| |
| |||||||
Log-Analyse und Auswertung: Internet - Fehler beim Virenscan & langsame Verbindung (?)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.07.2013, 06:26
| #1 |
 |  Internet - Fehler beim Virenscan & langsame Verbindung (?) Guten Morgen, wenn ich auch nur irgendwas versuche zu downloaden, wird es sofort gelöscht. Chrome sagt mir, dass es einen Fehler beim Virenscan gab, andere Browser machen sich nicht die Mühe und die Datei ist sofort nach dem Download weg. Als Antivirussoftware benutze ich Avast, aber auch nach Deaktivierung funktionieren Downloads nicht. Ich habe neulich eine Systemwiederherstellung gemacht, wonach das Problem für kurze Zeit behoben war, jedoch noch am selben Tag wieder aufgetaucht ist. Ich glaube auch, dass sich meine Internetgeschwindigkeit verringert hat. Kann aber auch nur Placebo sein. (Anmerkungen: Ich habe versucht, einen Scan mit GMER zu machen, dies hat aber nicht geklappt! Beim Programmstart bekam ich zunächst die Meldung: "../config/system: Der Prozess kann auf die Datei nicht zugreifen, da sie von einem anderen Prozess verwendet wird." Das Programm hängt sich dann mitten im Scan auf. Ich würde es im abgesicherten Modus versuchen, komme aber nicht in die Auswahl. Wenn ich F8 beim booten drücke, gelange ich nur ins Boot-Menü. Beim Scan mit OTL habe ich auch nur einen Log und keine zusätzliche Extra.txt erhalten. ) OTL.txt Code:
ATTFilter OTL logfile created on: 19.07.2013 06:50:06 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Erik\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,20 Gb Available Physical Memory | 77,91% Memory free 15,91 Gb Paging File | 14,03 Gb Available in Paging File | 88,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,02 Gb Total Space | 60,51 Gb Free Space | 50,84% Space Free | Partition Type: NTFS Drive D: | 931,39 Gb Total Space | 678,71 Gb Free Space | 72,87% Space Free | Partition Type: NTFS Drive E: | 1,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: LIAN | User Name: Erik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.07.19 06:49:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Erik\Desktop\OTL.exe PRC - [2013.07.16 19:31:02 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- D:\Programme\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- D:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- D:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- D:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013.03.19 15:49:40 | 001,086,816 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- D:\Programme\Evernote\EvernoteClipper.exe PRC - [2013.03.19 15:39:06 | 012,005,216 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- D:\Programme\Evernote\Evernote.exe PRC - [2013.03.19 15:39:06 | 000,395,104 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- D:\Programme\Evernote\EvernoteTray.exe PRC - [2013.02.26 02:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2013.02.26 02:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2013.02.26 01:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) -- d:\Programme\Vmware\vmware-authd.exe PRC - [2012.01.20 16:29:28 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.01.20 16:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.01.20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.01.04 21:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.11.21 05:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2010.06.28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2009.08.29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Erik\Local Settings\Apps\F.lux\flux.exe ========== Modules (No Company Name) ========== MOD - [2013.07.16 14:44:35 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5ff75dafe0bda546dc6c71d2cb2d5257\IAStorUtil.ni.dll MOD - [2013.07.16 14:44:35 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6e3778958a8bfd03bf0f2f60c4e25623\IAStorCommon.ni.dll MOD - [2013.07.16 13:55:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll MOD - [2013.07.16 13:55:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013.07.16 13:55:32 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013.07.16 13:55:25 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll MOD - [2013.07.16 13:55:23 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013.07.16 13:55:21 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013.07.16 13:55:20 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013.07.16 13:55:16 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- D:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- D:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- D:\Programme\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2013.03.01 19:55:38 | 021,114,880 | ---- | M] () -- D:\Programme\Evernote\libcef.dll MOD - [2013.03.01 19:55:02 | 000,133,134 | ---- | M] () -- D:\Programme\Evernote\avutil-51.dll MOD - [2013.03.01 19:54:58 | 000,189,454 | ---- | M] () -- D:\Programme\Evernote\avformat-54.dll MOD - [2013.03.01 19:54:56 | 000,983,054 | ---- | M] () -- D:\Programme\Evernote\avcodec-54.dll MOD - [2012.09.08 13:16:30 | 000,433,664 | ---- | M] () -- D:\Programme\Evernote\libxml2.dll MOD - [2012.09.08 13:16:20 | 000,315,392 | ---- | M] () -- D:\Programme\Evernote\libtidy.dll MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2011.03.04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2011.03.04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2011.03.04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.10.20 15:45:26 | 008,801,120 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office14\1033\GrooveIntlResource.dll MOD - [2009.08.29 08:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Erik\Local Settings\Apps\F.lux\flux.exe ========== Services (SafeList) ========== SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.08.15 17:38:50 | 000,178,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R) SRV:64bit: - [2008.05.08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License) SRV - [2013.07.16 19:31:02 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013.02.26 02:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2013.02.26 02:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2013.02.26 01:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- d:\Programme\Vmware\vmware-authd.exe -- (VMAuthdService) SRV - [2013.01.11 15:49:10 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.11 16:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.08.30 21:35:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.01.20 16:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.01.20 16:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.01.20 11:45:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.01.10 21:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.08.05 19:29:20 | 000,225,280 | ---- | M] (DTS, Inc) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\DTSU2PAuSrv64.exe -- (DTSAudioSvc) SRV - [2011.04.20 09:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56) SRV - [2010.11.21 05:25:05 | 001,525,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.08.13 00:08:04 | 006,094,848 | ---- | M] () [Auto | Stopped] -- D:\Programme\Zend\MySQL51\bin\mysqld.exe -- (MySQL_ZendServer51) SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2013.02.26 02:28:48 | 000,067,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2013.02.26 02:28:14 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2013.02.26 02:27:48 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2013.02.26 02:27:48 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2013.02.26 02:27:44 | 000,033,360 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.10.24 14:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock) DRV:64bit: - [2012.10.24 14:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2012.10.11 16:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2012.10.11 16:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.20 12:12:34 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2012.07.20 12:12:00 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam) DRV:64bit: - [2012.05.20 12:28:35 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.06 10:44:12 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:64bit: - [2012.01.04 21:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.04 21:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.04 21:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.11.03 11:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.11.03 11:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.07.20 03:37:56 | 000,342,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.25 02:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2010.10.25 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.06.28 22:37:56 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2010.06.28 22:37:36 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2010.06.28 22:33:17 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2010.06.28 22:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2010.06.28 22:32:36 | 000,020,048 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2010.01.22 09:28:24 | 000,038,944 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV:64bit: - [2010.01.22 09:28:22 | 000,174,368 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV:64bit: - [2009.08.21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 08:46:20 | 000,042,912 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV:64bit: - [2009.06.17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.03.17 19:12:26 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=3e30aa73-045d-4435-bb56-16be12d11384&searchtype=ds&q={searchTerms}&installDate=01/07/2013 IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=3e30aa73-045d-4435-bb56-16be12d11384&searchtype=ds&q={searchTerms}&installDate=01/07/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=3e30aa73-045d-4435-bb56-16be12d11384&searchtype=ds&q={searchTerms}&installDate=01/07/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=3e30aa73-045d-4435-bb56-16be12d11384&searchtype=hp&installDate=01/07/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 35 3B 56 E5 15 E9 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=3e30aa73-045d-4435-bb56-16be12d11384&searchtype=ds&q={searchTerms}&installDate=01/07/2013 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=3e30aa73-045d-4435-bb56-16be12d11384&searchtype=ds&q={searchTerms}&installDate=01/07/2013 IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=3e30aa73-045d-4435-bb56-16be12d11384&searchtype=ds&q={searchTerms}&installDate=01/07/2013 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledAddons: mozrepl@hyperstruct.net:1.1 FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledAddons: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0 FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledAddons: firebug@software.joehewitt.com:1.9.2 FF - prefs.js..extensions.enabledAddons: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.17 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.10 FF - prefs.js..extensions.enabledAddons: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.8 FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..extensions.enabledAddons: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1 FF - prefs.js..extensions.enabledAddons: {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}:1.5.1.1 FF - prefs.js..network.proxy.http: "91.228.53.28" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.12.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.12.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Erik\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Erik\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.27 13:11:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.03.08 20:05:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: D:\Programme\Firefox 5\components [2013.06.03 13:23:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: D:\Programme\Firefox 5\plugins [2013.06.03 13:23:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.03 13:23:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.06.03 13:23:27 | 000,000,000 | ---D | M] [2012.05.23 15:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\Extensions [2013.06.23 16:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\Firefox\Profiles\35a0l3ku.default\extensions [2013.05.01 18:54:40 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Erik\AppData\Roaming\mozilla\Firefox\Profiles\35a0l3ku.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2012.12.30 16:23:59 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Erik\AppData\Roaming\mozilla\Firefox\Profiles\35a0l3ku.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2013.06.23 16:44:52 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Erik\AppData\Roaming\mozilla\Firefox\Profiles\35a0l3ku.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2012.06.14 16:37:43 | 001,335,949 | ---- | M] () (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\35a0l3ku.default\extensions\firebug@software.joehewitt.com.xpi [2012.05.23 15:43:23 | 000,027,841 | ---- | M] () (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\35a0l3ku.default\extensions\mozrepl@hyperstruct.net.xpi [2012.05.23 15:48:13 | 000,413,408 | ---- | M] () (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\35a0l3ku.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013.05.06 23:35:26 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\35a0l3ku.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.05.23 21:39:10 | 000,026,136 | ---- | M] () (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\35a0l3ku.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2013.06.23 16:43:06 | 000,041,372 | ---- | M] () (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\35a0l3ku.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi [2013.03.08 20:05:41 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES (X86)\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF [2012.05.27 13:11:26 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Erik\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Erik\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Erik\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Google Update (Enabled) = C:\Users\Erik\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.8.6_0\ CHR - Extension: SEOquake = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.16_0\ CHR - Extension: Task Timer :: Aufgabenplaner = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif\3.9.1_0\ CHR - Extension: Web Developer = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.3_0\ CHR - Extension: Turn Off the Lights = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.11_0\ CHR - Extension: Adblock Plus = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0\ CHR - Extension: YouTube\u2122 Ratings Preview = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\2.3.3_0\ CHR - Extension: Alexa Traffic Rank = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\3.1_0\ CHR - Extension: FlashCards = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\diejjofgldkjkhmfjagdjdodjebpglhb\2.6.8.8_0\ CHR - Extension: Google Kalender = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\ CHR - Extension: SEOrch - OnPage SEO Tool = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnhfjnejkpodaoodkkmkjbpopknbaeef\0.1.12_0\ CHR - Extension: PageRank Status = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\7.8_0\ CHR - Extension: Ti\u00EBsto = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0\ CHR - Extension: Lumosity = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffmfbhcjemfledhndnpllechagamlfp\1.1_0\ CHR - Extension: Evernote Web Clipper = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.19_0\ CHR - Extension: iReader = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppelffpjgkifjfgnbaaldcehkpajlmbc\1.3.0.3_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - D:\Programme\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [SDTray] D:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [F.lux] C:\Users\Erik\Local Settings\Apps\F.lux\flux.exe () O4 - HKCU..\Run: [Internet Security] C:\ProgramData\mxdefender.exe File not found O4 - Startup: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = D:\Programme\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O4 - Startup: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk = D:\Programme\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Auswahl speichern - D:\Programme\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found O8:64bit: - Extra context menu item: Diese Seite ausschneiden - D:\Programme\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8:64bit: - Extra context menu item: Neue Notiz - D:\Programme\Evernote\\EvernoteIERes\NewNote.html () O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: URL notieren - D:\Programme\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found O8 - Extra context menu item: Auswahl speichern - D:\Programme\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found O8 - Extra context menu item: Diese Seite ausschneiden - D:\Programme\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Neue Notiz - D:\Programme\Evernote\\EvernoteIERes\NewNote.html () O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: URL notieren - D:\Programme\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Encarta Search - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - Reg Error: Key error. File not found O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @D:\Programme\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\Programme\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra 'Tools' menuitem : @D:\Programme\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\Programme\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD558926-627D-49A3-8C35-F2332720008B}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.07.14 11:05:32 | 000,000,067 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{1fd683ca-a224-11e1-b528-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1fd683ca-a224-11e1-b528-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe -- [2008.06.06 12:40:42 | 000,818,480 | R--- | M] () O33 - MountPoints2\{1fd6884d-a224-11e1-b528-c86000be5c7c}\Shell - "" = AutoRun O33 - MountPoints2\{1fd6884d-a224-11e1-b528-c86000be5c7c}\Shell\AutoRun\command - "" = E:\pushinst.exe O33 - MountPoints2\{e2fd3630-a220-11e1-ba61-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e2fd3630-a220-11e1-ba61-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.19 06:49:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Erik\Desktop\OTL.exe [2013.07.17 15:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.07.17 15:40:12 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.07.17 15:37:55 | 036,271,144 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\Erik\Desktop\spybot-2.1.exe [2013.07.16 15:56:36 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.07.16 15:56:36 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.07.16 15:56:36 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.07.16 15:56:36 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2013.07.16 15:56:36 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.07.16 15:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.07.16 15:56:34 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr [2013.07.16 15:53:12 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft [2013.07.15 13:52:58 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.07.14 11:36:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013.07.10 23:10:18 | 000,397,312 | ---- | C] (Koyote-Lab Inc) -- C:\Windows\SysWow64\TubeFinder.exe [2013.07.10 23:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter [2013.07.10 23:10:17 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\FreeFLVConverter [2013.07.08 13:13:28 | 000,000,000 | ---D | C] -- C:\Users\Erik\Desktop\PSD [2013.07.02 12:35:48 | 000,000,000 | ---D | C] -- C:\Users\Erik\Desktop\toread [2013.07.01 16:03:01 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Local\Harmony_Hollow_Software [2013.07.01 15:58:49 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Local\CTSounds [2013.07.01 15:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Timer ========== Files - Modified Within 30 Days ========== [2013.07.19 06:49:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Erik\Desktop\OTL.exe [2013.07.19 06:47:44 | 000,000,148 | ---- | M] () -- C:\Users\Erik\defogger_reenable [2013.07.19 06:47:22 | 000,050,477 | ---- | M] () -- C:\Users\Erik\Desktop\Defogger.exe [2013.07.19 06:46:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000UA.job [2013.07.19 06:34:56 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.19 06:34:56 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.19 06:33:46 | 001,629,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.19 06:33:46 | 000,702,458 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.19 06:33:46 | 000,657,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.19 06:33:46 | 000,150,220 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.19 06:33:46 | 000,123,174 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.19 06:27:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.19 06:27:47 | 2112,245,759 | -HS- | M] () -- C:\hiberfil.sys [2013.07.18 15:56:38 | 000,001,456 | ---- | M] () -- C:\Users\Erik\AppData\Local\Adobe Save for Web 13.0 Prefs [2013.07.18 14:46:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000Core.job [2013.07.18 06:55:22 | 005,069,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.17 15:40:13 | 000,000,986 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.07.17 15:38:33 | 036,271,144 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\Erik\Desktop\spybot-2.1.exe [2013.07.16 22:01:59 | 000,000,132 | ---- | M] () -- C:\Users\Erik\AppData\Roaming\Adobe BMP Format CS6 Prefs [2013.07.16 19:44:42 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.07.16 19:44:42 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.07.16 19:32:41 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.07.16 19:31:02 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.07.16 16:04:51 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn [2013.07.16 15:56:36 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.07.16 15:56:36 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.07.15 13:53:38 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum [2013.07.15 13:53:38 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum [2013.07.15 13:53:38 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum [2013.07.06 22:04:50 | 000,000,631 | ---- | M] () -- C:\Users\Erik\SciTE.session [2013.07.06 22:02:26 | 000,000,030 | ---- | M] () -- C:\Users\Erik\Desktop\antivir.au3 [2013.07.06 21:52:05 | 000,000,031 | ---- | M] () -- C:\Users\Erik\AppData\Roaming\mbam.context.scan [2013.07.02 13:15:27 | 003,790,429 | ---- | M] () -- C:\Users\Erik\Desktop\FreeTrafficLoophole.pdf [2013.07.01 23:50:15 | 000,016,488 | ---- | M] () -- C:\Users\Erik\Desktop\the-magic-of-thinking-big-david-j-schwartz.pdf - Verknüpfung.lnk [2013.07.01 23:49:21 | 000,001,545 | ---- | M] () -- C:\Users\Erik\Desktop\The_4-Hour_Workweek_Escape_9_5 expanded and updated.pdf - Verknüpfung.lnk [2013.07.01 11:53:14 | 000,397,312 | ---- | M] (Koyote-Lab Inc) -- C:\Windows\SysWow64\TubeFinder.exe [2013.06.26 01:41:10 | 000,001,322 | ---- | M] () -- C:\Users\Erik\Desktop\ebook - Neil Strauss - Rules of the Game.pdf - Verknüpfung.lnk ========== Files Created - No Company Name ========== [2013.07.19 06:47:44 | 000,000,148 | ---- | C] () -- C:\Users\Erik\defogger_reenable [2013.07.19 06:47:22 | 000,050,477 | ---- | C] () -- C:\Users\Erik\Desktop\Defogger.exe [2013.07.17 15:40:13 | 000,000,986 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.07.17 15:40:13 | 000,000,986 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.07.16 22:01:59 | 000,000,132 | ---- | C] () -- C:\Users\Erik\AppData\Roaming\Adobe BMP Format CS6 Prefs [2013.07.16 19:31:28 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.07.16 19:31:28 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.07.16 19:31:02 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.07.16 15:56:36 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.07.15 13:53:38 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum [2013.07.15 13:53:38 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum [2013.07.15 13:53:38 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum [2013.07.10 23:10:20 | 000,001,167 | ---- | C] () -- C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk [2013.07.10 23:10:17 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx [2013.07.10 23:10:17 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb [2013.07.10 23:10:17 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx [2013.07.06 22:00:46 | 000,000,030 | ---- | C] () -- C:\Users\Erik\Desktop\antivir.au3 [2013.07.06 21:45:11 | 000,000,031 | ---- | C] () -- C:\Users\Erik\AppData\Roaming\mbam.context.scan [2013.07.02 13:15:27 | 003,790,429 | ---- | C] () -- C:\Users\Erik\Desktop\FreeTrafficLoophole.pdf [2013.07.01 23:50:15 | 000,016,488 | ---- | C] () -- C:\Users\Erik\Desktop\the-magic-of-thinking-big-david-j-schwartz.pdf - Verknüpfung.lnk [2013.07.01 23:49:21 | 000,001,545 | ---- | C] () -- C:\Users\Erik\Desktop\The_4-Hour_Workweek_Escape_9_5 expanded and updated.pdf - Verknüpfung.lnk [2013.06.26 01:41:10 | 000,001,322 | ---- | C] () -- C:\Users\Erik\Desktop\ebook - Neil Strauss - Rules of the Game.pdf - Verknüpfung.lnk [2013.04.01 08:45:56 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat [2013.04.01 08:38:27 | 000,000,068 | ---- | C] () -- C:\Windows\spn.INI [2013.04.01 08:38:21 | 000,000,074 | ---- | C] () -- C:\Windows\Crypkey.ini [2013.04.01 08:38:18 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe [2013.04.01 08:38:18 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll [2013.04.01 08:38:18 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe [2013.03.29 11:49:41 | 000,008,324 | ---- | C] () -- C:\Users\Erik\AppData\Local\recently-used.xbel [2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013.03.18 20:09:23 | 000,001,456 | ---- | C] () -- C:\Users\Erik\AppData\Local\Adobe Save for Web 13.0 Prefs [2013.01.17 15:36:19 | 000,000,043 | ---- | C] () -- C:\Users\Erik\jagex_cl_runescape_LIVE.dat [2013.01.17 15:36:19 | 000,000,024 | ---- | C] () -- C:\Users\Erik\random.dat [2013.01.01 20:22:07 | 001,606,468 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.28 21:11:54 | 000,157,760 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012.12.27 18:58:16 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat [2012.12.08 22:03:08 | 000,000,068 | ---- | C] () -- C:\Windows\eyeQ Screen Saver.ini [2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.11.18 02:27:59 | 007,261,256 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2012.11.07 18:23:25 | 000,020,367 | ---- | C] () -- C:\Users\Erik\UStVA2012_10_Oktober_***.elfo [2012.10.25 23:53:04 | 000,000,061 | ---- | C] () -- C:\Users\Erik\SciTEUser.properties [2012.10.14 12:20:42 | 000,018,938 | ---- | C] () -- C:\Users\Erik\UStVA2012_***.elfo [2012.09.21 19:39:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.07.21 16:43:53 | 000,303,616 | ---- | C] () -- C:\Windows\SysWow64\SDL.dll [2012.05.20 10:53:08 | 000,000,631 | ---- | C] () -- C:\Users\Erik\SciTE.session [2012.05.20 10:35:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2012.05.20 04:41:54 | 000,000,344 | ---- | C] () -- C:\Windows\lgfwup.ini [2012.05.20 04:21:58 | 000,057,850 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.05.20 04:20:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.05.20 04:20:15 | 000,041,098 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.05.20 01:16:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.05.20 01:14:37 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.05.20 01:14:37 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.20 01:14:37 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.02.17 17:14:06 | 000,000,038 | ---- | C] () -- C:\Users\Erik\abbrev.properties [2012.02.17 16:02:02 | 000,000,000 | ---- | C] () -- C:\Users\Erik\au3.keywords.user.abbreviations.properties [2012.02.14 22:52:12 | 000,000,027 | ---- | C] () -- C:\Users\Erik\au3UserAbbrev.properties [2012.01.10 20:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2010.03.27 17:22:54 | 000,014,905 | ---- | C] () -- C:\Users\Erik\au3abbrev.properties [2010.01.02 23:16:12 | 000,000,111 | ---- | C] () -- C:\Users\Erik\au3.UserUdfs.properties [2010.01.02 23:15:50 | 000,000,000 | ---- | C] () -- C:\Users\Erik\au3.user.calltips.api ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.30 19:47:00 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\.minecraft [2012.12.02 20:25:03 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Advanced Chemistry Development [2012.07.07 21:41:39 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\AnvSoft [2013.03.29 23:35:16 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Audacity [2013.01.09 16:16:47 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Auslogics [2012.12.05 20:54:36 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\BOM [2013.05.12 13:47:54 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Broderbund [2013.02.02 14:28:17 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Buzan Online [2013.01.04 22:01:41 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\calibre [2013.01.23 15:10:55 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\DAEMON Tools Lite [2012.07.20 22:34:06 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Dev-Cpp [2013.03.08 20:05:46 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\DVDVideoSoft [2013.03.08 20:05:44 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\DVDVideoSoftIEHelpers [2012.10.09 20:22:42 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\elsterformular [2013.07.17 15:40:49 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\FileZilla [2013.07.10 23:10:21 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\FreeFLVConverter [2012.12.15 23:53:44 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\ICQ [2012.05.20 01:07:10 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\ICQ Search [2013.01.09 15:43:20 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\IObit [2012.06.14 18:47:46 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\JGsoft [2012.05.20 04:57:03 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Leadertech [2013.01.20 15:29:56 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\mirabyte [2012.09.08 18:23:07 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\MySQL [2012.05.20 10:46:50 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Notepad++ [2013.03.08 20:05:38 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\OpenCandy [2012.08.28 21:39:15 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\PDAppFlex [2012.06.04 12:59:13 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Propellerhead Software [2013.03.03 13:05:01 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\SchreibTrainer3 [2013.01.11 02:34:51 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Sinvise Systems [2013.04.04 14:05:13 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.04.23 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Stardock [2013.03.30 16:02:01 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\SuperUtils.com [2012.06.05 19:39:11 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\TeamViewer [2012.05.20 10:57:20 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Thunderbird [2012.10.19 14:32:09 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Ubisoft [2013.07.19 06:08:51 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\uTorrent [2013.01.09 16:10:14 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\VSRevoGroup [2013.05.08 21:10:55 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\WindSolutions ========== Purity Check ========== < End of report > |
|
19.07.2013, 08:37
| #2 |
| /// the machine /// TB-Ausbilder    | Internet - Fehler beim Virenscan & langsame Verbindung (?) hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
19.07.2013, 09:37
| #3 |
| | Internet - Fehler beim Virenscan & langsame Verbindung (?) hi,
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-07-2013
Ran by Erik (administrator) on 19-07-2013 10:26:00
Running from C:\Users\Erik\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(CrypKey (Canada) Ltd.) C:\Windows\system32\crypserv.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) D:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) D:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) D:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
(VMware, Inc.) d:\Programme\Vmware\vmware-authd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Users\Erik\Local Settings\Apps\F.lux\flux.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) D:\Programme\Evernote\EvernoteClipper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) D:\Programme\Evernote\EvernoteTray.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) D:\Programme\Spybot - Search & Destroy 2\SDTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) D:\Programme\Evernote\Evernote.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(VMware, Inc.) d:\Programme\Vmware\x64\vmware-vmx.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(VMware, Inc.) d:\Programme\Vmware\vprintproxy.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) D:\Programme\Firefox 5\firefox.exe
(Mozilla Corporation) D:\Programme\Firefox 5\plugin-container.exe
(Adobe Systems, Incorporated) D:\Programme\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(Microsoft Corporation) C:\Windows\system32\mspaint.exe
(VMware, Inc.) D:\Programme\Vmware\vmplayer.exe
(VMware, Inc.) D:\Programme\Vmware\vmware-unity-helper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4195848 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE [x]
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKCU\...\Run: [F.lux] - C:\Users\Erik\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()
HKCU\...\Run: [Google Update] - C:\Users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-20] (Google Inc.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1174016 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [Internet Security] - C:\ProgramData\mxdefender.exe [x]
HKCU\...\Run: [DAEMON Tools Lite] - "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun [x]
MountPoints2: F - F:\setup.exe
MountPoints2: {1fd683ca-a224-11e1-b528-806e6f6e6963} - E:\Start.exe
MountPoints2: {1fd6884d-a224-11e1-b528-c86000be5c7c} - E:\pushinst.exe
MountPoints2: {e2fd3630-a220-11e1-ba61-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [413696 2008-03-28] (Apple Inc.)
HKLM-x32\...\Run: [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [2837864 2010-06-28] (AVAST Software)
HKLM-x32\...\Run: [SDTray] - "D:\Programme\Spybot - Search & Destroy 2\SDTray.exe" [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
Startup: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> D:\Programme\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
ShortcutTarget: EvernoteTray.lnk -> D:\Programme\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=3e30aa73-045d-4435-bb56-16be12d11384&searchtype=hp&installDate=01/07/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=3e30aa73-045d-4435-bb56-16be12d11384&searchtype=ds&q={searchTerms}&installDate=01/07/2013
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=3e30aa73-045d-4435-bb56-16be12d11384&searchtype=ds&q={searchTerms}&installDate=01/07/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=3e30aa73-045d-4435-bb56-16be12d11384&searchtype=ds&q={searchTerms}&installDate=01/07/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=3e30aa73-045d-4435-bb56-16be12d11384&searchtype=ds&q={searchTerms}&installDate=01/07/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=3e30aa73-045d-4435-bb56-16be12d11384&searchtype=ds&q={searchTerms}&installDate=01/07/2013
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - D:\Programme\Evernote\EvernoteIE.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default
FF user.js: detected! => C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\user.js
FF NewTab: about:blank
FF NetworkProxy: "http", "91.228.53.28"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.12.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.12.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Erik\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Erik\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: SeoQuake - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF Extension: Просмотр HTTP заголовков - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF Extension: Cookies Manager+ - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
FF Extension: firebug - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: mozrepl - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\mozrepl@hyperstruct.net.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Firefox 5\firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=3e30aa73-045d-4435-bb56-16be12d11384&searchtype=hp&installDate=01/07/2013"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Erik\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Erik\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Erik\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Google Update) - C:\Users\Erik\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Magic Actions for YouTube\u2122) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.8.6_0
CHR Extension: (SEOquake) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.16_0
CHR Extension: (Task Timer) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif\3.9.1_0
CHR Extension: (Web Developer) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.3_0
CHR Extension: (Turn Off the Lights) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.11_0
CHR Extension: (Adblock Plus) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0
CHR Extension: (YouTube\u2122 Ratings Preview) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\2.3.3_0
CHR Extension: (Alexa Traffic Rank) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\3.1_0
CHR Extension: (FlashCards) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\diejjofgldkjkhmfjagdjdodjebpglhb\2.6.8.8_0
CHR Extension: (Google Calendar) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: (SEOrch - OnPage SEO Tool) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnhfjnejkpodaoodkkmkjbpopknbaeef\0.1.12_0
CHR Extension: (PageRank Status) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\7.8_0
CHR Extension: (Ti\u00EBsto) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0
CHR Extension: (Lumosity) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffmfbhcjemfledhndnpllechagamlfp\1.1_0
CHR Extension: (Evernote Web Clipper) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.19_0
CHR Extension: (iReader) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppelffpjgkifjfgnbaaldcehkpajlmbc\1.3.0.3_0
CHR StartMenuInternet: Google Chrome - "C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe"
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
R3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
R3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-07-16] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] ()
R2 SDScannerService; D:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; D:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; D:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 VMAuthdService; d:\Programme\Vmware\vmware-authd.exe [87120 2013-02-26] (VMware, Inc.)
R2 Crypkey License; crypserv.exe [x]
S2 MySQL_ZendServer51; "D:\Programme\Zend\MySQL51\bin\mysqld" --defaults-file="D:\Programme\Zend\MySQL51\my.ini" MySQL_ZendServer51 [x]
==================== Drivers (Whitelisted) ====================
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20048 2010-06-28] (ALWIL Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [61008 2010-06-28] (ALWIL Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-06-28] (ALWIL Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [121936 2010-06-28] (ALWIL Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [51280 2010-06-28] (ALWIL Software)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-20] (DT Soft Ltd)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-07-20] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-07-20] (ManyCam LLC)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 SANDRA; \??\D:\Programme\SiSoftware Sandra Lite 2013.SP1\WNt500x64\Sandra.sys [x]
U3 pxldapog; \??\C:\Users\Erik\AppData\Local\Temp\pxldapog.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-19 10:27 - 2013-07-19 10:27 - 01778207 _____ (Farbar) C:\Users\Erik\Desktop\FRST64.exe
2013-07-19 10:25 - 2013-07-19 10:25 - 00000000 ____D C:\FRST
2013-07-19 07:31 - 2013-07-19 07:31 - 00000342 _____ C:\Users\Erik\Desktop\defogger_enable.log
2013-07-19 07:02 - 2013-07-19 07:02 - 00377856 _____ C:\Users\Erik\Desktop\gmer_2.1.19163.exe
2013-07-19 06:55 - 2013-07-19 06:59 - 00145604 _____ C:\Users\Erik\Desktop\OTL.Txt
2013-07-19 06:49 - 2013-07-19 06:49 - 00602112 _____ (OldTimer Tools) C:\Users\Erik\Desktop\OTL.exe
2013-07-19 06:47 - 2013-07-19 06:48 - 00000470 _____ C:\Users\Erik\Desktop\defogger_disable.log
2013-07-19 06:47 - 2013-07-19 06:47 - 00050477 _____ C:\Users\Erik\Desktop\Defogger.exe
2013-07-17 15:40 - 2013-07-17 15:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-17 15:40 - 2013-07-17 15:40 - 00000986 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-17 15:40 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-07-17 15:37 - 2013-07-17 15:38 - 36271144 _____ (Safer-Networking Ltd. ) C:\Users\Erik\Desktop\spybot-2.1.exe
2013-07-16 22:01 - 2013-07-16 22:01 - 00000132 _____ C:\Users\Erik\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-07-16 19:31 - 2013-07-16 19:44 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-16 19:31 - 2013-07-16 19:32 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-16 19:31 - 2013-07-16 19:31 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-07-16 15:56 - 2013-07-16 15:56 - 00001852 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-16 15:56 - 2010-06-28 22:57 - 00038848 _____ (ALWIL Software) C:\Windows\avastSS.scr
2013-07-16 15:56 - 2010-06-28 22:37 - 00121936 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-16 15:56 - 2010-06-28 22:37 - 00051280 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-16 15:56 - 2010-06-28 22:33 - 00061008 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-16 15:56 - 2010-06-28 22:33 - 00028752 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-07-16 15:56 - 2010-06-28 22:32 - 00020048 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-16 13:59 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-16 02:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-16 02:37 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-16 02:37 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-16 02:37 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-16 02:37 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-16 02:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-16 02:37 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-16 02:37 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-16 02:37 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-15 16:44 - 2013-07-15 16:44 - 02897123 _____ C:\Users\Erik\Downloads\Slides-SlidesJS-3.zip
2013-07-15 13:59 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-15 13:59 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-15 13:59 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-15 13:59 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-15 13:57 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-15 13:57 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-15 13:52 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-07-14 11:36 - 2013-07-14 11:37 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 23:10 - 2013-07-10 23:10 - 00001167 _____ C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-07-10 23:10 - 2013-07-10 23:10 - 00000000 ____D C:\Users\Erik\AppData\Roaming\FreeFLVConverter
2013-07-10 23:10 - 2013-07-10 23:10 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-07-10 23:10 - 2013-07-01 11:53 - 00397312 _____ (Koyote-Lab Inc) C:\Windows\SysWOW64\TubeFinder.exe
2013-07-10 23:10 - 2011-09-28 10:18 - 00364544 _____ C:\Windows\SysWOW64\PropertyGrid.ocx
2013-07-10 23:10 - 2011-09-28 10:18 - 00208500 _____ C:\Windows\SysWOW64\ReyXpBasics.tlb
2013-07-10 23:10 - 2011-09-28 10:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
2013-07-10 23:10 - 2011-09-28 10:18 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
2013-07-10 23:10 - 2011-09-28 10:18 - 00084512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PICCLP32.OCX
2013-07-10 23:10 - 2011-09-28 10:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
2013-07-10 23:10 - 2011-09-28 10:18 - 00024576 _____ C:\Windows\SysWOW64\ControlSubX.ocx
2013-07-10 23:10 - 2011-09-28 10:18 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCCLPFR.DLL
2013-07-10 23:09 - 2013-07-10 23:09 - 00804552 _____ (Koyote-Lab Inc.) C:\Users\Erik\Downloads\FreeFLVConverter75Setup.exe
2013-07-08 13:44 - 2013-07-08 13:44 - 01119679 _____ C:\Users\Erik\Downloads\soft_grunge_patterns_free.zip
2013-07-08 13:35 - 2013-07-08 13:36 - 09297306 _____ C:\Users\Erik\Downloads\398-function_subtle_grunge_2.zip
2013-07-08 13:13 - 2013-07-08 13:13 - 03306019 _____ C:\Users\Erik\Downloads\elegantmediaicons.zip
2013-07-08 13:13 - 2010-04-08 12:02 - 00000000 ____D C:\Users\Erik\Desktop\PSD
2013-07-07 19:30 - 2013-07-07 19:30 - 42569291 _____ C:\Users\Erik\Downloads\studies_in_plant_form_by_remittancegirl-d4628vc.abr
2013-07-07 14:45 - 2013-07-07 14:45 - 02787484 _____ C:\Users\Erik\Downloads\vintage_grunge_brushes_by_alex16.abr
2013-07-07 14:36 - 2013-07-07 14:36 - 17446304 _____ C:\Users\Erik\Downloads\old_print_paper_abr.zip
2013-07-07 14:04 - 2013-07-07 14:04 - 10018510 _____ C:\Users\Erik\Downloads\Postage_Photoshop_Brushes_by_redheadstock.zip
2013-07-06 22:00 - 2013-07-06 22:02 - 00000030 _____ C:\Users\Erik\Desktop\antivir.au3
2013-07-06 21:45 - 2013-07-06 21:52 - 00000031 _____ C:\Users\Erik\AppData\Roaming\mbam.context.scan
2013-07-02 23:19 - 2013-07-02 23:59 - 49979268 _____ C:\Users\Erik\Downloads\Fold.0842X.zip
2013-07-02 23:18 - 2013-07-02 23:18 - 00293832 _____ (StarApp) C:\Users\Erik\Downloads\Above the Fold - Understanding the Principles of Successful Web Site Design.exe
2013-07-02 12:35 - 2013-07-06 16:27 - 00000000 ____D C:\Users\Erik\Desktop\toread
2013-07-01 23:50 - 2013-07-01 23:50 - 00016488 _____ C:\Users\Erik\Desktop\the-magic-of-thinking-big-david-j-schwartz.pdf - Verknüpfung.lnk
2013-07-01 23:49 - 2013-07-01 23:49 - 00001545 _____ C:\Users\Erik\Desktop\The_4-Hour_Workweek_Escape_9_5 expanded and updated.pdf - Verknüpfung.lnk
2013-07-01 23:31 - 2013-07-01 23:31 - 00002873 _____ C:\Users\Erik\Downloads\[isoHunt] The Miracle of Mindfulness (7Summits).torrent
2013-07-01 16:03 - 2013-07-01 16:03 - 00000000 ____D C:\Users\Erik\AppData\Local\Harmony_Hollow_Software
2013-07-01 15:58 - 2013-07-01 15:58 - 00000000 ____D C:\Users\Erik\AppData\Local\CTSounds
2013-07-01 15:58 - 2013-07-01 15:58 - 00000000 ____D C:\Program Files (x86)\Cool Timer
2013-07-01 15:55 - 2013-07-01 15:55 - 00892040 _____ (CNET Download.com) C:\Users\Erik\Downloads\cbsidlm-cbsi118-Cool_Timer-SEO-10062255.exe
2013-07-01 15:51 - 2013-07-01 15:51 - 01985112 _____ (Comfort Software Group ) C:\Users\Erik\Downloads\FreeCountdownTimerSetup.exe
2013-06-28 14:25 - 2013-06-28 14:25 - 00068664 _____ C:\Users\Erik\Downloads\B00458LJ12
2013-06-26 18:12 - 2013-06-26 18:12 - 00000002 _____ C:\Users\Erik\Desktop\piano lessons.txt
2013-06-26 01:41 - 2013-06-26 01:41 - 00001322 _____ C:\Users\Erik\Desktop\ebook - Neil Strauss - Rules of the Game.pdf - Verknüpfung.lnk
2013-06-25 03:33 - 2013-06-25 03:33 - 00000129 _____ C:\Users\Erik\Desktop\ss.txt
==================== One Month Modified Files and Folders =======
2013-07-19 10:27 - 2013-07-19 10:27 - 01778207 _____ (Farbar) C:\Users\Erik\Desktop\FRST64.exe
2013-07-19 10:25 - 2013-07-19 10:25 - 00000000 ____D C:\FRST
2013-07-19 10:24 - 2013-06-15 11:01 - 00000000 ____D C:\Users\Erik\AppData\Roaming\VMware
2013-07-19 10:24 - 2013-06-15 11:01 - 00000000 ____D C:\Users\Erik\AppData\Local\VMware
2013-07-19 09:46 - 2012-05-20 00:20 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000UA.job
2013-07-19 08:10 - 2013-01-01 20:49 - 00000000 ____D C:\Users\Erik\Documents\Outlook Files
2013-07-19 07:31 - 2013-07-19 07:31 - 00000342 _____ C:\Users\Erik\Desktop\defogger_enable.log
2013-07-19 07:31 - 2012-05-20 04:16 - 00000000 ____D C:\Users\Erik
2013-07-19 07:02 - 2013-07-19 07:02 - 00377856 _____ C:\Users\Erik\Desktop\gmer_2.1.19163.exe
2013-07-19 06:59 - 2013-07-19 06:55 - 00145604 _____ C:\Users\Erik\Desktop\OTL.Txt
2013-07-19 06:49 - 2013-07-19 06:49 - 00602112 _____ (OldTimer Tools) C:\Users\Erik\Desktop\OTL.exe
2013-07-19 06:48 - 2013-07-19 06:47 - 00000470 _____ C:\Users\Erik\Desktop\defogger_disable.log
2013-07-19 06:47 - 2013-07-19 06:47 - 00050477 _____ C:\Users\Erik\Desktop\Defogger.exe
2013-07-19 06:34 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-19 06:34 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-19 06:33 - 2011-04-12 09:43 - 00702458 _____ C:\Windows\system32\perfh007.dat
2013-07-19 06:33 - 2011-04-12 09:43 - 00150220 _____ C:\Windows\system32\perfc007.dat
2013-07-19 06:33 - 2009-07-14 07:13 - 01629510 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-19 06:31 - 2012-05-20 04:16 - 01758296 _____ C:\Windows\WindowsUpdate.log
2013-07-19 06:27 - 2013-06-15 10:57 - 00000000 ____D C:\ProgramData\VMware
2013-07-19 06:27 - 2013-04-01 08:38 - 00017360 _____ C:\Windows\error.log
2013-07-19 06:27 - 2013-04-01 08:38 - 00005265 _____ C:\Windows\errord.log
2013-07-19 06:27 - 2013-01-09 16:11 - 00494026 _____ C:\Windows\PFRO.log
2013-07-19 06:27 - 2013-01-09 15:32 - 00076270 _____ C:\Windows\setupact.log
2013-07-19 06:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-19 06:08 - 2012-05-20 00:52 - 00000000 ____D C:\Users\Erik\AppData\Roaming\uTorrent
2013-07-18 18:53 - 2012-10-14 11:11 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{70A85A1B-57FD-4E00-A63B-5D0C2FAEADD1}
2013-07-18 15:56 - 2013-03-18 20:09 - 00001456 _____ C:\Users\Erik\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-07-18 14:46 - 2012-05-20 00:20 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000Core.job
2013-07-18 06:55 - 2009-07-14 06:45 - 05069368 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-17 15:55 - 2013-07-17 15:40 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-17 15:40 - 2013-07-17 15:40 - 00000986 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-07-17 15:40 - 2012-05-30 18:16 - 00000000 ____D C:\Users\Erik\AppData\Roaming\FileZilla
2013-07-17 15:38 - 2013-07-17 15:37 - 36271144 _____ (Safer-Networking Ltd. ) C:\Users\Erik\Desktop\spybot-2.1.exe
2013-07-17 05:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-17 05:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-07-17 05:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-17 05:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 02:29 - 2013-04-01 16:01 - 00000000 ____D C:\Program Files (x86)\AmoK
2013-07-17 02:23 - 2012-12-04 17:11 - 00000000 ____D C:\ProgramData\Orbit
2013-07-17 02:23 - 2012-05-20 12:44 - 00000000 ____D C:\Users\Erik\Documents\My Games
2013-07-16 22:01 - 2013-07-16 22:01 - 00000132 _____ C:\Users\Erik\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-07-16 19:44 - 2013-07-16 19:31 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-16 19:44 - 2012-12-04 17:12 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-16 19:32 - 2013-07-16 19:31 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-16 19:31 - 2013-07-16 19:31 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-07-16 16:42 - 2012-09-21 19:52 - 00000000 ____D C:\Users\Erik\Documents\Youcam
2013-07-16 16:04 - 2013-06-04 12:35 - 00054156 ____H C:\Windows\QTFont.qfn
2013-07-16 16:03 - 2012-05-21 13:09 - 00000000 ____D C:\Users\Erik\AppData\Roaming\vlc
2013-07-16 15:56 - 2013-07-16 15:56 - 00001852 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-16 15:56 - 2013-05-26 08:15 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-16 13:54 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-16 02:40 - 2012-05-23 22:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-16 02:38 - 2012-10-19 18:42 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-15 16:44 - 2013-07-15 16:44 - 02897123 _____ C:\Users\Erik\Downloads\Slides-SlidesJS-3.zip
2013-07-15 14:41 - 2012-05-20 00:20 - 00004088 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000UA
2013-07-15 14:41 - 2012-05-20 00:20 - 00003692 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000Core
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-15 13:47 - 2013-01-10 17:24 - 00000000 ____D C:\Users\Erik\Desktop\ebooks
2013-07-15 13:47 - 2012-05-20 00:21 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-07-15 13:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-07-15 13:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-07-15 13:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-15 13:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-15 13:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-15 13:47 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Windows NT
2013-07-15 13:47 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-14 11:37 - 2013-07-14 11:36 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 23:10 - 2013-07-10 23:10 - 00001167 _____ C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-07-10 23:10 - 2013-07-10 23:10 - 00000000 ____D C:\Users\Erik\AppData\Roaming\FreeFLVConverter
2013-07-10 23:10 - 2013-07-10 23:10 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-07-10 23:09 - 2013-07-10 23:09 - 00804552 _____ (Koyote-Lab Inc.) C:\Users\Erik\Downloads\FreeFLVConverter75Setup.exe
2013-07-08 13:44 - 2013-07-08 13:44 - 01119679 _____ C:\Users\Erik\Downloads\soft_grunge_patterns_free.zip
2013-07-08 13:36 - 2013-07-08 13:35 - 09297306 _____ C:\Users\Erik\Downloads\398-function_subtle_grunge_2.zip
2013-07-08 13:13 - 2013-07-08 13:13 - 03306019 _____ C:\Users\Erik\Downloads\elegantmediaicons.zip
2013-07-07 19:30 - 2013-07-07 19:30 - 42569291 _____ C:\Users\Erik\Downloads\studies_in_plant_form_by_remittancegirl-d4628vc.abr
2013-07-07 14:45 - 2013-07-07 14:45 - 02787484 _____ C:\Users\Erik\Downloads\vintage_grunge_brushes_by_alex16.abr
2013-07-07 14:36 - 2013-07-07 14:36 - 17446304 _____ C:\Users\Erik\Downloads\old_print_paper_abr.zip
2013-07-07 14:04 - 2013-07-07 14:04 - 10018510 _____ C:\Users\Erik\Downloads\Postage_Photoshop_Brushes_by_redheadstock.zip
2013-07-06 22:14 - 2012-10-19 12:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-06 22:08 - 2012-06-06 16:33 - 00000000 ____D C:\Windows\Minidump
2013-07-06 22:04 - 2012-05-20 10:53 - 00000631 _____ C:\Users\Erik\SciTE.session
2013-07-06 22:02 - 2013-07-06 22:00 - 00000030 _____ C:\Users\Erik\Desktop\antivir.au3
2013-07-06 21:52 - 2013-07-06 21:45 - 00000031 _____ C:\Users\Erik\AppData\Roaming\mbam.context.scan
2013-07-06 16:27 - 2013-07-02 12:35 - 00000000 ____D C:\Users\Erik\Desktop\toread
2013-07-02 23:59 - 2013-07-02 23:19 - 49979268 _____ C:\Users\Erik\Downloads\Fold.0842X.zip
2013-07-02 23:18 - 2013-07-02 23:18 - 00293832 _____ (StarApp) C:\Users\Erik\Downloads\Above the Fold - Understanding the Principles of Successful Web Site Design.exe
2013-07-01 23:50 - 2013-07-01 23:50 - 00016488 _____ C:\Users\Erik\Desktop\the-magic-of-thinking-big-david-j-schwartz.pdf - Verknüpfung.lnk
2013-07-01 23:49 - 2013-07-01 23:49 - 00001545 _____ C:\Users\Erik\Desktop\The_4-Hour_Workweek_Escape_9_5 expanded and updated.pdf - Verknüpfung.lnk
2013-07-01 23:31 - 2013-07-01 23:31 - 00002873 _____ C:\Users\Erik\Downloads\[isoHunt] The Miracle of Mindfulness (7Summits).torrent
2013-07-01 16:03 - 2013-07-01 16:03 - 00000000 ____D C:\Users\Erik\AppData\Local\Harmony_Hollow_Software
2013-07-01 15:58 - 2013-07-01 15:58 - 00000000 ____D C:\Users\Erik\AppData\Local\CTSounds
2013-07-01 15:58 - 2013-07-01 15:58 - 00000000 ____D C:\Program Files (x86)\Cool Timer
2013-07-01 15:58 - 2012-05-20 04:33 - 00125248 _____ C:\Users\Erik\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-01 15:55 - 2013-07-01 15:55 - 00892040 _____ (CNET Download.com) C:\Users\Erik\Downloads\cbsidlm-cbsi118-Cool_Timer-SEO-10062255.exe
2013-07-01 15:51 - 2013-07-01 15:51 - 01985112 _____ (Comfort Software Group ) C:\Users\Erik\Downloads\FreeCountdownTimerSetup.exe
2013-07-01 11:53 - 2013-07-10 23:10 - 00397312 _____ (Koyote-Lab Inc) C:\Windows\SysWOW64\TubeFinder.exe
2013-06-28 14:25 - 2013-06-28 14:25 - 00068664 _____ C:\Users\Erik\Downloads\B00458LJ12
2013-06-26 18:12 - 2013-06-26 18:12 - 00000002 _____ C:\Users\Erik\Desktop\piano lessons.txt
2013-06-26 01:41 - 2013-06-26 01:41 - 00001322 _____ C:\Users\Erik\Desktop\ebook - Neil Strauss - Rules of the Game.pdf - Verknüpfung.lnk
2013-06-25 03:33 - 2013-06-25 03:33 - 00000129 _____ C:\Users\Erik\Desktop\ss.txt
2013-06-19 18:24 - 2013-06-18 21:33 - 00000000 ____D C:\Users\Erik\Desktop\keywords
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 00:54
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2013 Ran by Erik at 2013-07-19 10:26:52 Running from C:\Users\Erik\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= µTorrent (x32 Version: 3.3.0.29625) ACD/Labs Software in D:\Programme\ChemSketch\ (x32 Version: v12.00, FREE) ActivePerl 5.16.3 Build 1603 (64-bit) (Version: 5.16.1603) Adobe AIR (x32 Version: 3.1.0.4880) Adobe Dreamweaver CS6 (x32 Version: 12) Adobe Flash Player 11 Plugin (x32 Version: 11.2.202.235) Adobe Help Manager (x32 Version: 4.0.244) Adobe Photoshop CS6 (x32 Version: 13.0) Adobe Shockwave Player (x32 Version: 11.0) Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635) Adobe Widget Browser (x32 Version: 2.0 Build 348) Adobe Widget Browser (x32 Version: 2.0.348) Age of Empires III - The Asian Dynasties (x32 Version: 1.00.0000) Age of Empires III - The WarChiefs (x32 Version: 1.00.0000) Age of Empires III (x32 Version: 1.00.0000) Amazon Send to Kindle (x32 Version: 1.0.0.192) AMD Accelerated Video Transcoding (Version: 12.10.100.30328) AMD APP SDK Runtime (Version: 10.0.1084.4) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.80328.2204) Angel's Vox 1.5 (x32 Version: 1.5) Apple Application Support (x32 Version: 2.3.2) Apple Mobile Device Support (Version: 6.0.1.3) Apple Software Update (x32 Version: 2.1.3.127) Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.14.3.0) Asmedia ASM106x SATA Host Controller Driver (x32 Version: 1.3.4.000) Audacity 2.0.2 (x32 Version: 2.0.2) Auslogics Disk Defrag (x32 Version: 3.6) AutoIt v3.3.8.1 (x32) AVM FRITZ!WLAN (x32) be Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235) Black Hat Ninjas - ScrapeBox 1.12.20 Nulled (x32 Version: 1.12.20.0) calibre (x32 Version: 0.9.13) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center (x32 Version: 2013.0328.2218.38225) Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225) Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225) CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225) CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225) CCC Help Czech (x32 Version: 2013.0328.2217.38225) CCC Help Danish (x32 Version: 2013.0328.2217.38225) CCC Help Dutch (x32 Version: 2013.0328.2217.38225) CCC Help English (x32 Version: 2013.0328.2217.38225) CCC Help Finnish (x32 Version: 2013.0328.2217.38225) CCC Help French (x32 Version: 2013.0328.2217.38225) CCC Help German (x32 Version: 2013.0328.2217.38225) CCC Help Greek (x32 Version: 2013.0328.2217.38225) CCC Help Hungarian (x32 Version: 2013.0328.2217.38225) CCC Help Italian (x32 Version: 2013.0328.2217.38225) CCC Help Japanese (x32 Version: 2013.0328.2217.38225) CCC Help Korean (x32 Version: 2013.0328.2217.38225) CCC Help Norwegian (x32 Version: 2013.0328.2217.38225) CCC Help Polish (x32 Version: 2013.0328.2217.38225) CCC Help Portuguese (x32 Version: 2013.0328.2217.38225) CCC Help Russian (x32 Version: 2013.0328.2217.38225) CCC Help Spanish (x32 Version: 2013.0328.2217.38225) CCC Help Swedish (x32 Version: 2013.0328.2217.38225) CCC Help Thai (x32 Version: 2013.0328.2217.38225) CCC Help Turkish (x32 Version: 2013.0328.2217.38225) ccc-utility64 (Version: 2013.0328.2218.38225) CCleaner (Version: 3.23) Cool Timer 4.9.3 (x32) DAEMON Tools Lite (x32 Version: 4.45.4.0314) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Dev-C++ 5 beta 9 release (4.9.9.2) (x32) Diablo III (x32 Version: 1.0.8.16603) DivX-Setup (x32 Version: 2.6.1.8) ElsterFormular (x32 Version: 14.0.0.10899) erLT (x32 Version: 1.20.0137) EverestPoker.com (x32) Evernote v. 4.6.4 (x32 Version: 4.6.4.8136) eyeQ (x32) F.lux (HKCU) FileZilla Client 3.5.3 (x32 Version: 3.5.3) Free FLV Converter V 7.6.0 (x32 Version: 7.6.0.0) Free YouTube Download version 3.2.0.128 (x32 Version: 3.2.0.128) GeoGebra (x32 Version: 4.0.41.0) GIMP 2.8.0 (Version: 2.8.0) Google Chrome (HKCU Version: 28.0.1500.72) Gothic (x32) iCloud (Version: 2.1.1.3) ICQ7M (x32 Version: 7.8) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 8.0.1.1399) Intel(R) Network Connections 16.6.126.0 (Version: 16.6.126.0) Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032) Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.1.209) Intel® Trusted Connect Service Client (Version: 1.23.219.2) iTunes (Version: 11.0.1.12) Java 7 Update 12 (64-bit) (Version: 7.0.120) Java 7 Update 9 (x32 Version: 7.0.90) Java Auto Updater (x32 Version: 2.1.9.0) JDownloader 0.9 (x32 Version: 0.9) JGsoft RegexBuddy 3 v.3.2.1 (x32 Version: v.3.2.1) LG Burning Tool (x32 Version: 6.2.6009) LG CyberLink BD Advisor (x32 Version: 2.0.4606) LG CyberLink LabelPrint (x32 Version: 2.5.3624) LG CyberLink Media Suite (x32 Version: 8.0.2820) LG CyberLink MediaEspresso (x32 Version: 6.5.1622_37397b) LG CyberLink MediaShow (x32 Version: 4.1.3402) LG CyberLink PowerDVD (x32 Version: 10.0.3424.52) LG CyberLink PowerProducer (x32 Version: 5.0.2.2820a) LG CyberLink YouCam (x32 Version: 2.0.3718) LG Tool Kit (x32 Version: 10.01.0712.01) LightScribe System Software (x32 Version: 1.18.22.2) Logitech GamePanel Software 3.03.133 (Version: 3.03.133) Logitech SetPoint 5.20 (Version: 5.20) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MartView (x32 Version: 2.52) Mavis Beacon Teaches Typing Platinum 20 (x32 Version: 20.00.0000) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0) Microsoft Math (x32 Version: 2007) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office ScreenTip Language 2010 - Deutsch (x32 Version: 14.0.4763.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0) Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Mozilla Firefox 5.0.1 (x86 de) (x32 Version: 5.0.1) Mozilla Maintenance Service (x32 Version: 17.0.2) Mozilla Thunderbird 17.0.2 (x86 de) (x32 Version: 17.0.2) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MySQL Server 5.1 (x32 Version: 5.1.50) Notepad++ (x32 Version: 6.1.2) Nur Entfernen der CopyTrans Suite möglich (HKCU Version: 2.37) NVIDIA PhysX (x32 Version: 9.11.1111) PDF Settings CS6 (x32 Version: 11.0) PDF-Viewer (Version: 2.5.207.0) PDF-XChange 3 Perfekt tippen 3.0.1 (x32 Version: 3.0.1) QuickTime (x32 Version: 7.4.5.67) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6543) RealWorld Cursor Editor (x32 Version: 12.1.0) Reason 5.0 (x32 Version: 5.0) Resident Evil: Operation Raccoon City (x32 Version: 1.0.0.0) Revo Uninstaller 1.94 (x32 Version: 1.94) Rockstar Games Social Club (x32 Version: 1.0.9.5) Rosetta Stone Version 3 (x32 Version: 3.4.5.0) Rosetta Stone Version 3 (x32 Version: 3.4.7.0) Safari (x32 Version: 5.34.57.2) SciTE4AutoIt3 6/10/2012 (x32 Version: 6/10/2012) Shutdown Timer (Version: 3.3.4) Spybot - Search & Destroy (x32 Version: 2.1.19) Stellar Phoenix NTFS Data Recovery V4.1 (x32) swMSM (x32 Version: 12.0.0.1) TeamSpeak 3 Client (x32 Version: 3.0.6) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553092) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0) VLC media player 2.0.2 (x32 Version: 2.0.2) VMware Player (Version: 5.0.2) VMware Player (x32 Version: 5.0.2) Windows Live ID Sign-in Assistant (Version: 6.500.3165.0) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) WinRAR 4.11 (64-bit) (Version: 4.11.0) XAMPP 1.8.1 (x32) XMind 2012 (v3.3.1) (x32 Version: 3.3.1.201212250029) ==================== Restore Points ========================= 16-07-2013 13:49:52 Revo Uninstaller's restore point - avast! Free Antivirus 16-07-2013 13:52:26 avast! Free Antivirus Setup 16-07-2013 13:56:15 avast! Free Antivirus Setup 17-07-2013 00:27:48 Phase 5 HTML-Editor wird entfernt 17-07-2013 00:29:36 Removed Paint.NET v3.5.10 17-07-2013 00:31:52 Removed Buzan's iMindMap V4.1 17-07-2013 01:00:10 Windows Update 18-07-2013 01:00:10 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {13203D5A-92F8-4225-B0B0-1E1F52800B62} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000UA => C:\Users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20] (Google Inc.) Task: {1AB5BCC1-6571-4546-BD00-27E1DA0CB520} - System32\Tasks\{038E6E54-C490-46B3-9699-D72F974C1F81} => C:\Users\Erik\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe [2013-03-25] (WindSolutions) Task: {34CFC3B8-9AF7-46B4-A15D-457076A112BC} - System32\Tasks\{21711AFE-42C4-464E-B048-25854321CCCD} => C:\Users\Erik\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe [2013-03-25] (WindSolutions) Task: {3AABB975-00AE-472C-9CDB-5B97932D7A82} - System32\Tasks\{54D8A23A-49F5-4371-B525-B3817C9ACC99} => C:\Users\Erik\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe [2013-03-25] (WindSolutions) Task: {4B08D0DE-C260-4667-A0EF-085BF9673B6E} - System32\Tasks\{95333CD9-3F49-4342-96B0-ECA048AB59A3} => C:\Users\Erik\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe [2013-03-25] (WindSolutions) Task: {605853BD-2EA1-4EB1-A12E-50682E47D534} - System32\Tasks\{F8CC3232-3FC0-4691-9598-E602C9BEEEB1} => C:\Users\Erik\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe [2013-03-25] (WindSolutions) Task: {68EECD9A-FA2B-4B1E-92E6-5DB29E049A93} - System32\Tasks\{616102AB-5F0A-4D5A-92CA-60B7DB1CA524} => C:\Users\Erik\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe [2013-03-25] (WindSolutions) Task: {7D92E11A-537E-4F2F-B8C7-9117B75C9BEB} - System32\Tasks\User_Feed_Synchronization-{70A85A1B-57FD-4E00-A63B-5D0C2FAEADD1} => C:\Windows\system32\msfeedssync.exe [2013-04-30] (Microsoft Corporation) Task: {83DB0C7D-9746-426C-9CB2-37554EDD1FA5} - System32\Tasks\{04150A8C-8FF3-496F-915D-ABEA709B0856} => C:\Users\Erik\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe [2013-03-25] (WindSolutions) Task: {A338E2FC-06EB-4C58-B409-D7D50EC1B436} - System32\Tasks\{907FE359-8E83-488F-868C-77C40C16BD67} => C:\Users\Erik\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe [2013-03-25] (WindSolutions) Task: {B8BC143D-D846-408C-AABB-D390B35D9B40} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000Core => C:\Users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20] (Google Inc.) Task: {C22E7305-6909-44AF-86DA-4771C2B5B7A3} - System32\Tasks\{154D8933-591B-4A59-BEB9-F284A7C7B709} => C:\Spiele\Sleeping Dogs\HKShip.exe No File Task: {CE0ED472-D605-45F1-9846-D5E45396DE1A} - System32\Tasks\{52E02BAE-AC47-47CE-B547-93773C3911BE} => C:\Spiele\Sleeping Dogs\HKShip.exe No File Task: {D6A39FCE-9551-48AE-8A10-6FDFE6437E7E} - System32\Tasks\{C0D2D3C1-8CA4-46BC-9FA5-D5CF23776C3D} => C:\Users\Erik\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe [2013-03-25] (WindSolutions) Task: {E1C033D8-2019-4173-A61B-8B0AC68BDAEC} - System32\Tasks\{F3ECC2E2-AC16-4306-9977-25F900AC95E9} => C:\Spiele\Sleeping Dogs\HKShip.exe No File Task: {F44A79C9-519D-4928-990B-7668F8862873} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation) Task: {FBCA5D99-5A36-4412-9AB0-84545CB667A8} - System32\Tasks\{F1D635B5-E033-4804-8E92-60CD5BBD2BEE} => C:\Users\Erik\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe [2013-03-25] (WindSolutions) Task: {FE63E99A-627D-421A-B2CE-9DE9B1121E2B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd) Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000Core.job => C:\Users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000UA.job => C:\Users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/19/2013 07:06:57 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0 Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000218a ID des fehlerhaften Prozesses: 0xb1c Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0 Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1 Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2 Berichtskennung: gmer_2.1.19163.exe3 Error: (07/19/2013 07:05:49 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0 Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000218a ID des fehlerhaften Prozesses: 0xa88 Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0 Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1 Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2 Berichtskennung: gmer_2.1.19163.exe3 Error: (07/19/2013 06:27:52 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/19/2013 06:27:51 AM) (Source: MySQL) (User: ) Description: Aborting For more information, see Help and Support Center at hxxp://www.mysql.com. Error: (07/19/2013 06:27:51 AM) (Source: MySQL) (User: ) Description: Plugin 'InnoDB' registration as a STORAGE ENGINE failed. For more information, see Help and Support Center at hxxp://www.mysql.com. Error: (07/19/2013 06:27:51 AM) (Source: MySQL) (User: ) Description: Plugin 'InnoDB' init function returned error. For more information, see Help and Support Center at hxxp://www.mysql.com. Error: (07/19/2013 06:27:51 AM) (Source: MySQL) (User: ) Description: Can't find messagefile 'D:\Programme\Zend\MySQL51\share\english\errmsg.sys' For more information, see Help and Support Center at hxxp://www.mysql.com. Error: (07/19/2013 05:59:18 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/19/2013 05:59:16 AM) (Source: MySQL) (User: ) Description: Aborting For more information, see Help and Support Center at hxxp://www.mysql.com. Error: (07/19/2013 05:59:16 AM) (Source: MySQL) (User: ) Description: Plugin 'InnoDB' registration as a STORAGE ENGINE failed. For more information, see Help and Support Center at hxxp://www.mysql.com. System errors: ============= Error: (07/19/2013 06:27:54 AM) (Source: Service Control Manager) (User: ) Description: Dienst "MySQL_ZendServer51" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/19/2013 05:59:19 AM) (Source: Service Control Manager) (User: ) Description: Dienst "MySQL_ZendServer51" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/18/2013 06:55:24 AM) (Source: Service Control Manager) (User: ) Description: Dienst "MySQL_ZendServer51" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/17/2013 11:56:55 AM) (Source: Service Control Manager) (User: ) Description: Dienst "MySQL_ZendServer51" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/17/2013 03:01:18 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070bc9 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2850851) Error: (07/16/2013 03:54:24 PM) (Source: Service Control Manager) (User: ) Description: Dienst "MySQL_ZendServer51" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/16/2013 01:55:01 PM) (Source: Service Control Manager) (User: ) Description: Dienst "MySQL_ZendServer51" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/15/2013 01:55:00 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/15/2013 01:52:58 PM) (Source: Service Control Manager) (User: ) Description: Dienst "MySQL_ZendServer51" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/15/2013 01:52:55 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "avast! Antivirus" wurde nicht richtig gestartet. Microsoft Office Sessions: ========================= Error: (07/19/2013 07:06:57 AM) (Source: Application Error)(User: ) Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c00000050000218ab1c01ce843db27cdb29C:\Users\Erik\Desktop\gmer_2.1.19163.exeC:\Users\Erik\Desktop\gmer_2.1.19163.exe08a7eae3-f031-11e2-9f80-bc05430d9172 Error: (07/19/2013 07:05:49 AM) (Source: Application Error)(User: ) Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c00000050000218aa8801ce843d824db0baC:\Users\Erik\Desktop\gmer_2.1.19163.exeC:\Users\Erik\Desktop\gmer_2.1.19163.exee066a999-f030-11e2-9f80-bc05430d9172 Error: (07/19/2013 06:27:52 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/19/2013 06:27:51 AM) (Source: MySQL)(User: ) Description: Aborting Error: (07/19/2013 06:27:51 AM) (Source: MySQL)(User: ) Description: Plugin 'InnoDB' registration as a STORAGE ENGINE failed. Error: (07/19/2013 06:27:51 AM) (Source: MySQL)(User: ) Description: Plugin 'InnoDB' init function returned error. Error: (07/19/2013 06:27:51 AM) (Source: MySQL)(User: ) Description: Can't find messagefile 'D:\Programme\Zend\MySQL51\share\english\errmsg.sys' Error: (07/19/2013 05:59:18 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/19/2013 05:59:16 AM) (Source: MySQL)(User: ) Description: Aborting Error: (07/19/2013 05:59:16 AM) (Source: MySQL)(User: ) Description: Plugin 'InnoDB' registration as a STORAGE ENGINE failed. CodeIntegrity Errors: =================================== Date: 2013-07-19 10:23:24.143 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-19 09:18:44.342 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-19 09:01:11.357 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-19 08:54:36.694 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-19 08:11:15.179 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-19 06:58:58.155 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-19 06:27:53.569 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-19 05:59:18.676 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-18 20:47:42.951 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-07-18 14:18:37.084 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\System32\sxs.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 94% Total physical RAM: 8147.2 MB Available physical RAM: 470.36 MB Total Pagefile: 16292.57 MB Available Pagefile: 6136.27 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.02 GB) (Free:55.78 GB) NTFS (Disk=1 Partition=3) Drive d: (Volume) (Fixed) (Total:931.39 GB) (Free:678.77 GB) NTFS (Disk=0 Partition=2) Drive e: (080722_1806_Ph_S) (CDROM) (Total:1.3 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 00000000) Partition: GPT Partition Type ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 00000000) Partition: GPT Partition Type ==================== End Of Log ============================ |
|
19.07.2013, 10:45
| #4 | |
| /// the machine /// TB-Ausbilder | Internet - Fehler beim Virenscan & langsame Verbindung (?)Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.07.2013, 14:22
| #5 |
| | Internet - Fehler beim Virenscan & langsame Verbindung (?) hallo, das programm hängt sich nach dem neustart auf, bzw erstellt die logfiles nicht.  |
|
19.07.2013, 14:24
| #6 |
| /// the machine /// TB-Ausbilder | Internet - Fehler beim Virenscan & langsame Verbindung (?) Wie lang haste gewartet? Schau mal ob Du nach Reboot das Log findest unter C:\Combofix.txt.
__________________ --> Internet - Fehler beim Virenscan & langsame Verbindung (?) |
|
19.07.2013, 14:33
| #7 |
| | Internet - Fehler beim Virenscan & langsame Verbindung (?) circa eine stunde, logfile ist nicht da. |
|
19.07.2013, 15:30
| #8 |
| /// the machine /// TB-Ausbilder | Internet - Fehler beim Virenscan & langsame Verbindung (?) Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte. Ich schau mir das dann anders an.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.07.2013, 16:05
| #9 |
| | Internet - Fehler beim Virenscan & langsame Verbindung (?) hi, so hier nochmal die logfiles AdwCleaner Code:
ATTFilter # AdwCleaner v2.305 - Datei am 19/07/2013 um 16:54:00 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Erik - LIAN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Erik\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Ordner Gelöscht : C:\Users\Erik\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Erik\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\Erik\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Erik\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Erik\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v5.0.1 (de)
Datei : C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\prefs.js
C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.wajam.affiliate_id", "6447");
Gelöscht : user_pref("extensions.wajam.firstrun", "false");
Gelöscht : user_pref("extensions.wajam.log_send_info", "false");
Gelöscht : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21083\",\"supported_sites\":{\[...]
Gelöscht : user_pref("extensions.wajam.no_trace", "false");
Gelöscht : user_pref("extensions.wajam.server_current_mapping_version", "0.21083");
Gelöscht : user_pref("extensions.wajam.supported_sites.amazon.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'w[...]
Gelöscht : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABE[...]
Gelöscht : user_pref("extensions.wajam.supported_sites.google.wajam_google_se_js", "try {window['APP_LABEL_NAME[...]
Gelöscht : user_pref("extensions.wajam.supported_sites.wikipedia.wajam_se_js", "try {window['APP_LABEL_NAME'] =[...]
Gelöscht : user_pref("extensions.wajam.supported_sites.yahoo.wajam_se_js", "try {window['APP_LABEL_NAME'] = 'wa[...]
Gelöscht : user_pref("extensions.wajam.supported_sites.youtubesearch.wajam_se_js", "try {window['APP_LABEL_NAME[...]
Gelöscht : user_pref("extensions.wajam.trace_log", "1347301913201 - onFlagInfoReceived - Same server mapping ve[...]
Gelöscht : user_pref("extensions.wajam.unique_id", "D0C5B733AC04F0E590C9969211A3D08E");
Gelöscht : user_pref("extensions.wajam.user_current_mapping_version", "0");
Gelöscht : user_pref("extensions.wajam.version", "1.25");
Gelöscht : user_pref("extensions.wajam.website_version", "1.00255");
-\\ Google Chrome v28.0.1500.72
Datei : C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [5698 octets] - [19/07/2013 16:54:00]
########## EOF - C:\AdwCleaner[S1].txt - [5758 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 7 Home Premium x64
Ran by Erik on 19.07.2013 at 16:58:10,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1899846101-2057684675-232230585-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.07.2013 at 17:01:03,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-07-2013
Ran by Erik (administrator) on 19-07-2013 17:01:18
Running from C:\Users\Erik\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(CrypKey (Canada) Ltd.) C:\Windows\system32\crypserv.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) d:\Programme\Vmware\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Users\Erik\Local Settings\Apps\F.lux\flux.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) D:\Programme\Evernote\EvernoteClipper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) D:\Programme\Evernote\EvernoteTray.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) D:\Programme\Evernote\Evernote.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(VMware, Inc.) D:\Programme\Vmware\vmplayer.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
(VMware, Inc.) D:\Programme\Vmware\vmware-unity-helper.exe
(VMware, Inc.) d:\Programme\Vmware\x64\vmware-vmx.exe
(VMware, Inc.) d:\Programme\Vmware\vprintproxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Oleg N. Scherbakov) C:\Users\Erik\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4195848 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE [x]
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKCU\...\Run: [F.lux] - C:\Users\Erik\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1174016 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [Internet Security] - C:\ProgramData\mxdefender.exe [x]
HKCU\...\Run: [DAEMON Tools Lite] - "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [413696 2008-03-28] (Apple Inc.)
HKLM-x32\...\Run: [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [2837864 2010-06-28] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
Startup: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> D:\Programme\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
ShortcutTarget: EvernoteTray.lnk -> D:\Programme\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - D:\Programme\Evernote\EvernoteIE.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default
FF NewTab: about:blank
FF NetworkProxy: "http", "91.228.53.28"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.12.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.12.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Erik\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Erik\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: SeoQuake - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF Extension: Просмотр HTTP заголовков - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF Extension: Cookies Manager+ - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
FF Extension: firebug - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: mozrepl - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\mozrepl@hyperstruct.net.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Firefox 5\firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=3e30aa73-045d-4435-bb56-16be12d11384&searchtype=hp&installDate=01/07/2013"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Erik\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Erik\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Erik\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Google Update) - C:\Users\Erik\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Magic Actions for YouTube\u2122) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.8.6_0
CHR Extension: (SEOquake) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.16_0
CHR Extension: (Task Timer) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif\3.9.1_0
CHR Extension: (Web Developer) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.3_0
CHR Extension: (Turn Off the Lights) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.11_0
CHR Extension: (Adblock Plus) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0
CHR Extension: (YouTube\u2122 Ratings Preview) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\2.3.3_0
CHR Extension: (Alexa Traffic Rank) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\3.1_0
CHR Extension: (FlashCards) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\diejjofgldkjkhmfjagdjdodjebpglhb\2.6.8.8_0
CHR Extension: (Google Calendar) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: (SEOrch - OnPage SEO Tool) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnhfjnejkpodaoodkkmkjbpopknbaeef\0.1.12_0
CHR Extension: (PageRank Status) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\7.8_0
CHR Extension: (Ti\u00EBsto) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0
CHR Extension: (Lumosity) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffmfbhcjemfledhndnpllechagamlfp\1.1_0
CHR Extension: (Evernote Web Clipper) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.19_0
CHR Extension: (iReader) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppelffpjgkifjfgnbaaldcehkpajlmbc\1.3.0.3_0
CHR StartMenuInternet: Google Chrome - "C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe"
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
S3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-07-16] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] ()
R2 VMAuthdService; d:\Programme\Vmware\vmware-authd.exe [87120 2013-02-26] (VMware, Inc.)
R2 Crypkey License; crypserv.exe [x]
S2 MySQL_ZendServer51; "D:\Programme\Zend\MySQL51\bin\mysqld" --defaults-file="D:\Programme\Zend\MySQL51\my.ini" MySQL_ZendServer51 [x]
==================== Drivers (Whitelisted) ====================
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20048 2010-06-28] (ALWIL Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [61008 2010-06-28] (ALWIL Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-06-28] (ALWIL Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [121936 2010-06-28] (ALWIL Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [51280 2010-06-28] (ALWIL Software)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-20] (DT Soft Ltd)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-07-20] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-07-20] (ManyCam LLC)
R3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [32936 2011-08-15] (Intel Corporation )
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 SANDRA; \??\D:\Programme\SiSoftware Sandra Lite 2013.SP1\WNt500x64\Sandra.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-19 17:01 - 2013-07-19 17:01 - 00002029 _____ C:\Users\Erik\Desktop\JRT.txt
2013-07-19 16:58 - 2013-07-19 16:58 - 00000000 ____D C:\Windows\ERUNT
2013-07-19 16:57 - 2013-07-19 16:57 - 00559341 _____ (Oleg N. Scherbakov) C:\Users\Erik\Desktop\JRT.exe
2013-07-19 16:54 - 2013-07-19 16:54 - 00005815 _____ C:\AdwCleaner[S1].txt
2013-07-19 16:53 - 2013-07-19 16:53 - 00662345 _____ C:\Users\Erik\Desktop\adwcleaner.exe
2013-07-19 14:55 - 2013-07-19 14:59 - 00000000 ____D C:\ComboFix
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\Users\Erik\Documents\ProcAlyzer Dumps
2013-07-19 14:15 - 2013-07-19 14:16 - 05091168 ____R (Swearware) C:\Users\Erik\Desktop\ComboFix.exe
2013-07-19 14:15 - 2013-07-19 14:15 - 00000000 ____D C:\Qoobox
2013-07-19 14:15 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-19 14:15 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-19 14:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-19 14:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-19 14:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-19 14:15 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-19 14:15 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-19 14:15 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-19 14:14 - 2013-07-19 14:25 - 00000000 ____D C:\Windows\erdnt
2013-07-19 10:27 - 2013-07-19 10:27 - 01778207 _____ (Farbar) C:\Users\Erik\Desktop\FRST64.exe
2013-07-19 10:25 - 2013-07-19 10:25 - 00000000 ____D C:\FRST
2013-07-19 07:31 - 2013-07-19 07:31 - 00000342 _____ C:\Users\Erik\Desktop\defogger_enable.log
2013-07-19 07:02 - 2013-07-19 07:02 - 00377856 _____ C:\Users\Erik\Desktop\gmer_2.1.19163.exe
2013-07-19 06:55 - 2013-07-19 06:59 - 00145604 _____ C:\Users\Erik\Desktop\OTL.Txt
2013-07-19 06:49 - 2013-07-19 06:49 - 00602112 _____ (OldTimer Tools) C:\Users\Erik\Desktop\OTL.exe
2013-07-19 06:47 - 2013-07-19 06:48 - 00000470 _____ C:\Users\Erik\Desktop\defogger_disable.log
2013-07-19 06:47 - 2013-07-19 06:47 - 00050477 _____ C:\Users\Erik\Desktop\Defogger.exe
2013-07-17 15:40 - 2013-07-19 14:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-17 15:37 - 2013-07-17 15:38 - 36271144 _____ (Safer-Networking Ltd. ) C:\Users\Erik\Desktop\spybot-2.1.exe
2013-07-16 22:01 - 2013-07-16 22:01 - 00000132 _____ C:\Users\Erik\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-07-16 19:31 - 2013-07-16 19:44 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-16 19:31 - 2013-07-16 19:32 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-16 19:31 - 2013-07-16 19:31 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-07-16 15:56 - 2013-07-16 15:56 - 00001852 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-16 15:56 - 2010-06-28 22:57 - 00038848 _____ (ALWIL Software) C:\Windows\avastSS.scr
2013-07-16 15:56 - 2010-06-28 22:37 - 00121936 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-16 15:56 - 2010-06-28 22:37 - 00051280 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-16 15:56 - 2010-06-28 22:33 - 00061008 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-16 15:56 - 2010-06-28 22:33 - 00028752 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-07-16 15:56 - 2010-06-28 22:32 - 00020048 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-16 13:59 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-16 02:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-16 02:37 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-16 02:37 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-16 02:37 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-16 02:37 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-16 02:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-16 02:37 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-16 02:37 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-16 02:37 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-15 16:44 - 2013-07-15 16:44 - 02897123 _____ C:\Users\Erik\Downloads\Slides-SlidesJS-3.zip
2013-07-15 13:59 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-15 13:59 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-15 13:59 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-15 13:59 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-15 13:57 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-15 13:57 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-15 13:52 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-07-14 11:36 - 2013-07-14 11:37 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 23:10 - 2013-07-10 23:10 - 00001167 _____ C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-07-10 23:10 - 2013-07-10 23:10 - 00000000 ____D C:\Users\Erik\AppData\Roaming\FreeFLVConverter
2013-07-10 23:10 - 2013-07-10 23:10 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-07-10 23:10 - 2013-07-01 11:53 - 00397312 _____ (Koyote-Lab Inc) C:\Windows\SysWOW64\TubeFinder.exe
2013-07-10 23:10 - 2011-09-28 10:18 - 00364544 _____ C:\Windows\SysWOW64\PropertyGrid.ocx
2013-07-10 23:10 - 2011-09-28 10:18 - 00208500 _____ C:\Windows\SysWOW64\ReyXpBasics.tlb
2013-07-10 23:10 - 2011-09-28 10:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
2013-07-10 23:10 - 2011-09-28 10:18 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
2013-07-10 23:10 - 2011-09-28 10:18 - 00084512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PICCLP32.OCX
2013-07-10 23:10 - 2011-09-28 10:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
2013-07-10 23:10 - 2011-09-28 10:18 - 00024576 _____ C:\Windows\SysWOW64\ControlSubX.ocx
2013-07-10 23:10 - 2011-09-28 10:18 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCCLPFR.DLL
2013-07-10 23:09 - 2013-07-10 23:09 - 00804552 _____ (Koyote-Lab Inc.) C:\Users\Erik\Downloads\FreeFLVConverter75Setup.exe
2013-07-08 13:44 - 2013-07-08 13:44 - 01119679 _____ C:\Users\Erik\Downloads\soft_grunge_patterns_free.zip
2013-07-08 13:35 - 2013-07-08 13:36 - 09297306 _____ C:\Users\Erik\Downloads\398-function_subtle_grunge_2.zip
2013-07-08 13:13 - 2013-07-08 13:13 - 03306019 _____ C:\Users\Erik\Downloads\elegantmediaicons.zip
2013-07-08 13:13 - 2010-04-08 12:02 - 00000000 ____D C:\Users\Erik\Desktop\PSD
2013-07-07 19:30 - 2013-07-07 19:30 - 42569291 _____ C:\Users\Erik\Downloads\studies_in_plant_form_by_remittancegirl-d4628vc.abr
2013-07-07 14:45 - 2013-07-07 14:45 - 02787484 _____ C:\Users\Erik\Downloads\vintage_grunge_brushes_by_alex16.abr
2013-07-07 14:36 - 2013-07-07 14:36 - 17446304 _____ C:\Users\Erik\Downloads\old_print_paper_abr.zip
2013-07-07 14:04 - 2013-07-07 14:04 - 10018510 _____ C:\Users\Erik\Downloads\Postage_Photoshop_Brushes_by_redheadstock.zip
2013-07-06 22:00 - 2013-07-06 22:02 - 00000030 _____ C:\Users\Erik\Desktop\antivir.au3
2013-07-06 21:45 - 2013-07-06 21:52 - 00000031 _____ C:\Users\Erik\AppData\Roaming\mbam.context.scan
2013-07-02 23:19 - 2013-07-02 23:59 - 49979268 _____ C:\Users\Erik\Downloads\Fold.0842X.zip
2013-07-02 23:18 - 2013-07-02 23:18 - 00293832 _____ (StarApp) C:\Users\Erik\Downloads\Above the Fold - Understanding the Principles of Successful Web Site Design.exe
2013-07-02 12:35 - 2013-07-06 16:27 - 00000000 ____D C:\Users\Erik\Desktop\toread
2013-07-01 23:50 - 2013-07-01 23:50 - 00016488 _____ C:\Users\Erik\Desktop\the-magic-of-thinking-big-david-j-schwartz.pdf - Verknüpfung.lnk
2013-07-01 23:49 - 2013-07-01 23:49 - 00001545 _____ C:\Users\Erik\Desktop\The_4-Hour_Workweek_Escape_9_5 expanded and updated.pdf - Verknüpfung.lnk
2013-07-01 23:31 - 2013-07-01 23:31 - 00002873 _____ C:\Users\Erik\Downloads\[isoHunt] The Miracle of Mindfulness (7Summits).torrent
2013-07-01 16:03 - 2013-07-01 16:03 - 00000000 ____D C:\Users\Erik\AppData\Local\Harmony_Hollow_Software
2013-07-01 15:58 - 2013-07-01 15:58 - 00000000 ____D C:\Users\Erik\AppData\Local\CTSounds
2013-07-01 15:58 - 2013-07-01 15:58 - 00000000 ____D C:\Program Files (x86)\Cool Timer
2013-07-01 15:55 - 2013-07-01 15:55 - 00892040 _____ (CNET Download.com) C:\Users\Erik\Downloads\cbsidlm-cbsi118-Cool_Timer-SEO-10062255.exe
2013-07-01 15:51 - 2013-07-01 15:51 - 01985112 _____ (Comfort Software Group ) C:\Users\Erik\Downloads\FreeCountdownTimerSetup.exe
2013-06-28 14:25 - 2013-06-28 14:25 - 00068664 _____ C:\Users\Erik\Downloads\B00458LJ12
2013-06-26 18:12 - 2013-06-26 18:12 - 00000002 _____ C:\Users\Erik\Desktop\piano lessons.txt
2013-06-26 01:41 - 2013-06-26 01:41 - 00001322 _____ C:\Users\Erik\Desktop\ebook - Neil Strauss - Rules of the Game.pdf - Verknüpfung.lnk
2013-06-25 03:33 - 2013-06-25 03:33 - 00000129 _____ C:\Users\Erik\Desktop\ss.txt
==================== One Month Modified Files and Folders =======
2013-07-19 17:01 - 2013-07-19 17:01 - 00002029 _____ C:\Users\Erik\Desktop\JRT.txt
2013-07-19 17:01 - 2011-04-12 09:43 - 00702458 _____ C:\Windows\system32\perfh007.dat
2013-07-19 17:01 - 2011-04-12 09:43 - 00150220 _____ C:\Windows\system32\perfc007.dat
2013-07-19 17:01 - 2009-07-14 07:13 - 01629510 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-19 16:58 - 2013-07-19 16:58 - 00000000 ____D C:\Windows\ERUNT
2013-07-19 16:57 - 2013-07-19 16:57 - 00559341 _____ (Oleg N. Scherbakov) C:\Users\Erik\Desktop\JRT.exe
2013-07-19 16:57 - 2013-06-15 11:01 - 00000000 ____D C:\Users\Erik\AppData\Roaming\VMware
2013-07-19 16:56 - 2013-06-15 11:01 - 00000000 ____D C:\Users\Erik\AppData\Local\VMware
2013-07-19 16:55 - 2013-06-15 10:57 - 00000000 ____D C:\ProgramData\VMware
2013-07-19 16:55 - 2013-04-01 08:38 - 00017732 _____ C:\Windows\error.log
2013-07-19 16:55 - 2013-04-01 08:38 - 00005349 _____ C:\Windows\errord.log
2013-07-19 16:55 - 2013-01-09 16:11 - 00500410 _____ C:\Windows\PFRO.log
2013-07-19 16:55 - 2013-01-09 15:32 - 00076438 _____ C:\Windows\setupact.log
2013-07-19 16:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-19 16:54 - 2013-07-19 16:54 - 00005815 _____ C:\AdwCleaner[S1].txt
2013-07-19 16:54 - 2012-05-20 04:16 - 01796567 _____ C:\Windows\WindowsUpdate.log
2013-07-19 16:53 - 2013-07-19 16:53 - 00662345 _____ C:\Users\Erik\Desktop\adwcleaner.exe
2013-07-19 16:46 - 2012-05-20 00:20 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000UA.job
2013-07-19 16:41 - 2012-10-14 11:11 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{70A85A1B-57FD-4E00-A63B-5D0C2FAEADD1}
2013-07-19 14:59 - 2013-07-19 14:55 - 00000000 ____D C:\ComboFix
2013-07-19 14:59 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-19 14:59 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-19 14:58 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-19 14:46 - 2012-05-20 00:20 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000Core.job
2013-07-19 14:25 - 2013-07-19 14:14 - 00000000 ____D C:\Windows\erdnt
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\Users\Erik\Documents\ProcAlyzer Dumps
2013-07-19 14:17 - 2013-07-17 15:40 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-19 14:16 - 2013-07-19 14:15 - 05091168 ____R (Swearware) C:\Users\Erik\Desktop\ComboFix.exe
2013-07-19 14:15 - 2013-07-19 14:15 - 00000000 ____D C:\Qoobox
2013-07-19 10:27 - 2013-07-19 10:27 - 01778207 _____ (Farbar) C:\Users\Erik\Desktop\FRST64.exe
2013-07-19 10:25 - 2013-07-19 10:25 - 00000000 ____D C:\FRST
2013-07-19 08:10 - 2013-01-01 20:49 - 00000000 ____D C:\Users\Erik\Documents\Outlook Files
2013-07-19 07:31 - 2013-07-19 07:31 - 00000342 _____ C:\Users\Erik\Desktop\defogger_enable.log
2013-07-19 07:31 - 2012-05-20 04:16 - 00000000 ____D C:\Users\Erik
2013-07-19 07:02 - 2013-07-19 07:02 - 00377856 _____ C:\Users\Erik\Desktop\gmer_2.1.19163.exe
2013-07-19 06:59 - 2013-07-19 06:55 - 00145604 _____ C:\Users\Erik\Desktop\OTL.Txt
2013-07-19 06:49 - 2013-07-19 06:49 - 00602112 _____ (OldTimer Tools) C:\Users\Erik\Desktop\OTL.exe
2013-07-19 06:48 - 2013-07-19 06:47 - 00000470 _____ C:\Users\Erik\Desktop\defogger_disable.log
2013-07-19 06:47 - 2013-07-19 06:47 - 00050477 _____ C:\Users\Erik\Desktop\Defogger.exe
2013-07-19 06:08 - 2012-05-20 00:52 - 00000000 ____D C:\Users\Erik\AppData\Roaming\uTorrent
2013-07-18 15:56 - 2013-03-18 20:09 - 00001456 _____ C:\Users\Erik\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-07-18 06:55 - 2009-07-14 06:45 - 05069368 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-17 15:40 - 2012-05-30 18:16 - 00000000 ____D C:\Users\Erik\AppData\Roaming\FileZilla
2013-07-17 15:38 - 2013-07-17 15:37 - 36271144 _____ (Safer-Networking Ltd. ) C:\Users\Erik\Desktop\spybot-2.1.exe
2013-07-17 05:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-17 05:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-07-17 05:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-17 05:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 02:29 - 2013-04-01 16:01 - 00000000 ____D C:\Program Files (x86)\AmoK
2013-07-17 02:23 - 2012-12-04 17:11 - 00000000 ____D C:\ProgramData\Orbit
2013-07-17 02:23 - 2012-05-20 12:44 - 00000000 ____D C:\Users\Erik\Documents\My Games
2013-07-16 22:01 - 2013-07-16 22:01 - 00000132 _____ C:\Users\Erik\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-07-16 19:44 - 2013-07-16 19:31 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-16 19:44 - 2012-12-04 17:12 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-16 19:32 - 2013-07-16 19:31 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-16 19:31 - 2013-07-16 19:31 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-07-16 16:42 - 2012-09-21 19:52 - 00000000 ____D C:\Users\Erik\Documents\Youcam
2013-07-16 16:04 - 2013-06-04 12:35 - 00054156 ____H C:\Windows\QTFont.qfn
2013-07-16 16:03 - 2012-05-21 13:09 - 00000000 ____D C:\Users\Erik\AppData\Roaming\vlc
2013-07-16 15:56 - 2013-07-16 15:56 - 00001852 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-16 15:56 - 2013-05-26 08:15 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-16 13:54 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-16 02:40 - 2012-05-23 22:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-16 02:38 - 2012-10-19 18:42 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-15 16:44 - 2013-07-15 16:44 - 02897123 _____ C:\Users\Erik\Downloads\Slides-SlidesJS-3.zip
2013-07-15 14:41 - 2012-05-20 00:20 - 00004088 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000UA
2013-07-15 14:41 - 2012-05-20 00:20 - 00003692 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000Core
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-15 13:47 - 2013-01-10 17:24 - 00000000 ____D C:\Users\Erik\Desktop\ebooks
2013-07-15 13:47 - 2012-05-20 00:21 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-07-15 13:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-07-15 13:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-07-15 13:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-15 13:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-15 13:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-15 13:47 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Windows NT
2013-07-15 13:47 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-14 11:37 - 2013-07-14 11:36 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 23:10 - 2013-07-10 23:10 - 00001167 _____ C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-07-10 23:10 - 2013-07-10 23:10 - 00000000 ____D C:\Users\Erik\AppData\Roaming\FreeFLVConverter
2013-07-10 23:10 - 2013-07-10 23:10 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-07-10 23:09 - 2013-07-10 23:09 - 00804552 _____ (Koyote-Lab Inc.) C:\Users\Erik\Downloads\FreeFLVConverter75Setup.exe
2013-07-08 13:44 - 2013-07-08 13:44 - 01119679 _____ C:\Users\Erik\Downloads\soft_grunge_patterns_free.zip
2013-07-08 13:36 - 2013-07-08 13:35 - 09297306 _____ C:\Users\Erik\Downloads\398-function_subtle_grunge_2.zip
2013-07-08 13:13 - 2013-07-08 13:13 - 03306019 _____ C:\Users\Erik\Downloads\elegantmediaicons.zip
2013-07-07 19:30 - 2013-07-07 19:30 - 42569291 _____ C:\Users\Erik\Downloads\studies_in_plant_form_by_remittancegirl-d4628vc.abr
2013-07-07 14:45 - 2013-07-07 14:45 - 02787484 _____ C:\Users\Erik\Downloads\vintage_grunge_brushes_by_alex16.abr
2013-07-07 14:36 - 2013-07-07 14:36 - 17446304 _____ C:\Users\Erik\Downloads\old_print_paper_abr.zip
2013-07-07 14:04 - 2013-07-07 14:04 - 10018510 _____ C:\Users\Erik\Downloads\Postage_Photoshop_Brushes_by_redheadstock.zip
2013-07-06 22:14 - 2012-10-19 12:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-06 22:08 - 2012-06-06 16:33 - 00000000 ____D C:\Windows\Minidump
2013-07-06 22:04 - 2012-05-20 10:53 - 00000631 _____ C:\Users\Erik\SciTE.session
2013-07-06 22:02 - 2013-07-06 22:00 - 00000030 _____ C:\Users\Erik\Desktop\antivir.au3
2013-07-06 21:52 - 2013-07-06 21:45 - 00000031 _____ C:\Users\Erik\AppData\Roaming\mbam.context.scan
2013-07-06 16:27 - 2013-07-02 12:35 - 00000000 ____D C:\Users\Erik\Desktop\toread
2013-07-02 23:59 - 2013-07-02 23:19 - 49979268 _____ C:\Users\Erik\Downloads\Fold.0842X.zip
2013-07-02 23:18 - 2013-07-02 23:18 - 00293832 _____ (StarApp) C:\Users\Erik\Downloads\Above the Fold - Understanding the Principles of Successful Web Site Design.exe
2013-07-01 23:50 - 2013-07-01 23:50 - 00016488 _____ C:\Users\Erik\Desktop\the-magic-of-thinking-big-david-j-schwartz.pdf - Verknüpfung.lnk
2013-07-01 23:49 - 2013-07-01 23:49 - 00001545 _____ C:\Users\Erik\Desktop\The_4-Hour_Workweek_Escape_9_5 expanded and updated.pdf - Verknüpfung.lnk
2013-07-01 23:31 - 2013-07-01 23:31 - 00002873 _____ C:\Users\Erik\Downloads\[isoHunt] The Miracle of Mindfulness (7Summits).torrent
2013-07-01 16:03 - 2013-07-01 16:03 - 00000000 ____D C:\Users\Erik\AppData\Local\Harmony_Hollow_Software
2013-07-01 15:58 - 2013-07-01 15:58 - 00000000 ____D C:\Users\Erik\AppData\Local\CTSounds
2013-07-01 15:58 - 2013-07-01 15:58 - 00000000 ____D C:\Program Files (x86)\Cool Timer
2013-07-01 15:58 - 2012-05-20 04:33 - 00125248 _____ C:\Users\Erik\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-01 15:55 - 2013-07-01 15:55 - 00892040 _____ (CNET Download.com) C:\Users\Erik\Downloads\cbsidlm-cbsi118-Cool_Timer-SEO-10062255.exe
2013-07-01 15:51 - 2013-07-01 15:51 - 01985112 _____ (Comfort Software Group ) C:\Users\Erik\Downloads\FreeCountdownTimerSetup.exe
2013-07-01 11:53 - 2013-07-10 23:10 - 00397312 _____ (Koyote-Lab Inc) C:\Windows\SysWOW64\TubeFinder.exe
2013-06-28 14:25 - 2013-06-28 14:25 - 00068664 _____ C:\Users\Erik\Downloads\B00458LJ12
2013-06-26 18:12 - 2013-06-26 18:12 - 00000002 _____ C:\Users\Erik\Desktop\piano lessons.txt
2013-06-26 01:41 - 2013-06-26 01:41 - 00001322 _____ C:\Users\Erik\Desktop\ebook - Neil Strauss - Rules of the Game.pdf - Verknüpfung.lnk
2013-06-25 03:33 - 2013-06-25 03:33 - 00000129 _____ C:\Users\Erik\Desktop\ss.txt
2013-06-19 18:24 - 2013-06-18 21:33 - 00000000 ____D C:\Users\Erik\Desktop\keywords
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 00:54
==================== End Of Log ============================
mfg |
|
19.07.2013, 20:01
| #10 |
| /// the machine /// TB-Ausbilder | Internet - Fehler beim Virenscan & langsame Verbindung (?) Onlinescan und wir sind durch  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.07.2013, 04:46
| #11 |
| | Internet - Fehler beim Virenscan & langsame Verbindung (?) Das Problem ist leider noch aktuell! Downloads sind nicht möglich. Die Internetgeschwindigkeit hat sich jedoch erhöht  Vielleicht hilft es noch zu sagen, dass ich in letzter Zeit bei fast 50% der Google Suchanfragen ein Captcha ausfüllen muss, mit der Begründung, dass ich wohl irgendwelche Bots nutzen könnte. ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a88cc0e7dc3c984c874e58fd0a220220
# engine=14463
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-20 03:33:32
# local_time=2013-07-20 05:33:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=770 16774141 100 97 308216 151001084 0 0
# compatibility_mode=5893 16776574 100 94 261209 125921062 0 0
# scanned=388420
# found=2
# cleaned=0
# scan_time=4212
sh=44A30C43526CC0B8F976A6C07BCC69204C0ED4F3 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.EI trojan" ac=I fn="C:\Users\Erik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\173f3b0b-7a3e3b9d"
sh=44A30C43526CC0B8F976A6C07BCC69204C0ED4F3 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-2423.EI trojan" ac=I fn="C:\Users\Erik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\47519f79-731f07bb"
Code:
ATTFilter Results of screen317's Security Check version 0.99.70 Windows 7 Service Pack 1 x86 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 9 Java version out of Date! Adobe Flash Player 11.2.202.235 Mozilla Firefox (5.0.1) Mozilla Thunderbird (17.0.2) Google Chrome 28.0.1500.71 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-07-2013
Ran by Erik (administrator) on 20-07-2013 05:42:59
Running from C:\Users\Erik\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(CrypKey (Canada) Ltd.) C:\Windows\system32\crypserv.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) d:\Programme\Vmware\vmware-authd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Users\Erik\Local Settings\Apps\F.lux\flux.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) D:\Programme\Evernote\EvernoteClipper.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) D:\Programme\Evernote\EvernoteTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) D:\Programme\Evernote\Evernote.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(VMware, Inc.) D:\Programme\Vmware\vmplayer.exe
(VMware, Inc.) D:\Programme\Vmware\vmware-unity-helper.exe
(VMware, Inc.) d:\Programme\Vmware\x64\vmware-vmx.exe
(VMware, Inc.) d:\Programme\Vmware\vprintproxy.exe
(Adobe Systems, Incorporated) D:\Programme\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(Mozilla Corporation) D:\Programme\Firefox 5\firefox.exe
(Mozilla Corporation) D:\Programme\Firefox 5\plugin-container.exe
(Google Inc.) C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe
() D:\xampp\xampp-control.exe
(Apache Software Foundation) d:\xampp\apache\bin\httpd.exe
() d:\xampp\mysql\bin\mysqld.exe
(Apache Software Foundation) D:\xampp\apache\bin\httpd.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [Launch LgDeviceAgent] - C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4195848 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE [x]
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616 2011-03-04] (Hewlett-Packard Company)
HKCU\...\Run: [F.lux] - C:\Users\Erik\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1174016 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [Internet Security] - C:\ProgramData\mxdefender.exe [x]
HKCU\...\Run: [DAEMON Tools Lite] - "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun [x]
HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [413696 2008-03-28] (Apple Inc.)
HKLM-x32\...\Run: [avast5] - "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [2837864 2010-06-28] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
ShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
Startup: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> D:\Programme\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
ShortcutTarget: EvernoteTray.lnk -> D:\Programme\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - D:\Programme\Evernote\EvernoteIE.dll No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default
FF NewTab: about:blank
FF NetworkProxy: "http", "91.228.53.28"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "type", 0
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.12.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.12.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - D:\Programme\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Erik\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Erik\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: SeoQuake - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF Extension: Просмотр HTTP заголовков - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF Extension: Cookies Manager+ - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
FF Extension: firebug - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\firebug@software.joehewitt.com.xpi
FF Extension: mozrepl - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\mozrepl@hyperstruct.net.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi
FF Extension: No Name - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\35a0l3ku.default\Extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF StartMenuInternet: FIREFOX.EXE - D:\Programme\Firefox 5\firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=3e30aa73-045d-4435-bb56-16be12d11384&searchtype=hp&installDate=01/07/2013"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Erik\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Erik\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Erik\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Google Update) - C:\Users\Erik\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Magic Actions for YouTube\u2122) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.8.6_0
CHR Extension: (SEOquake) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.16_0
CHR Extension: (Task Timer) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif\3.9.1_0
CHR Extension: (Web Developer) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.3_0
CHR Extension: (Turn Off the Lights) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.11_0
CHR Extension: (Adblock Plus) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0
CHR Extension: (YouTube\u2122 Ratings Preview) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank\2.3.3_0
CHR Extension: (Alexa Traffic Rank) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\3.1_0
CHR Extension: (FlashCards) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\diejjofgldkjkhmfjagdjdodjebpglhb\2.6.8.8_0
CHR Extension: (Google Calendar) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: (SEOrch - OnPage SEO Tool) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnhfjnejkpodaoodkkmkjbpopknbaeef\0.1.12_0
CHR Extension: (PageRank Status) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\7.8_0
CHR Extension: (Ti\u00EBsto) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh\2_0
CHR Extension: (Lumosity) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffmfbhcjemfledhndnpllechagamlfp\1.1_0
CHR Extension: (Evernote Web Clipper) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.19_0
CHR Extension: (iReader) - C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppelffpjgkifjfgnbaaldcehkpajlmbc\1.3.0.3_0
CHR StartMenuInternet: Google Chrome - "C:\Users\Erik\AppData\Local\Google\Chrome\Application\chrome.exe"
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
R3 avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
R3 avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384 2010-06-28] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [225280 2011-08-05] (DTS, Inc)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-07-16] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] ()
R2 VMAuthdService; d:\Programme\Vmware\vmware-authd.exe [87120 2013-02-26] (VMware, Inc.)
R2 Crypkey License; crypserv.exe [x]
S2 MySQL_ZendServer51; "D:\Programme\Zend\MySQL51\bin\mysqld" --defaults-file="D:\Programme\Zend\MySQL51\my.ini" MySQL_ZendServer51 [x]
==================== Drivers (Whitelisted) ====================
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20048 2010-06-28] (ALWIL Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [61008 2010-06-28] (ALWIL Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [28752 2010-06-28] (ALWIL Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [121936 2010-06-28] (ALWIL Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [51280 2010-06-28] (ALWIL Software)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-25] (AVM Berlin)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-20] (DT Soft Ltd)
R3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [714368 2010-10-25] (AVM GmbH)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-07-20] (ManyCam LLC)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-07-20] (ManyCam LLC)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 SANDRA; \??\D:\Programme\SiSoftware Sandra Lite 2013.SP1\WNt500x64\Sandra.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-20 05:40 - 2013-07-20 05:40 - 00891062 _____ C:\Users\Erik\Desktop\SecurityCheck.exe
2013-07-20 04:21 - 2013-07-20 04:21 - 02347384 _____ (ESET) C:\Users\Erik\Desktop\esetsmartinstaller_enu.exe
2013-07-20 04:21 - 2013-07-20 04:21 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-19 17:01 - 2013-07-19 17:01 - 00002029 _____ C:\Users\Erik\Desktop\JRT.txt
2013-07-19 16:58 - 2013-07-19 16:58 - 00000000 ____D C:\Windows\ERUNT
2013-07-19 16:57 - 2013-07-19 16:57 - 00559341 _____ (Oleg N. Scherbakov) C:\Users\Erik\Desktop\JRT.exe
2013-07-19 16:54 - 2013-07-19 16:54 - 00005815 _____ C:\AdwCleaner[S1].txt
2013-07-19 16:53 - 2013-07-19 16:53 - 00662345 _____ C:\Users\Erik\Desktop\adwcleaner.exe
2013-07-19 14:55 - 2013-07-19 14:59 - 00000000 ____D C:\ComboFix
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\Users\Erik\Documents\ProcAlyzer Dumps
2013-07-19 14:15 - 2013-07-19 14:16 - 05091168 ____R (Swearware) C:\Users\Erik\Desktop\ComboFix.exe
2013-07-19 14:15 - 2013-07-19 14:15 - 00000000 ____D C:\Qoobox
2013-07-19 14:15 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-19 14:15 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-19 14:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-19 14:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-19 14:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-19 14:15 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-19 14:15 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-19 14:15 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-19 14:14 - 2013-07-19 14:25 - 00000000 ____D C:\Windows\erdnt
2013-07-19 10:27 - 2013-07-19 10:27 - 01778207 _____ (Farbar) C:\Users\Erik\Desktop\FRST64.exe
2013-07-19 10:25 - 2013-07-19 10:25 - 00000000 ____D C:\FRST
2013-07-19 07:31 - 2013-07-19 07:31 - 00000342 _____ C:\Users\Erik\Desktop\defogger_enable.log
2013-07-19 07:02 - 2013-07-19 07:02 - 00377856 _____ C:\Users\Erik\Desktop\gmer_2.1.19163.exe
2013-07-19 06:55 - 2013-07-19 06:59 - 00145604 _____ C:\Users\Erik\Desktop\OTL.Txt
2013-07-19 06:49 - 2013-07-19 06:49 - 00602112 _____ (OldTimer Tools) C:\Users\Erik\Desktop\OTL.exe
2013-07-19 06:47 - 2013-07-19 06:48 - 00000470 _____ C:\Users\Erik\Desktop\defogger_disable.log
2013-07-19 06:47 - 2013-07-19 06:47 - 00050477 _____ C:\Users\Erik\Desktop\Defogger.exe
2013-07-17 15:40 - 2013-07-19 14:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-17 15:37 - 2013-07-17 15:38 - 36271144 _____ (Safer-Networking Ltd. ) C:\Users\Erik\Desktop\spybot-2.1.exe
2013-07-16 22:01 - 2013-07-16 22:01 - 00000132 _____ C:\Users\Erik\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-07-16 19:31 - 2013-07-16 19:44 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-16 19:31 - 2013-07-16 19:32 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-16 19:31 - 2013-07-16 19:31 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-07-16 15:56 - 2013-07-16 15:56 - 00001852 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-16 15:56 - 2010-06-28 22:57 - 00038848 _____ (ALWIL Software) C:\Windows\avastSS.scr
2013-07-16 15:56 - 2010-06-28 22:37 - 00121936 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-16 15:56 - 2010-06-28 22:37 - 00051280 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-16 15:56 - 2010-06-28 22:33 - 00061008 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-16 15:56 - 2010-06-28 22:33 - 00028752 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswRdr.sys
2013-07-16 15:56 - 2010-06-28 22:32 - 00020048 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-16 13:59 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-16 02:37 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-16 02:37 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-16 02:37 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-16 02:37 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-16 02:37 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-16 02:37 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-16 02:37 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-16 02:37 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-16 02:37 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-16 02:37 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-16 02:37 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-16 02:37 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-15 16:44 - 2013-07-15 16:44 - 02897123 _____ C:\Users\Erik\Downloads\Slides-SlidesJS-3.zip
2013-07-15 13:59 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-15 13:59 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-15 13:59 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-15 13:59 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-15 13:57 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-15 13:57 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-15 13:52 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-07-14 11:36 - 2013-07-14 11:37 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 23:10 - 2013-07-10 23:10 - 00001167 _____ C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-07-10 23:10 - 2013-07-10 23:10 - 00000000 ____D C:\Users\Erik\AppData\Roaming\FreeFLVConverter
2013-07-10 23:10 - 2013-07-10 23:10 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-07-10 23:10 - 2013-07-01 11:53 - 00397312 _____ (Koyote-Lab Inc) C:\Windows\SysWOW64\TubeFinder.exe
2013-07-10 23:10 - 2011-09-28 10:18 - 00364544 _____ C:\Windows\SysWOW64\PropertyGrid.ocx
2013-07-10 23:10 - 2011-09-28 10:18 - 00208500 _____ C:\Windows\SysWOW64\ReyXpBasics.tlb
2013-07-10 23:10 - 2011-09-28 10:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
2013-07-10 23:10 - 2011-09-28 10:18 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
2013-07-10 23:10 - 2011-09-28 10:18 - 00084512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PICCLP32.OCX
2013-07-10 23:10 - 2011-09-28 10:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
2013-07-10 23:10 - 2011-09-28 10:18 - 00024576 _____ C:\Windows\SysWOW64\ControlSubX.ocx
2013-07-10 23:10 - 2011-09-28 10:18 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCCLPFR.DLL
2013-07-10 23:09 - 2013-07-10 23:09 - 00804552 _____ (Koyote-Lab Inc.) C:\Users\Erik\Downloads\FreeFLVConverter75Setup.exe
2013-07-08 13:44 - 2013-07-08 13:44 - 01119679 _____ C:\Users\Erik\Downloads\soft_grunge_patterns_free.zip
2013-07-08 13:35 - 2013-07-08 13:36 - 09297306 _____ C:\Users\Erik\Downloads\398-function_subtle_grunge_2.zip
2013-07-08 13:13 - 2013-07-08 13:13 - 03306019 _____ C:\Users\Erik\Downloads\elegantmediaicons.zip
2013-07-08 13:13 - 2010-04-08 12:02 - 00000000 ____D C:\Users\Erik\Desktop\PSD
2013-07-07 19:30 - 2013-07-07 19:30 - 42569291 _____ C:\Users\Erik\Downloads\studies_in_plant_form_by_remittancegirl-d4628vc.abr
2013-07-07 14:45 - 2013-07-07 14:45 - 02787484 _____ C:\Users\Erik\Downloads\vintage_grunge_brushes_by_alex16.abr
2013-07-07 14:36 - 2013-07-07 14:36 - 17446304 _____ C:\Users\Erik\Downloads\old_print_paper_abr.zip
2013-07-07 14:04 - 2013-07-07 14:04 - 10018510 _____ C:\Users\Erik\Downloads\Postage_Photoshop_Brushes_by_redheadstock.zip
2013-07-06 22:00 - 2013-07-06 22:02 - 00000030 _____ C:\Users\Erik\Desktop\antivir.au3
2013-07-06 21:45 - 2013-07-06 21:52 - 00000031 _____ C:\Users\Erik\AppData\Roaming\mbam.context.scan
2013-07-02 23:19 - 2013-07-02 23:59 - 49979268 _____ C:\Users\Erik\Downloads\Fold.0842X.zip
2013-07-02 23:18 - 2013-07-02 23:18 - 00293832 _____ (StarApp) C:\Users\Erik\Downloads\Above the Fold - Understanding the Principles of Successful Web Site Design.exe
2013-07-02 12:35 - 2013-07-06 16:27 - 00000000 ____D C:\Users\Erik\Desktop\toread
2013-07-01 23:50 - 2013-07-01 23:50 - 00016488 _____ C:\Users\Erik\Desktop\the-magic-of-thinking-big-david-j-schwartz.pdf - Verknüpfung.lnk
2013-07-01 23:49 - 2013-07-01 23:49 - 00001545 _____ C:\Users\Erik\Desktop\The_4-Hour_Workweek_Escape_9_5 expanded and updated.pdf - Verknüpfung.lnk
2013-07-01 23:31 - 2013-07-01 23:31 - 00002873 _____ C:\Users\Erik\Downloads\[isoHunt] The Miracle of Mindfulness (7Summits).torrent
2013-07-01 16:03 - 2013-07-01 16:03 - 00000000 ____D C:\Users\Erik\AppData\Local\Harmony_Hollow_Software
2013-07-01 15:58 - 2013-07-01 15:58 - 00000000 ____D C:\Users\Erik\AppData\Local\CTSounds
2013-07-01 15:58 - 2013-07-01 15:58 - 00000000 ____D C:\Program Files (x86)\Cool Timer
2013-07-01 15:55 - 2013-07-01 15:55 - 00892040 _____ (CNET Download.com) C:\Users\Erik\Downloads\cbsidlm-cbsi118-Cool_Timer-SEO-10062255.exe
2013-07-01 15:51 - 2013-07-01 15:51 - 01985112 _____ (Comfort Software Group ) C:\Users\Erik\Downloads\FreeCountdownTimerSetup.exe
2013-06-28 14:25 - 2013-06-28 14:25 - 00068664 _____ C:\Users\Erik\Downloads\B00458LJ12
2013-06-26 18:12 - 2013-06-26 18:12 - 00000002 _____ C:\Users\Erik\Desktop\piano lessons.txt
2013-06-26 01:41 - 2013-06-26 01:41 - 00001322 _____ C:\Users\Erik\Desktop\ebook - Neil Strauss - Rules of the Game.pdf - Verknüpfung.lnk
2013-06-25 03:33 - 2013-06-25 03:33 - 00000129 _____ C:\Users\Erik\Desktop\ss.txt
==================== One Month Modified Files and Folders =======
2013-07-20 05:40 - 2013-07-20 05:40 - 00891062 _____ C:\Users\Erik\Desktop\SecurityCheck.exe
2013-07-20 05:40 - 2012-05-20 04:16 - 01829086 _____ C:\Windows\WindowsUpdate.log
2013-07-20 04:46 - 2012-05-20 00:20 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000UA.job
2013-07-20 04:22 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-20 04:22 - 2009-07-14 06:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-20 04:21 - 2013-07-20 04:21 - 02347384 _____ (ESET) C:\Users\Erik\Desktop\esetsmartinstaller_enu.exe
2013-07-20 04:21 - 2013-07-20 04:21 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-20 04:20 - 2013-06-15 11:01 - 00000000 ____D C:\Users\Erik\AppData\Roaming\VMware
2013-07-20 04:20 - 2013-06-15 11:01 - 00000000 ____D C:\Users\Erik\AppData\Local\VMware
2013-07-20 04:20 - 2013-01-01 20:49 - 00000000 ____D C:\Users\Erik\Documents\Outlook Files
2013-07-20 04:20 - 2011-04-12 09:43 - 00702458 _____ C:\Windows\system32\perfh007.dat
2013-07-20 04:20 - 2011-04-12 09:43 - 00150220 _____ C:\Windows\system32\perfc007.dat
2013-07-20 04:20 - 2009-07-14 07:13 - 01629510 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-20 04:15 - 2013-06-15 10:57 - 00000000 ____D C:\ProgramData\VMware
2013-07-20 04:15 - 2013-04-01 08:38 - 00017856 _____ C:\Windows\error.log
2013-07-20 04:15 - 2013-04-01 08:38 - 00005377 _____ C:\Windows\errord.log
2013-07-20 04:15 - 2013-01-09 16:11 - 00500796 _____ C:\Windows\PFRO.log
2013-07-20 04:15 - 2013-01-09 15:32 - 00076494 _____ C:\Windows\setupact.log
2013-07-20 04:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-19 21:21 - 2012-10-14 11:11 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{70A85A1B-57FD-4E00-A63B-5D0C2FAEADD1}
2013-07-19 18:57 - 2013-06-04 12:35 - 00054156 ____H C:\Windows\QTFont.qfn
2013-07-19 17:01 - 2013-07-19 17:01 - 00002029 _____ C:\Users\Erik\Desktop\JRT.txt
2013-07-19 16:58 - 2013-07-19 16:58 - 00000000 ____D C:\Windows\ERUNT
2013-07-19 16:57 - 2013-07-19 16:57 - 00559341 _____ (Oleg N. Scherbakov) C:\Users\Erik\Desktop\JRT.exe
2013-07-19 16:54 - 2013-07-19 16:54 - 00005815 _____ C:\AdwCleaner[S1].txt
2013-07-19 16:53 - 2013-07-19 16:53 - 00662345 _____ C:\Users\Erik\Desktop\adwcleaner.exe
2013-07-19 14:59 - 2013-07-19 14:55 - 00000000 ____D C:\ComboFix
2013-07-19 14:58 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-19 14:46 - 2012-05-20 00:20 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000Core.job
2013-07-19 14:25 - 2013-07-19 14:14 - 00000000 ____D C:\Windows\erdnt
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2013-07-19 14:17 - 2013-07-19 14:17 - 00000000 ____D C:\Users\Erik\Documents\ProcAlyzer Dumps
2013-07-19 14:17 - 2013-07-17 15:40 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-19 14:16 - 2013-07-19 14:15 - 05091168 ____R (Swearware) C:\Users\Erik\Desktop\ComboFix.exe
2013-07-19 14:15 - 2013-07-19 14:15 - 00000000 ____D C:\Qoobox
2013-07-19 10:27 - 2013-07-19 10:27 - 01778207 _____ (Farbar) C:\Users\Erik\Desktop\FRST64.exe
2013-07-19 10:25 - 2013-07-19 10:25 - 00000000 ____D C:\FRST
2013-07-19 07:31 - 2013-07-19 07:31 - 00000342 _____ C:\Users\Erik\Desktop\defogger_enable.log
2013-07-19 07:31 - 2012-05-20 04:16 - 00000000 ____D C:\Users\Erik
2013-07-19 07:02 - 2013-07-19 07:02 - 00377856 _____ C:\Users\Erik\Desktop\gmer_2.1.19163.exe
2013-07-19 06:59 - 2013-07-19 06:55 - 00145604 _____ C:\Users\Erik\Desktop\OTL.Txt
2013-07-19 06:49 - 2013-07-19 06:49 - 00602112 _____ (OldTimer Tools) C:\Users\Erik\Desktop\OTL.exe
2013-07-19 06:48 - 2013-07-19 06:47 - 00000470 _____ C:\Users\Erik\Desktop\defogger_disable.log
2013-07-19 06:47 - 2013-07-19 06:47 - 00050477 _____ C:\Users\Erik\Desktop\Defogger.exe
2013-07-19 06:08 - 2012-05-20 00:52 - 00000000 ____D C:\Users\Erik\AppData\Roaming\uTorrent
2013-07-18 15:56 - 2013-03-18 20:09 - 00001456 _____ C:\Users\Erik\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-07-18 06:55 - 2009-07-14 06:45 - 05069368 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-17 15:40 - 2012-05-30 18:16 - 00000000 ____D C:\Users\Erik\AppData\Roaming\FileZilla
2013-07-17 15:38 - 2013-07-17 15:37 - 36271144 _____ (Safer-Networking Ltd. ) C:\Users\Erik\Desktop\spybot-2.1.exe
2013-07-17 05:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-17 05:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-07-17 05:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-17 05:00 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-17 02:29 - 2013-04-01 16:01 - 00000000 ____D C:\Program Files (x86)\AmoK
2013-07-17 02:23 - 2012-12-04 17:11 - 00000000 ____D C:\ProgramData\Orbit
2013-07-17 02:23 - 2012-05-20 12:44 - 00000000 ____D C:\Users\Erik\Documents\My Games
2013-07-16 22:01 - 2013-07-16 22:01 - 00000132 _____ C:\Users\Erik\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-07-16 19:44 - 2013-07-16 19:31 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-16 19:44 - 2012-12-04 17:12 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-16 19:32 - 2013-07-16 19:31 - 00281688 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-16 19:31 - 2013-07-16 19:31 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-07-16 16:42 - 2012-09-21 19:52 - 00000000 ____D C:\Users\Erik\Documents\Youcam
2013-07-16 16:03 - 2012-05-21 13:09 - 00000000 ____D C:\Users\Erik\AppData\Roaming\vlc
2013-07-16 15:56 - 2013-07-16 15:56 - 00001852 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-16 15:56 - 2013-05-26 08:15 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-16 13:54 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-16 02:40 - 2012-05-23 22:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-16 02:38 - 2012-10-19 18:42 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-15 16:44 - 2013-07-15 16:44 - 02897123 _____ C:\Users\Erik\Downloads\Slides-SlidesJS-3.zip
2013-07-15 14:41 - 2012-05-20 00:20 - 00004088 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000UA
2013-07-15 14:41 - 2012-05-20 00:20 - 00003692 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1899846101-2057684675-232230585-1000Core
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-15 13:53 - 2013-07-15 13:53 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-15 13:47 - 2013-01-10 17:24 - 00000000 ____D C:\Users\Erik\Desktop\ebooks
2013-07-15 13:47 - 2012-05-20 00:21 - 00000000 ____D C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-07-15 13:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-07-15 13:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-07-15 13:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-15 13:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-15 13:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-15 13:47 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Windows NT
2013-07-15 13:47 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-07-14 11:37 - 2013-07-14 11:36 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 23:10 - 2013-07-10 23:10 - 00001167 _____ C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk
2013-07-10 23:10 - 2013-07-10 23:10 - 00000000 ____D C:\Users\Erik\AppData\Roaming\FreeFLVConverter
2013-07-10 23:10 - 2013-07-10 23:10 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-07-10 23:09 - 2013-07-10 23:09 - 00804552 _____ (Koyote-Lab Inc.) C:\Users\Erik\Downloads\FreeFLVConverter75Setup.exe
2013-07-08 13:44 - 2013-07-08 13:44 - 01119679 _____ C:\Users\Erik\Downloads\soft_grunge_patterns_free.zip
2013-07-08 13:36 - 2013-07-08 13:35 - 09297306 _____ C:\Users\Erik\Downloads\398-function_subtle_grunge_2.zip
2013-07-08 13:13 - 2013-07-08 13:13 - 03306019 _____ C:\Users\Erik\Downloads\elegantmediaicons.zip
2013-07-07 19:30 - 2013-07-07 19:30 - 42569291 _____ C:\Users\Erik\Downloads\studies_in_plant_form_by_remittancegirl-d4628vc.abr
2013-07-07 14:45 - 2013-07-07 14:45 - 02787484 _____ C:\Users\Erik\Downloads\vintage_grunge_brushes_by_alex16.abr
2013-07-07 14:36 - 2013-07-07 14:36 - 17446304 _____ C:\Users\Erik\Downloads\old_print_paper_abr.zip
2013-07-07 14:04 - 2013-07-07 14:04 - 10018510 _____ C:\Users\Erik\Downloads\Postage_Photoshop_Brushes_by_redheadstock.zip
2013-07-06 22:14 - 2012-10-19 12:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-06 22:08 - 2012-06-06 16:33 - 00000000 ____D C:\Windows\Minidump
2013-07-06 22:04 - 2012-05-20 10:53 - 00000631 _____ C:\Users\Erik\SciTE.session
2013-07-06 22:02 - 2013-07-06 22:00 - 00000030 _____ C:\Users\Erik\Desktop\antivir.au3
2013-07-06 21:52 - 2013-07-06 21:45 - 00000031 _____ C:\Users\Erik\AppData\Roaming\mbam.context.scan
2013-07-06 16:27 - 2013-07-02 12:35 - 00000000 ____D C:\Users\Erik\Desktop\toread
2013-07-02 23:59 - 2013-07-02 23:19 - 49979268 _____ C:\Users\Erik\Downloads\Fold.0842X.zip
2013-07-02 23:18 - 2013-07-02 23:18 - 00293832 _____ (StarApp) C:\Users\Erik\Downloads\Above the Fold - Understanding the Principles of Successful Web Site Design.exe
2013-07-01 23:50 - 2013-07-01 23:50 - 00016488 _____ C:\Users\Erik\Desktop\the-magic-of-thinking-big-david-j-schwartz.pdf - Verknüpfung.lnk
2013-07-01 23:49 - 2013-07-01 23:49 - 00001545 _____ C:\Users\Erik\Desktop\The_4-Hour_Workweek_Escape_9_5 expanded and updated.pdf - Verknüpfung.lnk
2013-07-01 23:31 - 2013-07-01 23:31 - 00002873 _____ C:\Users\Erik\Downloads\[isoHunt] The Miracle of Mindfulness (7Summits).torrent
2013-07-01 16:03 - 2013-07-01 16:03 - 00000000 ____D C:\Users\Erik\AppData\Local\Harmony_Hollow_Software
2013-07-01 15:58 - 2013-07-01 15:58 - 00000000 ____D C:\Users\Erik\AppData\Local\CTSounds
2013-07-01 15:58 - 2013-07-01 15:58 - 00000000 ____D C:\Program Files (x86)\Cool Timer
2013-07-01 15:58 - 2012-05-20 04:33 - 00125248 _____ C:\Users\Erik\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-01 15:55 - 2013-07-01 15:55 - 00892040 _____ (CNET Download.com) C:\Users\Erik\Downloads\cbsidlm-cbsi118-Cool_Timer-SEO-10062255.exe
2013-07-01 15:51 - 2013-07-01 15:51 - 01985112 _____ (Comfort Software Group ) C:\Users\Erik\Downloads\FreeCountdownTimerSetup.exe
2013-07-01 11:53 - 2013-07-10 23:10 - 00397312 _____ (Koyote-Lab Inc) C:\Windows\SysWOW64\TubeFinder.exe
2013-06-28 14:25 - 2013-06-28 14:25 - 00068664 _____ C:\Users\Erik\Downloads\B00458LJ12
2013-06-26 18:12 - 2013-06-26 18:12 - 00000002 _____ C:\Users\Erik\Desktop\piano lessons.txt
2013-06-26 01:41 - 2013-06-26 01:41 - 00001322 _____ C:\Users\Erik\Desktop\ebook - Neil Strauss - Rules of the Game.pdf - Verknüpfung.lnk
2013-06-25 03:33 - 2013-06-25 03:33 - 00000129 _____ C:\Users\Erik\Desktop\ss.txt
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 00:54
==================== End Of Log ============================
Geändert von luther (20.07.2013 um 05:02 Uhr) |
|
20.07.2013, 10:37
| #12 |
| /// the machine /// TB-Ausbilder | Internet - Fehler beim Virenscan & langsame Verbindung (?) Java bitte updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Was heisst downloads sind nicht möglich? In welchem Browser? Starten gar nicht oder starten und brechen ab?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.07.2013, 19:13
| #13 |
| | Internet - Fehler beim Virenscan & langsame Verbindung (?) So ich hab jetzt auch den TFC mal säubern lassen und 750MB wegbekommen. Downloads gehen leider noch immer nicht, Anfangsproblem ist nach so vielen Scans und Tools leider noch immer da. In keinem Internetbrowser lässt sich auch nur irgendeine Datei (jpg, exe, egal) runterladen. Die Dateien laden zwar zu Ende, doch werden sofort wieder danach gelöscht. Bei Chrome bekomme ich die Meldung: "Fehler - Fehler beim Virenscan". Bei anderen Browsern wird nichts angezeigt, die Datei ist nach dem Download einfach nichtmehr auf der Festplatte. Mit anderen Tools funktionieren Downloads jedoch(z.B. Youtube Downloader oder VMware Emu, was ich übrigens nutze um die Tools zu laden). Hinzu kommt, dass ich andauernd ein Captcha ausfüllen muss beim Googlen, was am nervigsten ist.  |
|
20.07.2013, 20:15
| #14 |
| /// the machine /// TB-Ausbilder | Internet - Fehler beim Virenscan & langsame Verbindung (?) Das Captcha ist normal. Browser deinstallieren, keine Daten behalten, neu installieren. Router resetten, Verbindungsdaten neu eingeben. Windows-Taste + R, schreibe ipconfig /flushdns und drücke enter.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.07.2013, 05:19
| #15 |
| | Internet - Fehler beim Virenscan & langsame Verbindung (?) ein captcha bei 50% der suchanfragen ist zum glück nicht normal deine tipps haben leider auch nicht mehr geholfen. Ich versuche mal einen anderen Virenscanner zu laden und schaue mal ob sich noch was finden lässt. Sonst ist wohl irgendwas im System kaputt. danke für deine Mühen. falls sich eine Lösung finden lässt, werde ich sie hier für die Nachwelt festhalten |
|
| Themen zu Internet - Fehler beim Virenscan & langsame Verbindung (?) |
| adblock, application/pdf:, aufgabenplaner, booten, browser, converter, dvdvideosoft ltd., error, excel, fehler, firefox, helper, home, homepage, hängt, internet, intranet, launch, logfile, monitor.exe, mozilla, mp3, object, plug-in, problem, prozess, realtek, registry, safer networking, scan, security, somoto, stick, tracker, usb, windows |
Linear-Darstellung
