07-29 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-29 11:01 - 2013-07-29 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-29 11:01 - 2013-07-12 02:55 - 00000000 ____D C:\dateien
2013-07-29 10:50 - 2013-07-29 10:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-29 10:50 - 2013-07-29 10:50 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-07-29 10:50 - 2009-04-22 15:13 - 00643640 _____ C:\Windows\system32\perfh007.dat
2013-07-29 10:50 - 2009-04-22 15:13 - 00126146 _____ C:\Windows\system32\perfc007.dat
2013-07-29 10:50 - 2009-04-22 11:27 - 01471976 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-29 10:49 - 2009-04-22 11:45 - 00000000 ____D C:\Windows\system32\restore
2013-07-29 10:47 - 2013-07-29 10:47 - 00001445 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-29 10:47 - 2013-07-29 10:47 - 00001411 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-29 10:47 - 2013-07-29 10:47 - 00000000 ___RD C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-29 10:47 - 2013-07-29 10:47 - 00000000 ___RD C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-29 10:47 - 2013-07-29 10:47 - 00000000 ____D C:\Users\juergi\AppData\Local\VirtualStore
2013-07-29 10:47 - 2013-07-29 10:46 - 00000000 ____D C:\Users\juergi
2013-07-29 10:46 - 2013-07-29 11:41 - 00000000 ____D C:\Windows\Panther
2013-07-29 10:46 - 2013-07-29 10:46 - 00000020 ___SH C:\Users\juergi\ntuser.ini
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Vorlagen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Startmenü
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Netzwerkumgebung
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Lokale Einstellungen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Eigene Dateien
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Druckumgebung
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Documents\Eigene Musik
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Documents\Eigene Bilder
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\AppData\Local\Verlauf
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\AppData\Local\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Favoriten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-07-29 10:46 - 2013-07-05 16:09 - 00000000 __SHD C:\Recovery
2013-07-29 10:46 - 2009-04-22 11:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-29 10:46 - 2009-04-22 09:16 - 00000000 __RHD C:\Users\Default
2013-07-29 10:46 - 2009-04-22 09:16 - 00000000 ____D C:\Windows\rescache
2013-07-29 10:46 - 2009-04-22 09:16 - 00000000 ____D C:\Program Files\Windows NT
2013-07-29 10:45 - 2009-04-22 11:05 - 00019483 _____ C:\Windows\setupact.log
2013-07-29 10:45 - 2009-04-22 11:00 - 00273760 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-29 10:44 - 2009-04-22 11:00 - 00008480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 10:44 - 2009-04-22 11:00 - 00008480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 10:43 - 2013-07-29 10:43 - 00001313 _____ C:\Windows\TSSysprep.log
2013-07-29 10:43 - 2009-04-22 11:00 - 00001788 _____ C:\Windows\DtcInstall.log
2013-07-29 10:43 - 2009-04-22 09:16 - 00000000 ____D C:\Windows\system32\sysprep
2013-07-29 10:42 - 2013-07-29 10:42 - 418407253 _____ C:\Windows\MEMORY.DMP
2013-07-29 10:42 - 2013-07-29 10:42 - 00275344 _____ C:\Windows\Minidump\072913-23852-01.dmp
2013-07-29 10:42 - 2013-07-29 10:42 - 00000000 ____D C:\Windows\Minidump
2013-07-29 10:42 - 2009-04-22 15:43 - 00000000 ____D C:\Windows\CSC
2013-07-26 13:07 - 2013-07-26 13:07 - 00009314 _____ C:\AdwCleaner[S1].txt
2013-07-26 13:05 - 2013-07-26 13:05 - 00009262 _____ C:\AdwCleaner[R1].txt
2013-07-26 12:28 - 2013-07-12 02:56 - 00000000 ____D C:\totalcmd
2013-07-26 12:25 - 2013-07-26 12:25 - 00000000 ____D C:\loader
2013-07-26 12:25 - 2013-07-26 12:05 - 00000000 ____D C:\treiber
2013-07-26 11:44 - 2013-07-26 11:44 - 00000000 ____D C:\FRST
2013-07-26 11:24 - 2013-07-26 11:24 - 00000000 ____D C:\Windows.old
2013-07-26 10:54 - 2013-07-29 10:49 - 06095405 ____R C:\realtek_pcielan_7_mb.zip
2013-07-05 18:14 - 2013-07-05 17:19 - 00000000 ____D C:\AMD
2013-07-05 16:09 - 2013-07-05 16:09 - 00000000 _SHDL C:\Programme
2013-07-05 16:09 - 2013-07-05 16:09 - 00000000 _SHDL C:\Dokumente und Einstellungen
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2009-04-22 06:00] - [2009-04-22 07:38] - 0389632 ____A (Microsoft Corporation) 007CFB4BF1BE9D43E605FB4CFDFE5D01
C:\Windows\System32\wininit.exe
[2009-04-22 05:59] - [2009-04-22 07:38] - 0129024 ____A (Microsoft Corporation) 56F3B4CD28CDB1D79290870A084EF365
C:\Windows\SysWOW64\wininit.exe
[2009-04-22 05:35] - [2009-04-22 07:19] - 0096256 ____A (Microsoft Corporation) 2E4264C95BAB587431C79C101899CCC8
C:\Windows\explorer.exe
[2009-04-22 06:04] - [2009-04-22 07:38] - 2858496 ____A (Microsoft Corporation) 0C817F3E033335EDB2DD069EFA84045E
C:\Windows\SysWOW64\explorer.exe
[2009-04-22 05:40] - [2009-04-22 07:19] - 2607616 ____A (Microsoft Corporation) C133788B393EEC01439AD997D24E66ED
C:\Windows\System32\svchost.exe
[2009-04-22 05:35] - [2009-04-22 07:38] - 0027648 ____A (Microsoft Corporation) DAED0221F52D75056A8999C2BED00D4E
C:\Windows\SysWOW64\svchost.exe
[2009-04-22 05:16] - [2009-04-22 07:19] - 0020992 ____A (Microsoft Corporation) 5F1FE2F551E74B069C436152F06CCFDC
C:\Windows\System32\services.exe
[2009-04-22 05:23] - [2009-04-22 07:38] - 0328704 ____A (Microsoft Corporation) 21EF41CDCEA63268A96ED8150B830966
C:\Windows\System32\User32.dll
[2009-04-22 05:44] - [2009-04-22 07:41] - 1008128 ____A (Microsoft Corporation) BBD85B4D52566D8600A1062A1607555E
C:\Windows\SysWOW64\User32.dll
[2009-04-22 05:22] - [2009-04-22 07:11] - 0833024 ____A (Microsoft Corporation) ADCBEAE40A6E714BA4E0CF257EA6BFEA
C:\Windows\System32\userinit.exe
[2009-04-22 05:57] - [2009-04-22 07:38] - 0030208 ____A (Microsoft Corporation) 03F541FCFD3A950CE4E0AFB64A4AE4DC
C:\Windows\SysWOW64\userinit.exe
[2009-04-22 05:32] - [2009-04-22 07:19] - 0026112 ____A (Microsoft Corporation) 50771CA86FF1ADAF5FD1920F8CB5665E
C:\Windows\System32\Drivers\volsnap.sys
[2009-04-22 05:23] - [2009-04-22 07:45] - 0293952 ____A (Microsoft Corporation) 93454FFE2DA928731D855072AFC02603
LastRegBack: 2013-07-29 10:42
==================== End Of Log ============================
|
|
29.07.2013, 14:05
| #62 |
| /// the machine /// TB-Ausbilder    | meldung kostenlos -> stargames.com Auf den ersten Blick gut, aber:
__________________Ich seh nen Windows.old Ordner, das bedeutet du hast nicht formatiert, du hast drüber installiert. Bei nem FileInfector ne echt besch.... idee  Mach mal nen ESET Onlinescan.
__________________ |
|
29.07.2013, 15:14
| #63 |
| | meldung kostenlos -> stargames.com ja ich dachte bei der instalation wir automatisch formattiert
__________________hier der eset scn C:\Windows.old\Documents and Settings\user\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PSL574Y\LyricsContainer_1060-8001_v122[1] a variant of Win32/Adware.AddLyrics.I application C:\Windows.old\Documents and Settings\user\AppData\Local\Anwendungsdaten\Temporary Internet Files\Content.IE5\1PSL574Y\LyricsContainer_1060-8001_v122[1] a variant of Win32/Adware.AddLyrics.I application C:\Windows.old\Documents and Settings\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PSL574Y\LyricsContainer_1060-8001_v122[1] a variant of Win32/Adware.AddLyrics.I application C:\Windows.old\Documents and Settings\user\AppData\Local\Temporary Internet Files\Content.IE5\1PSL574Y\LyricsContainer_1060-8001_v122[1] a variant of Win32/Adware.AddLyrics.I application C:\Windows.old\Documents and Settings\user\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PSL574Y\LyricsContainer_1060-8001_v122[1] a variant of Win32/Adware.AddLyrics.I application C:\Windows.old\Documents and Settings\user\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1PSL574Y\LyricsContainer_1060-8001_v122[1] a variant of Win32/Adware.AddLyrics.I application C:\Windows.old\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PSL574Y\LyricsContainer_1060-8001_v122[1] a variant of Win32/Adware.AddLyrics.I application C:\Windows.old\Users\user\AppData\Local\Temporary Internet Files\Content.IE5\1PSL574Y\LyricsContainer_1060-8001_v122[1] a variant of Win32/Adware.AddLyrics.I application C:\Windows.old\Users\user\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\1PSL574Y\LyricsContainer_1060-8001_v122[1] a variant of Win32/Adware.AddLyrics.I application C:\Windows.old\Users\user\Lokale Einstellungen\Temporary Internet Files\Content.IE5\1PSL574Y\LyricsContainer_1060-8001_v122[1] a variant of Win32/Adware.AddLyrics.I application |
|
29.07.2013, 15:43
| #64 |
| /// the machine /// TB-Ausbilder | meldung kostenlos -> stargames.com Lösch den Ordner Winodws.old, dann sollte alles gut sein 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.08.2013, 11:44
| #65 |
| | meldung kostenlos -> stargames.com Ok erst mal nochmal vielen Dank  Das neue System läuft rund, AVG antivir zeigt keine Fehler, ich hänge aber nochmal n frst scan an kann nicht schaden kommt mir aber sauber vor.. Gruss FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013 (ATTENTION: ====> FRST version is 8 days old and could be outdated)
Ran by juergi (administrator) on 05-08-2013 12:40:56
Running from C:\Users\juergi\Desktop
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Jetico, Inc.) C:\Program Files (x86)\Jetico\BestCrypt\BCResident.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
() C:\eclipse\eclipse.exe
(Oracle Corporation) c:\Program Files\Java\jre7\bin\javaw.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
() F:\xampp-portable\xampp-control.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apache Software Foundation) f:\xampp-portable\apache\bin\httpd.exe
(Apache Software Foundation) F:\xampp-portable\apache\bin\httpd.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
==================== Registry (Whitelisted) ==================
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20686704 2013-07-25] (Skype Technologies S.A.)
MountPoints2: {cb7303ca-f82f-11e2-9b92-806e6f6e6963} - D:\SETUP.EXE
MountPoints2: {cb7303cc-f82f-11e2-9b92-806e6f6e6963} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2285232 2013-07-30] ()
AppInit_DLLs-x32: hplun.dll [43520 2013-07-29] (Jetico, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BestCrypt Auto Open.lnk
ShortcutTarget: BestCrypt Auto Open.lnk -> C:\Program Files (x86)\Jetico\BestCrypt\BestCrypt.exe (Jetico, Inc.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-07-30] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [105040 2009-04-22] (AMD)
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-04-22] (AMD)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-30] (AVG Technologies)
R1 bcbus; C:\Windows\System32\DRIVERS\bcbus.sys [78440 2013-07-29] (Jetico, Inc.)
R0 bcfnt; C:\Windows\System32\Drivers\bcfnt.sys [178880 2013-07-16] (Jetico, Inc.)
R1 BC_3DES; C:\Windows\System32\Drivers\BC_3DES.sys [34408 2013-07-29] (Jetico, Inc.)
R1 BC_BF128; C:\Windows\System32\Drivers\BC_BF128.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_BF448; C:\Windows\System32\Drivers\BC_BF448.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_BFish; C:\Windows\System32\Drivers\BC_BFish.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_CAST; C:\Windows\System32\Drivers\BC_CAST.sys [37480 2013-07-29] (Jetico, Inc.)
R1 BC_DES; C:\Windows\System32\Drivers\BC_DES.sys [33896 2013-07-29] (Jetico, Inc.)
R1 BC_Gost; C:\Windows\System32\Drivers\BC_Gost.sys [25704 2013-07-29] (Jetico, Inc.)
R1 BC_IDEA; C:\Windows\System32\Drivers\BC_IDEA.sys [27752 2013-07-29] (Iarsn)
R1 BC_RC6; C:\Windows\System32\Drivers\BC_RC6.sys [30312 2013-07-29] (Michael Oestergaard Pedersen)
R1 BC_RIJN; C:\Windows\System32\Drivers\BC_RIJN.sys [51304 2013-07-29] (Jetico, Inc.)
R1 BC_SERP; C:\Windows\System32\Drivers\BC_SERP.sys [36968 2013-07-29] (Michael Oestergaard Pedersen)
R1 BC_TFISH; C:\Windows\System32\Drivers\BC_TFISH.sys [34408 2013-07-29] (Jetico, Inc.)
R0 fsh; C:\Windows\System32\Drivers\fsh.sys [68800 2013-07-29] (Jetico, Inc.)
R3 mhk; C:\Windows\System32\Drivers\mhk.sys [17472 2013-07-29] (Jetico, Inc.)
R3 moh; C:\Windows\System32\Drivers\moh.sys [13376 2013-07-29] (Jetico, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-04 22:22 - 2013-08-05 00:01 - 241720363 _____ C:\Users\juergi\Documents\Müritzschwäne 3 Eine Minute 58 Sekunden.MP4
2013-08-04 22:22 - 2013-08-04 23:49 - 188464713 _____ C:\Users\juergi\Documents\Müritzschwäne 1 Eine Minute 34 Sekunden.MP4
2013-08-04 22:22 - 2013-08-04 23:36 - 149482694 _____ C:\Users\juergi\Documents\Müritzschwäne 2 Eine Minute 12 Sekunden.MP4
2013-08-04 22:16 - 2013-08-04 23:38 - 177558952 _____ C:\Users\juergi\Documents\Im Konzentrationslager von Ravensbrück 1 Minute 26 Sekunden.MP4
2013-08-04 12:59 - 2013-08-05 12:37 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Skype
2013-08-04 12:59 - 2013-08-04 12:59 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-04 12:59 - 2013-08-04 12:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-04 12:59 - 2013-08-04 12:59 - 00000000 ____D C:\ProgramData\Skype
2013-08-04 01:00 - 2013-08-04 01:00 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Subversion
2013-08-04 00:58 - 2013-08-05 10:36 - 00000000 ____D C:\Users\juergi\AppData\Local\Eclipse
2013-08-04 00:58 - 2013-08-04 01:05 - 00000000 ____D C:\workspace
2013-08-04 00:35 - 2013-08-04 00:35 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-04 00:35 - 2013-08-04 00:35 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-04 00:35 - 2013-08-04 00:35 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-04 00:35 - 2013-08-04 00:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-04 00:35 - 2013-08-04 00:35 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-04 00:35 - 2013-08-04 00:35 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-04 00:34 - 2013-08-04 00:35 - 00000000 ____D C:\Program Files\Java
2013-08-03 20:06 - 2013-08-03 20:06 - 00000000 ____D C:\Program Files (x86)\Jetico
2013-08-02 22:21 - 2013-08-02 22:22 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Foxit Software
2013-08-02 22:21 - 2013-08-02 22:21 - 00002056 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2013-08-02 22:21 - 2013-08-02 22:21 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-08-02 22:21 - 2013-06-09 21:59 - 00216064 _____ C:\Windows\SysWOW64\gcapi_dll.dll
2013-08-01 18:38 - 2013-08-01 18:38 - 00288449 _____ C:\Users\juergi\Documents\abc.xps
2013-07-31 19:01 - 2013-07-31 19:01 - 00002386 _____ C:\Users\juergi\Documents\MumbleAutomaticCertificateBackup.p12
2013-07-31 18:57 - 2013-08-01 01:24 - 00000000 ____D C:\Users\juergi\Desktop\Mumble
2013-07-31 18:57 - 2013-07-31 18:57 - 00000588 _____ C:\Users\juergi\Desktop\OKiTALK.lnk
2013-07-30 19:35 - 2013-07-30 19:35 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-07-30 19:35 - 2013-07-30 19:35 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-30 19:35 - 2013-07-30 19:35 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-07-30 19:35 - 2013-07-30 19:35 - 00000987 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-30 19:35 - 2013-07-30 19:35 - 00000000 ___HD C:\$AVG
2013-07-30 19:35 - 2013-07-30 19:35 - 00000000 ____D C:\Users\juergi\AppData\Roaming\TuneUp Software
2013-07-30 19:35 - 2013-07-30 19:35 - 00000000 ____D C:\Users\juergi\AppData\Roaming\AVG2013
2013-07-30 19:35 - 2013-07-30 19:35 - 00000000 ____D C:\Users\juergi\AppData\Local\AVG Secure Search
2013-07-30 19:35 - 2013-07-30 19:35 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-30 19:35 - 2013-07-30 19:35 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-07-30 19:35 - 2013-07-30 19:35 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-30 19:34 - 2013-07-30 19:34 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-30 19:32 - 2013-08-05 10:40 - 00000000 ____D C:\ProgramData\MFAData
2013-07-30 19:32 - 2013-07-30 19:39 - 00000000 ____D C:\Users\juergi\AppData\Local\Avg2013
2013-07-30 19:32 - 2013-07-30 19:32 - 00000000 ____D C:\Users\juergi\AppData\Local\MFAData
2013-07-30 16:27 - 2013-07-30 16:27 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-30 16:27 - 2013-07-30 16:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-30 16:27 - 2013-07-30 16:27 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-30 16:27 - 2013-07-30 16:27 - 00000000 ____D C:\Windows\system32\Macromed
2013-07-30 16:27 - 2013-07-30 16:27 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Macromedia
2013-07-30 16:27 - 2013-07-30 16:27 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Adobe
2013-07-30 16:27 - 2013-07-30 16:27 - 00000000 ____D C:\Users\juergi\AppData\Local\Macromedia
2013-07-30 16:16 - 2013-07-30 16:16 - 00002092 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-07-30 16:16 - 2013-07-30 16:16 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Thunderbird
2013-07-30 16:16 - 2013-07-30 16:16 - 00000000 ____D C:\Users\juergi\AppData\Local\Thunderbird
2013-07-30 16:16 - 2013-07-30 16:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-30 16:13 - 2013-07-30 16:58 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Notepad++
2013-07-30 16:13 - 2013-07-30 16:13 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-07-30 16:13 - 2013-07-30 16:13 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-07-30 16:11 - 2013-08-05 10:36 - 00000000 ____D C:\eclipse
2013-07-30 16:11 - 2013-07-30 16:11 - 00000000 ____D C:\Users\juergi\AppData\Roaming\WinRAR
2013-07-30 16:11 - 2013-07-30 16:11 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-07-30 16:10 - 2013-07-30 16:11 - 00000000 ____D C:\Program Files\WinRAR
2013-07-30 15:56 - 2013-08-05 02:06 - 00000000 ____D C:\Users\juergi\AppData\Roaming\vlc
2013-07-30 15:56 - 2013-07-30 15:56 - 00001072 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-30 15:56 - 2013-07-30 15:56 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-07-29 12:40 - 2013-07-29 12:10 - 00078440 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bcbus.sys
2013-07-29 12:40 - 2013-07-29 12:10 - 00068800 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\fsh.sys
2013-07-29 12:40 - 2013-07-29 12:10 - 00051304 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_rijn.sys
2013-07-29 12:40 - 2013-07-29 12:10 - 00037480 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_cast.sys
2013-07-29 12:40 - 2013-07-29 12:10 - 00036968 _____ (Michael Oestergaard Pedersen) C:\Windows\system32\Drivers\bc_serp.sys
2013-07-29 12:40 - 2013-07-29 12:10 - 00034408 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_tfish.sys
2013-07-29 12:40 - 2013-07-29 12:10 - 00034408 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_3des.sys
2013-07-29 12:40 - 2013-07-29 12:10 - 00033896 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_des.sys
2013-07-29 12:40 - 2013-07-29 12:10 - 00030824 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_bfish.sys
2013-07-29 12:40 - 2013-07-29 12:10 - 00030824 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_bf448.sys
2013-07-29 12:40 - 2013-07-29 12:10 - 00030824 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_bf128.sys
2013-07-29 12:40 - 2013-07-29 12:10 - 00030312 _____ (Michael Oestergaard Pedersen) C:\Windows\system32\Drivers\bc_rc6.sys
2013-07-29 12:40 - 2013-07-29 12:10 - 00027752 _____ (Iarsn) C:\Windows\system32\Drivers\bc_idea.sys
2013-07-29 12:40 - 2013-07-29 12:10 - 00025704 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_gost.sys
2013-07-29 12:40 - 2013-07-29 12:10 - 00017472 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\mhk.sys
2013-07-29 12:40 - 2013-07-29 12:10 - 00013376 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\moh.sys
2013-07-29 12:40 - 2013-07-16 07:09 - 00178880 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bcfnt.sys
2013-07-29 12:40 - 2009-09-10 09:46 - 09275392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-29 12:40 - 2009-09-10 08:55 - 05954560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-29 12:40 - 2009-09-10 05:47 - 00407040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2013-07-29 12:40 - 2009-07-18 05:28 - 00299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpdxm.dll
2013-07-29 12:40 - 2009-07-18 04:48 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2013-07-29 12:39 - 2009-06-08 08:09 - 00855040 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-29 12:39 - 2009-06-08 07:47 - 00716800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-29 12:38 - 2013-07-29 12:38 - 00000488 _____ C:\Windows\PFRO.log
2013-07-29 12:37 - 2013-07-29 12:36 - 00448512 _____ (OldTimer Tools) C:\Users\juergi\Desktop\TFC.exe
2013-07-29 12:18 - 2013-07-29 12:41 - 00364320 _____ (Jetico) C:\Windows\BCUnInstall.exe
2013-07-29 12:16 - 2013-07-30 13:44 - 00032960 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\MftWipeFilter.sys
2013-07-29 12:16 - 2013-07-29 12:16 - 00043520 _____ (Jetico, Inc.) C:\Windows\SysWOW64\HPLUN.dll
2013-07-29 11:41 - 2013-07-29 10:46 - 00000000 ____D C:\Windows\Panther
2013-07-29 11:23 - 2013-07-29 11:23 - 00057560 _____ C:\Users\juergi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-29 11:23 - 2013-07-29 11:23 - 00000000 ____D C:\Users\juergi\AppData\Roaming\ATI
2013-07-29 11:23 - 2013-07-29 11:23 - 00000000 ____D C:\Users\juergi\AppData\Local\ATI
2013-07-29 11:23 - 2013-07-29 11:23 - 00000000 ____D C:\Users\juergi\AppData\Local\AMD
2013-07-29 11:23 - 2013-07-29 11:23 - 00000000 ____D C:\ProgramData\ATI
2013-07-29 11:20 - 2013-07-29 11:20 - 00000000 ____D C:\Users\juergi\AppData\Local\GHISLER
2013-07-29 11:20 - 2013-07-29 11:20 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-29 11:20 - 2013-07-26 12:47 - 02347384 _____ (ESET) C:\Users\juergi\Desktop\esetsmartinstaller_enu.exe
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-07-29 11:16 - 2013-07-29 11:16 - 00000000 ____D C:\ProgramData\AMD
2013-07-29 11:16 - 2013-07-29 11:16 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-07-29 11:16 - 2013-07-29 11:16 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-07-29 11:16 - 2013-07-29 11:16 - 00000000 ____D C:\Program Files (x86)\AMD APP
2013-07-29 11:16 - 2012-02-23 20:32 - 00095760 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2013-07-29 11:16 - 2012-01-14 04:05 - 00056448 ____R (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2013-07-29 11:16 - 2011-12-13 04:52 - 00082048 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys
2013-07-29 11:16 - 2011-12-13 04:52 - 00042624 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys
2013-07-29 11:16 - 2011-10-26 11:16 - 00219776 _____ (Advanced Micro Devices, INC.) C:\Windows\system32\Drivers\amdxhc.sys
2013-07-29 11:16 - 2011-10-26 11:16 - 00102528 _____ (Advanced Micro Devices, INC.) C:\Windows\system32\Drivers\amdhub30.sys
2013-07-29 11:16 - 2010-02-18 09:18 - 00046136 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdiox64.sys
2013-07-29 11:15 - 2013-07-29 11:15 - 00000000 ____D C:\Program Files\ATI
2013-07-29 11:15 - 2013-07-29 11:15 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-07-29 11:15 - 2012-05-05 03:43 - 00226504 _____ C:\Windows\SysWOW64\atiapfxx.blb
2013-07-29 11:15 - 2012-05-05 03:43 - 00226504 _____ C:\Windows\system32\atiapfxx.blb
2013-07-29 11:15 - 2012-05-05 03:37 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIDEMGX.dll
2013-07-29 11:15 - 2012-05-05 03:01 - 00204960 _____ C:\Windows\SysWOW64\ativvsvl.dat
2013-07-29 11:15 - 2012-05-05 03:01 - 00204960 _____ C:\Windows\system32\ativvsvl.dat
2013-07-29 11:15 - 2012-05-05 03:01 - 00157152 _____ C:\Windows\SysWOW64\ativvsva.dat
2013-07-29 11:15 - 2012-05-05 03:01 - 00157152 _____ C:\Windows\system32\ativvsva.dat
2013-07-29 11:15 - 2012-05-05 02:43 - 00058880 _____ (AMD) C:\Windows\system32\coinst.dll
2013-07-29 11:15 - 2012-01-06 10:16 - 00037141 _____ C:\Windows\atiogl.xml
2013-07-29 11:15 - 2011-09-13 06:06 - 00003917 _____ C:\Windows\SysWOW64\atipblag.dat
2013-07-29 11:15 - 2011-09-13 06:06 - 00003917 _____ C:\Windows\system32\atipblag.dat
2013-07-29 11:13 - 2013-07-29 11:16 - 00000000 ____D C:\Program Files\ATI Technologies
2013-07-29 11:10 - 2013-07-29 11:10 - 00000000 ____D C:\Users\juergi\AppData\Roaming\GHISLER
2013-07-29 11:08 - 2013-07-29 11:08 - 05896408 _____ (Ghisler Software GmbH) C:\Users\juergi\Downloads\tcm801x32_64.exe
2013-07-29 11:03 - 2013-07-29 11:03 - 01780547 _____ (Farbar) C:\Users\juergi\Downloads\FRST64.exe
2013-07-29 11:03 - 2013-07-29 11:03 - 01780547 _____ (Farbar) C:\Users\juergi\Desktop\FRST64.exe
2013-07-29 11:01 - 2013-07-30 18:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-29 11:01 - 2013-07-29 11:02 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Mozilla
2013-07-29 11:01 - 2013-07-29 11:01 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-29 11:01 - 2013-07-29 11:01 - 00000000 ____D C:\Users\juergi\AppData\Local\Mozilla
2013-07-29 11:01 - 2013-07-29 11:01 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-29 11:01 - 2013-07-29 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-29 10:50 - 2013-07-29 10:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-29 10:50 - 2013-07-29 10:50 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-07-29 10:50 - 2013-04-10 11:09 - 00849992 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2013-07-29 10:50 - 2013-04-10 11:09 - 00108104 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2013-07-29 10:50 - 2013-04-10 11:09 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2013-07-29 10:49 - 2013-07-26 10:54 - 06095405 ____R C:\realtek_pcielan_7_mb.zip
2013-07-29 10:47 - 2013-07-29 10:47 - 00001445 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-29 10:47 - 2013-07-29 10:47 - 00001411 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-29 10:47 - 2013-07-29 10:47 - 00000000 ___RD C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-29 10:47 - 2013-07-29 10:47 - 00000000 ___RD C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-29 10:47 - 2013-07-29 10:47 - 00000000 ____D C:\Users\juergi\AppData\Local\VirtualStore
2013-07-29 10:46 - 2013-08-05 02:08 - 00265312 _____ C:\Windows\WindowsUpdate.log
2013-07-29 10:46 - 2013-07-29 10:47 - 00000000 ____D C:\Users\juergi
2013-07-29 10:46 - 2013-07-29 10:46 - 00000020 ___SH C:\Users\juergi\ntuser.ini
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Vorlagen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Startmenü
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Netzwerkumgebung
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Lokale Einstellungen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Eigene Dateien
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Druckumgebung
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Documents\Eigene Musik
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Documents\Eigene Bilder
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\AppData\Local\Verlauf
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\AppData\Local\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Favoriten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-07-29 10:46 - 2009-04-22 11:09 - 00000000 ___RD C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-07-29 10:46 - 2009-04-22 11:04 - 00000000 ___RD C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-07-29 10:43 - 2013-07-29 10:43 - 00001313 _____ C:\Windows\TSSysprep.log
2013-07-29 10:42 - 2013-07-29 10:42 - 418407253 _____ C:\Windows\MEMORY.DMP
2013-07-29 10:42 - 2013-07-29 10:42 - 00275344 _____ C:\Windows\Minidump\072913-23852-01.dmp
2013-07-29 10:42 - 2013-07-29 10:42 - 00000000 ____D C:\Windows\Minidump
2013-07-26 13:07 - 2013-07-26 13:07 - 00009314 _____ C:\AdwCleaner[S1].txt
2013-07-26 13:05 - 2013-07-26 13:05 - 00009262 _____ C:\AdwCleaner[R1].txt
2013-07-26 12:25 - 2013-07-26 12:25 - 00000000 ____D C:\loader
2013-07-26 12:05 - 2013-07-26 12:25 - 00000000 ____D C:\treiber
2013-07-26 11:44 - 2013-07-26 11:44 - 00000000 ____D C:\FRST
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-12 02:56 - 2013-07-26 12:28 - 00000000 ____D C:\totalcmd
2013-07-12 02:55 - 2013-08-05 01:11 - 00000000 ____D C:\dateien
2013-07-10 01:32 - 2013-07-10 01:32 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
==================== One Month Modified Files and Folders =======
2013-08-05 12:37 - 2013-08-04 12:59 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Skype
2013-08-05 12:35 - 2009-04-22 11:00 - 00008480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-05 12:35 - 2009-04-22 11:00 - 00008480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-05 10:40 - 2013-07-30 19:32 - 00000000 ____D C:\ProgramData\MFAData
2013-08-05 10:39 - 2009-04-22 15:13 - 00643640 _____ C:\Windows\system32\perfh007.dat
2013-08-05 10:39 - 2009-04-22 15:13 - 00126146 _____ C:\Windows\system32\perfc007.dat
2013-08-05 10:39 - 2009-04-22 11:27 - 01471976 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-05 10:38 - 2013-07-29 10:46 - 00265312 _____ C:\Windows\WindowsUpdate.log
2013-08-05 10:36 - 2013-08-04 00:58 - 00000000 ____D C:\Users\juergi\AppData\Local\Eclipse
2013-08-05 10:36 - 2013-07-30 16:11 - 00000000 ____D C:\eclipse
2013-08-05 10:34 - 2009-04-22 11:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-05 10:34 - 2009-04-22 11:05 - 00022577 _____ C:\Windows\setupact.log
2013-08-05 02:06 - 2013-07-30 15:56 - 00000000 ____D C:\Users\juergi\AppData\Roaming\vlc
2013-08-05 01:11 - 2013-07-12 02:55 - 00000000 ____D C:\dateien
2013-08-05 00:01 - 2013-08-04 22:22 - 241720363 _____ C:\Users\juergi\Documents\Müritzschwäne 3 Eine Minute 58 Sekunden.MP4
2013-08-04 23:49 - 2013-08-04 22:22 - 188464713 _____ C:\Users\juergi\Documents\Müritzschwäne 1 Eine Minute 34 Sekunden.MP4
2013-08-04 23:38 - 2013-08-04 22:16 - 177558952 _____ C:\Users\juergi\Documents\Im Konzentrationslager von Ravensbrück 1 Minute 26 Sekunden.MP4
2013-08-04 23:36 - 2013-08-04 22:22 - 149482694 _____ C:\Users\juergi\Documents\Müritzschwäne 2 Eine Minute 12 Sekunden.MP4
2013-08-04 12:59 - 2013-08-04 12:59 - 00002517 _____ C:\Users\Public\Desktop\Skype.lnk
2013-08-04 12:59 - 2013-08-04 12:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-04 12:59 - 2013-08-04 12:59 - 00000000 ____D C:\ProgramData\Skype
2013-08-04 01:05 - 2013-08-04 00:58 - 00000000 ____D C:\workspace
2013-08-04 01:00 - 2013-08-04 01:00 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Subversion
2013-08-04 00:35 - 2013-08-04 00:35 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-04 00:35 - 2013-08-04 00:35 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-04 00:35 - 2013-08-04 00:35 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-04 00:35 - 2013-08-04 00:35 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-04 00:35 - 2013-08-04 00:35 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-04 00:35 - 2013-08-04 00:35 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-04 00:35 - 2013-08-04 00:34 - 00000000 ____D C:\Program Files\Java
2013-08-03 20:06 - 2013-08-03 20:06 - 00000000 ____D C:\Program Files (x86)\Jetico
2013-08-02 22:22 - 2013-08-02 22:21 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Foxit Software
2013-08-02 22:21 - 2013-08-02 22:21 - 00002056 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2013-08-02 22:21 - 2013-08-02 22:21 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-08-01 18:38 - 2013-08-01 18:38 - 00288449 _____ C:\Users\juergi\Documents\abc.xps
2013-08-01 01:24 - 2013-07-31 18:57 - 00000000 ____D C:\Users\juergi\Desktop\Mumble
2013-07-31 19:01 - 2013-07-31 19:01 - 00002386 _____ C:\Users\juergi\Documents\MumbleAutomaticCertificateBackup.p12
2013-07-31 18:57 - 2013-07-31 18:57 - 00000588 _____ C:\Users\juergi\Desktop\OKiTALK.lnk
2013-07-30 19:39 - 2013-07-30 19:32 - 00000000 ____D C:\Users\juergi\AppData\Local\Avg2013
2013-07-30 19:35 - 2013-07-30 19:35 - 00045856 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-07-30 19:35 - 2013-07-30 19:35 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-07-30 19:35 - 2013-07-30 19:35 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-07-30 19:35 - 2013-07-30 19:35 - 00000987 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-07-30 19:35 - 2013-07-30 19:35 - 00000000 ___HD C:\$AVG
2013-07-30 19:35 - 2013-07-30 19:35 - 00000000 ____D C:\Users\juergi\AppData\Roaming\TuneUp Software
2013-07-30 19:35 - 2013-07-30 19:35 - 00000000 ____D C:\Users\juergi\AppData\Roaming\AVG2013
2013-07-30 19:35 - 2013-07-30 19:35 - 00000000 ____D C:\Users\juergi\AppData\Local\AVG Secure Search
2013-07-30 19:35 - 2013-07-30 19:35 - 00000000 ____D C:\ProgramData\AVG2013
2013-07-30 19:35 - 2013-07-30 19:35 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-07-30 19:35 - 2013-07-30 19:35 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-07-30 19:34 - 2013-07-30 19:34 - 00000000 ____D C:\Program Files (x86)\AVG
2013-07-30 19:32 - 2013-07-30 19:32 - 00000000 ____D C:\Users\juergi\AppData\Local\MFAData
2013-07-30 18:54 - 2013-07-29 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-30 16:58 - 2013-07-30 16:13 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Notepad++
2013-07-30 16:27 - 2013-07-30 16:27 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-30 16:27 - 2013-07-30 16:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-30 16:27 - 2013-07-30 16:27 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-30 16:27 - 2013-07-30 16:27 - 00000000 ____D C:\Windows\system32\Macromed
2013-07-30 16:27 - 2013-07-30 16:27 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Macromedia
2013-07-30 16:27 - 2013-07-30 16:27 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Adobe
2013-07-30 16:27 - 2013-07-30 16:27 - 00000000 ____D C:\Users\juergi\AppData\Local\Macromedia
2013-07-30 16:16 - 2013-07-30 16:16 - 00002092 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2013-07-30 16:16 - 2013-07-30 16:16 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Thunderbird
2013-07-30 16:16 - 2013-07-30 16:16 - 00000000 ____D C:\Users\juergi\AppData\Local\Thunderbird
2013-07-30 16:16 - 2013-07-30 16:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-07-30 16:13 - 2013-07-30 16:13 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-07-30 16:13 - 2013-07-30 16:13 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-07-30 16:11 - 2013-07-30 16:11 - 00000000 ____D C:\Users\juergi\AppData\Roaming\WinRAR
2013-07-30 16:11 - 2013-07-30 16:11 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-07-30 16:11 - 2013-07-30 16:10 - 00000000 ____D C:\Program Files\WinRAR
2013-07-30 15:56 - 2013-07-30 15:56 - 00001072 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-30 15:56 - 2013-07-30 15:56 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-07-30 13:44 - 2013-07-29 12:16 - 00032960 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\MftWipeFilter.sys
2013-07-29 12:41 - 2013-07-29 12:18 - 00364320 _____ (Jetico) C:\Windows\BCUnInstall.exe
2013-07-29 12:38 - 2013-07-29 12:38 - 00000488 _____ C:\Windows\PFRO.log
2013-07-29 12:36 - 2013-07-29 12:37 - 00448512 _____ (OldTimer Tools) C:\Users\juergi\Desktop\TFC.exe
2013-07-29 12:16 - 2013-07-29 12:16 - 00043520 _____ (Jetico, Inc.) C:\Windows\SysWOW64\HPLUN.dll
2013-07-29 12:10 - 2013-07-29 12:40 - 00078440 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bcbus.sys
2013-07-29 12:10 - 2013-07-29 12:40 - 00068800 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\fsh.sys
2013-07-29 12:10 - 2013-07-29 12:40 - 00051304 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_rijn.sys
2013-07-29 12:10 - 2013-07-29 12:40 - 00037480 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_cast.sys
2013-07-29 12:10 - 2013-07-29 12:40 - 00036968 _____ (Michael Oestergaard Pedersen) C:\Windows\system32\Drivers\bc_serp.sys
2013-07-29 12:10 - 2013-07-29 12:40 - 00034408 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_tfish.sys
2013-07-29 12:10 - 2013-07-29 12:40 - 00034408 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_3des.sys
2013-07-29 12:10 - 2013-07-29 12:40 - 00033896 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_des.sys
2013-07-29 12:10 - 2013-07-29 12:40 - 00030824 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_bfish.sys
2013-07-29 12:10 - 2013-07-29 12:40 - 00030824 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_bf448.sys
2013-07-29 12:10 - 2013-07-29 12:40 - 00030824 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_bf128.sys
2013-07-29 12:10 - 2013-07-29 12:40 - 00030312 _____ (Michael Oestergaard Pedersen) C:\Windows\system32\Drivers\bc_rc6.sys
2013-07-29 12:10 - 2013-07-29 12:40 - 00027752 _____ (Iarsn) C:\Windows\system32\Drivers\bc_idea.sys
2013-07-29 12:10 - 2013-07-29 12:40 - 00025704 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bc_gost.sys
2013-07-29 12:10 - 2013-07-29 12:40 - 00017472 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\mhk.sys
2013-07-29 12:10 - 2013-07-29 12:40 - 00013376 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\moh.sys
2013-07-29 11:41 - 2009-04-22 11:53 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2013-07-29 11:41 - 2009-04-22 11:45 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2013-07-29 11:23 - 2013-07-29 11:23 - 00057560 _____ C:\Users\juergi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-29 11:23 - 2013-07-29 11:23 - 00000000 ____D C:\Users\juergi\AppData\Roaming\ATI
2013-07-29 11:23 - 2013-07-29 11:23 - 00000000 ____D C:\Users\juergi\AppData\Local\ATI
2013-07-29 11:23 - 2013-07-29 11:23 - 00000000 ____D C:\Users\juergi\AppData\Local\AMD
2013-07-29 11:23 - 2013-07-29 11:23 - 00000000 ____D C:\ProgramData\ATI
2013-07-29 11:20 - 2013-07-29 11:20 - 00000000 ____D C:\Users\juergi\AppData\Local\GHISLER
2013-07-29 11:20 - 2013-07-29 11:20 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-07-29 11:16 - 2013-07-29 11:16 - 00000000 ____D C:\ProgramData\AMD
2013-07-29 11:16 - 2013-07-29 11:16 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-07-29 11:16 - 2013-07-29 11:16 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2013-07-29 11:16 - 2013-07-29 11:16 - 00000000 ____D C:\Program Files (x86)\AMD APP
2013-07-29 11:16 - 2013-07-29 11:13 - 00000000 ____D C:\Program Files\ATI Technologies
2013-07-29 11:15 - 2013-07-29 11:15 - 00000000 ____D C:\Program Files\ATI
2013-07-29 11:15 - 2013-07-29 11:15 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2013-07-29 11:15 - 2009-04-22 09:16 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-29 11:10 - 2013-07-29 11:10 - 00000000 ____D C:\Users\juergi\AppData\Roaming\GHISLER
2013-07-29 11:08 - 2013-07-29 11:08 - 05896408 _____ (Ghisler Software GmbH) C:\Users\juergi\Downloads\tcm801x32_64.exe
2013-07-29 11:03 - 2013-07-29 11:03 - 01780547 _____ (Farbar) C:\Users\juergi\Downloads\FRST64.exe
2013-07-29 11:03 - 2013-07-29 11:03 - 01780547 _____ (Farbar) C:\Users\juergi\Desktop\FRST64.exe
2013-07-29 11:02 - 2013-07-29 11:01 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Mozilla
2013-07-29 11:01 - 2013-07-29 11:01 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-29 11:01 - 2013-07-29 11:01 - 00000000 ____D C:\Users\juergi\AppData\Local\Mozilla
2013-07-29 11:01 - 2013-07-29 11:01 - 00000000 ____D C:\ProgramData\Mozilla
2013-07-29 11:01 - 2013-07-29 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-29 10:50 - 2013-07-29 10:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-29 10:50 - 2013-07-29 10:50 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-07-29 10:49 - 2009-04-22 11:45 - 00000000 ____D C:\Windows\system32\restore
2013-07-29 10:47 - 2013-07-29 10:47 - 00001445 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-29 10:47 - 2013-07-29 10:47 - 00001411 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-07-29 10:47 - 2013-07-29 10:47 - 00000000 ___RD C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-29 10:47 - 2013-07-29 10:47 - 00000000 ___RD C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-29 10:47 - 2013-07-29 10:47 - 00000000 ____D C:\Users\juergi\AppData\Local\VirtualStore
2013-07-29 10:47 - 2013-07-29 10:46 - 00000000 ____D C:\Users\juergi
2013-07-29 10:46 - 2013-07-29 11:41 - 00000000 ____D C:\Windows\Panther
2013-07-29 10:46 - 2013-07-29 10:46 - 00000020 ___SH C:\Users\juergi\ntuser.ini
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Vorlagen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Startmenü
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Netzwerkumgebung
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Lokale Einstellungen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Eigene Dateien
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Druckumgebung
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Documents\Eigene Musik
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Documents\Eigene Bilder
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\AppData\Local\Verlauf
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\AppData\Local\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\juergi\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Vorlagen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Startmenü
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Vorlagen
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Startmenü
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Favoriten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Dokumente
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2013-07-29 10:46 - 2013-07-29 10:46 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2013-07-29 10:46 - 2013-07-05 16:09 - 00000000 __SHD C:\Recovery
2013-07-29 10:46 - 2009-04-22 09:16 - 00000000 __RHD C:\Users\Default
2013-07-29 10:46 - 2009-04-22 09:16 - 00000000 ____D C:\Windows\rescache
2013-07-29 10:46 - 2009-04-22 09:16 - 00000000 ____D C:\Program Files\Windows NT
2013-07-29 10:45 - 2009-04-22 11:00 - 00273760 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-29 10:43 - 2013-07-29 10:43 - 00001313 _____ C:\Windows\TSSysprep.log
2013-07-29 10:43 - 2009-04-22 11:00 - 00001788 _____ C:\Windows\DtcInstall.log
2013-07-29 10:43 - 2009-04-22 09:16 - 00000000 ____D C:\Windows\system32\sysprep
2013-07-29 10:42 - 2013-07-29 10:42 - 418407253 _____ C:\Windows\MEMORY.DMP
2013-07-29 10:42 - 2013-07-29 10:42 - 00275344 _____ C:\Windows\Minidump\072913-23852-01.dmp
2013-07-29 10:42 - 2013-07-29 10:42 - 00000000 ____D C:\Windows\Minidump
2013-07-29 10:42 - 2009-04-22 15:43 - 00000000 ____D C:\Windows\CSC
2013-07-26 13:07 - 2013-07-26 13:07 - 00009314 _____ C:\AdwCleaner[S1].txt
2013-07-26 13:05 - 2013-07-26 13:05 - 00009262 _____ C:\AdwCleaner[R1].txt
2013-07-26 12:47 - 2013-07-29 11:20 - 02347384 _____ (ESET) C:\Users\juergi\Desktop\esetsmartinstaller_enu.exe
2013-07-26 12:28 - 2013-07-12 02:56 - 00000000 ____D C:\totalcmd
2013-07-26 12:25 - 2013-07-26 12:25 - 00000000 ____D C:\loader
2013-07-26 12:25 - 2013-07-26 12:05 - 00000000 ____D C:\treiber
2013-07-26 11:44 - 2013-07-26 11:44 - 00000000 ____D C:\FRST
2013-07-26 10:54 - 2013-07-29 10:49 - 06095405 ____R C:\realtek_pcielan_7_mb.zip
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2013-07-16 07:09 - 2013-07-29 12:40 - 00178880 _____ (Jetico, Inc.) C:\Windows\system32\Drivers\bcfnt.sys
2013-07-10 01:32 - 2013-07-10 01:32 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2009-04-22 06:00] - [2009-04-22 07:38] - 0389632 ____A (Microsoft Corporation) 007CFB4BF1BE9D43E605FB4CFDFE5D01
C:\Windows\System32\wininit.exe
[2009-04-22 05:59] - [2009-04-22 07:38] - 0129024 ____A (Microsoft Corporation) 56F3B4CD28CDB1D79290870A084EF365
C:\Windows\SysWOW64\wininit.exe
[2009-04-22 05:35] - [2009-04-22 07:19] - 0096256 ____A (Microsoft Corporation) 2E4264C95BAB587431C79C101899CCC8
C:\Windows\explorer.exe
[2009-04-22 06:04] - [2009-04-22 07:38] - 2858496 ____A (Microsoft Corporation) 0C817F3E033335EDB2DD069EFA84045E
C:\Windows\SysWOW64\explorer.exe
[2009-04-22 05:40] - [2009-04-22 07:19] - 2607616 ____A (Microsoft Corporation) C133788B393EEC01439AD997D24E66ED
C:\Windows\System32\svchost.exe
[2009-04-22 05:35] - [2009-04-22 07:38] - 0027648 ____A (Microsoft Corporation) DAED0221F52D75056A8999C2BED00D4E
C:\Windows\SysWOW64\svchost.exe
[2009-04-22 05:16] - [2009-04-22 07:19] - 0020992 ____A (Microsoft Corporation) 5F1FE2F551E74B069C436152F06CCFDC
C:\Windows\System32\services.exe
[2009-04-22 05:23] - [2009-04-22 07:38] - 0328704 ____A (Microsoft Corporation) 21EF41CDCEA63268A96ED8150B830966
C:\Windows\System32\User32.dll
[2009-04-22 05:44] - [2009-04-22 07:41] - 1008128 ____A (Microsoft Corporation) BBD85B4D52566D8600A1062A1607555E
C:\Windows\SysWOW64\User32.dll
[2009-04-22 05:22] - [2009-04-22 07:11] - 0833024 ____A (Microsoft Corporation) ADCBEAE40A6E714BA4E0CF257EA6BFEA
C:\Windows\System32\userinit.exe
[2009-04-22 05:57] - [2009-04-22 07:38] - 0030208 ____A (Microsoft Corporation) 03F541FCFD3A950CE4E0AFB64A4AE4DC
C:\Windows\SysWOW64\userinit.exe
[2009-04-22 05:32] - [2009-04-22 07:19] - 0026112 ____A (Microsoft Corporation) 50771CA86FF1ADAF5FD1920F8CB5665E
C:\Windows\System32\Drivers\volsnap.sys
[2009-04-22 05:23] - [2009-04-22 07:45] - 0293952 ____A (Microsoft Corporation) 93454FFE2DA928731D855072AFC02603
LastRegBack: 2013-07-29 10:42
==================== End Of Log ============================
|
|
05.08.2013, 13:38
| #66 |
| /// the machine /// TB-Ausbilder | meldung kostenlos -> stargames.com ist auch sauber
__________________ --> meldung kostenlos -> stargames.com |
|
04.09.2013, 13:45
| #67 |
| | weitere merkwürdigkeiten hi wieder probleme nach dl eines mmorpg (silkroad) erkennt avg viele trojaner ich hab aber das directory und alles gleich geloescht aber irgendwas ist falsch system laeuft langsam hoch das avg scan log find ich eben nicht gmer scan GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-04 14:27:26
Windows 6.1.7100 x64 \Device\Harddisk0\DR0 -> \Device\00000071 OCZ-AGIL rev.2.15 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\juergi\AppData\Local\Temp\fgliqpob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\ntoskrnl.exe!memcmp + 256 fffff80002c98700 3 bytes [00, 78, FE]
.text C:\Windows\system32\ntoskrnl.exe!memcmp + 261 fffff80002c98705 14 bytes [A5, DF, 02, 00, B5, F3, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\ProgramData\eSafe\eGdpSvc.exe[1640] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075b4149b 2 bytes JMP 76e46faa C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eSafe\eGdpSvc.exe[1640] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075b41650 2 bytes JMP 76e43bc3 C:\Windows\syswow64\kernel32.dll
.text C:\ProgramData\eSafe\eGdpSvc.exe[1640] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075b4165b 2 bytes JMP 76ec84dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3584] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000075b4149b 2 bytes JMP 76e46faa C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3584] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 0000000075b41650 2 bytes JMP 76e43bc3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3584] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 0000000075b4165b 2 bytes JMP 76ec84dc C:\Windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:3712] 000007fef7d62b84
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3452:4256] 000007fefa8f5124
---- EOF - GMER 2.1 ----
frst FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013 (ATTENTION: ====> FRST version is 38 days old and could be outdated)
Ran by juergi (administrator) on 04-09-2013 14:18:26
Running from C:\Users\juergi\Desktop
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Wsys Co., Ltd.) C:\ProgramData\eSafe\eGdpSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(Jetico, Inc.) C:\Program Files (x86)\Jetico\BestCrypt\BCResident.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
==================== Registry (Whitelisted) ==================
MountPoints2: {cb7303cc-f82f-11e2-9b92-806e6f6e6963} - E:\LaunchU3.exe -a
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2285232 2013-07-30] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
AppInit_DLLs-x32: hplun.dll [43520 2013-07-29] (Jetico, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BestCrypt Auto Open.lnk
ShortcutTarget: BestCrypt Auto Open.lnk -> C:\Program Files (x86)\Jetico\BestCrypt\BestCrypt.exe (Jetico, Inc.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default
FF NewTab: hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
FF SelectedSearchEngine: qvo6
FF Homepage: hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\15.4.0.5
FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
Chrome:
=======
CHR Extension: (Docs) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR StartMenuInternet: Google Chrome - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-07-30] (AVG Secure Search)
R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [303680 2013-09-03] (Wsys Co., Ltd.)
==================== Drivers (Whitelisted) ====================
S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [105040 2009-04-22] (AMD)
R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-04-22] (AMD)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-30] (AVG Technologies)
R1 bcbus; C:\Windows\System32\DRIVERS\bcbus.sys [78440 2013-07-29] (Jetico, Inc.)
R0 bcfnt; C:\Windows\System32\Drivers\bcfnt.sys [178880 2013-07-16] (Jetico, Inc.)
R1 BC_3DES; C:\Windows\System32\Drivers\BC_3DES.sys [34408 2013-07-29] (Jetico, Inc.)
R1 BC_BF128; C:\Windows\System32\Drivers\BC_BF128.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_BF448; C:\Windows\System32\Drivers\BC_BF448.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_BFish; C:\Windows\System32\Drivers\BC_BFish.sys [30824 2013-07-29] (Jetico, Inc.)
R1 BC_CAST; C:\Windows\System32\Drivers\BC_CAST.sys [37480 2013-07-29] (Jetico, Inc.)
R1 BC_DES; C:\Windows\System32\Drivers\BC_DES.sys [33896 2013-07-29] (Jetico, Inc.)
R1 BC_Gost; C:\Windows\System32\Drivers\BC_Gost.sys [25704 2013-07-29] (Jetico, Inc.)
R1 BC_IDEA; C:\Windows\System32\Drivers\BC_IDEA.sys [27752 2013-07-29] (Iarsn)
R1 BC_RC6; C:\Windows\System32\Drivers\BC_RC6.sys [30312 2013-07-29] (Michael Oestergaard Pedersen)
R1 BC_RIJN; C:\Windows\System32\Drivers\BC_RIJN.sys [51304 2013-07-29] (Jetico, Inc.)
R1 BC_SERP; C:\Windows\System32\Drivers\BC_SERP.sys [36968 2013-07-29] (Michael Oestergaard Pedersen)
R1 BC_TFISH; C:\Windows\System32\Drivers\BC_TFISH.sys [34408 2013-07-29] (Jetico, Inc.)
R0 fsh; C:\Windows\System32\Drivers\fsh.sys [68800 2013-07-29] (Jetico, Inc.)
R3 mhk; C:\Windows\System32\Drivers\mhk.sys [17472 2013-07-29] (Jetico, Inc.)
R3 moh; C:\Windows\System32\Drivers\moh.sys [13376 2013-07-29] (Jetico, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-04 14:17 - 2013-09-04 14:17 - 00000474 _____ C:\Users\juergi\Desktop\defogger_disable.log
2013-09-04 14:17 - 2013-09-04 14:17 - 00000000 _____ C:\Users\juergi\defogger_reenable
2013-09-04 14:16 - 2013-09-04 14:16 - 00050477 _____ C:\Users\juergi\Desktop\Defogger.exe
2013-09-04 13:33 - 2013-09-04 13:54 - 00000000 ____D C:\maxsro
2013-09-04 10:49 - 2013-09-04 10:56 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Oblivion.German.AC3.BDRip.XviD-HP
2013-09-04 10:48 - 2013-09-04 10:48 - 00000820 _____ C:\Users\juergi\Desktop\µTorrent.lnk
2013-09-04 10:48 - 2013-09-04 10:48 - 00000800 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-09-04 10:48 - 2013-09-04 10:48 - 00000000 ____D C:\Users\juergi\Downloads\Files.fm_2013-08-05_xxedsak
2013-09-04 10:46 - 2013-09-04 13:38 - 00000000 ____D C:\Users\juergi\AppData\Roaming\uTorrent
2013-09-03 14:14 - 2013-09-03 14:14 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Optimizer Pro
2013-09-03 14:09 - 2013-09-04 14:13 - 00000000 ____D C:\ProgramData\eSafe
2013-09-03 14:09 - 2013-09-03 14:09 - 00001068 _____ C:\Users\juergi\Desktop\Optimizer Pro.lnk
2013-09-03 14:09 - 2013-09-03 14:09 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-08-28 09:44 - 2013-08-28 09:47 - 00000000 ____D C:\ProgramData\Adobe
2013-08-28 09:44 - 2013-08-28 09:44 - 00002025 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-28 09:44 - 2013-08-28 09:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-28 09:43 - 2013-08-28 09:46 - 00000000 ____D C:\Users\juergi\AppData\Local\Adobe
2013-08-28 09:36 - 2013-08-28 09:36 - 02717517 _____ C:\Users\juergi\Documents\112.xps
2013-08-28 09:34 - 2013-08-28 09:34 - 00208430 _____ C:\Users\juergi\Documents\111.xps
2013-08-25 02:50 - 2013-09-04 13:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-22 14:07 - 2013-08-22 14:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-22 14:05 - 2013-08-23 00:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-22 12:33 - 2013-08-22 12:33 - 00726770 _____ C:\Users\juergi\Documents\goslar2.jpeg
2013-08-22 12:33 - 2013-08-22 12:33 - 00200689 _____ C:\Users\juergi\Documents\goslar3.jpeg
2013-08-21 19:26 - 2013-08-21 19:23 - 00619839 _____ C:\Users\juergi\Documents\ust2011-2.jpeg
2013-08-21 19:26 - 2013-08-21 19:22 - 00393024 _____ C:\Users\juergi\Documents\ust2011-1.jpeg
2013-08-21 19:25 - 2013-08-21 19:25 - 00705055 _____ C:\Users\juergi\Documents\est2011-2.jpeg
2013-08-18 15:36 - 2013-08-18 15:46 - 00000000 ____D C:\Users\juergi\AppData\Local\Audible
2013-08-18 15:35 - 2013-08-23 00:18 - 00000000 ____D C:\Users\juergi\Documents\Audible
2013-08-18 15:35 - 2013-08-18 15:36 - 00000000 ____D C:\Program Files (x86)\Audible
2013-08-15 18:05 - 2013-08-15 18:05 - 00000000 ____D C:\Users\juergi\Documents\Fax
2013-08-15 02:52 - 2013-09-04 14:13 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-15 02:52 - 2013-09-04 14:02 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-15 02:52 - 2013-09-03 14:09 - 00002473 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-15 02:52 - 2013-08-23 00:18 - 00000000 ____D C:\Users\juergi\AppData\Local\Google
2013-08-15 02:52 - 2013-08-23 00:18 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-15 02:52 - 2013-08-15 02:57 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-15 02:52 - 2013-08-15 02:57 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-13 13:12 - 2013-08-13 13:12 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-13 13:12 - 2013-08-13 13:12 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-13 13:12 - 2013-08-13 13:12 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-13 13:12 - 2013-08-13 13:12 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-13 13:12 - 2013-08-13 13:12 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-13 13:05 - 2013-08-13 13:05 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-13 13:05 - 2013-08-13 13:05 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-13 13:05 - 2013-08-13 13:05 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-13 13:05 - 2013-08-13 13:05 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-13 13:05 - 2013-08-13 13:05 - 00000000 ____D C:\Program Files\Java
2013-08-13 12:57 - 2013-08-13 12:57 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-13 12:52 - 2013-08-13 12:52 - 00000000 ____D C:\Users\juergi\.rbs
2013-08-13 12:46 - 2013-08-13 13:12 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-13 12:46 - 2013-08-13 13:12 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-13 12:46 - 2013-08-13 12:46 - 00000000 ____D C:\ProgramData\Sun
2013-08-10 14:21 - 2013-09-02 14:47 - 00007680 _____ C:\Users\juergi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-10 14:19 - 2013-08-23 00:18 - 00000000 ____D C:\Users\juergi\AppData\Roaming\IrfanView
2013-08-10 14:19 - 2013-08-10 14:19 - 00001896 _____ C:\Users\juergi\Desktop\IrfanView Thumbnails.lnk
2013-08-10 14:19 - 2013-08-10 14:19 - 00001004 _____ C:\Users\juergi\Desktop\IrfanView.lnk
2013-08-10 14:19 - 2013-08-10 14:19 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2013-08-10 14:19 - 2013-08-10 14:19 - 00000000 ____D C:\Program Files (x86)\IrfanView
2013-08-10 14:09 - 2013-08-10 16:48 - 00000000 ____D C:\Users\juergi\AppData\Roaming\TrueCrypt
2013-08-10 14:08 - 2013-08-10 14:08 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2013-08-10 14:08 - 2013-08-10 14:08 - 00000881 _____ C:\Users\Public\Desktop\TrueCrypt.lnk
2013-08-10 14:07 - 2013-08-10 14:08 - 00000000 ____D C:\Program Files\TrueCrypt
2013-08-09 23:59 - 2013-08-10 00:08 - 00024915 _____ C:\Users\juergi\Documents\anseele2.odt
2013-08-09 23:52 - 2013-08-09 23:52 - 00000000 ____D C:\Users\juergi\AppData\Roaming\OpenOffice
2013-08-09 23:23 - 2013-08-09 23:23 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-09 23:23 - 2013-08-09 23:23 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-09 23:22 - 2013-09-04 13:41 - 00000000 ____D C:\tmp
2013-08-09 23:18 - 2013-08-09 23:18 - 00006298 _____ C:\Users\juergi\Documents\anseele1.abw
2013-08-09 22:39 - 2013-08-15 05:03 - 00000000 ____D C:\Users\juergi\AppData\Roaming\AbiSuite
2013-08-09 22:32 - 2013-08-09 22:32 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
2013-08-09 22:32 - 2013-08-09 22:32 - 00000000 ____D C:\Program Files (x86)\AbiWord
2013-08-07 18:37 - 2013-08-08 11:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
2013-09-04 14:17 - 2013-09-04 14:17 - 00000474 _____ C:\Users\juergi\Desktop\defogger_disable.log
2013-09-04 14:17 - 2013-09-04 14:17 - 00000000 _____ C:\Users\juergi\defogger_reenable
2013-09-04 14:17 - 2013-07-29 10:46 - 00000000 ____D C:\Users\juergi
2013-09-04 14:16 - 2013-09-04 14:16 - 00050477 _____ C:\Users\juergi\Desktop\Defogger.exe
2013-09-04 14:16 - 2013-07-12 02:55 - 00000000 ____D C:\dateien
2013-09-04 14:13 - 2013-09-03 14:09 - 00000000 ____D C:\ProgramData\eSafe
2013-09-04 14:13 - 2013-08-15 02:52 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-04 14:13 - 2009-04-22 11:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-04 14:13 - 2009-04-22 11:05 - 00026094 _____ C:\Windows\setupact.log
2013-09-04 14:12 - 2013-07-29 12:38 - 00006048 _____ C:\Windows\PFRO.log
2013-09-04 14:11 - 2009-04-22 11:00 - 00008480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-04 14:11 - 2009-04-22 11:00 - 00008480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-04 14:07 - 2013-07-30 19:35 - 00000000 ____D C:\ProgramData\AVG2013
2013-09-04 14:07 - 2013-07-29 10:46 - 00937539 _____ C:\Windows\WindowsUpdate.log
2013-09-04 14:02 - 2013-08-15 02:52 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-04 13:54 - 2013-09-04 13:33 - 00000000 ____D C:\maxsro
2013-09-04 13:45 - 2009-04-22 15:13 - 00643640 _____ C:\Windows\system32\perfh007.dat
2013-09-04 13:45 - 2009-04-22 15:13 - 00126146 _____ C:\Windows\system32\perfc007.dat
2013-09-04 13:45 - 2009-04-22 11:27 - 01471976 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-04 13:41 - 2013-08-09 23:22 - 00000000 ____D C:\tmp
2013-09-04 13:38 - 2013-09-04 10:46 - 00000000 ____D C:\Users\juergi\AppData\Roaming\uTorrent
2013-09-04 13:37 - 2013-07-31 18:57 - 00000000 ____D C:\Users\juergi\Desktop\Mumble
2013-09-04 13:37 - 2013-07-26 12:25 - 00000000 ____D C:\loader
2013-09-04 13:36 - 2013-08-25 02:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-04 13:36 - 2013-07-30 16:11 - 00000000 ____D C:\eclipse
2013-09-04 13:34 - 2013-08-04 12:59 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Skype
2013-09-04 10:56 - 2013-09-04 10:49 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Oblivion.German.AC3.BDRip.XviD-HP
2013-09-04 10:48 - 2013-09-04 10:48 - 00000820 _____ C:\Users\juergi\Desktop\µTorrent.lnk
2013-09-04 10:48 - 2013-09-04 10:48 - 00000800 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-09-04 10:48 - 2013-09-04 10:48 - 00000000 ____D C:\Users\juergi\Downloads\Files.fm_2013-08-05_xxedsak
2013-09-04 10:23 - 2013-07-30 19:32 - 00000000 ____D C:\ProgramData\MFAData
2013-09-03 14:14 - 2013-09-03 14:14 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Optimizer Pro
2013-09-03 14:09 - 2013-09-03 14:09 - 00001068 _____ C:\Users\juergi\Desktop\Optimizer Pro.lnk
2013-09-03 14:09 - 2013-09-03 14:09 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-09-03 14:09 - 2013-08-15 02:52 - 00002473 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-03 14:09 - 2013-07-29 11:01 - 00001437 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-03 14:09 - 2013-07-29 10:47 - 00001729 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-03 14:09 - 2013-07-29 10:47 - 00001707 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2013-09-02 18:47 - 2013-07-30 16:11 - 00000000 ____D C:\Users\juergi\AppData\Roaming\WinRAR
2013-09-02 14:47 - 2013-08-10 14:21 - 00007680 _____ C:\Users\juergi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-28 09:47 - 2013-08-28 09:44 - 00000000 ____D C:\ProgramData\Adobe
2013-08-28 09:46 - 2013-08-28 09:43 - 00000000 ____D C:\Users\juergi\AppData\Local\Adobe
2013-08-28 09:46 - 2013-07-30 16:27 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Adobe
2013-08-28 09:44 - 2013-08-28 09:44 - 00002025 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-28 09:44 - 2013-08-28 09:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-28 09:36 - 2013-08-28 09:36 - 02717517 _____ C:\Users\juergi\Documents\112.xps
2013-08-28 09:34 - 2013-08-28 09:34 - 00208430 _____ C:\Users\juergi\Documents\111.xps
2013-08-26 08:16 - 2013-07-29 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-23 00:18 - 2013-08-22 14:05 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-23 00:18 - 2013-08-18 15:35 - 00000000 ____D C:\Users\juergi\Documents\Audible
2013-08-23 00:18 - 2013-08-15 02:52 - 00000000 ____D C:\Users\juergi\AppData\Local\Google
2013-08-23 00:18 - 2013-08-15 02:52 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-23 00:18 - 2013-08-10 14:19 - 00000000 ____D C:\Users\juergi\AppData\Roaming\IrfanView
2013-08-23 00:18 - 2013-08-04 00:58 - 00000000 ____D C:\Users\juergi\AppData\Local\Eclipse
2013-08-23 00:18 - 2013-07-30 19:35 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-08-23 00:18 - 2013-07-30 15:56 - 00000000 ____D C:\Users\juergi\AppData\Roaming\vlc
2013-08-23 00:18 - 2013-07-29 11:10 - 00000000 ____D C:\Users\juergi\AppData\Roaming\GHISLER
2013-08-23 00:18 - 2009-04-22 11:45 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-08-23 00:18 - 2009-04-22 09:16 - 00000000 ____D C:\Windows\registration
2013-08-23 00:18 - 2009-04-22 09:16 - 00000000 ____D C:\Windows\AppCompat
2013-08-22 14:08 - 2013-08-22 14:07 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-22 12:33 - 2013-08-22 12:33 - 00726770 _____ C:\Users\juergi\Documents\goslar2.jpeg
2013-08-22 12:33 - 2013-08-22 12:33 - 00200689 _____ C:\Users\juergi\Documents\goslar3.jpeg
2013-08-21 19:25 - 2013-08-21 19:25 - 00705055 _____ C:\Users\juergi\Documents\est2011-2.jpeg
2013-08-21 19:23 - 2013-08-21 19:26 - 00619839 _____ C:\Users\juergi\Documents\ust2011-2.jpeg
2013-08-21 19:22 - 2013-08-21 19:26 - 00393024 _____ C:\Users\juergi\Documents\ust2011-1.jpeg
2013-08-18 15:46 - 2013-08-18 15:36 - 00000000 ____D C:\Users\juergi\AppData\Local\Audible
2013-08-18 15:36 - 2013-08-18 15:35 - 00000000 ____D C:\Program Files (x86)\Audible
2013-08-15 18:05 - 2013-08-15 18:05 - 00000000 ____D C:\Users\juergi\Documents\Fax
2013-08-15 14:52 - 2013-07-30 19:35 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-08-15 05:03 - 2013-08-09 22:39 - 00000000 ____D C:\Users\juergi\AppData\Roaming\AbiSuite
2013-08-15 02:57 - 2013-08-15 02:52 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-15 02:57 - 2013-08-15 02:52 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-13 13:12 - 2013-08-13 13:12 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-13 13:12 - 2013-08-13 13:12 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-13 13:12 - 2013-08-13 13:12 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-13 13:12 - 2013-08-13 13:12 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-13 13:12 - 2013-08-13 13:12 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-13 13:12 - 2013-08-13 12:46 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-13 13:12 - 2013-08-13 12:46 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-13 13:05 - 2013-08-13 13:05 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-13 13:05 - 2013-08-13 13:05 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-13 13:05 - 2013-08-13 13:05 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-13 13:05 - 2013-08-13 13:05 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-08-13 13:05 - 2013-08-13 13:05 - 00000000 ____D C:\Program Files\Java
2013-08-13 13:05 - 2013-08-04 00:35 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-13 13:05 - 2013-08-04 00:35 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-13 12:57 - 2013-08-13 12:57 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-13 12:52 - 2013-08-13 12:52 - 00000000 ____D C:\Users\juergi\.rbs
2013-08-13 12:46 - 2013-08-13 12:46 - 00000000 ____D C:\ProgramData\Sun
2013-08-12 18:04 - 2013-08-02 22:21 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Foxit Software
2013-08-12 08:45 - 2009-04-22 09:16 - 00000000 ____D C:\Windows\system32\NDF
2013-08-10 16:48 - 2013-08-10 14:09 - 00000000 ____D C:\Users\juergi\AppData\Roaming\TrueCrypt
2013-08-10 14:19 - 2013-08-10 14:19 - 00001896 _____ C:\Users\juergi\Desktop\IrfanView Thumbnails.lnk
2013-08-10 14:19 - 2013-08-10 14:19 - 00001004 _____ C:\Users\juergi\Desktop\IrfanView.lnk
2013-08-10 14:19 - 2013-08-10 14:19 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2013-08-10 14:19 - 2013-08-10 14:19 - 00000000 ____D C:\Program Files (x86)\IrfanView
2013-08-10 14:08 - 2013-08-10 14:08 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2013-08-10 14:08 - 2013-08-10 14:08 - 00000881 _____ C:\Users\Public\Desktop\TrueCrypt.lnk
2013-08-10 14:08 - 2013-08-10 14:07 - 00000000 ____D C:\Program Files\TrueCrypt
2013-08-10 12:01 - 2013-07-29 11:23 - 00063568 _____ C:\Users\juergi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-10 11:53 - 2009-04-22 11:00 - 00291824 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-10 00:08 - 2013-08-09 23:59 - 00024915 _____ C:\Users\juergi\Documents\anseele2.odt
2013-08-09 23:52 - 2013-08-09 23:52 - 00000000 ____D C:\Users\juergi\AppData\Roaming\OpenOffice
2013-08-09 23:23 - 2013-08-09 23:23 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-08-09 23:23 - 2013-08-09 23:23 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-09 23:22 - 2013-07-26 11:44 - 00000000 ____D C:\FRST
2013-08-09 23:18 - 2013-08-09 23:18 - 00006298 _____ C:\Users\juergi\Documents\anseele1.abw
2013-08-09 22:32 - 2013-08-09 22:32 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
2013-08-09 22:32 - 2013-08-09 22:32 - 00000000 ____D C:\Program Files (x86)\AbiWord
2013-08-08 11:00 - 2013-08-07 18:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-07 17:56 - 2013-07-30 16:16 - 00000000 ____D C:\Users\juergi\AppData\Local\Thunderbird
2013-08-06 07:53 - 2013-08-04 00:58 - 00000000 ____D C:\workspace
2013-08-05 00:01 - 2013-08-04 22:22 - 241720363 _____ C:\Users\juergi\Documents\Müritzschwäne 3 Eine Minute 58 Sekunden.MP4
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2009-04-22 06:00] - [2009-04-22 07:38] - 0389632 ____A (Microsoft Corporation) 007CFB4BF1BE9D43E605FB4CFDFE5D01
C:\Windows\System32\wininit.exe
[2009-04-22 05:59] - [2009-04-22 07:38] - 0129024 ____A (Microsoft Corporation) 56F3B4CD28CDB1D79290870A084EF365
C:\Windows\SysWOW64\wininit.exe
[2009-04-22 05:35] - [2009-04-22 07:19] - 0096256 ____A (Microsoft Corporation) 2E4264C95BAB587431C79C101899CCC8
C:\Windows\explorer.exe
[2009-04-22 06:04] - [2009-04-22 07:38] - 2858496 ____A (Microsoft Corporation) 0C817F3E033335EDB2DD069EFA84045E
C:\Windows\SysWOW64\explorer.exe
[2009-04-22 05:40] - [2009-04-22 07:19] - 2607616 ____A (Microsoft Corporation) C133788B393EEC01439AD997D24E66ED
C:\Windows\System32\svchost.exe
[2009-04-22 05:35] - [2009-04-22 07:38] - 0027648 ____A (Microsoft Corporation) DAED0221F52D75056A8999C2BED00D4E
C:\Windows\SysWOW64\svchost.exe
[2009-04-22 05:16] - [2009-04-22 07:19] - 0020992 ____A (Microsoft Corporation) 5F1FE2F551E74B069C436152F06CCFDC
C:\Windows\System32\services.exe
[2009-04-22 05:23] - [2009-04-22 07:38] - 0328704 ____A (Microsoft Corporation) 21EF41CDCEA63268A96ED8150B830966
C:\Windows\System32\User32.dll
[2009-04-22 05:44] - [2009-04-22 07:41] - 1008128 ____A (Microsoft Corporation) BBD85B4D52566D8600A1062A1607555E
C:\Windows\SysWOW64\User32.dll
[2009-04-22 05:22] - [2009-04-22 07:11] - 0833024 ____A (Microsoft Corporation) ADCBEAE40A6E714BA4E0CF257EA6BFEA
C:\Windows\System32\userinit.exe
[2009-04-22 05:57] - [2009-04-22 07:38] - 0030208 ____A (Microsoft Corporation) 03F541FCFD3A950CE4E0AFB64A4AE4DC
C:\Windows\SysWOW64\userinit.exe
[2009-04-22 05:32] - [2009-04-22 07:19] - 0026112 ____A (Microsoft Corporation) 50771CA86FF1ADAF5FD1920F8CB5665E
C:\Windows\System32\Drivers\volsnap.sys
[2009-04-22 05:23] - [2009-04-22 07:45] - 0293952 ____A (Microsoft Corporation) 93454FFE2DA928731D855072AFC02603
LastRegBack: 2013-09-01 01:20
==================== End Of Log ============================
|
|
04.09.2013, 16:14
| #68 |
| /// the machine /// TB-Ausbilder | meldung kostenlos -> stargames.com Das Log von AVG brauch ich aber. Schau mal in AVG selbst.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.09.2013, 22:48
| #69 |
| | meldung kostenlos -> stargames.com ich find kein log file von avg. das neueste scan berichtet keine fehler nachdem ich diese grosse rar datei geloescht habe aber das davor hat 200 dateien gesichert zB aus c:\eclipse was immer das heist (gesichert?, die waren infiziert und sind jetzt weg, quarantäne, wo?) z.B. vieles aus c:\eclipse ich kann den alten sicherungsbericht nicht in txt datei umwandeln oder alle einzeln entsichern. schlecht dokumentiert. oder ich loesch und installier c:\eclipse neu?  |
|
05.09.2013, 08:56
| #70 |
| /// the machine /// TB-Ausbilder | meldung kostenlos -> stargames.com nee lass. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.09.2013, 11:03
| #71 |
| | meldung kostenlos -> stargames.com okAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.002 - Bericht erstellt am 05/09/2013 um 11:52:43
# Updated 01/09/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate (64 bits)
# Benutzername : juergi - JUERGI-PC
# Gestartet von : C:\Users\juergi\Desktop\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gefunden C:\Program Files (x86)\AVG Secure Search
Ordner Gefunden C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gefunden C:\ProgramData\AVG Secure Search
Ordner Gefunden C:\ProgramData\eSafe
Ordner Gefunden C:\Users\juergi\AppData\Local\AVG Secure Search
Ordner Gefunden C:\Users\juergi\AppData\LocalLow\AVG Secure Search
***** [ Verknüpfungen ] *****
Verknüpfung Gefunden : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189 )
Verknüpfung Gefunden : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189 )
Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189 )
Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189 )
Verknüpfung Gefunden : C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189 )
Verknüpfung Gefunden : C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189 )
Verknüpfung Gefunden : C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189 )
Verknüpfung Gefunden : C:\Users\juergi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189 )
Verknüpfung Gefunden : C:\Users\juergi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189 )
Verknüpfung Gefunden : C:\Users\juergi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189 )
Verknüpfung Gefunden : C:\Users\juergi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189 )
Verknüpfung Gefunden : C:\Users\juergi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189 )
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [(Default)] - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command [(Default)] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\ilivid
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : [x64] HKCU\Software\AVG Secure Search
Schlüssel Gefunden : [x64] HKCU\Software\ilivid
Schlüssel Gefunden : [x64] HKCU\Software\InstallCore
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\Software\AVG Security Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : HKLM\Software\qvo6Software
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7100.0
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default\prefs.js ]
Zeile gefunden : user_pref("browser.newtab.url", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189");
Zeile gefunden : user_pref("browser.search.defaultenginename", "qvo6");
Zeile gefunden : user_pref("browser.search.order.1", "qvo6");
Zeile gefunden : user_pref("browser.search.selectedEngine", "qvo6");
Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189");
-\\ Google Chrome v29.0.1547.62
[ Datei : C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden : homepage
Gefunden : search_url
Gefunden : keyword
Gefunden : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [11003 octets] - [05/09/2013 11:52:43]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11064 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.7 (09.01.2013:1) OS: Windows 7 Ultimate x64 Ran by juergi on 05.09.2013 at 11:55:34,01 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3021084168-3049403070-40832557-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\qvo6software Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r429-n-bf_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r429-n-bf_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r429-n-bf_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r429-n-bf_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} ~~~ Files Successfully disinfected: [Shortcut] C:\Users\juergi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk Successfully disinfected: [Shortcut] C:\Users\juergi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Successfully disinfected: [Shortcut] C:\Users\juergi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk Successfully disinfected: [Shortcut] C:\Users\juergi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk Successfully disinfected: [Shortcut] C:\Users\juergi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk Successfully disinfected: [Shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk Successfully disinfected: [Shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk Successfully disinfected: [Shortcut] C:\Users\juergi\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer (64-bit).lnk Successfully disinfected: [Shortcut] C:\Users\juergi\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk Successfully disinfected: [Shortcut] C:\Users\juergi\AppData\Roaming\microsoft\windows\start menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Successfully disinfected: [Shortcut] C:\Users\Public\Desktop\Google Chrome.lnk Successfully disinfected: [Shortcut] C:\Users\Public\Desktop\Mozilla Firefox.lnk ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\esafe" ~~~ FireFox Successfully deleted the following from C:\Users\juergi\AppData\Roaming\mozilla\firefox\profiles\s5bkhtd7.default\prefs.js user_pref("browser.newtab.url", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189" user_pref("browser.search.defaultenginename", "qvo6"); user_pref("browser.search.order.1", "qvo6"); user_pref("browser.search.selectedEngine", "qvo6"); user_pref("browser.startup.homepage", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ-AGILITY3_OCZ-56LXG2GV412AN888&ts=13782 Emptied folder: C:\Users\juergi\AppData\Roaming\mozilla\firefox\profiles\s5bkhtd7.default\minidumps [31 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 05.09.2013 at 12:01:09,29 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
|
05.09.2013, 11:05
| #72 |
| /// the machine /// TB-Ausbilder | meldung kostenlos -> stargames.com Frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.09.2013, 14:55
| #73 |
| | meldung kostenlos -> stargames.com Ok scheint soweit ok : dies googlupdate ist ueberfluessig und was ist /windows/erunt ?? FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013 (ATTENTION: ====> FRST version is 39 days old and could be outdated) Ran by juergi (administrator) on 05-09-2013 15:46:47 Running from C:\Users\juergi\Desktop Windows 7 Ultimate (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Jetico, Inc.) C:\Program Files (x86)\Jetico\BestCrypt\BCResident.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE ==================== Registry (Whitelisted) ================== MountPoints2: {cb7303cc-f82f-11e2-9b92-806e6f6e6963} - E:\LaunchU3.exe -a HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] () HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) AppInit_DLLs-x32: hplun.dll [43520 2013-07-29] (Jetico, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BestCrypt Auto Open.lnk ShortcutTarget: BestCrypt Auto Open.lnk -> C:\Program Files (x86)\Jetico\BestCrypt\BestCrypt.exe (Jetico, Inc.) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ- AGILITY3_OCZ-56LXG2GV412AN888&ts=1378210189 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=OCZ-AGILITY3_OCZ- 56LXG2GV412AN888&ts=1378210189 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = + SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ Chrome: ======= CHR Extension: (Docs) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 CHR Extension: (Google Drive) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (YouTube) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Gmail) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) S2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [x] ==================== Drivers (Whitelisted) ==================== S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [105040 2009-04-22] (AMD) R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-04-22] (AMD) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-30] (AVG Technologies) R1 bcbus; C:\Windows\System32\DRIVERS\bcbus.sys [78440 2013-07-29] (Jetico, Inc.) R0 bcfnt; C:\Windows\System32\Drivers\bcfnt.sys [178880 2013-07-16] (Jetico, Inc.) R1 BC_3DES; C:\Windows\System32\Drivers\BC_3DES.sys [34408 2013-07-29] (Jetico, Inc.) R1 BC_BF128; C:\Windows\System32\Drivers\BC_BF128.sys [30824 2013-07-29] (Jetico, Inc.) R1 BC_BF448; C:\Windows\System32\Drivers\BC_BF448.sys [30824 2013-07-29] (Jetico, Inc.) R1 BC_BFish; C:\Windows\System32\Drivers\BC_BFish.sys [30824 2013-07-29] (Jetico, Inc.) R1 BC_CAST; C:\Windows\System32\Drivers\BC_CAST.sys [37480 2013-07-29] (Jetico, Inc.) R1 BC_DES; C:\Windows\System32\Drivers\BC_DES.sys [33896 2013-07-29] (Jetico, Inc.) R1 BC_Gost; C:\Windows\System32\Drivers\BC_Gost.sys [25704 2013-07-29] (Jetico, Inc.) R1 BC_IDEA; C:\Windows\System32\Drivers\BC_IDEA.sys [27752 2013-07-29] (Iarsn) R1 BC_RC6; C:\Windows\System32\Drivers\BC_RC6.sys [30312 2013-07-29] (Michael Oestergaard Pedersen) R1 BC_RIJN; C:\Windows\System32\Drivers\BC_RIJN.sys [51304 2013-07-29] (Jetico, Inc.) R1 BC_SERP; C:\Windows\System32\Drivers\BC_SERP.sys [36968 2013-07-29] (Michael Oestergaard Pedersen) R1 BC_TFISH; C:\Windows\System32\Drivers\BC_TFISH.sys [34408 2013-07-29] (Jetico, Inc.) R0 fsh; C:\Windows\System32\Drivers\fsh.sys [68800 2013-07-29] (Jetico, Inc.) R3 mhk; C:\Windows\System32\Drivers\mhk.sys [17472 2013-07-29] (Jetico, Inc.) R3 moh; C:\Windows\System32\Drivers\moh.sys [13376 2013-07-29] (Jetico, Inc.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-05 12:01 - 2013-09-05 12:01 - 00008618 _____ C:\Users\juergi\Desktop\JRT.txt 2013-09-05 11:55 - 2013-09-05 11:55 - 01028757 _____ (Thisisu) C:\Users\juergi\Desktop\JRT.exe 2013-09-05 11:55 - 2013-09-05 11:55 - 00000000 ____D C:\Windows\ERUNT 2013-09-05 11:52 - 2013-09-05 15:42 - 00000000 ____D C:\AdwCleaner 2013-09-05 11:52 - 2013-09-05 11:52 - 01037222 _____ C:\Users\juergi\Desktop\adwcleaner.exe 2013-09-04 14:22 - 2013-09-04 14:21 - 00377856 _____ C:\Users\juergi\Desktop\gmer_2.1.19163.exe 2013-09-04 14:17 - 2013-09-04 14:17 - 00000474 _____ C:\Users\juergi\Desktop\defogger_disable.log 2013-09-04 14:17 - 2013-09-04 14:17 - 00000000 _____ C:\Users\juergi\defogger_reenable 2013-09-04 14:16 - 2013-09-04 14:16 - 00050477 _____ C:\Users\juergi\Desktop\Defogger.exe 2013-09-04 10:49 - 2013-09-04 10:56 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Oblivion.German.AC3.BDRip.XviD-HP 2013-09-04 10:48 - 2013-09-04 10:48 - 00000820 _____ C:\Users\juergi\Desktop\µTorrent.lnk 2013-09-04 10:48 - 2013-09-04 10:48 - 00000800 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-09-04 10:46 - 2013-09-04 13:38 - 00000000 ____D C:\Users\juergi\AppData\Roaming\uTorrent 2013-08-28 09:44 - 2013-08-28 09:47 - 00000000 ____D C:\ProgramData\Adobe 2013-08-28 09:44 - 2013-08-28 09:44 - 00002025 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-08-28 09:44 - 2013-08-28 09:44 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-08-28 09:43 - 2013-08-28 09:46 - 00000000 ____D C:\Users\juergi\AppData\Local\Adobe 2013-08-28 09:36 - 2013-08-28 09:36 - 02717517 _____ C:\Users\juergi\Documents\112.xps 2013-08-28 09:34 - 2013-08-28 09:34 - 00208430 _____ C:\Users\juergi\Documents\111.xps 2013-08-25 02:50 - 2013-09-04 13:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-22 14:07 - 2013-08-22 14:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-08-22 14:05 - 2013-08-23 00:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-08-22 12:33 - 2013-08-22 12:33 - 00726770 _____ C:\Users\juergi\Documents\goslar2.jpeg 2013-08-22 12:33 - 2013-08-22 12:33 - 00200689 _____ C:\Users\juergi\Documents\goslar3.jpeg 2013-08-21 19:26 - 2013-08-21 19:23 - 00619839 _____ C:\Users\juergi\Documents\ust2011-2.jpeg 2013-08-21 19:26 - 2013-08-21 19:22 - 00393024 _____ C:\Users\juergi\Documents\ust2011-1.jpeg 2013-08-21 19:25 - 2013-08-21 19:25 - 00705055 _____ C:\Users\juergi\Documents\est2011-2.jpeg 2013-08-18 15:36 - 2013-08-18 15:46 - 00000000 ____D C:\Users\juergi\AppData\Local\Audible 2013-08-18 15:35 - 2013-08-23 00:18 - 00000000 ____D C:\Users\juergi\Documents\Audible 2013-08-18 15:35 - 2013-08-18 15:36 - 00000000 ____D C:\Program Files (x86)\Audible 2013-08-15 18:05 - 2013-08-15 18:05 - 00000000 ____D C:\Users\juergi\Documents\Fax 2013-08-15 02:52 - 2013-09-05 15:44 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-15 02:52 - 2013-09-05 12:02 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-15 02:52 - 2013-09-05 12:01 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-08-15 02:52 - 2013-08-23 00:18 - 00000000 ____D C:\Users\juergi\AppData\Local\Google 2013-08-15 02:52 - 2013-08-23 00:18 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-15 02:52 - 2013-08-15 02:57 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-08-15 02:52 - 2013-08-15 02:57 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-08-13 13:12 - 2013-08-13 13:12 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-13 13:12 - 2013-08-13 13:12 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-13 13:12 - 2013-08-13 13:12 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-13 13:12 - 2013-08-13 13:12 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-13 13:12 - 2013-08-13 13:12 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-13 13:05 - 2013-08-13 13:05 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-13 13:05 - 2013-08-13 13:05 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-13 13:05 - 2013-08-13 13:05 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-13 13:05 - 2013-08-13 13:05 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-08-13 13:05 - 2013-08-13 13:05 - 00000000 ____D C:\Program Files\Java 2013-08-13 12:57 - 2013-08-13 12:57 - 00000000 ____D C:\Windows\system32\appmgmt 2013-08-13 12:52 - 2013-08-13 12:52 - 00000000 ____D C:\Users\juergi\.rbs 2013-08-13 12:46 - 2013-08-13 13:12 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-08-13 12:46 - 2013-08-13 13:12 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-13 12:46 - 2013-08-13 12:46 - 00000000 ____D C:\ProgramData\Sun 2013-08-10 14:21 - 2013-09-02 14:47 - 00007680 _____ C:\Users\juergi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-08-10 14:19 - 2013-08-23 00:18 - 00000000 ____D C:\Users\juergi\AppData\Roaming\IrfanView 2013-08-10 14:19 - 2013-08-10 14:19 - 00001896 _____ C:\Users\juergi\Desktop\IrfanView Thumbnails.lnk 2013-08-10 14:19 - 2013-08-10 14:19 - 00001004 _____ C:\Users\juergi\Desktop\IrfanView.lnk 2013-08-10 14:19 - 2013-08-10 14:19 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2013-08-10 14:19 - 2013-08-10 14:19 - 00000000 ____D C:\Program Files (x86)\IrfanView 2013-08-10 14:09 - 2013-08-10 16:48 - 00000000 ____D C:\Users\juergi\AppData\Roaming\TrueCrypt 2013-08-10 14:08 - 2013-08-10 14:08 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys 2013-08-10 14:08 - 2013-08-10 14:08 - 00000881 _____ C:\Users\Public\Desktop\TrueCrypt.lnk 2013-08-10 14:07 - 2013-08-10 14:08 - 00000000 ____D C:\Program Files\TrueCrypt 2013-08-09 23:59 - 2013-08-10 00:08 - 00024915 _____ C:\Users\juergi\Documents\anseele2.odt 2013-08-09 23:52 - 2013-08-09 23:52 - 00000000 ____D C:\Users\juergi\AppData\Roaming\OpenOffice 2013-08-09 23:23 - 2013-08-09 23:23 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk 2013-08-09 23:23 - 2013-08-09 23:23 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2013-08-09 23:22 - 2013-09-04 13:41 - 00000000 ____D C:\tmp 2013-08-09 23:18 - 2013-08-09 23:18 - 00006298 _____ C:\Users\juergi\Documents\anseele1.abw 2013-08-09 22:39 - 2013-08-15 05:03 - 00000000 ____D C:\Users\juergi\AppData\Roaming\AbiSuite 2013-08-09 22:32 - 2013-08-09 22:32 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor 2013-08-09 22:32 - 2013-08-09 22:32 - 00000000 ____D C:\Program Files (x86)\AbiWord 2013-08-07 18:37 - 2013-08-08 11:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird ==================== One Month Modified Files and Folders ======= 2013-09-05 15:44 - 2013-08-15 02:52 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-05 15:44 - 2009-04-22 11:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-05 15:44 - 2009-04-22 11:05 - 00027057 _____ C:\Windows\setupact.log 2013-09-05 15:43 - 2013-07-29 10:46 - 00984084 _____ C:\Windows\WindowsUpdate.log 2013-09-05 15:43 - 2009-04-22 11:00 - 00008480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-05 15:43 - 2009-04-22 11:00 - 00008480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-05 15:42 - 2013-09-05 11:52 - 00000000 ____D C:\AdwCleaner 2013-09-05 15:42 - 2009-04-22 15:13 - 00643640 _____ C:\Windows\system32\perfh007.dat 2013-09-05 15:42 - 2009-04-22 15:13 - 00126146 _____ C:\Windows\system32\perfc007.dat 2013-09-05 15:42 - 2009-04-22 11:27 - 01471976 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-05 12:02 - 2013-08-15 02:52 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-05 12:01 - 2013-09-05 12:01 - 00008618 _____ C:\Users\juergi\Desktop\JRT.txt 2013-09-05 12:01 - 2013-08-15 02:52 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-09-05 12:01 - 2013-07-29 11:01 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-09-05 12:01 - 2013-07-29 10:47 - 00001445 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-05 12:01 - 2013-07-29 10:47 - 00001411 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2013-09-05 12:01 - 2013-07-12 02:55 - 00000000 ____D C:\dateien 2013-09-05 11:55 - 2013-09-05 11:55 - 01028757 _____ (Thisisu) C:\Users\juergi\Desktop\JRT.exe 2013-09-05 11:55 - 2013-09-05 11:55 - 00000000 ____D C:\Windows\ERUNT 2013-09-05 11:52 - 2013-09-05 11:52 - 01037222 _____ C:\Users\juergi\Desktop\adwcleaner.exe 2013-09-05 08:22 - 2013-07-30 19:32 - 00000000 ____D C:\ProgramData\MFAData 2013-09-04 14:37 - 2013-07-30 16:11 - 00000000 ____D C:\eclipse 2013-09-04 14:21 - 2013-09-04 14:22 - 00377856 _____ C:\Users\juergi\Desktop\gmer_2.1.19163.exe 2013-09-04 14:17 - 2013-09-04 14:17 - 00000474 _____ C:\Users\juergi\Desktop\defogger_disable.log 2013-09-04 14:17 - 2013-09-04 14:17 - 00000000 _____ C:\Users\juergi\defogger_reenable 2013-09-04 14:17 - 2013-07-29 10:46 - 00000000 ____D C:\Users\juergi 2013-09-04 14:16 - 2013-09-04 14:16 - 00050477 _____ C:\Users\juergi\Desktop\Defogger.exe 2013-09-04 14:12 - 2013-07-29 12:38 - 00006048 _____ C:\Windows\PFRO.log 2013-09-04 14:07 - 2013-07-30 19:35 - 00000000 ____D C:\ProgramData\AVG2013 2013-09-04 13:41 - 2013-08-09 23:22 - 00000000 ____D C:\tmp 2013-09-04 13:38 - 2013-09-04 10:46 - 00000000 ____D C:\Users\juergi\AppData\Roaming\uTorrent 2013-09-04 13:37 - 2013-07-31 18:57 - 00000000 ____D C:\Users\juergi\Desktop\Mumble 2013-09-04 13:37 - 2013-07-26 12:25 - 00000000 ____D C:\loader 2013-09-04 13:36 - 2013-08-25 02:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-04 13:34 - 2013-08-04 12:59 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Skype 2013-09-04 10:56 - 2013-09-04 10:49 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Oblivion.German.AC3.BDRip.XviD-HP 2013-09-04 10:48 - 2013-09-04 10:48 - 00000820 _____ C:\Users\juergi\Desktop\µTorrent.lnk 2013-09-04 10:48 - 2013-09-04 10:48 - 00000800 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-09-02 18:47 - 2013-07-30 16:11 - 00000000 ____D C:\Users\juergi\AppData\Roaming\WinRAR 2013-09-02 14:47 - 2013-08-10 14:21 - 00007680 _____ C:\Users\juergi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-08-28 09:47 - 2013-08-28 09:44 - 00000000 ____D C:\ProgramData\Adobe 2013-08-28 09:46 - 2013-08-28 09:43 - 00000000 ____D C:\Users\juergi\AppData\Local\Adobe 2013-08-28 09:46 - 2013-07-30 16:27 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Adobe 2013-08-28 09:44 - 2013-08-28 09:44 - 00002025 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-08-28 09:44 - 2013-08-28 09:44 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-08-28 09:36 - 2013-08-28 09:36 - 02717517 _____ C:\Users\juergi\Documents\112.xps 2013-08-28 09:34 - 2013-08-28 09:34 - 00208430 _____ C:\Users\juergi\Documents\111.xps 2013-08-26 08:16 - 2013-07-29 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-23 00:18 - 2013-08-22 14:05 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-08-23 00:18 - 2013-08-18 15:35 - 00000000 ____D C:\Users\juergi\Documents\Audible 2013-08-23 00:18 - 2013-08-15 02:52 - 00000000 ____D C:\Users\juergi\AppData\Local\Google 2013-08-23 00:18 - 2013-08-15 02:52 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-23 00:18 - 2013-08-10 14:19 - 00000000 ____D C:\Users\juergi\AppData\Roaming\IrfanView 2013-08-23 00:18 - 2013-08-04 00:58 - 00000000 ____D C:\Users\juergi\AppData\Local\Eclipse 2013-08-23 00:18 - 2013-07-30 15:56 - 00000000 ____D C:\Users\juergi\AppData\Roaming\vlc 2013-08-23 00:18 - 2013-07-29 11:10 - 00000000 ____D C:\Users\juergi\AppData\Roaming\GHISLER 2013-08-23 00:18 - 2009-04-22 11:45 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-08-23 00:18 - 2009-04-22 09:16 - 00000000 ____D C:\Windows\registration 2013-08-23 00:18 - 2009-04-22 09:16 - 00000000 ____D C:\Windows\AppCompat 2013-08-22 14:08 - 2013-08-22 14:07 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-08-22 12:33 - 2013-08-22 12:33 - 00726770 _____ C:\Users\juergi\Documents\goslar2.jpeg 2013-08-22 12:33 - 2013-08-22 12:33 - 00200689 _____ C:\Users\juergi\Documents\goslar3.jpeg 2013-08-21 19:25 - 2013-08-21 19:25 - 00705055 _____ C:\Users\juergi\Documents\est2011-2.jpeg 2013-08-21 19:23 - 2013-08-21 19:26 - 00619839 _____ C:\Users\juergi\Documents\ust2011-2.jpeg 2013-08-21 19:22 - 2013-08-21 19:26 - 00393024 _____ C:\Users\juergi\Documents\ust2011-1.jpeg 2013-08-18 15:46 - 2013-08-18 15:36 - 00000000 ____D C:\Users\juergi\AppData\Local\Audible 2013-08-18 15:36 - 2013-08-18 15:35 - 00000000 ____D C:\Program Files (x86)\Audible 2013-08-15 18:05 - 2013-08-15 18:05 - 00000000 ____D C:\Users\juergi\Documents\Fax 2013-08-15 14:52 - 2013-07-30 19:35 - 00003715 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml 2013-08-15 05:03 - 2013-08-09 22:39 - 00000000 ____D C:\Users\juergi\AppData\Roaming\AbiSuite 2013-08-15 02:57 - 2013-08-15 02:52 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-08-15 02:57 - 2013-08-15 02:52 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-08-13 13:12 - 2013-08-13 13:12 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-13 13:12 - 2013-08-13 13:12 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-13 13:12 - 2013-08-13 13:12 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-13 13:12 - 2013-08-13 13:12 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-13 13:12 - 2013-08-13 13:12 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-13 13:12 - 2013-08-13 12:46 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-08-13 13:12 - 2013-08-13 12:46 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-13 13:05 - 2013-08-13 13:05 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-08-13 13:05 - 2013-08-13 13:05 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-08-13 13:05 - 2013-08-13 13:05 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-08-13 13:05 - 2013-08-13 13:05 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-08-13 13:05 - 2013-08-13 13:05 - 00000000 ____D C:\Program Files\Java 2013-08-13 13:05 - 2013-08-04 00:35 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-08-13 13:05 - 2013-08-04 00:35 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-08-13 12:57 - 2013-08-13 12:57 - 00000000 ____D C:\Windows\system32\appmgmt 2013-08-13 12:52 - 2013-08-13 12:52 - 00000000 ____D C:\Users\juergi\.rbs 2013-08-13 12:46 - 2013-08-13 12:46 - 00000000 ____D C:\ProgramData\Sun 2013-08-12 18:04 - 2013-08-02 22:21 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Foxit Software 2013-08-12 08:45 - 2009-04-22 09:16 - 00000000 ____D C:\Windows\system32\NDF 2013-08-10 16:48 - 2013-08-10 14:09 - 00000000 ____D C:\Users\juergi\AppData\Roaming\TrueCrypt 2013-08-10 14:19 - 2013-08-10 14:19 - 00001896 _____ C:\Users\juergi\Desktop\IrfanView Thumbnails.lnk 2013-08-10 14:19 - 2013-08-10 14:19 - 00001004 _____ C:\Users\juergi\Desktop\IrfanView.lnk 2013-08-10 14:19 - 2013-08-10 14:19 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView 2013-08-10 14:19 - 2013-08-10 14:19 - 00000000 ____D C:\Program Files (x86)\IrfanView 2013-08-10 14:08 - 2013-08-10 14:08 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys 2013-08-10 14:08 - 2013-08-10 14:08 - 00000881 _____ C:\Users\Public\Desktop\TrueCrypt.lnk 2013-08-10 14:08 - 2013-08-10 14:07 - 00000000 ____D C:\Program Files\TrueCrypt 2013-08-10 12:01 - 2013-07-29 11:23 - 00063568 _____ C:\Users\juergi\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-10 11:53 - 2009-04-22 11:00 - 00291824 _____ C:\Windows\system32\FNTCACHE.DAT 2013-08-10 00:08 - 2013-08-09 23:59 - 00024915 _____ C:\Users\juergi\Documents\anseele2.odt 2013-08-09 23:52 - 2013-08-09 23:52 - 00000000 ____D C:\Users\juergi\AppData\Roaming\OpenOffice 2013-08-09 23:23 - 2013-08-09 23:23 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk 2013-08-09 23:23 - 2013-08-09 23:23 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4 2013-08-09 23:22 - 2013-07-26 11:44 - 00000000 ____D C:\FRST 2013-08-09 23:18 - 2013-08-09 23:18 - 00006298 _____ C:\Users\juergi\Documents\anseele1.abw 2013-08-09 22:32 - 2013-08-09 22:32 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor 2013-08-09 22:32 - 2013-08-09 22:32 - 00000000 ____D C:\Program Files (x86)\AbiWord 2013-08-08 11:00 - 2013-08-07 18:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-08-07 17:56 - 2013-07-30 16:16 - 00000000 ____D C:\Users\juergi\AppData\Local\Thunderbird 2013-08-06 07:53 - 2013-08-04 00:58 - 00000000 ____D C:\workspace ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2009-04-22 06:00] - [2009-04-22 07:38] - 0389632 ____A (Microsoft Corporation) 007CFB4BF1BE9D43E605FB4CFDFE5D01 C:\Windows\System32\wininit.exe [2009-04-22 05:59] - [2009-04-22 07:38] - 0129024 ____A (Microsoft Corporation) 56F3B4CD28CDB1D79290870A084EF365 C:\Windows\SysWOW64\wininit.exe [2009-04-22 05:35] - [2009-04-22 07:19] - 0096256 ____A (Microsoft Corporation) 2E4264C95BAB587431C79C101899CCC8 C:\Windows\explorer.exe [2009-04-22 06:04] - [2009-04-22 07:38] - 2858496 ____A (Microsoft Corporation) 0C817F3E033335EDB2DD069EFA84045E C:\Windows\SysWOW64\explorer.exe [2009-04-22 05:40] - [2009-04-22 07:19] - 2607616 ____A (Microsoft Corporation) C133788B393EEC01439AD997D24E66ED C:\Windows\System32\svchost.exe [2009-04-22 05:35] - [2009-04-22 07:38] - 0027648 ____A (Microsoft Corporation) DAED0221F52D75056A8999C2BED00D4E C:\Windows\SysWOW64\svchost.exe [2009-04-22 05:16] - [2009-04-22 07:19] - 0020992 ____A (Microsoft Corporation) 5F1FE2F551E74B069C436152F06CCFDC C:\Windows\System32\services.exe [2009-04-22 05:23] - [2009-04-22 07:38] - 0328704 ____A (Microsoft Corporation) 21EF41CDCEA63268A96ED8150B830966 C:\Windows\System32\User32.dll [2009-04-22 05:44] - [2009-04-22 07:41] - 1008128 ____A (Microsoft Corporation) BBD85B4D52566D8600A1062A1607555E C:\Windows\SysWOW64\User32.dll [2009-04-22 05:22] - [2009-04-22 07:11] - 0833024 ____A (Microsoft Corporation) ADCBEAE40A6E714BA4E0CF257EA6BFEA C:\Windows\System32\userinit.exe [2009-04-22 05:57] - [2009-04-22 07:38] - 0030208 ____A (Microsoft Corporation) 03F541FCFD3A950CE4E0AFB64A4AE4DC C:\Windows\SysWOW64\userinit.exe [2009-04-22 05:32] - [2009-04-22 07:19] - 0026112 ____A (Microsoft Corporation) 50771CA86FF1ADAF5FD1920F8CB5665E C:\Windows\System32\Drivers\volsnap.sys [2009-04-22 05:23] - [2009-04-22 07:45] - 0293952 ____A (Microsoft Corporation) 93454FFE2DA928731D855072AFC02603 LastRegBack: 2013-09-05 08:15 ==================== End Of Log ============================ |
|
05.09.2013, 19:38
| #74 |
| /// the machine /// TB-Ausbilder | meldung kostenlos -> stargames.com erunt ist eins unserer Programme, zum Sichern der Registry. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.09.2013, 16:54
| #75 |
| | meldung kostenlos -> stargames.com hi wieder ähnliche Probs nach dl von jdownloader hab wohl nen fake erwischt unterstrichenen Wörter auf alle websites und "Ihr kompi ist zu langsam" mist führte dann aus TFC adwcleaner neuste jrt neuste gmer frst 64 ohne zu fixen effekt immer noch da... alle logfilesAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.005 - Bericht erstellt am 24/09/2013 um 17:15:28
# Updated 22/09/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate (64 bits)
# Benutzername : juergi - JUERGI-PC
# Gestartet von : C:\Users\juergi\Desktop\adwcleaner(3).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
[!] Ordner Gelöscht : C:\ProgramData\Babylon
[!] Ordner Gelöscht : C:\ProgramData\DSearchLink
[!] Ordner Gelöscht : C:\Program Files (x86)\delta
[!] Ordner Gelöscht : C:\Users\juergi\AppData\Roaming\BabSolution
[!] Ordner Gelöscht : C:\Users\juergi\AppData\Roaming\Babylon
[!] Ordner Gelöscht : C:\Users\juergi\AppData\Roaming\delta
[!] Ordner Gelöscht : C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default\Extensions\ffxtlbr@delta.com
[!] Ordner Gelöscht : C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Datei Gelöscht : C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default\user.js
Datei Gelöscht : C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
Datei Gelöscht : C:\Windows\System32\Tasks\EPUpdater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041856.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041856.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041856.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0041856.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411181156}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411181156}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411181156}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411181156}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411181156}
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7100.0
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "141504912af2625ffdf3cbaee55d09cb");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "9a02cb9f0000000000008c89a53586cf");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15972");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.616:04:14");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=240913_91213&tsp=5015");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
-\\ Google Chrome v29.0.1547.76
[ Datei : C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : keyword
*************************
AdwCleaner[R0].txt - [11169 octets] - [05/09/2013 11:52:43]
AdwCleaner[R1].txt - [3517 octets] - [05/09/2013 15:41:49]
AdwCleaner[R2].txt - [11265 octets] - [14/09/2013 13:04:12]
AdwCleaner[R3].txt - [1214 octets] - [14/09/2013 18:12:57]
AdwCleaner[R4].txt - [1335 octets] - [14/09/2013 20:05:30]
AdwCleaner[R5].txt - [2091 octets] - [17/09/2013 22:05:27]
AdwCleaner[R6].txt - [1575 octets] - [20/09/2013 19:15:04]
AdwCleaner[R7].txt - [10436 octets] - [24/09/2013 17:14:08]
AdwCleaner[S0].txt - [2599 octets] - [05/09/2013 15:42:50]
AdwCleaner[S1].txt - [10800 octets] - [14/09/2013 13:08:14]
AdwCleaner[S2].txt - [1276 octets] - [14/09/2013 18:31:50]
AdwCleaner[S3].txt - [1396 octets] - [14/09/2013 20:06:38]
AdwCleaner[S4].txt - [1888 octets] - [17/09/2013 22:07:30]
AdwCleaner[S5].txt - [1636 octets] - [20/09/2013 19:16:11]
AdwCleaner[S6].txt - [9957 octets] - [24/09/2013 17:15:28]
########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [10017 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.2 (09.22.2013:1)
OS: Windows 7 Ultimate x64
Ran by juergi on 24.09.2013 at 17:17:57,97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422182256}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455185556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466186656}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444184456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422182256}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550455185556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466186656}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444184456}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455185556}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466186656}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444184456}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411181156}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550455185556}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466186656}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444184456}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [Folder] C:\Users\juergi\AppData\Roaming\mozilla\firefox\profiles\s5bkhtd7.default\extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com
Emptied folder: C:\Users\juergi\AppData\Roaming\mozilla\firefox\profiles\s5bkhtd7.default\minidumps [6 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.09.2013 at 17:22:57,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-09-24 17:43:17
Windows 6.1.7100 x64 \Device\Harddisk0\DR0 -> \Device\00000071 OCZ-AGIL rev.2.15 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\juergi\AppData\Local\Temp\fgliqpob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\ntoskrnl.exe!memcmp + 256 fffff80002ee6700 3 bytes [00, 78, FE]
.text C:\Windows\system32\ntoskrnl.exe!memcmp + 261 fffff80002ee6705 14 bytes [A5, DF, 02, 00, B5, F3, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2552] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 000000007606149b 2 bytes JMP 77106faa C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076061650 2 bytes JMP 77103bc3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[2552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 000000007606165b 2 bytes JMP 771884dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2256] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 000000007606149b 2 bytes JMP 77106faa C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2256] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 0000000076061650 2 bytes JMP 77103bc3 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe[2256] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 000000007606165b 2 bytes JMP 771884dc C:\Windows\syswow64\kernel32.dll
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4012:3408] 000007fefb2f2b84
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4012:3796] 000007fef8a45124
---- EOF - GMER 2.1 ----
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-07-2013 (ATTENTION: ====> FRST version is 58 days old and could be outdated) Ran by juergi (administrator) on 24-09-2013 17:46:05 Running from C:\Users\juergi\Desktop Windows 7 Ultimate (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Jetico, Inc.) C:\Program Files (x86)\Jetico\BestCrypt\BCResident.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe ==================== Registry (Whitelisted) ================== HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-05] (BillP Studios) HKCU\...\Run: [FreeAC] - C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1328976 2012-04-25] (Comfort Software Group) MountPoints2: {cb7303cc-f82f-11e2-9b92-806e6f6e6963} - E:\LaunchU3.exe -a HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] () HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.) AppInit_DLLs-x32: hplun.dll [43520 2013-07-29] (Jetico, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BestCrypt Auto Open.lnk ShortcutTarget: BestCrypt Auto Open.lnk -> C:\Program Files (x86)\Jetico\BestCrypt\BestCrypt.exe (Jetico, Inc.) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation) SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default FF NewTab: hxxp://www.searchgol.com/?babsrc=NT_ss&mntrId=9A028C89A53586CF&affID=119357&tt=240913_91213&tsp=5015 FF Homepage: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=9A028C89A53586CF&affID=119357&tt=240913_91213&tsp=5015 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com FF Extension: info - C:\Users\juergi\AppData\Roaming\Mozilla\Firefox\Profiles\s5bkhtd7.default\Extensions\info@elime.be.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework64\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ Chrome: ======= CHR RestoreOnStartup: "hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=9A028C89A53586CF&affID=119357&tt=240913_91213&tsp=5015" CHR Extension: (Google Docs) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (LyriXeeker-1) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Gmail) - C:\Users\juergi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) S2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [x] ==================== Drivers (Whitelisted) ==================== S3 amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [105040 2009-04-22] (AMD) R0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-04-22] (AMD) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-07-30] (AVG Technologies) R1 bcbus; C:\Windows\System32\DRIVERS\bcbus.sys [78440 2013-07-29] (Jetico, Inc.) R0 bcfnt; C:\Windows\System32\Drivers\bcfnt.sys [178880 2013-07-16] (Jetico, Inc.) R1 BC_3DES; C:\Windows\System32\Drivers\BC_3DES.sys [34408 2013-07-29] (Jetico, Inc.) R1 BC_BF128; C:\Windows\System32\Drivers\BC_BF128.sys [30824 2013-07-29] (Jetico, Inc.) R1 BC_BF448; C:\Windows\System32\Drivers\BC_BF448.sys [30824 2013-07-29] (Jetico, Inc.) R1 BC_BFish; C:\Windows\System32\Drivers\BC_BFish.sys [30824 2013-07-29] (Jetico, Inc.) R1 BC_CAST; C:\Windows\System32\Drivers\BC_CAST.sys [37480 2013-07-29] (Jetico, Inc.) R1 BC_DES; C:\Windows\System32\Drivers\BC_DES.sys [33896 2013-07-29] (Jetico, Inc.) R1 BC_Gost; C:\Windows\System32\Drivers\BC_Gost.sys [25704 2013-07-29] (Jetico, Inc.) R1 BC_IDEA; C:\Windows\System32\Drivers\BC_IDEA.sys [27752 2013-07-29] (Iarsn) R1 BC_RC6; C:\Windows\System32\Drivers\BC_RC6.sys [30312 2013-07-29] (Michael Oestergaard Pedersen) R1 BC_RIJN; C:\Windows\System32\Drivers\BC_RIJN.sys [51304 2013-07-29] (Jetico, Inc.) R1 BC_SERP; C:\Windows\System32\Drivers\BC_SERP.sys [36968 2013-07-29] (Michael Oestergaard Pedersen) R1 BC_TFISH; C:\Windows\System32\Drivers\BC_TFISH.sys [34408 2013-07-29] (Jetico, Inc.) R0 fsh; C:\Windows\System32\Drivers\fsh.sys [68800 2013-07-29] (Jetico, Inc.) R3 mhk; C:\Windows\System32\Drivers\mhk.sys [17472 2013-07-29] (Jetico, Inc.) R3 moh; C:\Windows\System32\Drivers\moh.sys [13376 2013-07-29] (Jetico, Inc.) U3 fgliqpob; C:\Users\juergi\AppData\Local\Temp\fgliqpob.sys [56496 2013-09-24] (GMER) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-24 17:22 - 2013-09-24 17:22 - 00002751 _____ C:\Users\juergi\Desktop\JRT.txt 2013-09-24 17:13 - 2013-09-24 17:13 - 01042066 _____ C:\Users\juergi\Desktop\adwcleaner(3).exe 2013-09-24 16:04 - 2013-09-24 17:30 - 00001912 _____ C:\Windows\Tasks\LyriXeeker-1-chromeinstaller.job 2013-09-24 16:04 - 2013-09-24 17:30 - 00001836 _____ C:\Windows\Tasks\LyriXeeker-1-firefoxinstaller.job 2013-09-24 16:04 - 2013-09-24 17:30 - 00001298 _____ C:\Windows\Tasks\LyriXeeker-1-updater.job 2013-09-24 16:04 - 2013-09-24 17:30 - 00001202 _____ C:\Windows\Tasks\LyriXeeker-1-codedownloader.job 2013-09-24 16:04 - 2013-09-24 17:30 - 00001102 _____ C:\Windows\Tasks\LyriXeeker-1-enabler.job 2013-09-24 16:04 - 2013-09-24 16:10 - 00000000 ____D C:\Program Files (x86)\JDownloader 2013-09-24 16:04 - 2013-09-24 16:04 - 00004328 _____ C:\Windows\System32\Tasks\LyriXeeker-1-updater 2013-09-24 16:04 - 2013-09-24 16:04 - 00004232 _____ C:\Windows\System32\Tasks\LyriXeeker-1-codedownloader 2013-09-24 16:04 - 2013-09-24 16:04 - 00004132 _____ C:\Windows\System32\Tasks\LyriXeeker-1-enabler 2013-09-24 16:04 - 2013-09-24 16:04 - 00002043 _____ C:\Users\juergi\Desktop\JDownloader.lnk 2013-09-24 16:04 - 2013-09-24 16:04 - 00000000 ____D C:\Program Files (x86)\LyriXeeker-1 2013-09-23 20:07 - 2013-09-23 21:01 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Paranoia.Riskantes.Spiel.TS.LD.German.X264-AOE 2013-09-23 14:28 - 2013-09-23 14:38 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Newsroom.S02E02.Operation.Genua.GERMAN.DUBBED.HDTVRip.x264-TVP 2013-09-23 03:44 - 2013-09-23 03:44 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Continuum.S01E06.Loesegeld.GERMAN.DUBBED.WebHDRiP.XviD-SOF 2013-09-23 03:36 - 2013-09-23 03:36 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Continuum.S01E07.In.eigener.Sache.GERMAN.DUBBED.WebHDRiP.XviD-SOF 2013-09-23 03:35 - 2013-09-23 03:35 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Continuum.S01E09.Revolution.GERMAN.DUBBED.BLURAYRiP.XviD-SOF 2013-09-23 03:35 - 2013-09-23 03:35 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Continuum.S01E03.Doppeltes.Spiel.GERMAN.DUBBED.WebHDRiP.XviD-SOF 2013-09-23 03:34 - 2013-09-23 15:44 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Continuum.S01E08.Fremdgesteuert.GERMAN.DUBBED.BLURAYRiP.REPACK.XviD-SOF 2013-09-23 03:34 - 2013-09-23 03:34 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Continuum.S01E02.Kein.Weg.zurueck.GERMAN.DUBBED.WebHDRiP.XviD-SOF 2013-09-23 03:26 - 2013-09-23 21:06 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Continuum.S01E10.Der.Anschlag.GERMAN.DUBBED.BLURAYRiP.XviD-SOF 2013-09-23 03:23 - 2013-09-23 03:23 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Continuum.S01E05.Generationenkonflikt.GERMAN.DUBBED.WebHDRiP.XviD-SOF 2013-09-22 20:48 - 2013-09-23 03:33 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...No.German.2012.DVDRiP.x264-ETM 2013-09-21 22:51 - 2013-09-21 23:51 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...After.Earth.2013.BDRip.Line.Dubbed.German.XviD-POE 2013-09-21 22:48 - 2013-09-21 23:48 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Jesus.liebt.mich.German.BDRip.x264-CONTRiBUTiON 2013-09-21 22:46 - 2013-09-22 00:16 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Butterfly.Effect.DC.2004.BDRip.AC3.German.XviD-POE 2013-09-21 22:46 - 2013-09-21 22:51 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Tom.Sawyer.2011.German.AC3.BDRip.XviD-AJA 2013-09-21 14:59 - 2013-09-21 14:59 - 00000000 ____D C:\ProgramData\Oracle 2013-09-21 14:53 - 2013-09-21 14:53 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-09-21 14:53 - 2013-09-21 14:53 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-09-21 14:53 - 2013-09-21 14:53 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-09-21 14:53 - 2013-09-21 14:53 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-09-21 12:33 - 2013-09-21 15:11 - 00000000 ____D C:\javaECM 2013-09-18 14:40 - 2013-09-18 14:47 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...White.House.Down.TS.LD.German.X264-AOE 2013-09-18 10:30 - 2013-09-18 10:30 - 00001009 _____ C:\Users\juergi\Desktop\Free Alarm Clock.lnk 2013-09-18 10:30 - 2013-09-18 10:30 - 00000000 ____D C:\Program Files (x86)\FreeAlarmClock 2013-09-16 17:27 - 2013-09-16 17:37 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Pamela 2013-09-16 17:27 - 2013-09-16 17:27 - 00176128 _____ (Scendix Software-Vertriebsges. mbH) C:\Windows\SysWOW64\RemoteControl.dll 2013-09-16 17:27 - 2013-09-16 17:27 - 00000985 _____ C:\Users\Public\Desktop\Pamela for Skype.lnk 2013-09-16 17:27 - 2013-09-16 17:27 - 00000000 ____D C:\Users\juergi\Documents\Pamela 2013-09-16 17:27 - 2013-09-16 17:27 - 00000000 ____D C:\Program Files (x86)\Pamela 2013-09-14 13:12 - 2013-09-22 09:38 - 01030038 _____ (Thisisu) C:\Users\juergi\Desktop\JRT_NEW.exe 2013-09-13 21:01 - 2013-09-13 21:01 - 01588264 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-09-13 20:59 - 2013-09-13 20:59 - 00000556 _____ C:\Windows\KB893803v2.log 2013-09-13 20:58 - 2013-09-24 16:04 - 00001886 _____ C:\Users\juergi\Desktop\Search.lnk 2013-09-13 13:34 - 2013-09-13 13:34 - 00000000 ____D C:\Windows 7 Loader 2013-09-13 13:26 - 2013-09-13 13:26 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software 2013-09-13 13:26 - 2013-09-13 13:26 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software 2013-09-12 08:59 - 2013-09-12 08:59 - 00000000 ____D C:\WakeupOnStandBy 2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\Users\juergi\AppData\Roaming\WinPatrol 2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\ProgramData\InstallMate 2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\Program Files (x86)\BillP Studios 2013-09-12 07:51 - 2013-09-12 07:51 - 00906792 _____ (BillP Studios) C:\Users\juergi\Desktop\wpsetup.exe 2013-09-11 12:54 - 2013-09-11 12:54 - 00000000 ____D C:\Users\juergi\AppData\Roaming\dvdcss 2013-09-11 05:21 - 2013-09-11 05:21 - 00000000 ____D C:\juergen 2013-09-10 19:02 - 2013-09-10 18:39 - 00004217 _____ C:\Users\juergi\Documents\seffers240713.txt 2013-09-10 17:39 - 2013-09-10 17:39 - 00505253 _____ C:\Users\juergi\Documents\goslar3001.jpeg 2013-09-07 22:17 - 2013-09-07 22:14 - 16457319 _____ C:\Users\juergi\Desktop\portable-mumble.exe 2013-09-07 22:15 - 2013-09-07 22:15 - 00000588 _____ C:\Users\juergi\Desktop\OKiTALK.lnk 2013-09-05 16:03 - 2013-09-24 12:18 - 00000000 ____D C:\eclipse 2013-09-05 11:55 - 2013-09-05 11:55 - 01028757 _____ (Thisisu) C:\Users\juergi\Desktop\JRT.exe 2013-09-05 11:55 - 2013-09-05 11:55 - 00000000 ____D C:\Windows\ERUNT 2013-09-05 11:52 - 2013-09-24 17:15 - 00000000 ____D C:\AdwCleaner 2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2013-09-04 14:22 - 2013-09-04 14:21 - 00377856 _____ C:\Users\juergi\Desktop\gmer_2.1.19163.exe 2013-09-04 14:17 - 2013-09-04 14:17 - 00000474 _____ C:\Users\juergi\Desktop\defogger_disable.log 2013-09-04 14:17 - 2013-09-04 14:17 - 00000000 _____ C:\Users\juergi\defogger_reenable 2013-09-04 14:16 - 2013-09-04 14:16 - 00050477 _____ C:\Users\juergi\Desktop\Defogger.exe 2013-09-04 10:49 - 2013-09-04 10:56 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Oblivion.German.AC3.BDRip.XviD-HP 2013-09-04 10:48 - 2013-09-04 10:48 - 00000820 _____ C:\Users\juergi\Desktop\µTorrent.lnk 2013-09-04 10:48 - 2013-09-04 10:48 - 00000800 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-09-04 10:46 - 2013-09-24 00:26 - 00000000 ____D C:\Users\juergi\AppData\Roaming\uTorrent 2013-08-28 09:44 - 2013-08-28 09:47 - 00000000 ____D C:\ProgramData\Adobe 2013-08-28 09:44 - 2013-08-28 09:44 - 00002025 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-08-28 09:44 - 2013-08-28 09:44 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-08-28 09:43 - 2013-08-28 09:46 - 00000000 ____D C:\Users\juergi\AppData\Local\Adobe 2013-08-28 09:36 - 2013-08-28 09:36 - 02717517 _____ C:\Users\juergi\Documents\112.xps 2013-08-28 09:34 - 2013-08-28 09:34 - 00208430 _____ C:\Users\juergi\Documents\111.xps 2013-08-25 02:50 - 2013-09-04 13:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= 2013-09-24 17:38 - 2009-04-22 11:00 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-24 17:38 - 2009-04-22 11:00 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-24 17:36 - 2009-04-22 15:13 - 00696144 _____ C:\Windows\system32\perfh007.dat 2013-09-24 17:36 - 2009-04-22 15:13 - 00147386 _____ C:\Windows\system32\perfc007.dat 2013-09-24 17:36 - 2009-04-22 11:27 - 01611134 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-24 17:30 - 2013-09-24 16:04 - 00001912 _____ C:\Windows\Tasks\LyriXeeker-1-chromeinstaller.job 2013-09-24 17:30 - 2013-09-24 16:04 - 00001836 _____ C:\Windows\Tasks\LyriXeeker-1-firefoxinstaller.job 2013-09-24 17:30 - 2013-09-24 16:04 - 00001298 _____ C:\Windows\Tasks\LyriXeeker-1-updater.job 2013-09-24 17:30 - 2013-09-24 16:04 - 00001202 _____ C:\Windows\Tasks\LyriXeeker-1-codedownloader.job 2013-09-24 17:30 - 2013-09-24 16:04 - 00001102 _____ C:\Windows\Tasks\LyriXeeker-1-enabler.job 2013-09-24 17:30 - 2013-08-15 02:52 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-24 17:30 - 2013-07-29 12:38 - 00007372 _____ C:\Windows\PFRO.log 2013-09-24 17:30 - 2013-07-29 10:46 - 01842318 _____ C:\Windows\WindowsUpdate.log 2013-09-24 17:30 - 2009-04-22 11:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-24 17:30 - 2009-04-22 11:05 - 00030798 _____ C:\Windows\setupact.log 2013-09-24 17:22 - 2013-09-24 17:22 - 00002751 _____ C:\Users\juergi\Desktop\JRT.txt 2013-09-24 17:15 - 2013-09-05 11:52 - 00000000 ____D C:\AdwCleaner 2013-09-24 17:13 - 2013-09-24 17:13 - 01042066 _____ C:\Users\juergi\Desktop\adwcleaner(3).exe 2013-09-24 17:13 - 2013-07-12 02:55 - 00000000 ____D C:\dateien 2013-09-24 17:02 - 2013-08-15 02:52 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-24 16:10 - 2013-09-24 16:04 - 00000000 ____D C:\Program Files (x86)\JDownloader 2013-09-24 16:04 - 2013-09-24 16:04 - 00004328 _____ C:\Windows\System32\Tasks\LyriXeeker-1-updater 2013-09-24 16:04 - 2013-09-24 16:04 - 00004232 _____ C:\Windows\System32\Tasks\LyriXeeker-1-codedownloader 2013-09-24 16:04 - 2013-09-24 16:04 - 00004132 _____ C:\Windows\System32\Tasks\LyriXeeker-1-enabler 2013-09-24 16:04 - 2013-09-24 16:04 - 00002043 _____ C:\Users\juergi\Desktop\JDownloader.lnk 2013-09-24 16:04 - 2013-09-24 16:04 - 00000000 ____D C:\Program Files (x86)\LyriXeeker-1 2013-09-24 16:04 - 2013-09-13 20:58 - 00001886 _____ C:\Users\juergi\Desktop\Search.lnk 2013-09-24 12:18 - 2013-09-05 16:03 - 00000000 ____D C:\eclipse 2013-09-24 12:18 - 2013-08-04 00:58 - 00000000 ____D C:\Users\juergi\AppData\Local\Eclipse 2013-09-24 12:10 - 2013-07-30 19:32 - 00000000 ____D C:\ProgramData\MFAData 2013-09-24 00:26 - 2013-09-04 10:46 - 00000000 ____D C:\Users\juergi\AppData\Roaming\uTorrent 2013-09-23 21:06 - 2013-09-23 03:26 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Continuum.S01E10.Der.Anschlag.GERMAN.DUBBED.BLURAYRiP.XviD-SOF 2013-09-23 21:01 - 2013-09-23 20:07 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Paranoia.Riskantes.Spiel.TS.LD.German.X264-AOE 2013-09-23 15:44 - 2013-09-23 03:34 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Continuum.S01E08.Fremdgesteuert.GERMAN.DUBBED.BLURAYRiP.REPACK.XviD-SOF 2013-09-23 14:38 - 2013-09-23 14:28 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...The.Newsroom.S02E02.Operation.Genua.GERMAN.DUBBED.HDTVRip.x264-TVP 2013-09-23 04:37 - 2013-08-04 12:59 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Skype 2013-09-23 03:44 - 2013-09-23 03:44 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Continuum.S01E06.Loesegeld.GERMAN.DUBBED.WebHDRiP.XviD-SOF 2013-09-23 03:36 - 2013-09-23 03:36 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Continuum.S01E07.In.eigener.Sache.GERMAN.DUBBED.WebHDRiP.XviD-SOF 2013-09-23 03:35 - 2013-09-23 03:35 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Continuum.S01E09.Revolution.GERMAN.DUBBED.BLURAYRiP.XviD-SOF 2013-09-23 03:35 - 2013-09-23 03:35 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Continuum.S01E03.Doppeltes.Spiel.GERMAN.DUBBED.WebHDRiP.XviD-SOF 2013-09-23 03:34 - 2013-09-23 03:34 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Continuum.S01E02.Kein.Weg.zurueck.GERMAN.DUBBED.WebHDRiP.XviD-SOF 2013-09-23 03:33 - 2013-09-22 20:48 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...No.German.2012.DVDRiP.x264-ETM 2013-09-23 03:23 - 2013-09-23 03:23 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Continuum.S01E05.Generationenkonflikt.GERMAN.DUBBED.WebHDRiP.XviD-SOF 2013-09-23 03:04 - 2013-07-31 18:57 - 00000000 ____D C:\Users\juergi\Desktop\Mumble 2013-09-22 09:38 - 2013-09-14 13:12 - 01030038 _____ (Thisisu) C:\Users\juergi\Desktop\JRT_NEW.exe 2013-09-22 00:16 - 2013-09-21 22:46 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Butterfly.Effect.DC.2004.BDRip.AC3.German.XviD-POE 2013-09-21 23:51 - 2013-09-21 22:51 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...After.Earth.2013.BDRip.Line.Dubbed.German.XviD-POE 2013-09-21 23:48 - 2013-09-21 22:48 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Jesus.liebt.mich.German.BDRip.x264-CONTRiBUTiON 2013-09-21 22:51 - 2013-09-21 22:46 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Tom.Sawyer.2011.German.AC3.BDRip.XviD-AJA 2013-09-21 15:11 - 2013-09-21 12:33 - 00000000 ____D C:\javaECM 2013-09-21 14:59 - 2013-09-21 14:59 - 00000000 ____D C:\ProgramData\Oracle 2013-09-21 14:53 - 2013-09-21 14:53 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-09-21 14:53 - 2013-09-21 14:53 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-09-21 14:53 - 2013-09-21 14:53 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-09-21 14:53 - 2013-09-21 14:53 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2013-09-21 14:53 - 2013-08-13 13:05 - 00000000 ____D C:\Program Files\Java 2013-09-21 14:53 - 2013-08-04 00:35 - 01095080 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-09-21 14:53 - 2013-08-04 00:35 - 00973736 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-09-21 10:05 - 2013-08-15 02:52 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-09-20 19:12 - 2013-07-30 15:56 - 00000000 ____D C:\Users\juergi\AppData\Roaming\vlc 2013-09-18 14:47 - 2013-09-18 14:40 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...White.House.Down.TS.LD.German.X264-AOE 2013-09-18 10:30 - 2013-09-18 10:30 - 00001009 _____ C:\Users\juergi\Desktop\Free Alarm Clock.lnk 2013-09-18 10:30 - 2013-09-18 10:30 - 00000000 ____D C:\Program Files (x86)\FreeAlarmClock 2013-09-16 17:37 - 2013-09-16 17:27 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Pamela 2013-09-16 17:27 - 2013-09-16 17:27 - 00176128 _____ (Scendix Software-Vertriebsges. mbH) C:\Windows\SysWOW64\RemoteControl.dll 2013-09-16 17:27 - 2013-09-16 17:27 - 00000985 _____ C:\Users\Public\Desktop\Pamela for Skype.lnk 2013-09-16 17:27 - 2013-09-16 17:27 - 00000000 ____D C:\Users\juergi\Documents\Pamela 2013-09-16 17:27 - 2013-09-16 17:27 - 00000000 ____D C:\Program Files (x86)\Pamela 2013-09-13 21:01 - 2013-09-13 21:01 - 01588264 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-09-13 20:59 - 2013-09-13 20:59 - 00000556 _____ C:\Windows\KB893803v2.log 2013-09-13 19:20 - 2013-07-30 16:13 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Notepad++ 2013-09-13 13:34 - 2013-09-13 13:34 - 00000000 ____D C:\Windows 7 Loader 2013-09-13 13:26 - 2013-09-13 13:26 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software 2013-09-13 13:26 - 2013-09-13 13:26 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software 2013-09-13 13:26 - 2013-07-30 19:35 - 00000987 _____ C:\Users\Public\Desktop\AVG 2013.lnk 2013-09-12 08:59 - 2013-09-12 08:59 - 00000000 ____D C:\WakeupOnStandBy 2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\Users\juergi\AppData\Roaming\WinPatrol 2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\ProgramData\InstallMate 2013-09-12 07:52 - 2013-09-12 07:52 - 00000000 ____D C:\Program Files (x86)\BillP Studios 2013-09-12 07:51 - 2013-09-12 07:51 - 00906792 _____ (BillP Studios) C:\Users\juergi\Desktop\wpsetup.exe 2013-09-11 18:57 - 2013-07-30 16:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-11 18:57 - 2013-07-30 16:27 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-11 13:01 - 2009-04-22 09:16 - 00000000 __RHD C:\Users\Public\Libraries 2013-09-11 12:54 - 2013-09-11 12:54 - 00000000 ____D C:\Users\juergi\AppData\Roaming\dvdcss 2013-09-11 05:21 - 2013-09-11 05:21 - 00000000 ____D C:\juergen 2013-09-10 18:39 - 2013-09-10 19:02 - 00004217 _____ C:\Users\juergi\Documents\seffers240713.txt 2013-09-10 17:39 - 2013-09-10 17:39 - 00505253 _____ C:\Users\juergi\Documents\goslar3001.jpeg 2013-09-07 22:15 - 2013-09-07 22:15 - 00000588 _____ C:\Users\juergi\Desktop\OKiTALK.lnk 2013-09-07 22:14 - 2013-09-07 22:17 - 16457319 _____ C:\Users\juergi\Desktop\portable-mumble.exe 2013-09-05 12:01 - 2013-07-29 11:01 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-09-05 12:01 - 2013-07-29 10:47 - 00001445 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-05 12:01 - 2013-07-29 10:47 - 00001411 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2013-09-05 11:55 - 2013-09-05 11:55 - 01028757 _____ (Thisisu) C:\Users\juergi\Desktop\JRT.exe 2013-09-05 11:55 - 2013-09-05 11:55 - 00000000 ____D C:\Windows\ERUNT 2013-09-05 01:43 - 2013-09-05 01:43 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2013-09-04 14:21 - 2013-09-04 14:22 - 00377856 _____ C:\Users\juergi\Desktop\gmer_2.1.19163.exe 2013-09-04 14:17 - 2013-09-04 14:17 - 00000474 _____ C:\Users\juergi\Desktop\defogger_disable.log 2013-09-04 14:17 - 2013-09-04 14:17 - 00000000 _____ C:\Users\juergi\defogger_reenable 2013-09-04 14:17 - 2013-07-29 10:46 - 00000000 ____D C:\Users\juergi 2013-09-04 14:16 - 2013-09-04 14:16 - 00050477 _____ C:\Users\juergi\Desktop\Defogger.exe 2013-09-04 14:07 - 2013-07-30 19:35 - 00000000 ____D C:\ProgramData\AVG2013 2013-09-04 13:41 - 2013-08-09 23:22 - 00000000 ____D C:\tmp 2013-09-04 13:37 - 2013-07-26 12:25 - 00000000 ____D C:\loader 2013-09-04 13:36 - 2013-08-25 02:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-04 10:56 - 2013-09-04 10:49 - 00000000 ____D C:\Users\juergi\Downloads\www.torrent.to...Oblivion.German.AC3.BDRip.XviD-HP 2013-09-04 10:48 - 2013-09-04 10:48 - 00000820 _____ C:\Users\juergi\Desktop\µTorrent.lnk 2013-09-04 10:48 - 2013-09-04 10:48 - 00000800 _____ C:\Users\juergi\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-09-02 18:47 - 2013-07-30 16:11 - 00000000 ____D C:\Users\juergi\AppData\Roaming\WinRAR 2013-09-02 14:47 - 2013-08-10 14:21 - 00007680 _____ C:\Users\juergi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-08-28 09:47 - 2013-08-28 09:44 - 00000000 ____D C:\ProgramData\Adobe 2013-08-28 09:46 - 2013-08-28 09:43 - 00000000 ____D C:\Users\juergi\AppData\Local\Adobe 2013-08-28 09:46 - 2013-07-30 16:27 - 00000000 ____D C:\Users\juergi\AppData\Roaming\Adobe 2013-08-28 09:44 - 2013-08-28 09:44 - 00002025 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2013-08-28 09:44 - 2013-08-28 09:44 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-08-28 09:36 - 2013-08-28 09:36 - 02717517 _____ C:\Users\juergi\Documents\112.xps 2013-08-28 09:34 - 2013-08-28 09:34 - 00208430 _____ C:\Users\juergi\Documents\111.xps 2013-08-26 08:16 - 2013-07-29 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe [2009-04-22 06:00] - [2009-04-22 07:38] - 0389632 ____A (Microsoft Corporation) 007CFB4BF1BE9D43E605FB4CFDFE5D01 C:\Windows\System32\wininit.exe [2009-04-22 05:59] - [2009-04-22 07:38] - 0129024 ____A (Microsoft Corporation) 56F3B4CD28CDB1D79290870A084EF365 C:\Windows\SysWOW64\wininit.exe [2009-04-22 05:35] - [2009-04-22 07:19] - 0096256 ____A (Microsoft Corporation) 2E4264C95BAB587431C79C101899CCC8 C:\Windows\explorer.exe [2009-04-22 06:04] - [2009-04-22 07:38] - 2858496 ____A (Microsoft Corporation) 0C817F3E033335EDB2DD069EFA84045E C:\Windows\SysWOW64\explorer.exe [2009-04-22 05:40] - [2009-04-22 07:19] - 2607616 ____A (Microsoft Corporation) C133788B393EEC01439AD997D24E66ED C:\Windows\System32\svchost.exe [2009-04-22 05:35] - [2009-04-22 07:38] - 0027648 ____A (Microsoft Corporation) DAED0221F52D75056A8999C2BED00D4E C:\Windows\SysWOW64\svchost.exe [2009-04-22 05:16] - [2009-04-22 07:19] - 0020992 ____A (Microsoft Corporation) 5F1FE2F551E74B069C436152F06CCFDC C:\Windows\System32\services.exe [2009-04-22 05:23] - [2009-04-22 07:38] - 0328704 ____A (Microsoft Corporation) 21EF41CDCEA63268A96ED8150B830966 C:\Windows\System32\User32.dll [2009-04-22 05:44] - [2009-04-22 07:41] - 1008128 ____A (Microsoft Corporation) BBD85B4D52566D8600A1062A1607555E C:\Windows\SysWOW64\User32.dll [2009-04-22 05:22] - [2009-04-22 07:11] - 0833024 ____A (Microsoft Corporation) ADCBEAE40A6E714BA4E0CF257EA6BFEA C:\Windows\System32\userinit.exe [2009-04-22 05:57] - [2009-04-22 07:38] - 0030208 ____A (Microsoft Corporation) 03F541FCFD3A950CE4E0AFB64A4AE4DC C:\Windows\SysWOW64\userinit.exe [2009-04-22 05:32] - [2009-04-22 07:19] - 0026112 ____A (Microsoft Corporation) 50771CA86FF1ADAF5FD1920F8CB5665E C:\Windows\System32\Drivers\volsnap.sys [2009-04-22 05:23] - [2009-04-22 07:45] - 0293952 ____A (Microsoft Corporation) 93454FFE2DA928731D855072AFC02603 LastRegBack: 2013-09-15 01:06 ==================== End Of Log ============================ |
|
| Themen zu meldung kostenlos -> stargames.com |
| antivir, enterprise, firefox, hoffe, javascript, kostenlos, link, meldung, nichts, richtig, spybot, website, websiten, zunge |
Linear-Darstellung
