|
Plagegeister aller Art und deren Bekämpfung: Nervige Werbung: 'Ads not by this site'-ProblemWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.07.2013, 20:26 | #1 |
| Nervige Werbung: 'Ads not by this site'-Problem Die bekannten, bei euch hier ja auch häufiger beschriebenen Werbeattacken mit 'Ads not by this site'-Einblendungen haben meinen Rechner auch erwischt. Das Junkware Removal Tool u. a. habe ich schon durchlaufen lassen. Wäre klasse, wenn ihr mir helfen könntet. OTL hab ich schon durchlaufen lassen. Das Ergebnis wollte ich anhängen oder in Code-Tags einschließen. Beides klappte nicht, denn so wurde es zu lang: 430,7 KB. Please help! LG Geändert von UltimateBert (21.07.2013 um 21:19 Uhr) |
21.07.2013, 21:21 | #2 |
/// the machine /// TB-Ausbilder | Nervige Werbung: 'Ads not by this site'-Problem hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
22.07.2013, 00:22 | #3 |
| Nervige Werbung: 'Ads not by this site'-Problem Okay, hier die Ergebnisse:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013 Ran by Bert (administrator) on 22-07-2013 01:17:03 Running from C:\Users\Bert\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Emsisoft GmbH) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2SERVICE.EXE (COMODO) C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CMDAGENT.EXE (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (AVAST Software) C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE (IObit) C:\PROGRAM FILES (X86)\IOBIT\IOBIT MALWARE FIGHTER\IMFSRV.EXE (Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE (Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE (COMODO) C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CISTRAY.EXE (MAXA Research Int'l Inc.) C:\PROGRAM FILES (X86)\MAXA COOKIE MANAGER\COOKIE.EXE (SUPERAntiSpyware.com) C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE64.EXE () C:\PROGRAM FILES\RAINLENDAR\RAINLENDAR2.EXE (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (PC Tools) C:\PROGRAM FILES (X86)\THREATFIRE\TFTRAY.EXE (Safer-Networking Ltd.) C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\SDTRAY.EXE (Samsung Electronics Co., Ltd.) C:\PROGRAM FILES (X86)\SAMSUNG\EASY DISPLAY MANAGER\WIFIMANAGER.EXE (Samsung Electronics Co., Ltd.) C:\PROGRAM FILES (X86)\SAMSUNG\EASY DISPLAY MANAGER\DMHKCORE.EXE (Zemana Ltd.) C:\PROGRAM FILES (X86)\ZEMANA ANTILOGGER\ANTILOGGER FREE.EXE (CyberLink) C:\PROGRAM FILES (X86)\CYBERLINK\YOUCAM\YCMMIRAGE.EXE (AVAST Software) C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTUI.EXE (Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (PC Tools) C:\PROGRAM FILES (X86)\THREATFIRE\TFSERVICE.EXE (IObit) C:\PROGRAM FILES (X86)\IOBIT\IOBIT MALWARE FIGHTER\IMF.EXE (TuneUp Software) C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUNEUPUTILITIESSERVICE64.EXE (Safer-Networking Ltd.) C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\SDUPDSVC.EXE (Mozilla Corporation) C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE (Safer-Networking Ltd.) C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\SDWSCSVC.EXE (TuneUp Software) C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUNEUPUTILITIESAPP64.EXE (Samsung Electronics Co., Ltd.) C:\PROGRAM FILES\SAMSUNG\SAMSUNGFASTSTART\SMARTRESTARTER.EXE (Safer-Networking Ltd.) C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\SDFSSVC.EXE (Samsung Electronics Co., Ltd.) C:\PROGRAM FILES (X86)\SAMSUNG\MOVIE COLOR ENHANCER\MOVIECOLORENHANCER.EXE (SAMSUNG Electronics) C:\PROGRAM FILES (X86)\SAMSUNG\SAMSUNG SUPPORT CENTER\SSCKBDHK.EXE (COMODO) C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CAVWP.EXE (COMODO) C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CIS.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\LMS\LMS.EXE (Samsung Electronics) C:\PROGRAM FILES (X86)\SAMSUNG\SAMSUNG UPDATE PLUS\SUPBACKGROUND.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\UNS\UNS.EXE (CyberLink) C:\PROGRAM FILES (X86)\CYBERLINK\POWER2GO\CLMLSVC.EXE (CyberLink Corp.) C:\PROGRAM FILES (X86)\CYBERLINK\MEDIA+PLAYER10\MEDIA+PLAYER10SERV.EXE (Intel Corporation) C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE (Samsung Electronics Co., Ltd.) C:\PROGRAM FILES (X86)\SAMSUNG\EASYSPEEDUPMANAGER\EASYSPEEDUPMANAGER.EXE (Adobe Systems, Inc.) C:\WINDOWS\SYSWOW64\MACROMED\FLASH\FLASHPLAYERPLUGIN_11_8_800_94.EXE (Adobe Systems, Inc.) C:\WINDOWS\SYSWOW64\MACROMED\FLASH\FLASHPLAYERPLUGIN_11_8_800_94.EXE (The Eraser Project) C:\PROGRA~1\ERASER\ERASER.EXE (Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE (EJIE Technology) C:\PROGRAM FILES (X86)\CLOVER\CLOVER.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Eraser] - C:\PROGRA~1\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project) HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.) HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Defrag\oodtray.exe [3942216 2011-01-25] (O&O Software GmbH) HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777296 2012-09-07] (Crawler.com) HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com) HKLM\...\Run: [COMODO Internet Security] - C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cistray.exe [1502424 2013-07-08] (COMODO) HKCU\...\Run: [MSCS] - C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe [978944 2011-12-11] (MAXA Research Int'l Inc.) HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar\Rainlendar2.exe [2555392 2012-10-25] () HKCU\...\Run: [SandboxieControl] - C:\PROGRAM FILES\SANDBOXIE\SbieCtrl.exe [759384 2013-06-17] (Sandboxie Holdings, LLC) HKLM-x32\...\Run: [ThreatFire] - C:\Program Files (x86)\ThreatFire\TFTray.exe [378128 2010-01-15] (PC Tools) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM-x32\...\Run: [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.) HKLM-x32\...\Run: [IObit Malware Fighter] - "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart [1504576 2013-05-30] (IObit) HKLM-x32\...\Run: [ZALFree] - "C:\Program Files (x86)\Zemana AntiLogger\AntiLogger Free.exe" /MINIMIZED [12999984 2013-07-18] (Zemana Ltd.) HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKU\Administrator\...\Run: [Advanced SystemCare 5] - "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [619352 2011-12-30] (IObit) HKU\Administrator\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [x] HKU\Administrator\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar\Rainlendar2.exe [2555392 2012-10-25] () HKU\Administrator\...\Run: [VeohPlugin] - "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2816328 2011-10-26] (Veoh Networks) AppInit_DLLs: C:\PROGRA~2\KeyCryptSDK\KEYCRY~4.DLL [89936 2013-07-18] (Zemana Ltd.) AppInit_DLLs-x32: C:\PROGRA~2\KeyCryptSDK\KEYCRY~3.DLL [82696 2013-07-18] (Zemana Ltd.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk ShortcutTarget: AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe () BootExecute: fSDKBtDfSDKBtsdnclean64.exe ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: localhost:21320 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com?type=198484&fr=spigot-yhp-ie StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch SearchScopes: HKCU - DefaultScope {62403BF9-B85D-4453-ACF4-965285CA2C99} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {62403BF9-B85D-4453-ACF4-965285CA2C99} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\Advanced SystemCare\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - No Name - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} DPF: HKLM-x32 {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} Handler: ipp - No CLSID Value - Handler: msdaipp - No CLSID Value - Handler-x32: ipp - No CLSID Value - Handler-x32: msdaipp - No CLSID Value - Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @IObit.com/np_Asc_Plugin - C:\Program Files (x86)\IObit\Advanced SystemCare\BrowerProtect\np_Asc_plugin.dll (IObit) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\glarysearch.xml FF Extension: No Name - C:\Users\Bert\AppData\Roaming\Mozilla\Extensions\plugins FF Extension: No Name - C:\Users\Bert\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: adblocker - C:\Program Files (x86)\Mozilla Firefox\extensions\adblocker@avast.com.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKCU\...\Firefox\Extensions: [maxacookie@maxatools.com] C:\Program Files (x86)\MAXA Cookie Manager\extension FF Extension: MAXA Cookie Manager - C:\Program Files (x86)\MAXA Cookie Manager\extension FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://de.search.yahoo.com?type=800236&fr=spigot-yhp-ch" CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare\BrowerProtect\ASC_GhromePluginFor6.crx CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE64.EXE [140672 2012-09-08] (SUPERAntiSpyware.com) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2938408 2013-07-20] (Emsisoft GmbH) S4 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [574272 2013-04-18] (IObit) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6199520 2013-07-08] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [158936 2013-06-18] (COMODO) S4 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic) R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit) S4 OODefragAgent; C:\Program Files\OO Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH) S4 PuranDefrag; C:\WINDOWS\SYSTEM32\PURANDEFRAGS.EXE [292736 2012-08-13] (Puran Software) S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [180824 2013-06-17] (Sandboxie Holdings, LLC) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1148632 2011-09-28] (Crawler.com) R2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe [70928 2010-01-15] (PC Tools) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software) S2 Firefox Service; S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [x] S2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [x] ==================== Drivers (Whitelisted) ==================== S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-07-20] (Emsisoft GmbH) S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-07-20] (Emsisoft GmbH) R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-07-11] (Emsisoft GmbH) R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-07-11] (Emsisoft GmbH) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-31] (AVAST Software) R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-21] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-21] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-21] () S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57032 2013-07-11] (Emsisoft GmbH) S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57032 2013-07-11] (Emsisoft GmbH) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-06-18] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [708632 2013-07-08] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2013-06-18] (COMODO) R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit) R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-06-18] (COMODO) R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25568 2013-07-18] (Zemana Ltd.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com) R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-09-20] (Windows (R) 2003 DDK 3790 provider) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-09-20] (Windows (R) 2003 DDK 3790 provider) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [198360 2013-06-17] (Sandboxie Holdings, LLC) R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-11-19] (Windows (R) Win 7 DDK provider) R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [65072 2010-01-15] (PC Tools) R3 TfNetMon; C:\windows\system32\drivers\TfNetMon.sys [41888 2010-01-15] (PC Tools) R3 TfNetMon; C:\windows\system32\drivers\TfNetMon.sys [41888 2010-01-15] (PC Tools) R0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [59880 2010-01-15] (PC Tools) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software) R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com) R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com) S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [x] S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-22 01:16 - 2013-07-22 01:16 - 00000000 ____D C:\FRST 2013-07-22 01:14 - 2013-07-22 01:15 - 01779363 _____ (Farbar) C:\Users\Bert\Downloads\FRST64.exe 2013-07-21 18:21 - 2013-07-21 18:22 - 00000000 ____D C:\Program Files\ExtMan (IconTweak) 2013-07-21 17:48 - 2013-07-21 17:48 - 00003186 _____ C:\windows\System32\Tasks\{9544E3BB-C36F-45F9-8CCB-F04A5417C807} 2013-07-21 17:34 - 2013-07-21 17:51 - 00000000 ____D C:\Users\Bert\AppData\Roaming\IcoFX2X 2013-07-21 17:23 - 2013-07-21 23:49 - 00000168 _____ C:\windows\setupact.log 2013-07-21 17:23 - 2013-07-21 17:23 - 00000000 _____ C:\windows\setuperr.log 2013-07-21 16:56 - 2013-07-21 21:10 - 00000000 ____D C:\Users\Bert\Documents\Trojaner-Board 2013-07-21 16:06 - 2013-07-21 23:50 - 00000324 _____ C:\windows\Tasks\GlaryInitialize.job 2013-07-21 16:06 - 2013-07-21 16:06 - 00002600 _____ C:\windows\System32\Tasks\GlaryInitialize 2013-07-21 15:37 - 2013-07-21 15:46 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2013-07-21 15:37 - 2013-07-21 15:46 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2013-07-21 15:37 - 2013-07-21 15:46 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys 2013-07-21 15:37 - 2013-07-21 15:37 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update 2013-07-21 15:37 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2013-07-21 15:37 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2013-07-21 15:37 - 2013-05-09 10:59 - 00065336 _____ C:\windows\system32\Drivers\aswRvrt.sys 2013-07-21 15:37 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys 2013-07-21 15:37 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys 2013-07-21 15:36 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\windows\avastSS.scr 2013-07-21 15:11 - 2013-07-21 15:12 - 00000000 ____D C:\windows\System32\Tasks\COMODO 2013-07-21 15:10 - 2013-07-21 15:11 - 00000000 ___SD C:\ProgramData\Shared Space 2013-07-21 15:02 - 2013-07-21 15:11 - 00000000 ____D C:\Program Files (x86)\Junkware Removal Tool 2013-07-21 06:00 - 2013-07-21 06:00 - 00000000 _____ C:\ProgramData\rebootpending.txt 2013-07-21 05:56 - 2013-07-21 22:22 - 00038016 _____ C:\windows\WindowsUpdate.log 2013-07-21 03:52 - 2013-07-21 04:32 - 00040534 _____ C:\windows\system32\Drivers\fvstore.dat 2013-07-21 03:52 - 2013-07-21 03:52 - 00000000 ___HD C:\VTRoot 2013-07-21 03:21 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe 2013-07-21 02:50 - 2013-07-21 04:32 - 00389937 _____ C:\windows\system32\Drivers\sfi.dat 2013-07-21 02:48 - 2013-07-21 02:50 - 00000000 ____D C:\ProgramData\Comodo 2013-07-21 02:48 - 2013-07-21 02:48 - 00000000 ____D C:\Program Files\COMODO 2013-07-21 02:35 - 2013-07-21 02:35 - 01700352 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdiplus.dll 2013-07-21 02:35 - 2013-07-21 02:35 - 01060864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc71.dll 2013-07-21 02:35 - 2013-07-21 02:35 - 00348160 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll 2013-07-21 02:30 - 2013-07-21 03:21 - 00000000 ____D C:\Program Files (x86)\Comodo 2013-07-21 02:28 - 2013-07-21 02:28 - 00000000 ____D C:\ProgramData\Comodo Downloader 2013-07-21 02:21 - 2013-06-06 22:41 - 00489392 _____ (Ask Partner Network) C:\Users\Bert\Documents\APNSetup.exe 2013-07-21 02:19 - 2013-07-21 06:00 - 00000000 ____D C:\ProgramData\Avira 2013-07-21 01:43 - 2013-07-21 01:43 - 00001130 _____ C:\DelFix.txt 2013-07-21 00:46 - 2013-07-21 01:31 - 00000000 ____D C:\windows\erdnt 2013-07-20 12:53 - 2013-07-20 12:54 - 00000000 ____D C:\EEK 2013-07-20 11:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-07-20 01:24 - 2013-07-20 01:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-20 00:43 - 2013-07-20 00:43 - 00312232 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00188840 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2013-07-20 00:43 - 2013-07-20 00:43 - 00000000 ____D C:\Program Files\Java 2013-07-20 00:33 - 2013-07-20 00:33 - 00000000 _____ C:\autoexec.bat 2013-07-20 00:30 - 2013-07-21 08:00 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-07-20 00:25 - 2013-07-21 00:05 - 00000000 ____D C:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP 2013-07-18 21:38 - 2013-07-19 11:44 - 00018944 _____ C:\Users\Bert\Desktop\Bundestagswahlprognose.xls 2013-07-17 05:21 - 2013-07-20 01:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak 2013-07-16 05:40 - 2013-07-21 03:36 - 00000000 ____D C:\Program Files\Unlocker 2013-07-16 05:40 - 2013-07-16 05:40 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker 2013-07-16 05:34 - 2013-07-16 05:34 - 00000000 ____D C:\Users\Bert\Documents\Art 2013-07-16 04:42 - 2013-07-16 05:27 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Jitsi 2013-07-16 04:42 - 2013-07-16 04:42 - 00000000 ____D C:\Program Files (x86)\Jitsi 2013-07-16 02:49 - 2013-07-16 03:32 - 00000000 ____D C:\Program Files (x86)\KVIrc 2013-07-15 22:52 - 2013-07-15 22:52 - 00000000 ____D C:\Users\Bert\Desktop\Elfriede Jelinek - Neid 2013-07-15 17:47 - 2013-07-15 19:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-07-11 23:48 - 2013-07-11 23:51 - 00000000 ____D C:\Program Files (x86)\LibreOffice 3.6 2013-07-10 01:44 - 2013-07-10 01:44 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-10 01:43 - 2013-07-10 01:43 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-07-10 01:43 - 2013-07-10 01:43 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-10 01:43 - 2013-07-10 01:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-07-10 01:41 - 2013-07-10 01:41 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-10 01:41 - 2013-07-10 01:41 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2013-07-10 01:31 - 2013-07-10 01:31 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-10 01:31 - 2013-07-10 01:31 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-07-10 01:31 - 2013-07-10 01:31 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2013-07-10 01:31 - 2013-07-10 01:31 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll 2013-07-10 01:28 - 2013-07-10 01:28 - 00000000 ____D C:\Program Files (x86)\BootkitRemoval 2013-07-10 01:09 - 2013-07-10 01:09 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll 2013-07-10 01:09 - 2013-07-10 01:09 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01505280 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2013-07-10 01:07 - 2013-07-10 01:07 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2013-07-10 01:07 - 2013-07-10 01:07 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys 2013-07-10 01:07 - 2013-07-10 01:07 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll 2013-07-10 00:55 - 2013-07-10 00:55 - 00001262 _____ C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk 2013-07-10 00:14 - 2013-07-10 00:16 - 00000000 ____D C:\Program Files (x86)\Clover 2013-07-10 00:14 - 2013-07-10 00:14 - 00000000 ____D C:\Users\Bert\AppData\Local\Clover 2013-07-10 00:12 - 2012-12-20 22:24 - 03837440 _____ (Qualcomm Atheros Communications, Inc.) C:\windows\system32\Drivers\athrx.sys 2013-07-10 00:11 - 2013-07-10 00:11 - 00000000 ____D C:\Program Files (x86)\SpeedyFox 2013-07-10 00:09 - 2013-07-10 00:12 - 00000000 ____D C:\Program Files\DIFX 2013-07-10 00:06 - 2013-07-10 00:06 - 00000000 ____D C:\Program Files (x86)\MSECache 2013-07-10 00:05 - 2013-07-10 00:42 - 00000000 ____D C:\Program Files\Office Tab 2013-07-10 00:03 - 2013-07-10 00:03 - 00000000 ____D C:\Users\Bert\ultracopier 2013-07-10 00:02 - 2013-07-20 19:10 - 00000000 ____D C:\Program Files\Supercopier 2013-07-10 00:02 - 2012-12-27 01:26 - 00805088 _____ (Realtek ) C:\windows\system32\Drivers\Rt64win7.sys 2013-07-10 00:02 - 2012-12-27 01:26 - 00074344 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll 2013-07-10 00:00 - 2013-07-21 00:26 - 00003214 _____ C:\windows\System32\Tasks\Driver Booster Update 2013-07-09 23:58 - 2013-07-16 03:57 - 00000000 ____D C:\Users\Bert\AppData\Roaming\PasteCopy.NET 2013-07-09 23:57 - 2013-07-21 23:57 - 00000000 ____D C:\Program Files (x86)\PasteCopy.NET 2013-07-08 23:50 - 2013-07-08 23:50 - 00000000 ____D C:\Users\Bert\AppData\Roaming\aignes 2013-07-08 23:50 - 2013-07-08 23:50 - 00000000 ____D C:\Program Files (x86)\AM-DeadLink 2013-07-04 14:44 - 2013-07-04 14:44 - 00000000 _____ C:\windows\SysWOW64\FAPED09.tmp 2013-07-04 14:41 - 2013-07-04 14:41 - 00000000 _____ C:\windows\SysWOW64\FAP6BE6.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAPFFE9.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAP54F8.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAP3D90.tmp 2013-07-04 14:39 - 2013-07-04 14:39 - 00000000 _____ C:\windows\SysWOW64\FAP713B.tmp 2013-07-04 14:38 - 2013-07-04 14:38 - 00000000 _____ C:\windows\SysWOW64\FAPD69F.tmp 2013-07-04 14:36 - 2013-07-04 14:36 - 00000000 _____ C:\windows\SysWOW64\FAP2D.tmp 2013-07-04 14:35 - 2013-07-04 14:35 - 00000000 _____ C:\windows\SysWOW64\FAP76FF.tmp 2013-07-04 13:03 - 2013-07-04 13:03 - 00000000 _____ C:\windows\SysWOW64\FAPE22C.tmp 2013-07-04 13:02 - 2013-07-04 13:02 - 00000000 _____ C:\windows\SysWOW64\FAP5739.tmp 2013-07-04 13:00 - 2013-07-04 13:00 - 00000000 _____ C:\windows\SysWOW64\FAP5B7B.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPFE8B.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPF8A0.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPF840.tmp 2013-07-04 12:57 - 2013-07-04 12:57 - 00000000 _____ C:\windows\SysWOW64\FAP7402.tmp 2013-07-04 12:50 - 2013-07-04 12:50 - 00000000 _____ C:\windows\SysWOW64\FAPDA60.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPEACA.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPD381.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPBBF9.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP906.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP740E.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP5D8F.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP2001.tmp 2013-07-04 12:48 - 2013-07-04 12:48 - 00000000 _____ C:\windows\SysWOW64\FAP8C31.tmp 2013-07-04 12:48 - 2013-07-04 12:48 - 00000000 _____ C:\windows\SysWOW64\FAP78ED.tmp 2013-07-04 12:42 - 2013-07-04 12:42 - 00000000 _____ C:\windows\SysWOW64\FAP8450.tmp 2013-07-04 12:33 - 2013-07-04 12:33 - 00000000 _____ C:\windows\SysWOW64\FAP1334.tmp 2013-07-04 12:17 - 2013-07-04 12:17 - 00000000 _____ C:\windows\SysWOW64\FAP815F.tmp 2013-07-04 04:09 - 2013-07-04 04:09 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-07-04 01:24 - 2013-07-04 01:24 - 00000000 ____D C:\Users\Bert\.macromedia 2013-07-04 00:16 - 2013-07-14 01:00 - 00000000 ____D C:\Program Files (x86)\FEBE 2013-07-03 16:39 - 2013-07-03 16:44 - 00000600 _____ C:\Users\Bert\PUTTY.RND 2013-07-03 14:59 - 2013-07-03 14:59 - 00000000 _____ C:\Users\Bert\mm_backup.cfg 2013-07-02 17:21 - 2013-07-02 17:21 - 00000000 ____D C:\Program Files (x86)\Tor 2013-07-02 17:17 - 2013-07-02 17:18 - 00000000 ____D C:\Users\Bert\Documents\Calibre Library 2013-07-02 17:13 - 2013-07-02 17:18 - 00000000 ____D C:\Users\Bert\AppData\Roaming\calibre 2013-07-02 17:13 - 2013-07-02 17:13 - 00000000 ____D C:\Users\Bert\Documents\Calibre Bibliothek 2013-07-02 17:12 - 2013-07-02 17:12 - 00000000 ____D C:\Program Files (x86)\Calibre2 2013-07-02 03:06 - 2013-07-02 03:06 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2013-07-02 03:06 - 2013-07-02 03:06 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2013-07-02 03:06 - 2013-07-02 03:06 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat 2013-07-02 03:06 - 2013-07-02 03:06 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat 2013-07-02 03:06 - 2013-07-02 03:06 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00599552 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2013-07-02 03:06 - 2013-07-02 03:06 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2013-07-02 03:06 - 2013-07-02 03:06 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00270848 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00242200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx 2013-07-02 03:06 - 2013-07-02 03:06 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx 2013-07-02 03:06 - 2013-07-02 03:06 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe 2013-06-28 00:11 - 2013-07-21 15:46 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum 2013-06-27 01:54 - 2013-07-21 15:46 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum 2013-06-27 01:54 - 2013-07-21 15:46 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum 2013-06-25 21:52 - 2013-07-21 00:26 - 00002966 _____ C:\windows\System32\Tasks\{BBF7C257-78DB-4727-AAD0-4AC4EE99BFC6} ==================== One Month Modified Files and Folders ======= 2013-07-22 01:17 - 2013-02-08 12:37 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-22 01:16 - 2013-07-22 01:16 - 00000000 ____D C:\FRST 2013-07-22 01:15 - 2013-07-22 01:14 - 01779363 _____ (Farbar) C:\Users\Bert\Downloads\FRST64.exe 2013-07-22 00:00 - 2009-07-14 06:45 - 00028624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-22 00:00 - 2009-07-14 06:45 - 00028624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-21 23:58 - 2013-07-21 05:56 - 00038016 _____ C:\windows\WindowsUpdate.log 2013-07-21 23:57 - 2013-07-09 23:57 - 00000000 ____D C:\Program Files (x86)\PasteCopy.NET 2013-07-21 23:51 - 2011-11-19 16:47 - 00000000 ____D C:\Users\Bert\.rainlendar2 2013-07-21 23:50 - 2013-07-21 16:06 - 00000324 _____ C:\windows\Tasks\GlaryInitialize.job 2013-07-21 23:50 - 2012-06-07 11:56 - 00065536 _____ C:\windows\system32\Ikeext.etl 2013-07-21 23:50 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-21 23:49 - 2013-07-21 17:23 - 00000168 _____ C:\windows\setupact.log 2013-07-21 22:01 - 2013-06-04 11:11 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK 2013-07-21 22:01 - 2011-11-19 17:00 - 00000000 ____D C:\ProgramData\Spyware Terminator 2013-07-21 21:10 - 2013-07-21 16:56 - 00000000 ____D C:\Users\Bert\Documents\Trojaner-Board 2013-07-21 19:16 - 2011-11-16 10:08 - 00000000 ____D C:\Users\Bert\AppData\Local\CrashDumps 2013-07-21 18:22 - 2013-07-21 18:21 - 00000000 ____D C:\Program Files\ExtMan (IconTweak) 2013-07-21 17:54 - 2013-06-04 11:11 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger 2013-07-21 17:51 - 2013-07-21 17:34 - 00000000 ____D C:\Users\Bert\AppData\Roaming\IcoFX2X 2013-07-21 17:48 - 2013-07-21 17:48 - 00003186 _____ C:\windows\System32\Tasks\{9544E3BB-C36F-45F9-8CCB-F04A5417C807} 2013-07-21 17:23 - 2013-07-21 17:23 - 00000000 _____ C:\windows\setuperr.log 2013-07-21 16:07 - 2011-11-15 20:15 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Macromedia 2013-07-21 16:06 - 2013-07-21 16:06 - 00002600 _____ C:\windows\System32\Tasks\GlaryInitialize 2013-07-21 16:06 - 2011-11-16 09:01 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 2013-07-21 15:53 - 2011-11-15 22:44 - 00000000 ____D C:\Users\Bert\AppData\Roaming\vlc 2013-07-21 15:46 - 2013-07-21 15:37 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2013-07-21 15:46 - 2013-07-21 15:37 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2013-07-21 15:46 - 2013-07-21 15:37 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys 2013-07-21 15:46 - 2013-06-28 00:11 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum 2013-07-21 15:46 - 2013-06-27 01:54 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum 2013-07-21 15:46 - 2013-06-27 01:54 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum 2013-07-21 15:37 - 2013-07-21 15:37 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update 2013-07-21 15:37 - 2012-11-04 17:05 - 00000000 _____ C:\windows\SysWOW64\config.nt 2013-07-21 15:35 - 2012-11-04 17:03 - 00000000 ____D C:\ProgramData\AVAST Software 2013-07-21 15:35 - 2012-11-04 17:03 - 00000000 ____D C:\Program Files\AVAST Software 2013-07-21 15:12 - 2013-07-21 15:11 - 00000000 ____D C:\windows\System32\Tasks\COMODO 2013-07-21 15:11 - 2013-07-21 15:10 - 00000000 ___SD C:\ProgramData\Shared Space 2013-07-21 15:11 - 2013-07-21 15:02 - 00000000 ____D C:\Program Files (x86)\Junkware Removal Tool 2013-07-21 09:05 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache 2013-07-21 08:00 - 2013-07-20 00:30 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-07-21 08:00 - 2012-07-13 13:04 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Launchy 2013-07-21 08:00 - 2012-04-26 21:36 - 00000000 ____D C:\Users\Bert\AppData\Roaming\SUPERAntiSpyware.com 2013-07-21 08:00 - 2011-11-19 17:17 - 00000000 ____D C:\Users\Administrator 2013-07-21 08:00 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration 2013-07-21 06:00 - 2013-07-21 06:00 - 00000000 _____ C:\ProgramData\rebootpending.txt 2013-07-21 06:00 - 2013-07-21 02:19 - 00000000 ____D C:\ProgramData\Avira 2013-07-21 04:32 - 2013-07-21 03:52 - 00040534 _____ C:\windows\system32\Drivers\fvstore.dat 2013-07-21 04:32 - 2013-07-21 02:50 - 00389937 _____ C:\windows\system32\Drivers\sfi.dat 2013-07-21 03:52 - 2013-07-21 03:52 - 00000000 ___HD C:\VTRoot 2013-07-21 03:36 - 2013-07-16 05:40 - 00000000 ____D C:\Program Files\Unlocker 2013-07-21 03:22 - 2013-03-04 13:53 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-07-21 03:21 - 2013-07-21 02:30 - 00000000 ____D C:\Program Files (x86)\Comodo 2013-07-21 02:50 - 2013-07-21 02:48 - 00000000 ____D C:\ProgramData\Comodo 2013-07-21 02:48 - 2013-07-21 02:48 - 00000000 ____D C:\Program Files\COMODO 2013-07-21 02:35 - 2013-07-21 02:35 - 01700352 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdiplus.dll 2013-07-21 02:35 - 2013-07-21 02:35 - 01060864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc71.dll 2013-07-21 02:35 - 2013-07-21 02:35 - 00348160 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll 2013-07-21 02:28 - 2013-07-21 02:28 - 00000000 ____D C:\ProgramData\Comodo Downloader 2013-07-21 02:19 - 2011-11-16 07:51 - 00000000 ____D C:\Program Files (x86)\Avira 2013-07-21 02:00 - 2011-11-15 19:48 - 00000000 ____D C:\Users\Bert 2013-07-21 01:43 - 2013-07-21 01:43 - 00001130 _____ C:\DelFix.txt 2013-07-21 01:40 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-07-21 01:31 - 2013-07-21 00:46 - 00000000 ____D C:\windows\erdnt 2013-07-21 01:26 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini 2013-07-21 00:39 - 2012-11-16 10:35 - 00000444 _____ C:\windows\Tasks\Wise Registry Cleaner Schedule Task.job 2013-07-21 00:30 - 2011-11-15 20:01 - 00000000 ___RD C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-07-21 00:28 - 2012-09-05 14:32 - 00002772 _____ C:\windows\System32\Tasks\CCleanerSkipUAC 2013-07-21 00:27 - 2012-11-16 10:35 - 00003314 _____ C:\windows\System32\Tasks\Wise Registry Cleaner Schedule Task 2013-07-21 00:26 - 2013-07-10 00:00 - 00003214 _____ C:\windows\System32\Tasks\Driver Booster Update 2013-07-21 00:26 - 2013-06-25 21:52 - 00002966 _____ C:\windows\System32\Tasks\{BBF7C257-78DB-4727-AAD0-4AC4EE99BFC6} 2013-07-21 00:16 - 2011-11-26 22:40 - 00000000 ____D C:\ProgramData\Giraffic 2013-07-21 00:13 - 2011-11-26 22:40 - 00000000 ____D C:\Program Files (x86)\Giraffic 2013-07-21 00:05 - 2013-07-20 00:25 - 00000000 ____D C:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP 2013-07-20 19:10 - 2013-07-10 00:02 - 00000000 ____D C:\Program Files\Supercopier 2013-07-20 15:14 - 2013-06-04 11:39 - 00000000 ____D C:\Program Files (x86)\AdWareCleaner 2013-07-20 12:55 - 2011-07-29 06:05 - 00696870 _____ C:\windows\system32\perfh007.dat 2013-07-20 12:55 - 2011-07-29 06:05 - 00148134 _____ C:\windows\system32\perfc007.dat 2013-07-20 12:55 - 2009-07-14 07:13 - 01612484 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-20 12:54 - 2013-07-20 12:53 - 00000000 ____D C:\EEK 2013-07-20 11:19 - 2011-11-15 22:18 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware 2013-07-20 02:21 - 2013-02-08 12:37 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-07-20 02:21 - 2013-02-08 12:37 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-20 02:21 - 2013-02-08 12:37 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-07-20 02:01 - 2012-04-25 12:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-20 01:30 - 2013-07-20 01:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-20 01:29 - 2013-07-17 05:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak 2013-07-20 00:52 - 2012-11-04 17:59 - 00000000 ____D C:\Program Files (x86)\Trojan Remover 2013-07-20 00:50 - 2013-03-05 02:39 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster 2013-07-20 00:43 - 2013-07-20 00:43 - 00312232 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00188840 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2013-07-20 00:43 - 2013-07-20 00:43 - 00000000 ____D C:\Program Files\Java 2013-07-20 00:43 - 2012-06-25 19:32 - 01093032 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll 2013-07-20 00:43 - 2012-01-17 21:33 - 00972712 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll 2013-07-20 00:33 - 2013-07-20 00:33 - 00000000 _____ C:\autoexec.bat 2013-07-20 00:33 - 2011-11-16 18:57 - 00000000 ____D C:\Program Files (x86)\Opera 2013-07-19 22:20 - 2011-12-23 15:46 - 00000000 ____D C:\Users\Bert\Documents\FFOutput 2013-07-19 11:44 - 2013-07-18 21:38 - 00018944 _____ C:\Users\Bert\Desktop\Bundestagswahlprognose.xls 2013-07-18 15:03 - 2013-06-04 11:11 - 00025568 _____ (Zemana Ltd.) C:\windows\system32\Drivers\KeyCrypt64.sys 2013-07-18 04:43 - 2013-06-06 04:01 - 00000000 ____D C:\Users\Bert\MediathekView 2013-07-16 05:40 - 2013-07-16 05:40 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker 2013-07-16 05:34 - 2013-07-16 05:34 - 00000000 ____D C:\Users\Bert\Documents\Art 2013-07-16 05:27 - 2013-07-16 04:42 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Jitsi 2013-07-16 04:42 - 2013-07-16 04:42 - 00000000 ____D C:\Program Files (x86)\Jitsi 2013-07-16 04:14 - 2013-05-07 17:25 - 00000000 ____D C:\Users\Bert\Documents\Statistik 2013-07-16 04:02 - 2011-11-16 08:34 - 00131136 _____ C:\Users\Bert\AppData\Local\GDIPFONTCACHEV1.DAT 2013-07-16 04:02 - 2009-07-14 06:45 - 00481992 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-16 04:01 - 2012-11-04 18:05 - 00002382 _____ C:\windows\Sandboxie.ini 2013-07-16 03:57 - 2013-07-09 23:58 - 00000000 ____D C:\Users\Bert\AppData\Roaming\PasteCopy.NET 2013-07-16 03:53 - 2011-11-15 19:56 - 00000000 ____D C:\ProgramData\Skype 2013-07-16 03:32 - 2013-07-16 02:49 - 00000000 ____D C:\Program Files (x86)\KVIrc 2013-07-15 22:52 - 2013-07-15 22:52 - 00000000 ____D C:\Users\Bert\Desktop\Elfriede Jelinek - Neid 2013-07-15 19:25 - 2013-07-15 17:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-07-14 01:00 - 2013-07-04 00:16 - 00000000 ____D C:\Program Files (x86)\FEBE 2013-07-11 23:51 - 2013-07-11 23:48 - 00000000 ____D C:\Program Files (x86)\LibreOffice 3.6 2013-07-11 23:51 - 2011-07-29 05:57 - 00000000 ____D C:\windows\ShellNew 2013-07-11 03:01 - 2011-11-17 05:14 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-07-10 02:14 - 2012-04-07 05:56 - 00000000 ____D C:\windows\Minidump 2013-07-10 02:14 - 2011-02-11 21:57 - 00000000 ____D C:\windows\Panther 2013-07-10 02:03 - 2011-11-19 10:35 - 00000000 ____D C:\Program Files (x86)\Registry System Wizard 2013-07-10 01:51 - 2009-07-14 07:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT 2013-07-10 01:47 - 2011-07-29 05:57 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-10 01:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-10 01:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-10 01:44 - 2013-07-10 01:44 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-10 01:43 - 2013-07-10 01:43 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-07-10 01:43 - 2013-07-10 01:43 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-10 01:43 - 2013-07-10 01:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-07-10 01:41 - 2013-07-10 01:41 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-10 01:41 - 2013-07-10 01:41 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2013-07-10 01:31 - 2013-07-10 01:31 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-10 01:31 - 2013-07-10 01:31 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-07-10 01:31 - 2013-07-10 01:31 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2013-07-10 01:31 - 2013-07-10 01:31 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll 2013-07-10 01:28 - 2013-07-10 01:28 - 00000000 ____D C:\Program Files (x86)\BootkitRemoval 2013-07-10 01:19 - 2012-09-05 14:56 - 01590378 _____ C:\windows\SysWOW64\PerfStringBackup.INI 2013-07-10 01:09 - 2013-07-10 01:09 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll 2013-07-10 01:09 - 2013-07-10 01:09 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01505280 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2013-07-10 01:07 - 2013-07-10 01:07 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2013-07-10 01:07 - 2013-07-10 01:07 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys 2013-07-10 01:07 - 2013-07-10 01:07 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll 2013-07-10 00:55 - 2013-07-10 00:55 - 00001262 _____ C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk 2013-07-10 00:54 - 2011-12-04 12:01 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Apple Computer 2013-07-10 00:42 - 2013-07-10 00:05 - 00000000 ____D C:\Program Files\Office Tab 2013-07-10 00:16 - 2013-07-10 00:14 - 00000000 ____D C:\Program Files (x86)\Clover 2013-07-10 00:14 - 2013-07-10 00:14 - 00000000 ____D C:\Users\Bert\AppData\Local\Clover 2013-07-10 00:12 - 2013-07-10 00:09 - 00000000 ____D C:\Program Files\DIFX 2013-07-10 00:11 - 2013-07-10 00:11 - 00000000 ____D C:\Program Files (x86)\SpeedyFox 2013-07-10 00:07 - 2012-09-03 04:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-07-10 00:06 - 2013-07-10 00:06 - 00000000 ____D C:\Program Files (x86)\MSECache 2013-07-10 00:05 - 2013-03-05 02:39 - 00000000 ____D C:\ProgramData\Licenses 2013-07-10 00:03 - 2013-07-10 00:03 - 00000000 ____D C:\Users\Bert\ultracopier 2013-07-10 00:00 - 2011-11-19 10:24 - 00000000 ____D C:\Program Files (x86)\IObit 2013-07-10 00:00 - 2011-11-16 09:03 - 00000000 ____D C:\Users\Bert\AppData\Roaming\IObit 2013-07-09 16:06 - 2013-01-29 00:53 - 00000000 ____D C:\Users\Bert\Desktop\Institut für soziale Berufe 2013-07-08 23:50 - 2013-07-08 23:50 - 00000000 ____D C:\Users\Bert\AppData\Roaming\aignes 2013-07-08 23:50 - 2013-07-08 23:50 - 00000000 ____D C:\Program Files (x86)\AM-DeadLink 2013-07-08 22:59 - 2013-06-18 16:16 - 00708632 _____ (COMODO) C:\windows\system32\Drivers\cmdguard.sys 2013-07-04 14:44 - 2013-07-04 14:44 - 00000000 _____ C:\windows\SysWOW64\FAPED09.tmp 2013-07-04 14:41 - 2013-07-04 14:41 - 00000000 _____ C:\windows\SysWOW64\FAP6BE6.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAPFFE9.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAP54F8.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAP3D90.tmp 2013-07-04 14:39 - 2013-07-04 14:39 - 00000000 _____ C:\windows\SysWOW64\FAP713B.tmp 2013-07-04 14:38 - 2013-07-04 14:38 - 00000000 _____ C:\windows\SysWOW64\FAPD69F.tmp 2013-07-04 14:36 - 2013-07-04 14:36 - 00000000 _____ C:\windows\SysWOW64\FAP2D.tmp 2013-07-04 14:35 - 2013-07-04 14:35 - 00000000 _____ C:\windows\SysWOW64\FAP76FF.tmp 2013-07-04 13:03 - 2013-07-04 13:03 - 00000000 _____ C:\windows\SysWOW64\FAPE22C.tmp 2013-07-04 13:02 - 2013-07-04 13:02 - 00000000 _____ C:\windows\SysWOW64\FAP5739.tmp 2013-07-04 13:00 - 2013-07-04 13:00 - 00000000 _____ C:\windows\SysWOW64\FAP5B7B.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPFE8B.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPF8A0.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPF840.tmp 2013-07-04 12:57 - 2013-07-04 12:57 - 00000000 _____ C:\windows\SysWOW64\FAP7402.tmp 2013-07-04 12:50 - 2013-07-04 12:50 - 00000000 _____ C:\windows\SysWOW64\FAPDA60.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPEACA.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPD381.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPBBF9.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP906.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP740E.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP5D8F.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP2001.tmp 2013-07-04 12:48 - 2013-07-04 12:48 - 00000000 _____ C:\windows\SysWOW64\FAP8C31.tmp 2013-07-04 12:48 - 2013-07-04 12:48 - 00000000 _____ C:\windows\SysWOW64\FAP78ED.tmp 2013-07-04 12:42 - 2013-07-04 12:42 - 00000000 _____ C:\windows\SysWOW64\FAP8450.tmp 2013-07-04 12:33 - 2013-07-04 12:33 - 00000000 _____ C:\windows\SysWOW64\FAP1334.tmp 2013-07-04 12:17 - 2013-07-04 12:17 - 00000000 _____ C:\windows\SysWOW64\FAP815F.tmp 2013-07-04 12:11 - 2012-12-04 23:54 - 00000000 ____D C:\Program Files (x86)\URLSnooper2 2013-07-04 11:14 - 2012-12-18 17:00 - 00084027 _____ C:\Users\Bert\Desktop\Mjusiq.xspf 2013-07-04 11:10 - 2011-11-18 16:13 - 00000000 ____D C:\Program Files (x86)\Java 2013-07-04 04:09 - 2013-07-04 04:09 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-07-04 04:09 - 2012-07-13 01:33 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll 2013-07-04 04:09 - 2011-11-18 16:14 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll 2013-07-04 03:43 - 2012-10-11 11:23 - 00007607 _____ C:\Users\Bert\AppData\Local\Resmon.ResmonCfg 2013-07-04 01:24 - 2013-07-04 01:24 - 00000000 ____D C:\Users\Bert\.macromedia 2013-07-03 23:04 - 2012-09-04 05:42 - 00000000 ____D C:\Program Files\Puran Defrag 2013-07-03 17:05 - 2011-11-15 22:30 - 00000000 ____D C:\Program Files\CCleaner 2013-07-03 16:44 - 2013-07-03 16:39 - 00000600 _____ C:\Users\Bert\PUTTY.RND 2013-07-03 14:59 - 2013-07-03 14:59 - 00000000 _____ C:\Users\Bert\mm_backup.cfg 2013-07-02 17:21 - 2013-07-02 17:21 - 00000000 ____D C:\Program Files (x86)\Tor 2013-07-02 17:18 - 2013-07-02 17:17 - 00000000 ____D C:\Users\Bert\Documents\Calibre Library 2013-07-02 17:18 - 2013-07-02 17:13 - 00000000 ____D C:\Users\Bert\AppData\Roaming\calibre 2013-07-02 17:13 - 2013-07-02 17:13 - 00000000 ____D C:\Users\Bert\Documents\Calibre Bibliothek 2013-07-02 17:12 - 2013-07-02 17:12 - 00000000 ____D C:\Program Files (x86)\Calibre2 2013-07-02 03:32 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions 2013-07-02 03:06 - 2013-07-02 03:06 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2013-07-02 03:06 - 2013-07-02 03:06 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2013-07-02 03:06 - 2013-07-02 03:06 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat 2013-07-02 03:06 - 2013-07-02 03:06 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat 2013-07-02 03:06 - 2013-07-02 03:06 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00599552 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2013-07-02 03:06 - 2013-07-02 03:06 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2013-07-02 03:06 - 2013-07-02 03:06 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00270848 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00242200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx 2013-07-02 03:06 - 2013-07-02 03:06 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx 2013-07-02 03:06 - 2013-07-02 03:06 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe 2013-06-26 20:29 - 2012-10-02 11:09 - 00000000 ____D C:\Users\Bert\Desktop\2nd 2013-06-22 15:51 - 2012-09-05 14:46 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Skype 2013-06-22 09:47 - 2011-11-19 16:49 - 00000000 ____D C:\ProgramData\DivX 2013-06-22 09:46 - 2012-03-16 15:43 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Audacity 2013-06-22 09:46 - 2011-11-19 16:49 - 00000000 ____D C:\Program Files (x86)\DivX 2013-06-22 09:34 - 2013-05-31 15:54 - 02756800 _____ (Sysinternals - www.sysinternals.com) C:\Program Files (x86)\ProcessExplorer.exe 2013-06-22 09:16 - 2012-09-05 14:37 - 00000000 ____D C:\Program Files (x86)\IcoFX 2 2013-06-22 09:14 - 2011-11-16 08:33 - 00000000 ____D C:\Program Files\Recuva ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-21 08:57 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2013 Ran by Bert at 2013-07-22 01:19:02 Running from C:\Users\Bert\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.22 (x64 edition) (Version: 9.22.00.0) Broadcom 802.11 Network Adapter (Version: 5.60.48.55) Canon MG5100 series MP Drivers CCleaner (Version: 4.03) COMODO Firewall (Version: 6.2.20728.2847) dows-Treiberpaket - Qualcomm Atheros Communications Inc. Net (12/20/2012 10.0.0.222) (Version: 12/20/2012 10.0.0.222) Eraser 6.0.10.2620 (Version: 6.0.2620) ETDWare PS/2-X64 8.0.7.2_WHQL (Version: 8.0.7.2) Finanzausgleich zum Selberrechnen (Version: 1.0.2) GIMP 2.8.2 (Version: 2.8.2) Intel(R) PROSet/Wireless WiFi Software (Version: 14.01.1000) Java 7 Update 25 (64-bit) (Version: 7.0.250) Jitsi (Version: 2.2.4603.9615) K-Lite Codec Pack 9.2.0 (64-bit) (Version: 9.2.0) Media Preview (Version: 1.2.5.264) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) O&O Defrag Free Edition (Version: 14.1.431) Paint.NET v3.5.10 (Version: 3.60.0) PDF Split And Merge Basic (Version: 2.2.2) PDF-XChange Viewer (Version: 2.5.199.0) PhotoFiltre 7 (HKCU) Puran Defrag 7.5 Recuva (Version: 1.47) Sandboxie 4.02 (64-bit) (Version: 4.02) SUPERAntiSpyware (Version: 5.0.1146) Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.0.82.0) Unlocker 1.9.1-x64 (Version: 1.9.1) VLC media player 2.0.7 (Version: 2.0.7) Windows-Treiberpaket - Qualcomm Atheros Communications Inc. (athr) Net (12/20/2012 10.0.0.222) (Version: 12/20/2012 10.0.0.222) Windows-Treiberpaket - Realtek (RTL8167) Net (12/26/2012 7.067.1226.2012) (Version: 12/26/2012 7.067.1226.2012) Windows-Treiberpaket - Realtek Net (12/26/2012 7.067.1226.2012) (Version: 12/26/2012 7.067.1226.2012) ==================== Restore Points ========================= 21-07-2013 04:01:09 Removed avast! Ad Blocker 21-07-2013 13:10:42 Gerätetreiber-Paketinstallation: COMODO Netzwerkdienst 21-07-2013 13:35:02 avast! Free Antivirus Setup ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-07-21 01:26 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {052FF8F9-17E5-46CE-92E9-2459D443BE1D} - System32\Tasks\WifiManager => %programfiles(x86)%\Samsung\Easy Display Manager\WifiManager.exe No File Task: {07BA8459-7B7A-4378-BA93-87DAF8F39996} - System32\Tasks\SamsungSupportCenter => %programfiles(x86)%\Samsung\Samsung Support Center\SSCKbdHk.exe No File Task: {121D8FED-57CE-49BA-A249-6F4B0FB52E2B} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe No File Task: {1D3851B4-445B-4305-8350-7780C810AE89} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.) Task: {20EE00D5-6A47-499F-8646-0EEECB513933} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software) Task: {25A491E4-7FC0-4845-AC74-E0A1A8854E03} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe No File Task: {337D99E1-D7F6-4856-BA54-99CB591D12B1} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {362D8E5A-6F06-4B37-A8BC-362361B37052} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.) Task: {3D505DDD-A399-485D-BE86-3973F4B7B2B4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-592597040-2687735098-3077039613-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File Task: {485C9238-50AE-4DBB-BB0C-BCD991F50DBD} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-20] (Adobe Systems Incorporated) Task: {4BE9723B-5BFB-4B57-B199-62385B836FE7} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-13] () Task: {4D6F3CD8-7EAE-4856-81B9-362478929477} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe No File Task: {6BF1D49E-DF5C-49A8-BE77-3C4981C32DCA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe No File Task: {710D33EB-91F9-486B-B7BD-3F854CA02D54} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink) Task: {718EE6EA-2C09-422C-A0BD-BAEC3B6261FB} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {735D7ABD-97FE-4846-9937-AB4E79035493} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cis.exe [2013-07-08] (COMODO) Task: {7A2B3EFC-3362-4935-B339-884F665B6953} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files (x86)\Wise Registry Cleaner\WiseRegCleaner.exe [2012-11-08] (WiseCleaner.com) Task: {7D5CB5A2-919E-4192-A53A-AB0928AB102F} - System32\Tasks\{BBF7C257-78DB-4727-AAD0-4AC4EE99BFC6} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013-07-20] (Mozilla Corporation) Task: {91586A9A-F31D-46B0-AD12-B2EA51F12FB5} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {92801305-2B16-4643-A691-588E7158BDD4} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd) Task: {9424B58E-CC51-430F-B47D-AF5ADA340E8B} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-23] (Samsung Electronics Co., Ltd.) Task: {9809E7C2-3D95-425E-806A-CCC7DA20450E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {A2EC6E16-DD7C-42E6-A5BB-55CE62962A8B} - System32\Tasks\EasyBatteryManager => %ProgramFiles(x86)%\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe No File Task: {B971BF12-5F0B-4B04-A0DD-92042CAE76EC} - System32\Tasks\EasySpeedUpManager => %programfiles(x86)%\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe No File Task: {BA03484F-45BA-4578-A970-55D9BD72E503} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cfpconfg.exe [2013-07-08] (COMODO) Task: {C2390F26-B14C-45EF-AE0D-BDB414531F1B} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-02-14] (SEC) Task: {C50A22D2-F54D-482A-9577-DF42FF3B6FC8} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.) Task: {C7F32861-B0A4-450B-A160-0EFCB9969A8E} - System32\Tasks\SUPBackground => %ProgramFiles(x86)%\Samsung\Samsung Update Plus\SUPBackground.exe No File Task: {CDE2BB82-6299-4A58-A22E-3745FD40D6D0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe No File Task: {CE138B3D-A62C-41D2-AD85-F767AB0971FD} - System32\Tasks\CCleanerSkipUAC => C:\PROGRAM FILES\CCLEANER\CCLEANER.EXE [2013-06-19] (Piriform Ltd) Task: {DC7F9992-F690-448D-976A-21B1347CC9FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {EA4ED269-2A24-41F4-9428-38506827D19F} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-06-08] (IObit) Task: {FFBED0E0-3C47-49A8-8D34-064CA7B1A8D9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-592597040-2687735098-3077039613-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe Task: C:\windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files (x86)\Wise Registry Cleaner\WiseRegCleaner.exe ==================== Faulty Device Manager Devices ============= Name: AntiLog32 Description: AntiLog32 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AntiLog32 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/21/2013 11:52:56 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 10:04:00 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 10:02:27 PM) (Source: ESENT) (User: ) Description: taskhost (2808) Versuch, Datei "C:\Users\Bert\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error: (07/21/2013 07:16:18 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: thunderbird.exe, Version: 23.0.0.4931, Zeitstempel: 0x51d32d51 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004ffac ID des fehlerhaften Prozesses: 0xd7c Startzeit der fehlerhaften Anwendung: 0xthunderbird.exe0 Pfad der fehlerhaften Anwendung: thunderbird.exe1 Pfad des fehlerhaften Moduls: thunderbird.exe2 Berichtskennung: thunderbird.exe3 Error: (07/21/2013 05:48:20 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: IconEx_Setup.exe, Version: 2005.5.25.2125, Zeitstempel: 0x425cea64 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc000041d Fehleroffset: 0x777a1221 ID des fehlerhaften Prozesses: 0x10f4 Startzeit der fehlerhaften Anwendung: 0xIconEx_Setup.exe0 Pfad der fehlerhaften Anwendung: IconEx_Setup.exe1 Pfad des fehlerhaften Moduls: IconEx_Setup.exe2 Berichtskennung: IconEx_Setup.exe3 Error: (07/21/2013 05:24:45 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 05:20:51 PM) (Source: .NET Runtime) (User: ) Description: .NET Runtime version 2.0.50727.5472 - Fatal Execution Engine Error (000007FEF07E5756) (80131506) Error: (07/21/2013 03:57:14 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 03:32:07 PM) (Source: System Restore) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101). Error: (07/21/2013 03:17:08 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/21/2013 11:51:03 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/21/2013 11:51:03 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error: (07/21/2013 11:50:29 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/21/2013 11:50:29 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/21/2013 11:50:29 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Firefox Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (07/21/2013 10:22:04 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (07/21/2013 10:22:04 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (07/21/2013 10:22:05 PM) (Source: DCOM) (User: ) Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56} Error: (07/21/2013 10:03:18 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/21/2013 10:03:18 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (07/21/2013 11:52:56 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 10:04:00 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 10:02:27 PM) (Source: ESENT)(User: ) Description: taskhost2808C:\Users\Bert\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error: (07/21/2013 07:16:18 PM) (Source: Application Error)(User: ) Description: thunderbird.exe23.0.0.493151d32d51ntdll.dll6.1.7601.177254ec49b8fc00000050004ffacd7c01ce86339bdd9ebaC:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exeC:\windows\SysWOW64\ntdll.dll41091119-f229-11e2-900b-e81132c8ae88 Error: (07/21/2013 05:48:20 PM) (Source: Application Error)(User: ) Description: IconEx_Setup.exe2005.5.25.2125425cea64unknown0.0.0.000000000c000041d777a122110f401ce8629b79798b3C:\Program Files (x86)\IconExtractor\IconEx_Setup.exeunknownf6fd5b62-f21c-11e2-900b-e81132c8ae88 Error: (07/21/2013 05:24:45 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 05:20:51 PM) (Source: .NET Runtime)(User: ) Description: .NET Runtime version 2.0.50727.5472 - Fatal Execution Engine Error (000007FEF07E5756) (80131506) Error: (07/21/2013 03:57:14 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/21/2013 03:32:07 PM) (Source: System Restore)(User: ) Description: C:\WINDOWS\SYSTEM32\SVCHOST.EXE -k netsvcsWindows Update0x81000101 Error: (07/21/2013 03:17:08 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-07-21 01:22:44.929 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-21 01:22:44.773 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-04 13:08:29.246 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EE2E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-04 13:08:29.202 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EE2E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-04 13:07:26.610 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EE2E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-04 13:07:26.564 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EE2E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-04 12:05:50.520 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EE2E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-04 12:05:50.475 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EE2E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-04 11:59:53.693 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\2005.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-04 11:59:53.667 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\2005.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 70% Total physical RAM: 4009.55 MB Available physical RAM: 1202.04 MB Total Pagefile: 8017.28 MB Available Pagefile: 4451.89 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:71 GB) (Free:16.08 GB) NTFS (Disk=0 Partition=2) Drive d: () (Fixed) (Total:203.63 GB) (Free:1.5 GB) NTFS (Disk=0 Partition=4) Drive e: (CD099A1) (CDROM) (Total:0.15 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 010722F6) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=71 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=204 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=23 GB) - (Type=27) ==================== End Of Log ============================ |
22.07.2013, 09:14 | #4 |
/// the machine /// TB-Ausbilder | Nervige Werbung: 'Ads not by this site'-Problem Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.07.2013, 17:43 | #5 |
| Nervige Werbung: 'Ads not by this site'-Problem Hallo schrauber, habe jetzt mehrere AdwCleaner-Durchläufe gemacht. Vorher: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 22/07/2013 um 16:30:07 erstellt # Aktualisiert am 19/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Bert - BERT-007 # Bootmodus : Normal # Ausgeführt unter : C:\Users\Bert\Downloads\adwcleaner06.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Schlüssel Gefunden : HKCU\Software\Search Settings Schlüssel Gefunden : HKLM\Software\Search Settings ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v23.0 (de) Datei : C:\Users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\prefs.js Gefunden : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...] Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rae3d5ms.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. -\\ Opera v12.16.1860.0 Datei : C:\Users\Bert\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* ########## EOF - C:\AdwCleaner[R1].txt - [0 octets] ########## AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 22/07/2013 um 16:30:07 erstellt # Aktualisiert am 19/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Bert - BERT-007 # Bootmodus : Normal # Ausgeführt unter : C:\Users\Bert\Downloads\adwcleaner06.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com Schlüssel Gefunden : HKCU\Software\Search Settings Schlüssel Gefunden : HKLM\Software\Search Settings ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v23.0 (de) Datei : C:\Users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\prefs.js Gefunden : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...] Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rae3d5ms.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. -\\ Opera v12.16.1860.0 Datei : C:\Users\Bert\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* ########## EOF - C:\AdwCleaner[R1].txt - [0 octets] ########## Nachher: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 22/07/2013 um 17:15:58 erstellt # Aktualisiert am 19/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Bert - BERT-007 # Bootmodus : Normal # Ausgeführt unter : C:\Users\Bert\Desktop\adwcleaner06.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v23.0 (de) Datei : C:\Users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\prefs.js [OK] Die Datei ist sauber. Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rae3d5ms.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. -\\ Opera v12.16.1860.0 Datei : C:\Users\Bert\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [3838 octets] - [22/07/2013 16:30:07] AdwCleaner[R2].txt - [1539 octets] - [22/07/2013 16:46:26] AdwCleaner[R3].txt - [1719 octets] - [22/07/2013 17:14:17] AdwCleaner[S1].txt - [3842 octets] - [22/07/2013 16:31:08] AdwCleaner[S2].txt - [1601 octets] - [22/07/2013 16:47:52] AdwCleaner[S3].txt - [1661 octets] - [22/07/2013 16:56:51] AdwCleaner[S4].txt - [1652 octets] - [22/07/2013 17:15:58] ########## EOF - C:\AdwCleaner[S4].txt - [1712 octets] ########## Dieser 'grusskartencenter.com-Mist' lässt sich damit nicht vollständig killen. Beim JRT habe ich jetzt das Problem, was ich vor Kurzem noch nicht hatte, nämlich, dass ich das Programm nicht ans Laufen kriege. Meldung: Error during Execution: [Bla, bla, bla ...] Zugriff verweigert Es ist wie verhext! Das JRT hab ich jetzt auch zweimal im abgesicherten Modus durchlaufen lassen und den AdwCleaner noch mal hinterher. Ergebnis: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.2.0 (07.21.2013:1) OS: Windows 7 Home Premium x64 Ran by Bert on 22.07.2013 at 18:19:06,13 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 22.07.2013 at 18:21:06,41 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v2.306 - Datei am 22/07/2013 um 18:24:35 erstellt # Aktualisiert am 19/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Bert - BERT-007 # Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung # Ausgeführt unter : C:\Users\Bert\Desktop\adwcleaner06.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v23.0 (de) Datei : C:\Users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\prefs.js [OK] Die Datei ist sauber. Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rae3d5ms.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. -\\ Opera v12.16.1860.0 Datei : C:\Users\Bert\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [3838 octets] - [22/07/2013 16:30:07] AdwCleaner[R2].txt - [1539 octets] - [22/07/2013 16:46:26] AdwCleaner[R3].txt - [1719 octets] - [22/07/2013 17:14:17] AdwCleaner[R4].txt - [1839 octets] - [22/07/2013 17:25:02] AdwCleaner[R5].txt - [1938 octets] - [22/07/2013 18:01:47] AdwCleaner[R6].txt - [2113 octets] - [22/07/2013 18:23:48] AdwCleaner[S1].txt - [3842 octets] - [22/07/2013 16:31:08] AdwCleaner[S2].txt - [1601 octets] - [22/07/2013 16:47:52] AdwCleaner[S3].txt - [1661 octets] - [22/07/2013 16:56:51] AdwCleaner[S4].txt - [1781 octets] - [22/07/2013 17:15:58] AdwCleaner[S5].txt - [2000 octets] - [22/07/2013 18:02:19] AdwCleaner[S6].txt - [1935 octets] - [22/07/2013 18:07:07] AdwCleaner[S7].txt - [1995 octets] - [22/07/2013 18:14:44] AdwCleaner[S8].txt - [2055 octets] - [22/07/2013 18:21:37] AdwCleaner[S9].txt - [2046 octets] - [22/07/2013 18:24:35] ########## EOF - C:\AdwCleaner[S9].txt - [2106 octets] ########## Geändert von UltimateBert (22.07.2013 um 16:45 Uhr) |
22.07.2013, 17:50 | #6 |
/// the machine /// TB-Ausbilder | Nervige Werbung: 'Ads not by this site'-Problem Frisches FRST log bitte
__________________ --> Nervige Werbung: 'Ads not by this site'-Problem |
22.07.2013, 18:16 | #7 |
| Nervige Werbung: 'Ads not by this site'-Problem Okay, hier die Scan-Ergebnisse: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013 Ran by Bert (administrator) on 22-07-2013 19:09:27 Running from F:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Emsisoft GmbH) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\A2SERVICE.EXE (COMODO) C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CMDAGENT.EXE (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (AVAST Software) C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE (IObit) C:\PROGRAM FILES (X86)\IOBIT\IOBIT MALWARE FIGHTER\IMFSRV.EXE (Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE (Crawler.com) C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE (COMODO) C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CISTRAY.EXE (SUPERAntiSpyware.com) C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (MAXA Research Int'l Inc.) C:\PROGRAM FILES (X86)\MAXA COOKIE MANAGER\COOKIE.EXE () C:\PROGRAM FILES\RAINLENDAR\RAINLENDAR2.EXE (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Safer-Networking Ltd.) C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\SDFSSVC.EXE (PC Tools) C:\PROGRAM FILES (X86)\THREATFIRE\TFTRAY.EXE (Safer-Networking Ltd.) C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\SDTRAY.EXE (Zemana Ltd.) C:\PROGRAM FILES (X86)\ZEMANA ANTILOGGER\ANTILOGGER FREE.EXE (AVAST Software) C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTUI.EXE (IObit) C:\PROGRAM FILES (X86)\IOBIT\IOBIT MALWARE FIGHTER\IMF.EXE (CyberLink) C:\PROGRAM FILES (X86)\CYBERLINK\YOUCAM\YCMMIRAGE.EXE (Samsung Electronics Co., Ltd.) C:\PROGRAM FILES (X86)\SAMSUNG\EASY DISPLAY MANAGER\DMHKCORE.EXE (Samsung Electronics Co., Ltd.) C:\PROGRAM FILES (X86)\SAMSUNG\EASY DISPLAY MANAGER\WIFIMANAGER.EXE (Crawler.com) C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (PC Tools) C:\PROGRAM FILES (X86)\THREATFIRE\TFSERVICE.EXE (TuneUp Software) C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUNEUPUTILITIESSERVICE64.EXE (Safer-Networking Ltd.) C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\SDUPDSVC.EXE (TuneUp Software) C:\PROGRAM FILES (X86)\TUNEUP UTILITIES 2012\TUNEUPUTILITIESAPP64.EXE (Safer-Networking Ltd.) C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY 2\SDWSCSVC.EXE (COMODO) C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CAVWP.EXE (COMODO) C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\CIS.EXE (Samsung Electronics Co., Ltd.) C:\PROGRAM FILES\SAMSUNG\SAMSUNGFASTSTART\SMARTRESTARTER.EXE (CyberLink) C:\PROGRAM FILES (X86)\CYBERLINK\POWER2GO\CLMLSVC.EXE (CyberLink Corp.) C:\PROGRAM FILES (X86)\CYBERLINK\MEDIA+PLAYER10\MEDIA+PLAYER10SERV.EXE (Intel Corporation) C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\LMS\LMS.EXE (Samsung Electronics Co., Ltd.) C:\PROGRAM FILES (X86)\SAMSUNG\EASYSPEEDUPMANAGER\EASYSPEEDUPMANAGER.EXE (Samsung Electronics Co., Ltd.) C:\PROGRAM FILES (X86)\SAMSUNG\MOVIE COLOR ENHANCER\MOVIECOLORENHANCER.EXE (SAMSUNG Electronics) C:\PROGRAM FILES (X86)\SAMSUNG\SAMSUNG SUPPORT CENTER\SSCKBDHK.EXE (Intel Corporation) C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\UNS\UNS.EXE (Samsung Electronics) C:\PROGRAM FILES (X86)\SAMSUNG\SAMSUNG UPDATE PLUS\SUPBACKGROUND.EXE (Mozilla Corporation) C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE (Adobe Systems, Inc.) C:\WINDOWS\SYSWOW64\MACROMED\FLASH\FLASHPLAYERPLUGIN_11_8_800_94.EXE (Adobe Systems, Inc.) C:\WINDOWS\SYSWOW64\MACROMED\FLASH\FLASHPLAYERPLUGIN_11_8_800_94.EXE (EJIE Technology) C:\PROGRAM FILES (X86)\CLOVER\CLOVER.EXE (The Eraser Project) C:\PROGRA~1\ERASER\ERASER.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Eraser] - C:\PROGRA~1\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project) HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.) HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Defrag\oodtray.exe [3942216 2011-01-25] (O&O Software GmbH) HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777296 2012-09-07] (Crawler.com) HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488 2013-04-03] (Crawler.com) HKLM\...\Run: [COMODO Internet Security] - C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cistray.exe [1502424 2013-07-08] (COMODO) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor) HKCU\...\Run: [MSCS] - C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe [978944 2011-12-11] (MAXA Research Int'l Inc.) HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar\Rainlendar2.exe [2555392 2012-10-25] () HKCU\...\Run: [SandboxieControl] - C:\PROGRAM FILES\SANDBOXIE\SbieCtrl.exe [759384 2013-06-17] (Sandboxie Holdings, LLC) HKLM-x32\...\Run: [ThreatFire] - C:\Program Files (x86)\ThreatFire\TFTray.exe [378128 2010-01-15] (PC Tools) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM-x32\...\Run: [SDTray] - "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.) HKLM-x32\...\Run: [IObit Malware Fighter] - "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart [1504576 2013-05-30] (IObit) HKLM-x32\...\Run: [ZALFree] - "C:\Program Files (x86)\Zemana AntiLogger\AntiLogger Free.exe" /MINIMIZED [12999984 2013-07-18] (Zemana Ltd.) HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKU\Administrator\...\Run: [Advanced SystemCare 5] - "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [619352 2011-12-30] (IObit) HKU\Administrator\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [x] HKU\Administrator\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar\Rainlendar2.exe [2555392 2012-10-25] () HKU\Administrator\...\Run: [VeohPlugin] - "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2816328 2011-10-26] (Veoh Networks) HKU\Administrator\...\Run: [MSCS] - C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe /autorun [978944 2011-12-11] (MAXA Research Int'l Inc.) HKU\Administrator\...\Run: [SandboxieControl] - "C:\PROGRAM FILES\SANDBOXIE\SbieCtrl.exe" [759384 2013-06-17] (Sandboxie Holdings, LLC) AppInit_DLLs: C:\PROGRA~2\KeyCryptSDK\KEYCRY~4.DLL [89936 2013-07-18] (Zemana Ltd.) AppInit_DLLs-x32: C:\PROGRA~2\KeyCryptSDK\KEYCRY~3.DLL [82696 2013-07-18] (Zemana Ltd.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk ShortcutTarget: AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe () BootExecute: fSDKBtDfSDKBtsdnclean64.exe ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: localhost:21320 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com?type=198484&fr=spigot-yhp-ie StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {62403BF9-B85D-4453-ACF4-965285CA2C99} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\Advanced SystemCare\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - No Name - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} DPF: HKLM-x32 {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} Handler: ipp - No CLSID Value - Handler: msdaipp - No CLSID Value - Handler-x32: ipp - No CLSID Value - Handler-x32: msdaipp - No CLSID Value - Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @IObit.com/np_Asc_Plugin - C:\Program Files (x86)\IObit\Advanced SystemCare\BrowerProtect\np_Asc_plugin.dll (IObit) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\glarysearch.xml FF Extension: No Name - C:\Users\Bert\AppData\Roaming\Mozilla\Extensions\plugins FF Extension: No Name - C:\Users\Bert\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: adblocker - C:\Program Files (x86)\Mozilla Firefox\extensions\adblocker@avast.com.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKCU\...\Firefox\Extensions: [maxacookie@maxatools.com] C:\Program Files (x86)\MAXA Cookie Manager\extension FF Extension: MAXA Cookie Manager - C:\Program Files (x86)\MAXA Cookie Manager\extension FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://de.search.yahoo.com?type=800236&fr=spigot-yhp-ch" CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare\BrowerProtect\ASC_GhromePluginFor6.crx CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\PROGRAM FILES\SUPERANTISPYWARE\SASCORE64.EXE [140672 2012-09-08] (SUPERAntiSpyware.com) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2938408 2013-07-20] (Emsisoft GmbH) S4 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [574272 2013-04-18] (IObit) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6199520 2013-07-08] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [158936 2013-06-18] (COMODO) S4 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic) R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit) S4 OODefragAgent; C:\Program Files\OO Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH) S4 PuranDefrag; C:\WINDOWS\SYSTEM32\PURANDEFRAGS.EXE [292736 2012-08-13] (Puran Software) S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [180824 2013-06-17] (Sandboxie Holdings, LLC) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) R2 ST2012_Svc; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [1148632 2011-09-28] (Crawler.com) R2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe [70928 2010-01-15] (PC Tools) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software) S2 Firefox Service; S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [x] S2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [x] ==================== Drivers (Whitelisted) ==================== S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-07-20] (Emsisoft GmbH) S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-07-20] (Emsisoft GmbH) R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-07-11] (Emsisoft GmbH) R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-07-11] (Emsisoft GmbH) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-31] (AVAST Software) R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-21] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-21] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-21] () S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57032 2013-07-11] (Emsisoft GmbH) S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57032 2013-07-11] (Emsisoft GmbH) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-06-18] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [708632 2013-07-08] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2013-06-18] (COMODO) R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit) R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-06-18] (COMODO) R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25568 2013-07-18] (Zemana Ltd.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com) R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-09-20] (Windows (R) 2003 DDK 3790 provider) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-09-20] (Windows (R) 2003 DDK 3790 provider) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [198360 2013-06-17] (Sandboxie Holdings, LLC) R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-11-19] (Windows (R) Win 7 DDK provider) R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [65072 2010-01-15] (PC Tools) R3 TfNetMon; C:\windows\system32\drivers\TfNetMon.sys [41888 2010-01-15] (PC Tools) R3 TfNetMon; C:\windows\system32\drivers\TfNetMon.sys [41888 2010-01-15] (PC Tools) R0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [59880 2010-01-15] (PC Tools) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software) R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com) R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com) S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [x] S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-22 19:08 - 2013-07-22 19:08 - 00089090 _____ C:\Users\Bert\Desktop\FRST.txt 2013-07-22 18:28 - 2013-07-22 18:28 - 00002175 _____ C:\Users\Bert\Desktop\AdwCleaner[S9].txt 2013-07-22 18:24 - 2013-07-22 18:24 - 00002175 _____ C:\AdwCleaner[S9].txt 2013-07-22 18:24 - 2013-07-22 18:24 - 00002113 _____ C:\Users\Bert\Desktop\AdwCleaner[R6].txt 2013-07-22 18:23 - 2013-07-22 18:24 - 00002113 _____ C:\AdwCleaner[R6].txt 2013-07-22 18:21 - 2013-07-22 18:21 - 00002055 _____ C:\AdwCleaner[S8].txt 2013-07-22 18:21 - 2013-07-22 18:21 - 00000624 _____ C:\Users\Bert\Desktop\JRT.txt 2013-07-22 18:14 - 2013-07-22 18:14 - 00001995 _____ C:\AdwCleaner[S7].txt 2013-07-22 18:07 - 2013-07-22 18:07 - 00001935 _____ C:\AdwCleaner[S6].txt 2013-07-22 18:03 - 2013-07-22 18:25 - 00000224 _____ C:\windows\setupact.log 2013-07-22 18:03 - 2013-07-22 18:03 - 00000000 _____ C:\windows\setuperr.log 2013-07-22 18:02 - 2013-07-22 18:02 - 00002000 _____ C:\AdwCleaner[S5].txt 2013-07-22 18:01 - 2013-07-22 18:02 - 00001938 _____ C:\AdwCleaner[R5].txt 2013-07-22 17:25 - 2013-07-22 17:25 - 00001839 _____ C:\AdwCleaner[R4].txt 2013-07-22 17:21 - 2013-07-22 17:21 - 00003108 _____ C:\windows\System32\Tasks\{52A44EB5-8B6C-4DED-854C-7508DAB59319} 2013-07-22 17:15 - 2013-07-22 17:16 - 00001781 _____ C:\AdwCleaner[S4].txt 2013-07-22 17:15 - 2013-07-22 17:15 - 00560639 _____ (Oleg N. Scherbakov) C:\Users\Bert\Downloads\JRT.exe 2013-07-22 17:14 - 2013-07-22 17:14 - 00001719 _____ C:\AdwCleaner[R3].txt 2013-07-22 17:13 - 2013-07-22 17:13 - 00003106 _____ C:\windows\System32\Tasks\{AE3C16E4-0F4D-4972-8A98-CE970C563718} 2013-07-22 17:07 - 2013-07-22 17:07 - 00003200 _____ C:\windows\System32\Tasks\{B731165D-DFA0-477A-807B-6426A31A9672} 2013-07-22 17:05 - 2013-07-22 17:05 - 00003100 _____ C:\windows\System32\Tasks\{509B46B2-466E-4EE9-846C-9A3D86EEE8AD} 2013-07-22 16:56 - 2013-07-22 16:57 - 00001661 _____ C:\AdwCleaner[S3].txt 2013-07-22 16:47 - 2013-07-22 16:48 - 00001601 _____ C:\AdwCleaner[S2].txt 2013-07-22 16:46 - 2013-07-22 16:46 - 00001539 _____ C:\AdwCleaner[R2].txt 2013-07-22 16:31 - 2013-07-22 16:32 - 00003842 _____ C:\AdwCleaner[S1].txt 2013-07-22 16:30 - 2013-07-22 16:30 - 00003838 _____ C:\AdwCleaner[R1].txt 2013-07-22 14:30 - 2013-07-22 14:30 - 00024064 _____ C:\Users\Bert\Desktop\Mappe1.xls 2013-07-22 11:58 - 2013-07-22 11:59 - 00666633 _____ C:\Users\Bert\Desktop\adwcleaner06.exe 2013-07-22 04:04 - 2013-07-22 04:04 - 00000000 ____D C:\windows\system32\SRSLabs 2013-07-22 04:04 - 2013-07-22 04:04 - 00000000 ____D C:\Program Files\Realtek 2013-07-22 04:03 - 2013-03-29 21:42 - 03379272 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys 2013-07-22 04:03 - 2013-03-29 18:04 - 21170176 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoRes64.dat 2013-07-22 04:03 - 2013-03-29 17:52 - 00914992 _____ (Sony Corporation) C:\windows\system32\SFSS_APO.dll 2013-07-22 04:03 - 2013-03-29 17:10 - 00449481 _____ C:\windows\system32\Drivers\RTAIODAT.DAT 2013-07-22 04:03 - 2013-03-27 16:57 - 00135240 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInstII64.dll 2013-07-22 04:03 - 2013-03-26 17:06 - 02797128 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll 2013-07-22 04:03 - 2013-03-26 15:40 - 03693128 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkAPO64.dll 2013-07-22 04:03 - 2013-03-26 14:38 - 01659464 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl 2013-07-22 04:03 - 2013-03-25 17:32 - 03180264 _____ C:\windows\system32\Drivers\rtvienna.dat 2013-07-22 04:03 - 2013-03-20 13:16 - 02102040 _____ (Waves Audio Ltd.) C:\windows\system32\WavesGUILib64.dll 2013-07-22 04:03 - 2013-03-20 13:16 - 00910104 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPOShell64.dll 2013-07-22 04:03 - 2013-03-12 18:16 - 00613448 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtDataProc64.dll 2013-07-22 04:03 - 2013-02-28 13:10 - 14021912 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioRealtek64.dll 2013-07-22 04:03 - 2013-02-28 13:10 - 02032408 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioEQ64.dll 2013-07-22 04:03 - 2013-02-20 18:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll 2013-07-22 04:03 - 2013-02-19 18:52 - 00991816 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll 2013-07-22 04:03 - 2012-12-12 11:17 - 00395208 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO30.dll 2013-07-22 04:03 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\windows\system32\R4EEP64A.dll 2013-07-22 04:03 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\windows\system32\R4EED64A.dll 2013-07-22 04:03 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\windows\system32\R4EEL64A.dll 2013-07-22 04:03 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\windows\system32\R4EEA64A.dll 2013-07-22 04:03 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\windows\system32\R4EEG64A.dll 2013-07-22 04:03 - 2012-07-15 21:13 - 00394616 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxVolumeSDAPO.dll 2013-07-22 04:03 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtlCPAPI64.dll 2013-07-22 04:03 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCoLDR64.dll 2013-07-22 04:03 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\windows\system32\SFNHK64.dll 2013-07-22 04:03 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\windows\system32\SFCOM64.dll 2013-07-22 04:03 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\windows\system32\SFAPO64.dll 2013-07-22 04:03 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\windows\system32\KAAPORT64.dll 2013-07-22 04:03 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEP64A.dll 2013-07-22 04:03 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DHT64.dll 2013-07-22 04:03 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DAA64.dll 2013-07-22 04:03 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEED64A.dll 2013-07-22 04:03 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEL64A.dll 2013-07-22 04:03 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEG64A.dll 2013-07-22 04:03 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCfg64.dll 2013-07-22 04:03 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO20.dll 2013-07-22 04:03 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\windows\SysWOW64\SFCOM.dll 2013-07-22 04:03 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSX64.dll 2013-07-22 04:03 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSH64.dll 2013-07-22 04:03 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSHP64.dll 2013-07-22 04:03 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\windows\system32\SRSWOW64.dll 2013-07-22 04:02 - 2013-03-26 17:04 - 02734624 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll 2013-07-22 04:02 - 2012-06-20 17:26 - 00110592 _____ (Real Sound Lab SIA) C:\windows\system32\CONEQMSAPOGUILibrary.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\windows\system32\DTSS2SpeakerDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\windows\system32\DTSS2HeadphoneDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\windows\system32\DTSBoostDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\windows\system32\DTSBassEnhancementDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\windows\system32\DTSSymmetryDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\windows\system32\DTSVoiceClarityDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\windows\system32\DTSNeoPCDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\windows\system32\DTSLimiterDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\windows\system32\DTSGainCompensatorDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\windows\system32\DTSLFXAPO64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\windows\system32\DTSGFXAPO64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\windows\system32\DTSGFXAPONS64.dll 2013-07-22 04:01 - 2013-03-23 03:43 - 00208072 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAC64.dll 2013-07-22 04:01 - 2013-01-16 16:02 - 02079816 _____ (Realtek Semiconductor Corp.) C:\windows\RtlExUpd.dll 2013-07-22 04:01 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAR64.dll 2013-07-22 01:16 - 2013-07-22 01:16 - 00000000 ____D C:\FRST 2013-07-21 18:21 - 2013-07-21 18:22 - 00000000 ____D C:\Program Files\ExtMan (IconTweak) 2013-07-21 17:48 - 2013-07-21 17:48 - 00003186 _____ C:\windows\System32\Tasks\{9544E3BB-C36F-45F9-8CCB-F04A5417C807} 2013-07-21 17:34 - 2013-07-21 17:51 - 00000000 ____D C:\Users\Bert\AppData\Roaming\IcoFX2X 2013-07-21 16:56 - 2013-07-22 01:47 - 00000000 ____D C:\Users\Bert\Documents\Trojaner-Board 2013-07-21 16:06 - 2013-07-22 18:25 - 00000324 _____ C:\windows\Tasks\GlaryInitialize.job 2013-07-21 16:06 - 2013-07-21 16:06 - 00002600 _____ C:\windows\System32\Tasks\GlaryInitialize 2013-07-21 15:37 - 2013-07-21 15:46 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2013-07-21 15:37 - 2013-07-21 15:46 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2013-07-21 15:37 - 2013-07-21 15:46 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys 2013-07-21 15:37 - 2013-07-21 15:37 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update 2013-07-21 15:37 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2013-07-21 15:37 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2013-07-21 15:37 - 2013-05-09 10:59 - 00065336 _____ C:\windows\system32\Drivers\aswRvrt.sys 2013-07-21 15:37 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys 2013-07-21 15:37 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys 2013-07-21 15:36 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\windows\avastSS.scr 2013-07-21 15:11 - 2013-07-21 15:12 - 00000000 ____D C:\windows\System32\Tasks\COMODO 2013-07-21 15:10 - 2013-07-21 15:11 - 00000000 ___SD C:\ProgramData\Shared Space 2013-07-21 15:02 - 2013-07-22 18:30 - 00000000 ____D C:\Program Files (x86)\Junkware Removal Tool 2013-07-21 06:00 - 2013-07-21 06:00 - 00000000 _____ C:\ProgramData\rebootpending.txt 2013-07-21 05:56 - 2013-07-22 18:30 - 00105925 _____ C:\windows\WindowsUpdate.log 2013-07-21 03:52 - 2013-07-21 04:32 - 00040534 _____ C:\windows\system32\Drivers\fvstore.dat 2013-07-21 03:52 - 2013-07-21 03:52 - 00000000 ___HD C:\VTRoot 2013-07-21 03:21 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe 2013-07-21 02:50 - 2013-07-21 04:32 - 00389937 _____ C:\windows\system32\Drivers\sfi.dat 2013-07-21 02:48 - 2013-07-21 02:50 - 00000000 ____D C:\ProgramData\Comodo 2013-07-21 02:48 - 2013-07-21 02:48 - 00000000 ____D C:\Program Files\COMODO 2013-07-21 02:35 - 2013-07-21 02:35 - 01700352 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdiplus.dll 2013-07-21 02:35 - 2013-07-21 02:35 - 01060864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc71.dll 2013-07-21 02:35 - 2013-07-21 02:35 - 00348160 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll 2013-07-21 02:30 - 2013-07-21 03:21 - 00000000 ____D C:\Program Files (x86)\Comodo 2013-07-21 02:28 - 2013-07-21 02:28 - 00000000 ____D C:\ProgramData\Comodo Downloader 2013-07-21 02:21 - 2013-06-06 22:41 - 00489392 _____ (Ask Partner Network) C:\Users\Bert\Documents\APNSetup.exe 2013-07-21 02:19 - 2013-07-21 06:00 - 00000000 ____D C:\ProgramData\Avira 2013-07-21 01:43 - 2013-07-21 01:43 - 00001130 _____ C:\DelFix.txt 2013-07-21 00:46 - 2013-07-21 01:31 - 00000000 ____D C:\windows\erdnt 2013-07-20 12:53 - 2013-07-20 12:54 - 00000000 ____D C:\EEK 2013-07-20 11:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-07-20 01:24 - 2013-07-20 01:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-20 00:43 - 2013-07-20 00:43 - 00312232 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00188840 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2013-07-20 00:43 - 2013-07-20 00:43 - 00000000 ____D C:\Program Files\Java 2013-07-20 00:33 - 2013-07-20 00:33 - 00000000 _____ C:\autoexec.bat 2013-07-20 00:30 - 2013-07-21 08:00 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-07-20 00:25 - 2013-07-21 00:05 - 00000000 ____D C:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP 2013-07-18 21:38 - 2013-07-19 11:44 - 00018944 _____ C:\Users\Bert\Desktop\Bundestagswahlprognose.xls 2013-07-17 05:21 - 2013-07-20 01:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak 2013-07-16 05:40 - 2013-07-21 03:36 - 00000000 ____D C:\Program Files\Unlocker 2013-07-16 05:40 - 2013-07-16 05:40 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker 2013-07-16 05:34 - 2013-07-16 05:34 - 00000000 ____D C:\Users\Bert\Documents\Art 2013-07-16 04:42 - 2013-07-16 05:27 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Jitsi 2013-07-16 04:42 - 2013-07-16 04:42 - 00000000 ____D C:\Program Files (x86)\Jitsi 2013-07-16 02:49 - 2013-07-16 03:32 - 00000000 ____D C:\Program Files (x86)\KVIrc 2013-07-15 22:52 - 2013-07-22 17:15 - 00000000 ____D C:\Users\Bert\Desktop\Elfriede Jelinek - Neid 2013-07-15 17:47 - 2013-07-22 16:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-07-11 23:48 - 2013-07-11 23:51 - 00000000 ____D C:\Program Files (x86)\LibreOffice 3.6 2013-07-10 01:44 - 2013-07-10 01:44 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-10 01:43 - 2013-07-10 01:43 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-07-10 01:43 - 2013-07-10 01:43 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-10 01:43 - 2013-07-10 01:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-07-10 01:41 - 2013-07-10 01:41 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-10 01:41 - 2013-07-10 01:41 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2013-07-10 01:31 - 2013-07-10 01:31 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-10 01:31 - 2013-07-10 01:31 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-07-10 01:31 - 2013-07-10 01:31 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2013-07-10 01:31 - 2013-07-10 01:31 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll 2013-07-10 01:28 - 2013-07-10 01:28 - 00000000 ____D C:\Program Files (x86)\BootkitRemoval 2013-07-10 01:09 - 2013-07-10 01:09 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll 2013-07-10 01:09 - 2013-07-10 01:09 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01505280 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2013-07-10 01:07 - 2013-07-10 01:07 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2013-07-10 01:07 - 2013-07-10 01:07 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys 2013-07-10 01:07 - 2013-07-10 01:07 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll 2013-07-10 00:55 - 2013-07-10 00:55 - 00001262 _____ C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk 2013-07-10 00:14 - 2013-07-10 00:16 - 00000000 ____D C:\Program Files (x86)\Clover 2013-07-10 00:14 - 2013-07-10 00:14 - 00000000 ____D C:\Users\Bert\AppData\Local\Clover 2013-07-10 00:12 - 2012-12-20 22:24 - 03837440 _____ (Qualcomm Atheros Communications, Inc.) C:\windows\system32\Drivers\athrx.sys 2013-07-10 00:11 - 2013-07-10 00:11 - 00000000 ____D C:\Program Files (x86)\SpeedyFox 2013-07-10 00:09 - 2013-07-10 00:12 - 00000000 ____D C:\Program Files\DIFX 2013-07-10 00:06 - 2013-07-10 00:06 - 00000000 ____D C:\Program Files (x86)\MSECache 2013-07-10 00:05 - 2013-07-10 00:42 - 00000000 ____D C:\Program Files\Office Tab 2013-07-10 00:03 - 2013-07-10 00:03 - 00000000 ____D C:\Users\Bert\ultracopier 2013-07-10 00:02 - 2013-07-20 19:10 - 00000000 ____D C:\Program Files\Supercopier 2013-07-10 00:02 - 2012-12-27 01:26 - 00805088 _____ (Realtek ) C:\windows\system32\Drivers\Rt64win7.sys 2013-07-10 00:02 - 2012-12-27 01:26 - 00074344 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll 2013-07-10 00:00 - 2013-07-21 00:26 - 00003214 _____ C:\windows\System32\Tasks\Driver Booster Update 2013-07-09 23:58 - 2013-07-16 03:57 - 00000000 ____D C:\Users\Bert\AppData\Roaming\PasteCopy.NET 2013-07-09 23:57 - 2013-07-21 23:57 - 00000000 ____D C:\Program Files (x86)\PasteCopy.NET 2013-07-08 23:50 - 2013-07-08 23:50 - 00000000 ____D C:\Users\Bert\AppData\Roaming\aignes 2013-07-08 23:50 - 2013-07-08 23:50 - 00000000 ____D C:\Program Files (x86)\AM-DeadLink 2013-07-04 14:44 - 2013-07-04 14:44 - 00000000 _____ C:\windows\SysWOW64\FAPED09.tmp 2013-07-04 14:41 - 2013-07-04 14:41 - 00000000 _____ C:\windows\SysWOW64\FAP6BE6.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAPFFE9.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAP54F8.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAP3D90.tmp 2013-07-04 14:39 - 2013-07-04 14:39 - 00000000 _____ C:\windows\SysWOW64\FAP713B.tmp 2013-07-04 14:38 - 2013-07-04 14:38 - 00000000 _____ C:\windows\SysWOW64\FAPD69F.tmp 2013-07-04 14:36 - 2013-07-04 14:36 - 00000000 _____ C:\windows\SysWOW64\FAP2D.tmp 2013-07-04 14:35 - 2013-07-04 14:35 - 00000000 _____ C:\windows\SysWOW64\FAP76FF.tmp 2013-07-04 13:03 - 2013-07-04 13:03 - 00000000 _____ C:\windows\SysWOW64\FAPE22C.tmp 2013-07-04 13:02 - 2013-07-04 13:02 - 00000000 _____ C:\windows\SysWOW64\FAP5739.tmp 2013-07-04 13:00 - 2013-07-04 13:00 - 00000000 _____ C:\windows\SysWOW64\FAP5B7B.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPFE8B.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPF8A0.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPF840.tmp 2013-07-04 12:57 - 2013-07-04 12:57 - 00000000 _____ C:\windows\SysWOW64\FAP7402.tmp 2013-07-04 12:50 - 2013-07-04 12:50 - 00000000 _____ C:\windows\SysWOW64\FAPDA60.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPEACA.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPD381.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPBBF9.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP906.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP740E.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP5D8F.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP2001.tmp 2013-07-04 12:48 - 2013-07-04 12:48 - 00000000 _____ C:\windows\SysWOW64\FAP8C31.tmp 2013-07-04 12:48 - 2013-07-04 12:48 - 00000000 _____ C:\windows\SysWOW64\FAP78ED.tmp 2013-07-04 12:42 - 2013-07-04 12:42 - 00000000 _____ C:\windows\SysWOW64\FAP8450.tmp 2013-07-04 12:33 - 2013-07-04 12:33 - 00000000 _____ C:\windows\SysWOW64\FAP1334.tmp 2013-07-04 12:17 - 2013-07-04 12:17 - 00000000 _____ C:\windows\SysWOW64\FAP815F.tmp 2013-07-04 04:09 - 2013-07-04 04:09 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-07-04 01:24 - 2013-07-04 01:24 - 00000000 ____D C:\Users\Bert\.macromedia 2013-07-04 00:16 - 2013-07-14 01:00 - 00000000 ____D C:\Program Files (x86)\FEBE 2013-07-03 16:39 - 2013-07-03 16:44 - 00000600 _____ C:\Users\Bert\PUTTY.RND 2013-07-03 14:59 - 2013-07-03 14:59 - 00000000 _____ C:\Users\Bert\mm_backup.cfg 2013-07-02 17:21 - 2013-07-02 17:21 - 00000000 ____D C:\Program Files (x86)\Tor 2013-07-02 17:17 - 2013-07-02 17:18 - 00000000 ____D C:\Users\Bert\Documents\Calibre Library 2013-07-02 17:13 - 2013-07-02 17:18 - 00000000 ____D C:\Users\Bert\AppData\Roaming\calibre 2013-07-02 17:13 - 2013-07-02 17:13 - 00000000 ____D C:\Users\Bert\Documents\Calibre Bibliothek 2013-07-02 17:12 - 2013-07-02 17:12 - 00000000 ____D C:\Program Files (x86)\Calibre2 2013-07-02 03:06 - 2013-07-02 03:06 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2013-07-02 03:06 - 2013-07-02 03:06 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2013-07-02 03:06 - 2013-07-02 03:06 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat 2013-07-02 03:06 - 2013-07-02 03:06 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat 2013-07-02 03:06 - 2013-07-02 03:06 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00599552 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2013-07-02 03:06 - 2013-07-02 03:06 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2013-07-02 03:06 - 2013-07-02 03:06 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00270848 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00242200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx 2013-07-02 03:06 - 2013-07-02 03:06 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx 2013-07-02 03:06 - 2013-07-02 03:06 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe 2013-06-28 00:11 - 2013-07-21 15:46 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum 2013-06-27 01:54 - 2013-07-21 15:46 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum 2013-06-27 01:54 - 2013-07-21 15:46 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum 2013-06-25 21:52 - 2013-07-21 00:26 - 00002966 _____ C:\windows\System32\Tasks\{BBF7C257-78DB-4727-AAD0-4AC4EE99BFC6} ==================== One Month Modified Files and Folders ======= 2013-07-22 19:08 - 2013-07-22 19:08 - 00089090 _____ C:\Users\Bert\Desktop\FRST.txt 2013-07-22 19:00 - 2011-07-29 06:05 - 00696870 _____ C:\windows\system32\perfh007.dat 2013-07-22 19:00 - 2011-07-29 06:05 - 00148134 _____ C:\windows\system32\perfc007.dat 2013-07-22 19:00 - 2009-07-14 07:13 - 01612484 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-22 18:34 - 2009-07-14 06:45 - 00028624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-22 18:34 - 2009-07-14 06:45 - 00028624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-22 18:30 - 2013-07-21 15:02 - 00000000 ____D C:\Program Files (x86)\Junkware Removal Tool 2013-07-22 18:30 - 2013-07-21 05:56 - 00105925 _____ C:\windows\WindowsUpdate.log 2013-07-22 18:28 - 2013-07-22 18:28 - 00002175 _____ C:\Users\Bert\Desktop\AdwCleaner[S9].txt 2013-07-22 18:25 - 2013-07-22 18:03 - 00000224 _____ C:\windows\setupact.log 2013-07-22 18:25 - 2013-07-21 16:06 - 00000324 _____ C:\windows\Tasks\GlaryInitialize.job 2013-07-22 18:25 - 2012-06-07 11:56 - 00065536 _____ C:\windows\system32\Ikeext.etl 2013-07-22 18:25 - 2011-11-19 16:47 - 00000000 ____D C:\Users\Bert\.rainlendar2 2013-07-22 18:25 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-22 18:24 - 2013-07-22 18:24 - 00002175 _____ C:\AdwCleaner[S9].txt 2013-07-22 18:24 - 2013-07-22 18:24 - 00002113 _____ C:\Users\Bert\Desktop\AdwCleaner[R6].txt 2013-07-22 18:24 - 2013-07-22 18:23 - 00002113 _____ C:\AdwCleaner[R6].txt 2013-07-22 18:21 - 2013-07-22 18:21 - 00002055 _____ C:\AdwCleaner[S8].txt 2013-07-22 18:21 - 2013-07-22 18:21 - 00000624 _____ C:\Users\Bert\Desktop\JRT.txt 2013-07-22 18:17 - 2013-02-08 12:37 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-22 18:14 - 2013-07-22 18:14 - 00001995 _____ C:\AdwCleaner[S7].txt 2013-07-22 18:07 - 2013-07-22 18:07 - 00001935 _____ C:\AdwCleaner[S6].txt 2013-07-22 18:03 - 2013-07-22 18:03 - 00000000 _____ C:\windows\setuperr.log 2013-07-22 18:02 - 2013-07-22 18:02 - 00002000 _____ C:\AdwCleaner[S5].txt 2013-07-22 18:02 - 2013-07-22 18:01 - 00001938 _____ C:\AdwCleaner[R5].txt 2013-07-22 17:25 - 2013-07-22 17:25 - 00001839 _____ C:\AdwCleaner[R4].txt 2013-07-22 17:21 - 2013-07-22 17:21 - 00003108 _____ C:\windows\System32\Tasks\{52A44EB5-8B6C-4DED-854C-7508DAB59319} 2013-07-22 17:16 - 2013-07-22 17:15 - 00001781 _____ C:\AdwCleaner[S4].txt 2013-07-22 17:16 - 2011-11-16 10:08 - 00000000 ____D C:\Users\Bert\AppData\Local\CrashDumps 2013-07-22 17:16 - 2011-11-15 22:44 - 00000000 ____D C:\Users\Bert\AppData\Roaming\vlc 2013-07-22 17:15 - 2013-07-22 17:15 - 00560639 _____ (Oleg N. Scherbakov) C:\Users\Bert\Downloads\JRT.exe 2013-07-22 17:15 - 2013-07-15 22:52 - 00000000 ____D C:\Users\Bert\Desktop\Elfriede Jelinek - Neid 2013-07-22 17:14 - 2013-07-22 17:14 - 00001719 _____ C:\AdwCleaner[R3].txt 2013-07-22 17:13 - 2013-07-22 17:13 - 00003106 _____ C:\windows\System32\Tasks\{AE3C16E4-0F4D-4972-8A98-CE970C563718} 2013-07-22 17:07 - 2013-07-22 17:07 - 00003200 _____ C:\windows\System32\Tasks\{B731165D-DFA0-477A-807B-6426A31A9672} 2013-07-22 17:05 - 2013-07-22 17:05 - 00003100 _____ C:\windows\System32\Tasks\{509B46B2-466E-4EE9-846C-9A3D86EEE8AD} 2013-07-22 16:57 - 2013-07-22 16:56 - 00001661 _____ C:\AdwCleaner[S3].txt 2013-07-22 16:48 - 2013-07-22 16:47 - 00001601 _____ C:\AdwCleaner[S2].txt 2013-07-22 16:46 - 2013-07-22 16:46 - 00001539 _____ C:\AdwCleaner[R2].txt 2013-07-22 16:37 - 2013-07-15 17:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-07-22 16:32 - 2013-07-22 16:31 - 00003842 _____ C:\AdwCleaner[S1].txt 2013-07-22 16:30 - 2013-07-22 16:30 - 00003838 _____ C:\AdwCleaner[R1].txt 2013-07-22 14:30 - 2013-07-22 14:30 - 00024064 _____ C:\Users\Bert\Desktop\Mappe1.xls 2013-07-22 11:59 - 2013-07-22 11:58 - 00666633 _____ C:\Users\Bert\Desktop\adwcleaner06.exe 2013-07-22 04:07 - 2011-11-19 17:00 - 00000000 ____D C:\ProgramData\Spyware Terminator 2013-07-22 04:04 - 2013-07-22 04:04 - 00000000 ____D C:\windows\system32\SRSLabs 2013-07-22 04:04 - 2013-07-22 04:04 - 00000000 ____D C:\Program Files\Realtek 2013-07-22 04:04 - 2011-07-29 01:49 - 00000000 ____D C:\windows\SysWOW64\RTCOM 2013-07-22 01:47 - 2013-07-21 16:56 - 00000000 ____D C:\Users\Bert\Documents\Trojaner-Board 2013-07-22 01:16 - 2013-07-22 01:16 - 00000000 ____D C:\FRST 2013-07-21 23:57 - 2013-07-09 23:57 - 00000000 ____D C:\Program Files (x86)\PasteCopy.NET 2013-07-21 22:01 - 2013-06-04 11:11 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK 2013-07-21 18:22 - 2013-07-21 18:21 - 00000000 ____D C:\Program Files\ExtMan (IconTweak) 2013-07-21 17:54 - 2013-06-04 11:11 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger 2013-07-21 17:51 - 2013-07-21 17:34 - 00000000 ____D C:\Users\Bert\AppData\Roaming\IcoFX2X 2013-07-21 17:48 - 2013-07-21 17:48 - 00003186 _____ C:\windows\System32\Tasks\{9544E3BB-C36F-45F9-8CCB-F04A5417C807} 2013-07-21 16:07 - 2011-11-15 20:15 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Macromedia 2013-07-21 16:06 - 2013-07-21 16:06 - 00002600 _____ C:\windows\System32\Tasks\GlaryInitialize 2013-07-21 16:06 - 2011-11-16 09:01 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 2013-07-21 15:46 - 2013-07-21 15:37 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2013-07-21 15:46 - 2013-07-21 15:37 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2013-07-21 15:46 - 2013-07-21 15:37 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys 2013-07-21 15:46 - 2013-06-28 00:11 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum 2013-07-21 15:46 - 2013-06-27 01:54 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum 2013-07-21 15:46 - 2013-06-27 01:54 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum 2013-07-21 15:37 - 2013-07-21 15:37 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update 2013-07-21 15:37 - 2012-11-04 17:05 - 00000000 _____ C:\windows\SysWOW64\config.nt 2013-07-21 15:35 - 2012-11-04 17:03 - 00000000 ____D C:\ProgramData\AVAST Software 2013-07-21 15:35 - 2012-11-04 17:03 - 00000000 ____D C:\Program Files\AVAST Software 2013-07-21 15:12 - 2013-07-21 15:11 - 00000000 ____D C:\windows\System32\Tasks\COMODO 2013-07-21 15:11 - 2013-07-21 15:10 - 00000000 ___SD C:\ProgramData\Shared Space 2013-07-21 09:05 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache 2013-07-21 08:00 - 2013-07-20 00:30 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-07-21 08:00 - 2012-07-13 13:04 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Launchy 2013-07-21 08:00 - 2012-04-26 21:36 - 00000000 ____D C:\Users\Bert\AppData\Roaming\SUPERAntiSpyware.com 2013-07-21 08:00 - 2011-11-19 17:17 - 00000000 ____D C:\Users\Administrator 2013-07-21 08:00 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration 2013-07-21 06:00 - 2013-07-21 06:00 - 00000000 _____ C:\ProgramData\rebootpending.txt 2013-07-21 06:00 - 2013-07-21 02:19 - 00000000 ____D C:\ProgramData\Avira 2013-07-21 04:32 - 2013-07-21 03:52 - 00040534 _____ C:\windows\system32\Drivers\fvstore.dat 2013-07-21 04:32 - 2013-07-21 02:50 - 00389937 _____ C:\windows\system32\Drivers\sfi.dat 2013-07-21 03:52 - 2013-07-21 03:52 - 00000000 ___HD C:\VTRoot 2013-07-21 03:36 - 2013-07-16 05:40 - 00000000 ____D C:\Program Files\Unlocker 2013-07-21 03:22 - 2013-03-04 13:53 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-07-21 03:21 - 2013-07-21 02:30 - 00000000 ____D C:\Program Files (x86)\Comodo 2013-07-21 02:50 - 2013-07-21 02:48 - 00000000 ____D C:\ProgramData\Comodo 2013-07-21 02:48 - 2013-07-21 02:48 - 00000000 ____D C:\Program Files\COMODO 2013-07-21 02:35 - 2013-07-21 02:35 - 01700352 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdiplus.dll 2013-07-21 02:35 - 2013-07-21 02:35 - 01060864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc71.dll 2013-07-21 02:35 - 2013-07-21 02:35 - 00348160 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll 2013-07-21 02:28 - 2013-07-21 02:28 - 00000000 ____D C:\ProgramData\Comodo Downloader 2013-07-21 02:19 - 2011-11-16 07:51 - 00000000 ____D C:\Program Files (x86)\Avira 2013-07-21 02:00 - 2011-11-15 19:48 - 00000000 ____D C:\Users\Bert 2013-07-21 01:43 - 2013-07-21 01:43 - 00001130 _____ C:\DelFix.txt 2013-07-21 01:40 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-07-21 01:31 - 2013-07-21 00:46 - 00000000 ____D C:\windows\erdnt 2013-07-21 01:26 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini 2013-07-21 00:39 - 2012-11-16 10:35 - 00000444 _____ C:\windows\Tasks\Wise Registry Cleaner Schedule Task.job 2013-07-21 00:30 - 2011-11-15 20:01 - 00000000 ___RD C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-07-21 00:28 - 2012-09-05 14:32 - 00002772 _____ C:\windows\System32\Tasks\CCleanerSkipUAC 2013-07-21 00:27 - 2012-11-16 10:35 - 00003314 _____ C:\windows\System32\Tasks\Wise Registry Cleaner Schedule Task 2013-07-21 00:26 - 2013-07-10 00:00 - 00003214 _____ C:\windows\System32\Tasks\Driver Booster Update 2013-07-21 00:26 - 2013-06-25 21:52 - 00002966 _____ C:\windows\System32\Tasks\{BBF7C257-78DB-4727-AAD0-4AC4EE99BFC6} 2013-07-21 00:16 - 2011-11-26 22:40 - 00000000 ____D C:\ProgramData\Giraffic 2013-07-21 00:13 - 2011-11-26 22:40 - 00000000 ____D C:\Program Files (x86)\Giraffic 2013-07-21 00:05 - 2013-07-20 00:25 - 00000000 ____D C:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP 2013-07-20 19:10 - 2013-07-10 00:02 - 00000000 ____D C:\Program Files\Supercopier 2013-07-20 15:14 - 2013-06-04 11:39 - 00000000 ____D C:\Program Files (x86)\AdWareCleaner 2013-07-20 12:54 - 2013-07-20 12:53 - 00000000 ____D C:\EEK 2013-07-20 11:19 - 2011-11-15 22:18 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware 2013-07-20 02:21 - 2013-02-08 12:37 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-07-20 02:21 - 2013-02-08 12:37 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-20 02:21 - 2013-02-08 12:37 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-07-20 02:01 - 2012-04-25 12:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-20 01:30 - 2013-07-20 01:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-20 01:29 - 2013-07-17 05:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak 2013-07-20 00:52 - 2012-11-04 17:59 - 00000000 ____D C:\Program Files (x86)\Trojan Remover 2013-07-20 00:50 - 2013-03-05 02:39 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster 2013-07-20 00:43 - 2013-07-20 00:43 - 00312232 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00188840 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2013-07-20 00:43 - 2013-07-20 00:43 - 00000000 ____D C:\Program Files\Java 2013-07-20 00:43 - 2012-06-25 19:32 - 01093032 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll 2013-07-20 00:43 - 2012-01-17 21:33 - 00972712 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll 2013-07-20 00:33 - 2013-07-20 00:33 - 00000000 _____ C:\autoexec.bat 2013-07-20 00:33 - 2011-11-16 18:57 - 00000000 ____D C:\Program Files (x86)\Opera 2013-07-19 22:20 - 2011-12-23 15:46 - 00000000 ____D C:\Users\Bert\Documents\FFOutput 2013-07-19 11:44 - 2013-07-18 21:38 - 00018944 _____ C:\Users\Bert\Desktop\Bundestagswahlprognose.xls 2013-07-18 15:03 - 2013-06-04 11:11 - 00025568 _____ (Zemana Ltd.) C:\windows\system32\Drivers\KeyCrypt64.sys 2013-07-18 04:43 - 2013-06-06 04:01 - 00000000 ____D C:\Users\Bert\MediathekView 2013-07-16 05:40 - 2013-07-16 05:40 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker 2013-07-16 05:34 - 2013-07-16 05:34 - 00000000 ____D C:\Users\Bert\Documents\Art 2013-07-16 05:27 - 2013-07-16 04:42 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Jitsi 2013-07-16 04:42 - 2013-07-16 04:42 - 00000000 ____D C:\Program Files (x86)\Jitsi 2013-07-16 04:14 - 2013-05-07 17:25 - 00000000 ____D C:\Users\Bert\Documents\Statistik 2013-07-16 04:02 - 2011-11-16 08:34 - 00131136 _____ C:\Users\Bert\AppData\Local\GDIPFONTCACHEV1.DAT 2013-07-16 04:02 - 2009-07-14 06:45 - 00481992 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-16 04:01 - 2012-11-04 18:05 - 00002382 _____ C:\windows\Sandboxie.ini 2013-07-16 03:57 - 2013-07-09 23:58 - 00000000 ____D C:\Users\Bert\AppData\Roaming\PasteCopy.NET 2013-07-16 03:53 - 2011-11-15 19:56 - 00000000 ____D C:\ProgramData\Skype 2013-07-16 03:32 - 2013-07-16 02:49 - 00000000 ____D C:\Program Files (x86)\KVIrc 2013-07-14 01:00 - 2013-07-04 00:16 - 00000000 ____D C:\Program Files (x86)\FEBE 2013-07-11 23:51 - 2013-07-11 23:48 - 00000000 ____D C:\Program Files (x86)\LibreOffice 3.6 2013-07-11 23:51 - 2011-07-29 05:57 - 00000000 ____D C:\windows\ShellNew 2013-07-11 03:01 - 2011-11-17 05:14 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-07-10 02:14 - 2012-04-07 05:56 - 00000000 ____D C:\windows\Minidump 2013-07-10 02:14 - 2011-02-11 21:57 - 00000000 ____D C:\windows\Panther 2013-07-10 02:03 - 2011-11-19 10:35 - 00000000 ____D C:\Program Files (x86)\Registry System Wizard 2013-07-10 01:51 - 2009-07-14 07:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT 2013-07-10 01:47 - 2011-07-29 05:57 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-10 01:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-10 01:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-10 01:44 - 2013-07-10 01:44 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-10 01:43 - 2013-07-10 01:43 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-07-10 01:43 - 2013-07-10 01:43 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-10 01:43 - 2013-07-10 01:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-07-10 01:41 - 2013-07-10 01:41 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-10 01:41 - 2013-07-10 01:41 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2013-07-10 01:31 - 2013-07-10 01:31 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-10 01:31 - 2013-07-10 01:31 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-07-10 01:31 - 2013-07-10 01:31 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2013-07-10 01:31 - 2013-07-10 01:31 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll 2013-07-10 01:28 - 2013-07-10 01:28 - 00000000 ____D C:\Program Files (x86)\BootkitRemoval 2013-07-10 01:19 - 2012-09-05 14:56 - 01590378 _____ C:\windows\SysWOW64\PerfStringBackup.INI 2013-07-10 01:09 - 2013-07-10 01:09 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll 2013-07-10 01:09 - 2013-07-10 01:09 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01505280 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2013-07-10 01:07 - 2013-07-10 01:07 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2013-07-10 01:07 - 2013-07-10 01:07 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys 2013-07-10 01:07 - 2013-07-10 01:07 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll 2013-07-10 00:55 - 2013-07-10 00:55 - 00001262 _____ C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk 2013-07-10 00:54 - 2011-12-04 12:01 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Apple Computer 2013-07-10 00:42 - 2013-07-10 00:05 - 00000000 ____D C:\Program Files\Office Tab 2013-07-10 00:16 - 2013-07-10 00:14 - 00000000 ____D C:\Program Files (x86)\Clover 2013-07-10 00:14 - 2013-07-10 00:14 - 00000000 ____D C:\Users\Bert\AppData\Local\Clover 2013-07-10 00:12 - 2013-07-10 00:09 - 00000000 ____D C:\Program Files\DIFX 2013-07-10 00:11 - 2013-07-10 00:11 - 00000000 ____D C:\Program Files (x86)\SpeedyFox 2013-07-10 00:07 - 2012-09-03 04:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-07-10 00:06 - 2013-07-10 00:06 - 00000000 ____D C:\Program Files (x86)\MSECache 2013-07-10 00:05 - 2013-03-05 02:39 - 00000000 ____D C:\ProgramData\Licenses 2013-07-10 00:03 - 2013-07-10 00:03 - 00000000 ____D C:\Users\Bert\ultracopier 2013-07-10 00:00 - 2011-11-19 10:24 - 00000000 ____D C:\Program Files (x86)\IObit 2013-07-10 00:00 - 2011-11-16 09:03 - 00000000 ____D C:\Users\Bert\AppData\Roaming\IObit 2013-07-09 16:06 - 2013-01-29 00:53 - 00000000 ____D C:\Users\Bert\Desktop\Institut für soziale Berufe 2013-07-08 23:50 - 2013-07-08 23:50 - 00000000 ____D C:\Users\Bert\AppData\Roaming\aignes 2013-07-08 23:50 - 2013-07-08 23:50 - 00000000 ____D C:\Program Files (x86)\AM-DeadLink 2013-07-08 22:59 - 2013-06-18 16:16 - 00708632 _____ (COMODO) C:\windows\system32\Drivers\cmdguard.sys 2013-07-04 14:44 - 2013-07-04 14:44 - 00000000 _____ C:\windows\SysWOW64\FAPED09.tmp 2013-07-04 14:41 - 2013-07-04 14:41 - 00000000 _____ C:\windows\SysWOW64\FAP6BE6.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAPFFE9.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAP54F8.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAP3D90.tmp 2013-07-04 14:39 - 2013-07-04 14:39 - 00000000 _____ C:\windows\SysWOW64\FAP713B.tmp 2013-07-04 14:38 - 2013-07-04 14:38 - 00000000 _____ C:\windows\SysWOW64\FAPD69F.tmp 2013-07-04 14:36 - 2013-07-04 14:36 - 00000000 _____ C:\windows\SysWOW64\FAP2D.tmp 2013-07-04 14:35 - 2013-07-04 14:35 - 00000000 _____ C:\windows\SysWOW64\FAP76FF.tmp 2013-07-04 13:03 - 2013-07-04 13:03 - 00000000 _____ C:\windows\SysWOW64\FAPE22C.tmp 2013-07-04 13:02 - 2013-07-04 13:02 - 00000000 _____ C:\windows\SysWOW64\FAP5739.tmp 2013-07-04 13:00 - 2013-07-04 13:00 - 00000000 _____ C:\windows\SysWOW64\FAP5B7B.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPFE8B.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPF8A0.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPF840.tmp 2013-07-04 12:57 - 2013-07-04 12:57 - 00000000 _____ C:\windows\SysWOW64\FAP7402.tmp 2013-07-04 12:50 - 2013-07-04 12:50 - 00000000 _____ C:\windows\SysWOW64\FAPDA60.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPEACA.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPD381.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPBBF9.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP906.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP740E.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP5D8F.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP2001.tmp 2013-07-04 12:48 - 2013-07-04 12:48 - 00000000 _____ C:\windows\SysWOW64\FAP8C31.tmp 2013-07-04 12:48 - 2013-07-04 12:48 - 00000000 _____ C:\windows\SysWOW64\FAP78ED.tmp 2013-07-04 12:42 - 2013-07-04 12:42 - 00000000 _____ C:\windows\SysWOW64\FAP8450.tmp 2013-07-04 12:33 - 2013-07-04 12:33 - 00000000 _____ C:\windows\SysWOW64\FAP1334.tmp 2013-07-04 12:17 - 2013-07-04 12:17 - 00000000 _____ C:\windows\SysWOW64\FAP815F.tmp 2013-07-04 12:11 - 2012-12-04 23:54 - 00000000 ____D C:\Program Files (x86)\URLSnooper2 2013-07-04 11:14 - 2012-12-18 17:00 - 00084027 _____ C:\Users\Bert\Desktop\Mjusiq.xspf 2013-07-04 11:10 - 2011-11-18 16:13 - 00000000 ____D C:\Program Files (x86)\Java 2013-07-04 04:09 - 2013-07-04 04:09 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-07-04 04:09 - 2012-07-13 01:33 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll 2013-07-04 04:09 - 2011-11-18 16:14 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll 2013-07-04 03:43 - 2012-10-11 11:23 - 00007607 _____ C:\Users\Bert\AppData\Local\Resmon.ResmonCfg 2013-07-04 01:24 - 2013-07-04 01:24 - 00000000 ____D C:\Users\Bert\.macromedia 2013-07-03 23:04 - 2012-09-04 05:42 - 00000000 ____D C:\Program Files\Puran Defrag 2013-07-03 17:05 - 2011-11-15 22:30 - 00000000 ____D C:\Program Files\CCleaner 2013-07-03 16:44 - 2013-07-03 16:39 - 00000600 _____ C:\Users\Bert\PUTTY.RND 2013-07-03 14:59 - 2013-07-03 14:59 - 00000000 _____ C:\Users\Bert\mm_backup.cfg 2013-07-02 17:21 - 2013-07-02 17:21 - 00000000 ____D C:\Program Files (x86)\Tor 2013-07-02 17:18 - 2013-07-02 17:17 - 00000000 ____D C:\Users\Bert\Documents\Calibre Library 2013-07-02 17:18 - 2013-07-02 17:13 - 00000000 ____D C:\Users\Bert\AppData\Roaming\calibre 2013-07-02 17:13 - 2013-07-02 17:13 - 00000000 ____D C:\Users\Bert\Documents\Calibre Bibliothek 2013-07-02 17:12 - 2013-07-02 17:12 - 00000000 ____D C:\Program Files (x86)\Calibre2 2013-07-02 03:32 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions 2013-07-02 03:06 - 2013-07-02 03:06 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2013-07-02 03:06 - 2013-07-02 03:06 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2013-07-02 03:06 - 2013-07-02 03:06 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat 2013-07-02 03:06 - 2013-07-02 03:06 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat 2013-07-02 03:06 - 2013-07-02 03:06 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00599552 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2013-07-02 03:06 - 2013-07-02 03:06 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2013-07-02 03:06 - 2013-07-02 03:06 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00270848 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00242200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx 2013-07-02 03:06 - 2013-07-02 03:06 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx 2013-07-02 03:06 - 2013-07-02 03:06 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe 2013-06-26 20:29 - 2012-10-02 11:09 - 00000000 ____D C:\Users\Bert\Desktop\2nd 2013-06-22 15:51 - 2012-09-05 14:46 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Skype 2013-06-22 09:47 - 2011-11-19 16:49 - 00000000 ____D C:\ProgramData\DivX 2013-06-22 09:46 - 2012-03-16 15:43 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Audacity 2013-06-22 09:46 - 2011-11-19 16:49 - 00000000 ____D C:\Program Files (x86)\DivX 2013-06-22 09:34 - 2013-05-31 15:54 - 02756800 _____ (Sysinternals - www.sysinternals.com) C:\Program Files (x86)\ProcessExplorer.exe 2013-06-22 09:16 - 2012-09-05 14:37 - 00000000 ____D C:\Program Files (x86)\IcoFX 2 2013-06-22 09:14 - 2011-11-16 08:33 - 00000000 ____D C:\Program Files\Recuva ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-21 08:57 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2013 Ran by Bert at 2013-07-22 19:11:07 Running from F:\ Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.22 (x64 edition) (Version: 9.22.00.0) Broadcom 802.11 Network Adapter (Version: 5.60.48.55) Canon MG5100 series MP Drivers CCleaner (Version: 4.03) COMODO Firewall (Version: 6.2.20728.2847) dows-Treiberpaket - Qualcomm Atheros Communications Inc. Net (12/20/2012 10.0.0.222) (Version: 12/20/2012 10.0.0.222) Eraser 6.0.10.2620 (Version: 6.0.2620) ETDWare PS/2-X64 8.0.7.2_WHQL (Version: 8.0.7.2) Finanzausgleich zum Selberrechnen (Version: 1.0.2) GIMP 2.8.2 (Version: 2.8.2) Intel(R) PROSet/Wireless WiFi Software (Version: 14.01.1000) Java 7 Update 25 (64-bit) (Version: 7.0.250) Jitsi (Version: 2.2.4603.9615) K-Lite Codec Pack 9.2.0 (64-bit) (Version: 9.2.0) Media Preview (Version: 1.2.5.264) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) O&O Defrag Free Edition (Version: 14.1.431) Paint.NET v3.5.10 (Version: 3.60.0) PDF Split And Merge Basic (Version: 2.2.2) PDF-XChange Viewer (Version: 2.5.199.0) PhotoFiltre 7 (HKCU) Puran Defrag 7.5 Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873) Recuva (Version: 1.47) Sandboxie 4.02 (64-bit) (Version: 4.02) SUPERAntiSpyware (Version: 5.0.1146) Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.0.82.0) Unlocker 1.9.1-x64 (Version: 1.9.1) VLC media player 2.0.7 (Version: 2.0.7) Windows-Treiberpaket - Qualcomm Atheros Communications Inc. (athr) Net (12/20/2012 10.0.0.222) (Version: 12/20/2012 10.0.0.222) Windows-Treiberpaket - Realtek (RTL8167) Net (12/26/2012 7.067.1226.2012) (Version: 12/26/2012 7.067.1226.2012) Windows-Treiberpaket - Realtek Net (12/26/2012 7.067.1226.2012) (Version: 12/26/2012 7.067.1226.2012) ==================== Restore Points ========================= 21-07-2013 04:01:09 Removed avast! Ad Blocker 21-07-2013 13:10:42 Gerätetreiber-Paketinstallation: COMODO Netzwerkdienst 21-07-2013 13:35:02 avast! Free Antivirus Setup ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-07-21 01:26 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {052FF8F9-17E5-46CE-92E9-2459D443BE1D} - System32\Tasks\WifiManager => %programfiles(x86)%\Samsung\Easy Display Manager\WifiManager.exe No File Task: {07BA8459-7B7A-4378-BA93-87DAF8F39996} - System32\Tasks\SamsungSupportCenter => %programfiles(x86)%\Samsung\Samsung Support Center\SSCKbdHk.exe No File Task: {121D8FED-57CE-49BA-A249-6F4B0FB52E2B} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe No File Task: {1D3851B4-445B-4305-8350-7780C810AE89} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.) Task: {20EE00D5-6A47-499F-8646-0EEECB513933} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software) Task: {2309FC7A-CAE3-4C88-9B87-7CF7ED7FBF06} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {25A491E4-7FC0-4845-AC74-E0A1A8854E03} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe No File Task: {362D8E5A-6F06-4B37-A8BC-362361B37052} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.) Task: {3D505DDD-A399-485D-BE86-3973F4B7B2B4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-592597040-2687735098-3077039613-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File Task: {485C9238-50AE-4DBB-BB0C-BCD991F50DBD} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-20] (Adobe Systems Incorporated) Task: {4BE9723B-5BFB-4B57-B199-62385B836FE7} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-13] () Task: {4D6F3CD8-7EAE-4856-81B9-362478929477} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe No File Task: {5AE26E70-0182-4C27-B334-37FF782BBA7C} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {6BF1D49E-DF5C-49A8-BE77-3C4981C32DCA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe No File Task: {710D33EB-91F9-486B-B7BD-3F854CA02D54} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink) Task: {735D7ABD-97FE-4846-9937-AB4E79035493} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cis.exe [2013-07-08] (COMODO) Task: {7A2B3EFC-3362-4935-B339-884F665B6953} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files (x86)\Wise Registry Cleaner\WiseRegCleaner.exe [2012-11-08] (WiseCleaner.com) Task: {7D5CB5A2-919E-4192-A53A-AB0928AB102F} - System32\Tasks\{BBF7C257-78DB-4727-AAD0-4AC4EE99BFC6} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013-07-20] (Mozilla Corporation) Task: {91586A9A-F31D-46B0-AD12-B2EA51F12FB5} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {92801305-2B16-4643-A691-588E7158BDD4} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd) Task: {9424B58E-CC51-430F-B47D-AF5ADA340E8B} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-23] (Samsung Electronics Co., Ltd.) Task: {9809E7C2-3D95-425E-806A-CCC7DA20450E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {A2EC6E16-DD7C-42E6-A5BB-55CE62962A8B} - System32\Tasks\EasyBatteryManager => %ProgramFiles(x86)%\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe No File Task: {B971BF12-5F0B-4B04-A0DD-92042CAE76EC} - System32\Tasks\EasySpeedUpManager => %programfiles(x86)%\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe No File Task: {BA03484F-45BA-4578-A970-55D9BD72E503} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\cfpconfg.exe [2013-07-08] (COMODO) Task: {C2390F26-B14C-45EF-AE0D-BDB414531F1B} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-02-14] (SEC) Task: {C50A22D2-F54D-482A-9577-DF42FF3B6FC8} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.) Task: {C7F32861-B0A4-450B-A160-0EFCB9969A8E} - System32\Tasks\SUPBackground => %ProgramFiles(x86)%\Samsung\Samsung Update Plus\SUPBackground.exe No File Task: {CDE2BB82-6299-4A58-A22E-3745FD40D6D0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe No File Task: {CE138B3D-A62C-41D2-AD85-F767AB0971FD} - System32\Tasks\CCleanerSkipUAC => C:\PROGRAM FILES\CCLEANER\CCLEANER.EXE [2013-06-19] (Piriform Ltd) Task: {DC7F9992-F690-448D-976A-21B1347CC9FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {EA4ED269-2A24-41F4-9428-38506827D19F} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-06-08] (IObit) Task: {FFBED0E0-3C47-49A8-8D34-064CA7B1A8D9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-592597040-2687735098-3077039613-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe Task: C:\windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files (x86)\Wise Registry Cleaner\WiseRegCleaner.exe ==================== Faulty Device Manager Devices ============= Name: AntiLog32 Description: AntiLog32 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AntiLog32 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/22/2013 07:02:29 PM) (Source: .NET Runtime) (User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 260. Meldungs-ID: [0x2509]. Error: (07/22/2013 06:53:14 PM) (Source: .NET Runtime) (User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 6956. Meldungs-ID: [0x2509]. Error: (07/22/2013 06:46:52 PM) (Source: .NET Runtime) (User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 6460. Meldungs-ID: [0x2509]. Error: (07/22/2013 06:43:54 PM) (Source: .NET Runtime) (User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 1460. Meldungs-ID: [0x2509]. Error: (07/22/2013 06:41:42 PM) (Source: .NET Runtime) (User: ) Description: Anwendung: SEARCHFILTERHOST.EXE Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 0000000002635061 Error: (07/22/2013 06:40:34 PM) (Source: .NET Runtime) (User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 812. Meldungs-ID: [0x2509]. Error: (07/22/2013 06:36:36 PM) (Source: .NET Runtime) (User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 5000. Meldungs-ID: [0x2509]. Error: (07/22/2013 06:26:32 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/22/2013 06:24:39 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/22/2013 06:25:48 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/22/2013 06:25:48 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "MBAMScheduler" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/22/2013 06:25:48 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Firefox Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (07/22/2013 06:23:19 PM) (Source: DCOM) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (07/22/2013 06:23:19 PM) (Source: DCOM) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (07/22/2013 06:23:15 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/22/2013 06:23:15 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/22/2013 06:23:15 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/22/2013 06:23:11 PM) (Source: DCOM) (User: ) Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (07/22/2013 06:23:03 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Microsoft Office Sessions: ========================= Error: (07/22/2013 07:02:29 PM) (Source: .NET Runtime)(User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 260. Meldungs-ID: [0x2509]. Error: (07/22/2013 06:53:14 PM) (Source: .NET Runtime)(User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 6956. Meldungs-ID: [0x2509]. Error: (07/22/2013 06:46:52 PM) (Source: .NET Runtime)(User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 6460. Meldungs-ID: [0x2509]. Error: (07/22/2013 06:43:54 PM) (Source: .NET Runtime)(User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 1460. Meldungs-ID: [0x2509]. Error: (07/22/2013 06:41:42 PM) (Source: .NET Runtime)(User: ) Description: Anwendung: SEARCHFILTERHOST.EXE Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: Ausnahmecode c0000005, Ausnahmeadresse 0000000002635061 Error: (07/22/2013 06:40:34 PM) (Source: .NET Runtime)(User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 812. Meldungs-ID: [0x2509]. Error: (07/22/2013 06:36:36 PM) (Source: .NET Runtime)(User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 5000. Meldungs-ID: [0x2509]. Error: (07/22/2013 06:26:32 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/22/2013 06:24:39 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-07-21 01:22:44.929 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-21 01:22:44.773 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-04 13:08:29.246 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EE2E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-04 13:08:29.202 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EE2E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-04 13:07:26.610 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EE2E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-04 13:07:26.564 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EE2E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-04 12:05:50.520 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EE2E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-04 12:05:50.475 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\EE2E.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-04 11:59:53.693 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\2005.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2012-11-04 11:59:53.667 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\2005.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 53% Total physical RAM: 4009.55 MB Available physical RAM: 1872.51 MB Total Pagefile: 8017.28 MB Available Pagefile: 4926.34 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:71 GB) (Free:15.26 GB) NTFS (Disk=0 Partition=2) Drive d: () (Fixed) (Total:203.63 GB) (Free:1.5 GB) NTFS (Disk=0 Partition=4) Drive e: (CD099A1) (CDROM) (Total:0.15 GB) (Free:0 GB) CDFS Drive f: () (Removable) (Total:0.24 GB) (Free:0 GB) FAT (Disk=1 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 010722F6) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=71 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=204 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=23 GB) - (Type=27) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 248 MB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=247 MB) - (Type=04) ==================== End Of Log ============================ |
22.07.2013, 20:21 | #8 |
/// the machine /// TB-Ausbilder | Nervige Werbung: 'Ads not by this site'-Problem Deinstalliere bitte TuneUp ALLE SecuritySoftware, vor allem IOBIT und Comodo. Deinstalliere alles was mit Security zu tun hat, auch Spybot, und behalte nur ein einziges reines AV Programm. Dann AdwCleaner löschen und neu laden, laufen lassen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.07.2013, 20:31 | #9 |
| Nervige Werbung: 'Ads not by this site'-Problem IOBIT, Comodo, Spybot und Ähnliches zu löschen ist kein Problem. TuneUp ist aber eine lizensierte Version, für die ich ordentlich Kohle gelatzt, aber keine Installationsdatei mehr habe. Wie kann ich TuneUp retten? Geht's nicht auch versuchsweise ohne, indem ich TuneUp irgendwie deaktiviere, indem ich alle noch im Hintergrund laufenden Prozesse im abgesicherten Modus mittels TaskManager stoppe? LG |
22.07.2013, 20:41 | #10 |
/// the machine /// TB-Ausbilder | Nervige Werbung: 'Ads not by this site'-Problem Ok, TuneUp kann bleiben Aber kleiner Tipp am Rande, falls Du wieder Geld ausgeben willst: TuneUp ist Müll, total unnötig und zerschiesst Dir nur den Rechner
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.07.2013, 12:30 | #11 |
| Nervige Werbung: 'Ads not by this site'-Problem Hallo schrauber, hatte nun also bis auf TuneUp und avast! Antivirus alle SecuritySoftware platt gemacht und mit neu runtergeladenem AdwCleaner mehrere Scan-Lösch-Durchgänge gemacht, anschließend noch JRT im abgesicherten Modus und - auf eigenes Fiesiko - ComboFix dreimal. Hier die jeweils letzten Scans: AdwCleaner sagt mir: "Alles sauber!" Code:
ATTFilter # AdwCleaner v2.306 - Datei am 23/07/2013 um 01:26:33 erstellt # Aktualisiert am 19/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Bert - BERT-007 # Bootmodus : Normal # Ausgeführt unter : C:\Users\Bert\Desktop\AdwCleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v23.0 (de) Datei : C:\Users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\prefs.js [OK] Die Datei ist sauber. Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rae3d5ms.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. -\\ Opera v12.16.1860.0 Datei : C:\Users\Bert\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* AdwCleaner[R10].txt - [2557 octets] - [23/07/2013 01:19:34] AdwCleaner[R11].txt - [1224 octets] - [23/07/2013 01:26:33] AdwCleaner[R1].txt - [3838 octets] - [22/07/2013 16:30:07] AdwCleaner[R2].txt - [1539 octets] - [22/07/2013 16:46:26] AdwCleaner[R3].txt - [1719 octets] - [22/07/2013 17:14:17] AdwCleaner[R4].txt - [1839 octets] - [22/07/2013 17:25:02] AdwCleaner[R5].txt - [1938 octets] - [22/07/2013 18:01:47] AdwCleaner[R6].txt - [2113 octets] - [22/07/2013 18:23:48] AdwCleaner[R7].txt - [2231 octets] - [23/07/2013 01:02:18] AdwCleaner[R8].txt - [2352 octets] - [23/07/2013 01:04:45] AdwCleaner[R9].txt - [2434 octets] - [23/07/2013 01:09:29] AdwCleaner[S10].txt - [2295 octets] - [23/07/2013 01:02:55] AdwCleaner[S11].txt - [2416 octets] - [23/07/2013 01:05:15] AdwCleaner[S12].txt - [2498 octets] - [23/07/2013 01:10:11] AdwCleaner[S13].txt - [2620 octets] - [23/07/2013 01:20:38] AdwCleaner[S1].txt - [3842 octets] - [22/07/2013 16:31:08] AdwCleaner[S2].txt - [1601 octets] - [22/07/2013 16:47:52] AdwCleaner[S3].txt - [1661 octets] - [22/07/2013 16:56:51] AdwCleaner[S4].txt - [1781 octets] - [22/07/2013 17:15:58] AdwCleaner[S5].txt - [2000 octets] - [22/07/2013 18:02:19] AdwCleaner[S6].txt - [1935 octets] - [22/07/2013 18:07:07] AdwCleaner[S7].txt - [1995 octets] - [22/07/2013 18:14:44] AdwCleaner[S8].txt - [2055 octets] - [22/07/2013 18:21:37] AdwCleaner[S9].txt - [2175 octets] - [22/07/2013 18:24:35] ########## EOF - C:\AdwCleaner[R11].txt - [2609 octets] ########## Code:
ATTFilter # AdwCleaner v2.306 - Datei am 23/07/2013 um 01:27:04 erstellt # Aktualisiert am 19/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Bert - BERT-007 # Bootmodus : Normal # Ausgeführt unter : C:\Users\Bert\Desktop\AdwCleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v23.0 (de) Datei : C:\Users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\prefs.js [OK] Die Datei ist sauber. Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\rae3d5ms.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. -\\ Opera v12.16.1860.0 Datei : C:\Users\Bert\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* AdwCleaner[R10].txt - [2557 octets] - [23/07/2013 01:19:34] AdwCleaner[R11].txt - [2679 octets] - [23/07/2013 01:26:33] AdwCleaner[R1].txt - [3838 octets] - [22/07/2013 16:30:07] AdwCleaner[R2].txt - [1539 octets] - [22/07/2013 16:46:26] AdwCleaner[R3].txt - [1719 octets] - [22/07/2013 17:14:17] AdwCleaner[R4].txt - [1839 octets] - [22/07/2013 17:25:02] AdwCleaner[R5].txt - [1938 octets] - [22/07/2013 18:01:47] AdwCleaner[R6].txt - [2113 octets] - [22/07/2013 18:23:48] AdwCleaner[R7].txt - [2231 octets] - [23/07/2013 01:02:18] AdwCleaner[R8].txt - [2352 octets] - [23/07/2013 01:04:45] AdwCleaner[R9].txt - [2434 octets] - [23/07/2013 01:09:29] AdwCleaner[S10].txt - [2295 octets] - [23/07/2013 01:02:55] AdwCleaner[S11].txt - [2416 octets] - [23/07/2013 01:05:15] AdwCleaner[S12].txt - [2498 octets] - [23/07/2013 01:10:11] AdwCleaner[S13].txt - [2620 octets] - [23/07/2013 01:20:38] AdwCleaner[S14].txt - [2071 octets] - [23/07/2013 01:27:04] AdwCleaner[S1].txt - [3842 octets] - [22/07/2013 16:31:08] AdwCleaner[S2].txt - [1601 octets] - [22/07/2013 16:47:52] AdwCleaner[S3].txt - [1661 octets] - [22/07/2013 16:56:51] AdwCleaner[S4].txt - [1781 octets] - [22/07/2013 17:15:58] AdwCleaner[S5].txt - [2000 octets] - [22/07/2013 18:02:19] AdwCleaner[S6].txt - [1935 octets] - [22/07/2013 18:07:07] AdwCleaner[S7].txt - [1995 octets] - [22/07/2013 18:14:44] AdwCleaner[S8].txt - [2055 octets] - [22/07/2013 18:21:37] AdwCleaner[S9].txt - [2175 octets] - [22/07/2013 18:24:35] ########## EOF - C:\AdwCleaner[S14].txt - [2672 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.2.1 (07.22.2013:1) OS: Windows 7 Home Premium x64 Ran by Bert on 23.07.2013 at 2:18:19,57 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 23.07.2013 at 2:20:11,50 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter ComboFix 13-07-22.01 - Bert 23.07.2013 2:42.3.4 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4010.3051 [GMT 2:00] ausgeführt von:: c:\users\Bert\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . ((((((((((((((((((((((( Dateien erstellt von 2013-06-23 bis 2013-07-23 )))))))))))))))))))))))))))))) . . 2013-07-23 00:45 . 2013-07-23 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-23 00:45 . 2013-07-23 00:45 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-07-22 17:59 . 2013-07-22 18:00 -------- d-----w- C:\56793e0a4fd0078f320ad77a323185 2013-07-22 17:44 . 2013-07-22 17:44 -------- d-----w- c:\users\Bert\AppData\Local\Opera Software 2013-07-22 17:44 . 2013-07-22 17:44 -------- d-----w- c:\users\Bert\AppData\Roaming\Opera Software 2013-07-22 17:32 . 2012-06-09 17:21 206336 ----a-w- c:\windows\system32\unrar64.dll 2013-07-22 17:32 . 2011-12-07 17:37 148992 ----a-w- c:\windows\system32\lagarith.dll 2013-07-22 17:32 . 2013-05-31 18:00 127488 ----a-w- c:\windows\system32\ff_vfw.dll 2013-07-22 17:32 . 2013-07-22 17:32 -------- d-----w- c:\program files\K-Lite Codec Pack x64 2013-07-22 17:26 . 2013-07-22 17:29 -------- d-----w- c:\windows\system32\MRT 2013-07-22 02:04 . 2013-07-22 02:04 -------- d-----w- c:\windows\system32\SRSLabs 2013-07-22 02:04 . 2013-07-22 02:04 -------- d-----w- c:\program files\Realtek 2013-07-22 02:02 . 2013-03-26 15:04 2734624 ----a-w- c:\windows\system32\FMAPO64.dll 2013-07-22 02:01 . 2012-03-08 09:47 108640 ----a-w- c:\windows\system32\AERTAR64.dll 2013-07-22 02:01 . 2013-03-23 01:43 208072 ----a-w- c:\windows\system32\AERTAC64.dll 2013-07-22 02:01 . 2013-01-16 14:02 2079816 ----a-w- c:\windows\RtlExUpd.dll 2013-07-21 23:16 . 2013-07-21 23:16 -------- d-----w- C:\FRST 2013-07-21 16:21 . 2013-07-21 16:22 -------- d-----w- c:\program files\ExtMan (IconTweak) 2013-07-21 15:34 . 2013-07-21 15:51 -------- d-----w- c:\users\Bert\AppData\Roaming\IcoFX2X 2013-07-21 13:37 . 2013-07-21 13:46 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-07-21 13:37 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-07-21 13:37 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-07-21 13:37 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-07-21 13:37 . 2013-07-21 13:46 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-07-21 13:37 . 2013-07-21 13:46 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-07-21 13:37 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-07-21 13:37 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-07-21 13:36 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr 2013-07-21 13:32 . 2013-07-15 01:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC59AB60-E6DD-42C8-BB7D-8498C80D02A0}\mpengine.dll 2013-07-21 13:02 . 2013-07-23 00:14 -------- d-----w- c:\program files (x86)\Junkware Removal Tool 2013-07-21 01:52 . 2013-07-21 01:52 -------- d-----w- C:\VTRoot 2013-07-21 00:48 . 2013-07-21 00:48 -------- d-----w- c:\program files\COMODO 2013-07-21 00:48 . 2013-07-21 00:50 -------- d-----w- c:\programdata\Comodo 2013-07-21 00:35 . 2013-07-21 00:35 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2013-07-21 00:35 . 2013-07-21 00:35 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2013-07-21 00:35 . 2013-07-21 00:35 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2013-07-21 00:30 . 2013-07-21 01:21 -------- d-----w- c:\program files (x86)\Comodo 2013-07-21 00:28 . 2013-07-21 00:28 -------- d-----w- c:\programdata\Comodo Downloader 2013-07-21 00:19 . 2013-07-21 04:00 -------- d-----w- c:\programdata\Avira 2013-07-20 22:36 . 2013-07-20 22:36 -------- d-s---w- c:\windows\SysWow64\Microsoft 2013-07-20 10:53 . 2013-07-20 10:54 -------- d-----w- C:\EEK 2013-07-20 09:44 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-19 22:43 . 2013-07-19 22:43 312232 ----a-w- c:\windows\system32\javaws.exe 2013-07-19 22:43 . 2013-07-19 22:43 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-07-19 22:43 . 2013-07-19 22:43 189352 ----a-w- c:\windows\system32\javaw.exe 2013-07-19 22:43 . 2013-07-19 22:43 188840 ----a-w- c:\windows\system32\java.exe 2013-07-19 22:43 . 2013-07-19 22:43 -------- d-----w- c:\program files\Java 2013-07-19 22:30 . 2013-07-21 06:00 -------- d-----w- c:\program files\Enigma Software Group 2013-07-19 22:25 . 2013-07-20 22:05 -------- d-----w- c:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP 2013-07-19 22:25 . 2013-07-19 22:25 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2013-07-16 03:40 . 2013-07-21 01:36 -------- d-----w- c:\program files\Unlocker 2013-07-16 02:42 . 2013-07-16 03:27 -------- d-----w- c:\users\Bert\AppData\Roaming\Jitsi 2013-07-16 02:42 . 2013-07-16 02:42 -------- d-----w- c:\program files (x86)\Jitsi 2013-07-16 00:49 . 2013-07-16 01:32 -------- d-----w- c:\program files (x86)\KVIrc 2013-07-15 15:47 . 2013-07-22 14:37 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-07-11 21:48 . 2013-07-11 21:51 -------- d-----w- c:\program files (x86)\LibreOffice 3.6 2013-07-09 23:45 . 2013-07-09 23:45 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll 2013-07-09 23:45 . 2013-07-09 23:45 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-09 23:45 . 2013-07-09 23:45 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll 2013-07-09 23:45 . 2013-07-09 23:45 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll 2013-07-09 23:45 . 2013-07-09 23:45 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll 2013-07-09 23:45 . 2013-07-09 23:45 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-09 23:45 . 2013-07-09 23:45 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-09 23:44 . 2013-07-09 23:44 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-07-09 23:41 . 2013-07-09 23:41 624128 ----a-w- c:\windows\system32\qedit.dll 2013-07-09 23:41 . 2013-07-09 23:41 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2013-07-09 23:32 . 2013-07-09 23:32 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-07-09 23:32 . 2013-07-09 23:32 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-07-09 23:32 . 2013-07-09 23:32 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2013-07-09 23:32 . 2013-07-09 23:32 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-07-09 23:32 . 2013-07-09 23:32 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-09 23:31 . 2013-07-09 23:31 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-09 23:31 . 2013-07-09 23:31 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2013-07-09 23:31 . 2013-07-09 23:31 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-07-09 23:31 . 2013-07-09 23:31 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-07-09 23:28 . 2013-07-09 23:28 -------- d-----w- c:\program files (x86)\BootkitRemoval 2013-07-09 23:09 . 2013-07-09 23:09 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-07-09 23:09 . 2013-07-09 23:09 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-07-09 23:08 . 2013-07-09 23:08 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-07-09 23:08 . 2013-07-09 23:08 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-07-09 23:08 . 2013-07-09 23:08 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-07-09 23:08 . 2013-07-09 23:08 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-07-09 23:07 . 2013-07-09 23:07 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-07-09 23:07 . 2013-07-09 23:07 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-07-09 23:07 . 2013-07-09 23:07 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-07-09 22:14 . 2013-07-09 22:14 -------- d-----w- c:\users\Bert\AppData\Local\Clover 2013-07-09 22:14 . 2013-07-09 22:16 -------- d-----w- c:\program files (x86)\Clover 2013-07-09 22:12 . 2012-12-20 20:24 3837440 ----a-w- c:\windows\system32\drivers\athrx.sys 2013-07-09 22:11 . 2013-07-09 22:11 -------- d-----w- c:\program files (x86)\SpeedyFox 2013-07-09 22:09 . 2013-07-09 22:12 -------- d-----w- c:\program files\DIFX 2013-07-09 22:06 . 2013-07-09 22:06 -------- d-----w- c:\program files (x86)\MSECache 2013-07-09 22:05 . 2013-07-09 22:42 -------- d-----w- c:\program files\Office Tab 2013-07-09 22:03 . 2013-07-09 22:03 -------- d-----w- c:\users\Bert\ultracopier 2013-07-09 22:02 . 2012-12-26 23:26 805088 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2013-07-09 22:02 . 2012-12-26 23:26 74344 ----a-w- c:\windows\system32\RtNicProp64.dll 2013-07-09 22:02 . 2013-07-20 17:10 -------- d-----w- c:\program files\Supercopier 2013-07-09 21:58 . 2013-07-16 01:57 -------- d-----w- c:\users\Bert\AppData\Roaming\PasteCopy.NET 2013-07-09 21:57 . 2013-07-21 21:57 -------- d-----w- c:\program files (x86)\PasteCopy.NET 2013-07-08 21:50 . 2013-07-08 21:50 -------- d-----w- c:\users\Bert\AppData\Roaming\aignes 2013-07-08 21:50 . 2013-07-08 21:50 -------- d-----w- c:\program files (x86)\AM-DeadLink 2013-07-04 12:44 . 2013-07-04 12:44 0 ----a-w- c:\windows\SysWow64\FAPED09.tmp 2013-07-04 12:41 . 2013-07-04 12:41 0 ----a-w- c:\windows\SysWow64\FAP6BE6.tmp 2013-07-04 12:40 . 2013-07-04 12:40 0 ----a-w- c:\windows\SysWow64\FAPFFE9.tmp 2013-07-04 12:40 . 2013-07-04 12:40 0 ----a-w- c:\windows\SysWow64\FAP54F8.tmp 2013-07-04 12:40 . 2013-07-04 12:40 0 ----a-w- c:\windows\SysWow64\FAP3D90.tmp 2013-07-04 12:39 . 2013-07-04 12:39 0 ----a-w- c:\windows\SysWow64\FAP713B.tmp 2013-07-04 12:38 . 2013-07-04 12:38 0 ----a-w- c:\windows\SysWow64\FAPD69F.tmp 2013-07-04 12:36 . 2013-07-04 12:36 0 ----a-w- c:\windows\SysWow64\FAP2D.tmp 2013-07-04 12:35 . 2013-07-04 12:35 0 ----a-w- c:\windows\SysWow64\FAP76FF.tmp 2013-07-04 11:03 . 2013-07-04 11:03 0 ----a-w- c:\windows\SysWow64\FAPE22C.tmp 2013-07-04 11:02 . 2013-07-04 11:02 0 ----a-w- c:\windows\SysWow64\FAP5739.tmp 2013-07-04 11:00 . 2013-07-04 11:00 0 ----a-w- c:\windows\SysWow64\FAP5B7B.tmp 2013-07-04 10:58 . 2013-07-04 10:58 0 ----a-w- c:\windows\SysWow64\FAPFE8B.tmp 2013-07-04 10:58 . 2013-07-04 10:58 0 ----a-w- c:\windows\SysWow64\FAPF8A0.tmp 2013-07-04 10:58 . 2013-07-04 10:58 0 ----a-w- c:\windows\SysWow64\FAPF840.tmp 2013-07-04 10:57 . 2013-07-04 10:57 0 ----a-w- c:\windows\SysWow64\FAP7402.tmp 2013-07-04 10:50 . 2013-07-04 10:50 0 ----a-w- c:\windows\SysWow64\FAPDA60.tmp 2013-07-04 10:49 . 2013-07-04 10:49 0 ----a-w- c:\windows\SysWow64\FAP740E.tmp 2013-07-04 10:49 . 2013-07-04 10:49 0 ----a-w- c:\windows\SysWow64\FAP5D8F.tmp 2013-07-04 10:49 . 2013-07-04 10:49 0 ----a-w- c:\windows\SysWow64\FAP2001.tmp 2013-07-04 10:49 . 2013-07-04 10:49 0 ----a-w- c:\windows\SysWow64\FAP906.tmp 2013-07-04 10:49 . 2013-07-04 10:49 0 ----a-w- c:\windows\SysWow64\FAPEACA.tmp 2013-07-04 10:49 . 2013-07-04 10:49 0 ----a-w- c:\windows\SysWow64\FAPD381.tmp 2013-07-04 10:49 . 2013-07-04 10:49 0 ----a-w- c:\windows\SysWow64\FAPBBF9.tmp 2013-07-04 10:48 . 2013-07-04 10:48 0 ----a-w- c:\windows\SysWow64\FAP8C31.tmp . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-20 00:21 . 2013-02-08 10:37 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-07-20 00:21 . 2013-02-08 10:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-19 22:43 . 2012-06-25 17:32 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-19 22:43 . 2012-01-17 19:33 972712 ----a-w- c:\windows\system32\deployJava1.dll 2013-07-18 13:03 . 2013-06-04 09:11 25568 ----a-w- c:\windows\system32\drivers\KeyCrypt64.sys 2013-07-09 23:07 . 2013-07-09 23:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-07-09 23:07 . 2013-07-09 23:07 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-07-09 23:07 . 2013-07-09 23:07 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-07-09 23:07 . 2013-07-09 23:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-07-09 23:07 . 2013-07-09 23:07 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-07-09 23:07 . 2013-07-09 23:07 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-07-04 02:09 . 2012-07-12 23:33 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-07-04 02:09 . 2011-11-18 14:14 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-23 22:57 . 2011-11-17 03:14 78277128 ----a-w- c:\windows\system32\MRT.exe 2013-06-22 07:34 . 2013-05-31 13:54 2756800 ----a-w- c:\program files (x86)\ProcessExplorer.exe 2013-05-13 05:51 . 2013-06-12 12:32 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 05:51 . 2013-06-12 12:32 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 05:51 . 2013-06-12 12:32 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 05:50 . 2013-06-12 12:32 52224 ----a-w- c:\windows\system32\certenc.dll 2013-05-13 04:45 . 2013-06-12 12:32 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-05-13 04:45 . 2013-06-12 12:32 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-05-13 04:45 . 2013-06-12 12:32 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-05-13 03:43 . 2013-06-12 12:32 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-12 12:32 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-05-13 03:08 . 2013-06-12 12:32 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-05-09 08:58 . 2012-11-04 15:05 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-08 06:39 . 2013-06-12 12:32 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2013-04-26 05:51 . 2013-06-12 12:32 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-04-26 04:55 . 2013-06-12 12:32 492544 ----a-w- c:\windows\SysWow64\win32spl.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSCS"="c:\program files (x86)\MAXA Cookie Manager\Cookie.exe" [2011-12-11 978944] "Rainlendar2"="c:\program files\Rainlendar\Rainlendar2.exe" [2012-10-25 2555392] "SandboxieControl"="c:\program files\SANDBOXIE\SbieCtrl.exe" [2013-07-08 759384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560] "ZALFree"="c:\program files (x86)\Zemana AntiLogger\AntiLogger Free.exe" [2013-07-18 12999984] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AdFender.lnk - c:\program files (x86)\AdFender\AdFender.exe -autostart [2013-5-23 3225712] Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2012-7-13 380928] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\KeyCryptSDK\KeyCrypt32(2).dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ fSDKBt\0DfSDKBt\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "DivXMediaServer"=c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled] "SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" . R0 aswRvrt;aswRvrt; [x] R0 aswVmm;aswVmm; [x] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys;c:\windows\SYSNATIVE\drivers\TfFsMon.sys [x] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys;c:\windows\SYSNATIVE\drivers\TfSysMon.sys [x] R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x] R1 aswSnx;aswSnx; [x] R1 aswSP;aswSP; [x] R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x] R2 aswFsBlk;aswFsBlk; [x] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Firefox Service;Firefox Service; [x] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x] R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys;c:\windows\SYSNATIVE\drivers\TfNetMon.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x] R4 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare\ASCService.exe [x] R4 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [x] R4 OODefragAgent;O&O Defrag;c:\program files\OO Defrag\oodag.exe;c:\program files\OO Defrag\oodag.exe [x] R4 PuranDefrag;PuranDefrag;c:\windows\SYSTEM32\PURANDEFRAGS.EXE;c:\windows\SYSNATIVE\PURANDEFRAGS.EXE [x] R4 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] S1 aswKbd;aswKbd; [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-08 00:21] . 2013-07-22 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2011-11-16 14:51] . 2013-07-20 c:\windows\Tasks\Wise Registry Cleaner Schedule Task.job - c:\program files (x86)\Wise Registry Cleaner\WiseRegCleaner.exe [2011-11-16 14:46] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096] "OODefragTray"="c:\program files\OO Defrag\oodtray.exe" [2011-01-25 3942216] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~2\KeyCryptSDK\KeyCrypt64(2).dll . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://de.search.yahoo.com?type=198484&fr=spigot-yhp-ie mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} FF - ProfilePath - c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\ FF - prefs.js: browser.search.selectedEngine - DuckDuckGo FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: network.proxy.type - 2 FF - ExtSQL: 2013-06-24 10:54; 2.0@disconnect.me; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\2.0@disconnect.me.xpi FF - ExtSQL: 2013-07-03 14:01; check-compatibility@dactyl.googlecode.com; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\check-compatibility@dactyl.googlecode.com.xpi FF - ExtSQL: 2013-07-03 14:02; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-07-03 14:03; elemhidehelper@adblockplus.org; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\elemhidehelper@adblockplus.org.xpi FF - ExtSQL: 2013-07-03 14:04; {e10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{e10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-07-03 14:04; adblockpopups@jessehakanen.net; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\adblockpopups@jessehakanen.net.xpi FF - ExtSQL: 2013-07-03 14:08; personas@christopher.beard; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\personas@christopher.beard.xpi FF - ExtSQL: 2013-07-03 14:33; {15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi FF - ExtSQL: 2013-07-03 14:35; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi FF - ExtSQL: 2013-07-03 14:35; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF - ExtSQL: 2013-07-03 14:53; {023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi FF - ExtSQL: 2013-07-03 14:58; {ea61041c-1e22-4400-99a0-aea461e69d04}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi FF - ExtSQL: 2013-07-03 14:58; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF - ExtSQL: 2013-07-03 14:58; {d49a148e-817e-4025-bee3-5d541376de3b}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi FF - ExtSQL: 2013-07-03 14:58; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - ExtSQL: 2013-07-03 14:58; {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi FF - ExtSQL: 2013-07-03 14:58; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi FF - ExtSQL: 2013-07-03 14:58; {987311C6-B504-4aa2-90BF-60CC49808D42}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi FF - ExtSQL: 2013-07-03 14:58; {578e7caa-210f-4967-a0d3-88fe5b59a39f}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{578e7caa-210f-4967-a0d3-88fe5b59a39f} FF - ExtSQL: 2013-07-03 14:58; {45d8ff86-d909-11db-9705-005056c00008}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi FF - ExtSQL: 2013-07-03 14:58; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi FF - ExtSQL: 2013-07-03 14:58; {1018e4d6-728f-4b20-ad56-37578a4de76b}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF - ExtSQL: 2013-07-03 14:58; {03651b2d-eb7d-4be7-af1b-dc0cd162dd54}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{03651b2d-eb7d-4be7-af1b-dc0cd162dd54}.xpi FF - ExtSQL: 2013-07-03 14:58; smarterwiki@wikiatic.com; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\smarterwiki@wikiatic.com.xpi FF - ExtSQL: 2013-07-03 14:58; john@velvetcache.org; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\john@velvetcache.org.xpi FF - ExtSQL: 2013-07-03 14:59; firefox@ghostery.com; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\firefox@ghostery.com FF - ExtSQL: 2013-07-03 14:59; csfire@cs.kuleuven.be; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\csfire@cs.kuleuven.be FF - ExtSQL: 2013-07-03 14:59; clickclean@hotcleaner.com; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\clickclean@hotcleaner.com FF - ExtSQL: 2013-07-03 14:59; cache@status.org; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\cache@status.org.xpi FF - ExtSQL: 2013-07-03 14:59; anticontainer@downthemall.net; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\anticontainer@downthemall.net.xpi FF - ExtSQL: 2013-07-03 15:09; maskingagent@basa.nl; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\maskingagent@basa.nl.xpi FF - ExtSQL: 2013-07-03 15:18; sharemenot@franziroesner.com; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\sharemenot@franziroesner.com.xpi FF - ExtSQL: 2013-07-03 15:19; slimaddonmanager@opendfki.de; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\slimaddonmanager@opendfki.de.xpi FF - ExtSQL: 2013-07-03 15:24; useragentrg-upd@mozilla.org; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\useragentrg-upd@mozilla.org.xpi FF - ExtSQL: 2013-07-03 15:28; {dc572301-7619-498c-a57d-39143191b318}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi FF - ExtSQL: 2013-07-03 15:28; {5F590AA2-1221-4113-A6F4-A4BB62414FAC}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi FF - ExtSQL: 2013-07-03 15:28; {455D905A-D37C-4643-A9E2-F6FEFAA0424A}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi FF - ExtSQL: 2013-07-03 15:28; trackmenot@mrl.nyu.edu; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\trackmenot@mrl.nyu.edu.xpi FF - ExtSQL: 2013-07-03 15:28; tabscope@xuldev.org; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\tabscope@xuldev.org.xpi FF - ExtSQL: 2013-07-03 15:28; secureLogin@blueimp.net; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\secureLogin@blueimp.net.xpi FF - ExtSQL: 2013-07-03 15:28; nogroovesharkads@tobbi.tk; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\nogroovesharkads@tobbi.tk.xpi FF - ExtSQL: 2013-07-03 15:29; netvideohunter@netvideohunter.com; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\netvideohunter@netvideohunter.com FF - ExtSQL: 2013-07-03 15:29; longurlplease@tseng; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\longurlplease@tseng.xpi FF - ExtSQL: 2013-07-03 15:29; locationbar2@design-noir.de; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\locationbar2@design-noir.de.xpi FF - ExtSQL: 2013-07-03 15:29; guiconfig@slosd.net; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\guiconfig@slosd.net.xpi FF - ExtSQL: 2013-07-03 15:29; donottrackplus@abine.com; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\donottrackplus@abine.com FF - ExtSQL: 2013-07-03 15:29; SciLorsGrooveUnlocker@scilor.com; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\SciLorsGrooveUnlocker@scilor.com.xpi FF - ExtSQL: 2013-07-03 15:34; {4BBDD651-70CF-4821-84F8-2B918CF89CA3}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} FF - ExtSQL: 2013-07-03 15:34; CLEO@guid.customsoftwareconsult.com; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\CLEO@guid.customsoftwareconsult.com FF - ExtSQL: 2013-07-03 15:46; firefox@mailcatch.com; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\firefox@mailcatch.com.xpi FF - ExtSQL: 2013-07-03 16:34; https-everywhere@eff.org; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\https-everywhere@eff.org FF - ExtSQL: 2013-07-04 00:20; admin@fullrip.net; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\admin@fullrip.net.xpi FF - ExtSQL: 2013-07-19 00:16; {086e582e-455b-4289-bfab-e90da7c0558b}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{086e582e-455b-4289-bfab-e90da7c0558b}.xpi FF - ExtSQL: 2013-07-19 00:20; {e968fc70-8f95-4ab9-9e79-304de2a66ee1}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{e968fc70-8f95-4ab9-9e79-304de2a66ee1}.xpi FF - ExtSQL: 2013-07-19 03:48; {b442f4c0-c292-4998-aabe-48608a73ba75}; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\{b442f4c0-c292-4998-aabe-48608a73ba75} FF - ExtSQL: 2013-07-19 23:59; thumbnailZoom@dadler.github.com; c:\users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default-1372852164624\extensions\thumbnailZoom@dadler.github.com.xpi FF - ExtSQL: 2013-07-21 15:36; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Toolbar-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file) Notify-igfxcui - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-592597040-2687735098-3077039613-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*3*³˜4\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-592597040-2687735098-3077039613-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*3*@³˜4àB*ˆà‚i`:‚i\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-592597040-2687735098-3077039613-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*u$qD] @Class="Shell" @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-592597040-2687735098-3077039613-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*u$qD\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-592597040-2687735098-3077039613-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ô/u›**file:///D:/Schubidoo/%D0%95%D0%B9_%D0%BD%D1%80%D0%B0%D0%B2%D0%B8%D1%82%D1%81%D1%8F_%D1%82%D0%B0%D0%BA%D0%BE%D0%B9_%D1%81%D0%B5%D0%BA%D1%81_3b0514ca94ecf379677424ca77414de9.mp4*] @Class="Shell" @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-592597040-2687735098-3077039613-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Ô/u›**file:///D:/Schubidoo/%D0%95%D0%B9_%D0%BD%D1%80%D0%B0%D0%B2%D0%B8%D1%82%D1%81%D1%8F_%D1%82%D0%B0%D0%BA%D0%BE%D0%B9_%D1%81%D0%B5%D0%BA%D1%81_3b0514ca94ecf379677424ca77414de9.mp4*\OpenWithList] @Class="Shell" "a"="VLC.EXE" "MRUList"="a" . [HKEY_USERS\S-1-5-21-592597040-2687735098-3077039613-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ï1] @Class="Shell" . [HKEY_USERS\S-1-5-21-592597040-2687735098-3077039613-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ï1\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG15.00.00.01PROFESSIONAL"="E5E99E3FE5BC62167ACB222603FC4E046577277F3636E2D27E3CD035C8095497CCA29F6869340F21463A13914F267995D9F317AF31A48EB24F0DC6048978C50D7185FCE62AB5CBEA89AE349C210B0DA62DC4B44DECA3882AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808FEBC9E127BECC74CC038D530D6EB345266801147A69BEA7334FA0DD3B524ADA39BB27F0228C4B5EE4297F705AE710A0D96122DED7FE2F636999AAE93877967977E6BE412F1AA0CDA16315FDC7B0A55398ADEF9D718D4BB276D02C789E49BD78690AF59D9EFEF4C6FB8FDC7DEC7A97A84169199BA67B310DC0E32708E62F7DC78DDFB89F1F04A79C484949107BE6D4237FCF7429793A5A2F04E54D042445CA7776670B53A785069F6C4ABB295C0D74A9D7A83BD2DFAB5F480F631AB85827DBD111D52B0D5BBFD49A4BAA2B310E0CCFE09BDCBEB00AC53D8ADC039D27FCCF1FA5AEA86642CA5B515F19C79B13CE596A54D66883D5BED4EF91EDBFEAC1983B48A682D1CCCE7D3BA218792535E28CBE2D6430C99B8CBB75ED3FAEB38B5823DA66F5631407A781B35948EB97B80A2C243FCC739FEF8A1B51EB67106C1FCAC420A7EC1BCC81190803269B9A3DDED412DAB58BB69602BF2C88C48343899264D9086634F882C48283FA1EDB9D38B97DAA3777D8311869318060A81797E62E75F5AA71AA33E086E7AC4584649C5397C0C71E1530896DE86AEB45F2EF8CD630D2003DC766A7F1B6106340EE7A1E3BF3235958E16B451FCEE1752366FF10C077513A6F81CD160C9170EE3DF9E83119C627BC381D47C9195CBF78F1B3B2595DC94FC9235858DE81B9699DECD0932A1EFCA4464A3F3519803AD3A500358D83718F1E8C6AA00D314BB7D74633C9874DD00BBBD12C32CAE9CC23D892D43E4D6B50EA82479592F5ED27BFA2DE4F4169805B39A581C13068FC677B2577316D1EBC8BAE6431426866C884E551707221B6BC519E147862665F337665D5BA11A62E919BDF198B456D0C18ECBE1C8A7D596C247619D0309F6FBE17D7A9F0BEFD1B128C8D71FC0AC17ACA3AFAF0E9F5403CBF49F606F480FE2D062A1BF6FA6C2A32AFCE7F25A1A80F50B5C2DDA5BB7CD83D05DDE908C16B8AAC0009CE856AD39590EC9FD9623C56BE8B0BBB8D05CF58C1390DC050DBDB058F4FBCDDB4C74E42322F1EC87740D2A5945B8937CB83B813A51C9D60618E12275CA855E4364F9D684113ECEF35EBE72EC46123B94DF32C4B6C410324C96E833CB98B4CB274DAE50179AAF57234AF40B7A0DFB0E0F34136F13D3495BB39058F74C303732D14B6C61C699D7F36FD4FBA60D1C0D68F1CB407595CBB0410F3249C098480B320342A0E0B3CE9A97A13C3ABB61DA302F355D358CBADCD558" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-07-23 02:47:02 ComboFix-quarantined-files.txt 2013-07-23 00:47 ComboFix2.txt 2013-07-23 00:39 ComboFix3.txt 2013-07-23 00:32 . Vor Suchlauf: 16 Verzeichnis(se), 20.899.930.112 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 20.815.978.496 Bytes frei . - - End Of File - - AD8B3C1104ACF2FC7A4B0389C380C8EA D41D8CD98F00B204E9800998ECF8427E |
23.07.2013, 13:58 | #12 |
/// the machine /// TB-Ausbilder | Nervige Werbung: 'Ads not by this site'-Problem Poste mal ein frisches FRST log, dann kann ich die Reste entfernen. In welchem browser hast du die Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.07.2013, 17:40 | #13 |
| Nervige Werbung: 'Ads not by this site'-Problem Die Hoffnung stirbt zuletzt! Hier die LogFiles: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-07-2013 01 Ran by Bert (administrator) on 23-07-2013 15:30:38 Running from C:\Users\Bert\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\windows\system32\userinit.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Eraser] - C:\PROGRA~1\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project) HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.) HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Defrag\oodtray.exe [3942216 2011-01-25] (O&O Software GmbH) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1497816 2013-06-18] (COMODO) HKCU\...\Run: [MSCS] - C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe [978944 2011-12-11] (MAXA Research Int'l Inc.) HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar\Rainlendar2.exe [2555392 2012-10-25] () HKCU\...\Run: [SandboxieControl] - C:\PROGRAM FILES\SANDBOXIE\SbieCtrl.exe [759384 2013-07-08] (Sandboxie Holdings, LLC) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM-x32\...\Run: [ZALFree] - "C:\Program Files (x86)\Zemana AntiLogger\AntiLogger Free.exe" /MINIMIZED [12999984 2013-07-18] (Zemana Ltd.) HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [emsisoft anti-malware] - "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60 [2928040 2013-07-02] (Emsisoft GmbH) HKU\Administrator\...\Run: [Advanced SystemCare 5] - "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [619352 2011-12-30] (IObit) HKU\Administrator\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [x] HKU\Administrator\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar\Rainlendar2.exe [2555392 2012-10-25] () HKU\Administrator\...\Run: [VeohPlugin] - "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2816328 2011-10-26] (Veoh Networks) HKU\Administrator\...\Run: [MSCS] - C:\Program Files (x86)\MAXA Cookie Manager\Cookie.exe /autorun [978944 2011-12-11] (MAXA Research Int'l Inc.) HKU\Administrator\...\Run: [SandboxieControl] - "C:\PROGRAM FILES\SANDBOXIE\SbieCtrl.exe" [759384 2013-07-08] (Sandboxie Holdings, LLC) AppInit_DLLs: C:\PROGRA~2\KeyCryptSDK\KeyCrypt64(2).dll [89936 2013-07-18] (Zemana Ltd.) AppInit_DLLs-x32: C:\PROGRA~2\KeyCryptSDK\KeyCrypt32(2).dll [82696 2013-07-18] (Zemana Ltd.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk ShortcutTarget: AdFender.lnk -> C:\Program Files (x86)\AdFender\AdFender.exe (AdFender, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe () BootExecute: fSDKBtDfSDKBtsdnclean64.exe ==================== Internet (Whitelisted) ==================== ProxyServer: :0 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com?type=198484&fr=spigot-yhp-ie StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 - {c1d89ae7-449d-4929-b24b-fded04adbe06} URL = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {62403BF9-B85D-4453-ACF4-965285CA2C99} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ExplorerWatcher Class - {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Program Files (x86)\Clover\TabHelper64.dll (EJIE Technology) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\Advanced SystemCare\BrowerProtect\ASCPlugin_Protection.dll (IObit) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - No Name - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No File Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} DPF: HKLM-x32 {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} Handler: ipp - No CLSID Value - Handler: msdaipp - No CLSID Value - Handler-x32: ipp - No CLSID Value - Handler-x32: msdaipp - No CLSID Value - Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Bert\AppData\Roaming\Mozilla\Firefox\Profiles\z3g57ncr.default FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @IObit.com/np_Asc_Plugin - C:\Program Files (x86)\IObit\Advanced SystemCare\BrowerProtect\np_Asc_plugin.dll (IObit) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\glarysearch.xml FF Extension: No Name - C:\Users\Bert\AppData\Roaming\Mozilla\Extensions\plugins FF Extension: No Name - C:\Users\Bert\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: adblocker - C:\Program Files (x86)\Mozilla Firefox\extensions\adblocker@avast.com.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKCU\...\Firefox\Extensions: [maxacookie@maxatools.com] C:\Program Files (x86)\MAXA Cookie Manager\extension FF Extension: MAXA Cookie Manager - C:\Program Files (x86)\MAXA Cookie Manager\extension FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" Chrome: ======= CHR HomePage: hxxp://www.google.com CHR RestoreOnStartup: "hxxp://de.search.yahoo.com?type=800236&fr=spigot-yhp-ch" CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Advanced SystemCare\BrowerProtect\ASC_GhromePluginFor6.crx CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx ==================== Services (Whitelisted) ================= S2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2938408 2013-07-02] (Emsisoft GmbH) S4 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [574272 2013-04-18] (IObit) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6181504 2013-06-18] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [158936 2013-06-18] (COMODO) S4 Giraffic; C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232 2013-05-13] (Giraffic) S4 OODefragAgent; C:\Program Files\OO Defrag\oodag.exe [3051848 2011-01-25] (O&O Software GmbH) S4 PuranDefrag; C:\WINDOWS\SYSTEM32\PURANDEFRAGS.EXE [292736 2012-08-13] (Puran Software) S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC) S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software) S2 Firefox Service; ==================== Drivers (Whitelisted) ==================== S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH) S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH) S1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) S1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-31] (AVAST Software) S2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-21] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-21] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-21] () S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-07-23] (Emsisoft GmbH) S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-07-23] (Emsisoft GmbH) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2013-06-18] (COMODO) S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [708632 2013-06-18] (COMODO) S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2013-06-18] (COMODO) S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [96800 2013-06-18] (COMODO) R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25568 2013-07-18] (Zemana Ltd.) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 MEMSWEEP2; C:\windows\system32\A795.tmp [6144 2009-06-18] (Sophos Plc) S3 MEMSWEEP2; C:\windows\system32\A795.tmp [6144 2009-06-18] (Sophos Plc) S2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-09-20] (Windows (R) 2003 DDK 3790 provider) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-09-20] (Windows (R) 2003 DDK 3790 provider) S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC) S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software) S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [x] S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 rm; \??\C:\windows\system32\drivers\rm.sys [x] S0 TfFsMon; system32\drivers\TfFsMon.sys [x] S3 TfNetMon; \??\C:\windows\system32\drivers\TfNetMon.sys [x] S0 TfSysMon; system32\drivers\TfSysMon.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-23 15:27 - 2013-07-23 15:27 - 00000000 _____ C:\Users\Bert\Desktop\Addition.txt 2013-07-23 15:18 - 2013-07-23 15:18 - 01779447 _____ (Farbar) C:\Users\Bert\Desktop\FRST64.exe 2013-07-23 15:11 - 2013-07-23 15:28 - 00003408 _____ C:\Users\Bert\Desktop\Nmc_2013-07-23_15-11-20.log 2013-07-23 14:55 - 2013-07-23 14:55 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin 2013-07-23 14:55 - 2013-07-23 14:55 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It 2013-07-23 14:55 - 2013-07-23 14:55 - 00000000 ____D C:\Program Files (x86)\Reason 2013-07-23 13:56 - 2013-07-23 13:56 - 00377856 _____ C:\Users\Bert\Desktop\gmer_2.1.19163.exe 2013-07-23 13:51 - 2013-07-23 13:53 - 00724952 _____ C:\Users\Bert\Desktop\avenger.zip 2013-07-23 13:24 - 2013-07-23 13:24 - 00001247 _____ C:\Users\Administrator\Desktop\SpyDLLRemover.lnk 2013-07-23 12:56 - 2013-07-23 13:24 - 00000000 ____D C:\Program Files (x86)\SecurityXploded 2013-07-23 12:56 - 2013-07-23 12:56 - 00001247 _____ C:\Users\Administrator\Desktop\SpyBHORemover.lnk 2013-07-23 05:50 - 2013-07-23 12:51 - 00000112 _____ C:\windows\setupact.log 2013-07-23 05:50 - 2013-07-23 05:50 - 00000000 _____ C:\windows\setuperr.log 2013-07-23 05:35 - 2013-07-23 05:41 - 255018056 _____ (Norman AS) C:\Users\Bert\Desktop\Norman_Malware_Cleaner.exe 2013-07-23 04:12 - 2013-07-23 04:12 - 00000000 ____D C:\Program Files (x86)\BootkitRemovalTool 2013-07-23 03:33 - 2013-07-23 03:33 - 00000000 ____D C:\windows\System32\Tasks\COMODO 2013-07-23 03:30 - 2013-07-23 03:32 - 00000000 ___SD C:\ProgramData\Shared Space 2013-07-23 03:24 - 2013-07-23 03:25 - 20553576 _____ (Simply Super Software ) C:\Users\Bert\Desktop\trjsetup687.exe 2013-07-23 03:22 - 2013-07-23 03:23 - 04095448 _____ (BrightFort LLC ) C:\Users\Bert\Desktop\spywareblastersetup50.exe 2013-07-23 03:22 - 2013-07-23 03:22 - 05049344 _____ (Crawler.com ) C:\Users\Bert\Desktop\SpywareTerminatorSetup_3.0.0.82.exe 2013-07-23 03:21 - 2013-07-23 03:22 - 21516064 _____ (IObit ) C:\Users\Bert\Desktop\imf-setup_2.0.5.0.exe 2013-07-23 03:20 - 2013-07-23 03:20 - 00618912 _____ (www.download-sponsor.de) C:\Users\Bert\Desktop\tfinstall_universal.exe 2013-07-23 03:18 - 2009-06-18 13:54 - 00006144 ____N (Sophos Plc) C:\windows\system32\A795.tmp 2013-07-23 03:15 - 2013-07-23 03:17 - 36271144 _____ (Safer-Networking Ltd. ) C:\Users\Bert\Desktop\spybot-2.1.exe 2013-07-23 03:07 - 2009-06-18 13:54 - 00006144 ____N (Sophos Plc) C:\windows\system32\B74D.tmp 2013-07-23 03:01 - 2013-07-23 15:29 - 00042623 _____ C:\windows\WindowsUpdate.log 2013-07-23 02:47 - 2013-07-23 02:47 - 00039015 _____ C:\ComboFix.txt 2013-07-23 02:21 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe 2013-07-23 02:21 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe 2013-07-23 02:21 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe 2013-07-23 02:21 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe 2013-07-23 02:21 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe 2013-07-23 02:21 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe 2013-07-23 02:21 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe 2013-07-23 02:21 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe 2013-07-23 02:20 - 2013-07-23 02:47 - 00000000 ____D C:\Qoobox 2013-07-23 02:20 - 2013-07-23 02:20 - 00000624 _____ C:\Users\Bert\Desktop\JRT.txt 2013-07-23 02:15 - 2013-07-23 02:15 - 05091940 ____R (Swearware) C:\Users\Bert\Desktop\ComboFix.exe 2013-07-23 01:27 - 2013-07-23 01:27 - 00002742 _____ C:\AdwCleaner[S14].txt 2013-07-23 01:26 - 2013-07-23 01:26 - 00002679 _____ C:\AdwCleaner[R11].txt 2013-07-22 19:59 - 2013-07-22 20:00 - 00000000 ____D C:\56793e0a4fd0078f320ad77a323185 2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Opera Software 2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 ____D C:\Users\Bert\AppData\Local\Opera Software 2013-07-22 19:32 - 2013-07-22 19:32 - 00000000 ____D C:\Program Files\K-Lite Codec Pack x64 2013-07-22 19:32 - 2013-05-31 20:00 - 00127488 _____ C:\windows\system32\ff_vfw.dll 2013-07-22 19:32 - 2012-06-09 19:21 - 00206336 _____ C:\windows\system32\unrar64.dll 2013-07-22 19:32 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\windows\system32\lagarith.dll 2013-07-22 19:26 - 2013-07-22 19:29 - 00000000 ____D C:\windows\system32\MRT 2013-07-22 17:21 - 2013-07-22 17:21 - 00003108 _____ C:\windows\System32\Tasks\{52A44EB5-8B6C-4DED-854C-7508DAB59319} 2013-07-22 17:13 - 2013-07-22 17:13 - 00003106 _____ C:\windows\System32\Tasks\{AE3C16E4-0F4D-4972-8A98-CE970C563718} 2013-07-22 17:07 - 2013-07-22 17:07 - 00003200 _____ C:\windows\System32\Tasks\{B731165D-DFA0-477A-807B-6426A31A9672} 2013-07-22 17:05 - 2013-07-22 17:05 - 00003100 _____ C:\windows\System32\Tasks\{509B46B2-466E-4EE9-846C-9A3D86EEE8AD} 2013-07-22 16:47 - 2013-07-22 16:48 - 00001601 _____ C:\AdwCleaner[S2].txt 2013-07-22 16:46 - 2013-07-22 16:46 - 00001539 _____ C:\AdwCleaner[R2].txt 2013-07-22 16:31 - 2013-07-22 16:32 - 00003842 _____ C:\AdwCleaner[S1].txt 2013-07-22 16:30 - 2013-07-22 16:30 - 00003838 _____ C:\AdwCleaner[R1].txt 2013-07-22 04:04 - 2013-07-22 04:04 - 00000000 ____D C:\windows\system32\SRSLabs 2013-07-22 04:04 - 2013-07-22 04:04 - 00000000 ____D C:\Program Files\Realtek 2013-07-22 04:03 - 2013-03-29 21:42 - 03379272 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys 2013-07-22 04:03 - 2013-03-29 18:04 - 21170176 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoRes64.dat 2013-07-22 04:03 - 2013-03-29 17:52 - 00914992 _____ (Sony Corporation) C:\windows\system32\SFSS_APO.dll 2013-07-22 04:03 - 2013-03-29 17:10 - 00449481 _____ C:\windows\system32\Drivers\RTAIODAT.DAT 2013-07-22 04:03 - 2013-03-27 16:57 - 00135240 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInstII64.dll 2013-07-22 04:03 - 2013-03-26 17:06 - 02797128 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll 2013-07-22 04:03 - 2013-03-26 15:40 - 03693128 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkAPO64.dll 2013-07-22 04:03 - 2013-03-26 14:38 - 01659464 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl 2013-07-22 04:03 - 2013-03-25 17:32 - 03180264 _____ C:\windows\system32\Drivers\rtvienna.dat 2013-07-22 04:03 - 2013-03-20 13:16 - 02102040 _____ (Waves Audio Ltd.) C:\windows\system32\WavesGUILib64.dll 2013-07-22 04:03 - 2013-03-20 13:16 - 00910104 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPOShell64.dll 2013-07-22 04:03 - 2013-03-12 18:16 - 00613448 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtDataProc64.dll 2013-07-22 04:03 - 2013-02-28 13:10 - 14021912 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioRealtek64.dll 2013-07-22 04:03 - 2013-02-28 13:10 - 02032408 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioEQ64.dll 2013-07-22 04:03 - 2013-02-20 18:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll 2013-07-22 04:03 - 2013-02-19 18:52 - 00991816 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll 2013-07-22 04:03 - 2012-12-12 11:17 - 00395208 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO30.dll 2013-07-22 04:03 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\windows\system32\R4EEP64A.dll 2013-07-22 04:03 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\windows\system32\R4EED64A.dll 2013-07-22 04:03 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\windows\system32\R4EEL64A.dll 2013-07-22 04:03 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\windows\system32\R4EEA64A.dll 2013-07-22 04:03 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\windows\system32\R4EEG64A.dll 2013-07-22 04:03 - 2012-07-15 21:13 - 00394616 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxVolumeSDAPO.dll 2013-07-22 04:03 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtlCPAPI64.dll 2013-07-22 04:03 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCoLDR64.dll 2013-07-22 04:03 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\windows\system32\SFNHK64.dll 2013-07-22 04:03 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\windows\system32\SFCOM64.dll 2013-07-22 04:03 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\windows\system32\SFAPO64.dll 2013-07-22 04:03 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\windows\system32\KAAPORT64.dll 2013-07-22 04:03 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEP64A.dll 2013-07-22 04:03 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DHT64.dll 2013-07-22 04:03 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RP3DAA64.dll 2013-07-22 04:03 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEED64A.dll 2013-07-22 04:03 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEL64A.dll 2013-07-22 04:03 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEG64A.dll 2013-07-22 04:03 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCfg64.dll 2013-07-22 04:03 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\windows\system32\MaxxAudioAPO20.dll 2013-07-22 04:03 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\windows\SysWOW64\SFCOM.dll 2013-07-22 04:03 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSX64.dll 2013-07-22 04:03 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\windows\system32\SRSTSH64.dll 2013-07-22 04:03 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\windows\system32\SRSHP64.dll 2013-07-22 04:03 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\windows\system32\SRSWOW64.dll 2013-07-22 04:02 - 2013-03-26 17:04 - 02734624 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll 2013-07-22 04:02 - 2012-06-20 17:26 - 00110592 _____ (Real Sound Lab SIA) C:\windows\system32\CONEQMSAPOGUILibrary.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\windows\system32\DTSS2SpeakerDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\windows\system32\DTSS2HeadphoneDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\windows\system32\DTSBoostDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\windows\system32\DTSBassEnhancementDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\windows\system32\DTSSymmetryDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\windows\system32\DTSVoiceClarityDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\windows\system32\DTSNeoPCDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\windows\system32\DTSLimiterDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\windows\system32\DTSGainCompensatorDLL64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\windows\system32\DTSLFXAPO64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\windows\system32\DTSGFXAPO64.dll 2013-07-22 04:02 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\windows\system32\DTSGFXAPONS64.dll 2013-07-22 04:01 - 2013-03-23 03:43 - 00208072 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAC64.dll 2013-07-22 04:01 - 2013-01-16 16:02 - 02079816 _____ (Realtek Semiconductor Corp.) C:\windows\RtlExUpd.dll 2013-07-22 04:01 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAR64.dll 2013-07-22 01:16 - 2013-07-22 01:16 - 00000000 ____D C:\FRST 2013-07-21 18:21 - 2013-07-21 18:22 - 00000000 ____D C:\Program Files\ExtMan (IconTweak) 2013-07-21 17:48 - 2013-07-21 17:48 - 00003186 _____ C:\windows\System32\Tasks\{9544E3BB-C36F-45F9-8CCB-F04A5417C807} 2013-07-21 17:34 - 2013-07-21 17:51 - 00000000 ____D C:\Users\Bert\AppData\Roaming\IcoFX2X 2013-07-21 16:56 - 2013-07-22 01:47 - 00000000 ____D C:\Users\Bert\Documents\Trojaner-Board 2013-07-21 16:06 - 2013-07-23 12:51 - 00000324 _____ C:\windows\Tasks\GlaryInitialize.job 2013-07-21 16:06 - 2013-07-21 16:06 - 00002600 _____ C:\windows\System32\Tasks\GlaryInitialize 2013-07-21 15:37 - 2013-07-23 12:58 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update 2013-07-21 15:37 - 2013-07-21 15:46 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2013-07-21 15:37 - 2013-07-21 15:46 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2013-07-21 15:37 - 2013-07-21 15:46 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys 2013-07-21 15:37 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys 2013-07-21 15:37 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys 2013-07-21 15:37 - 2013-05-09 10:59 - 00065336 _____ C:\windows\system32\Drivers\aswRvrt.sys 2013-07-21 15:37 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\windows\system32\Drivers\aswTdi.sys 2013-07-21 15:37 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\windows\system32\Drivers\aswFsBlk.sys 2013-07-21 15:36 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\windows\avastSS.scr 2013-07-21 15:02 - 2013-07-23 03:04 - 00000000 ____D C:\Program Files (x86)\Junkware Removal Tool 2013-07-21 06:00 - 2013-07-21 06:00 - 00000000 _____ C:\ProgramData\rebootpending.txt 2013-07-21 03:52 - 2013-07-21 04:32 - 00040534 _____ C:\windows\system32\Drivers\fvstore.dat 2013-07-21 03:52 - 2013-07-21 03:52 - 00000000 ____D C:\VTRoot 2013-07-21 02:50 - 2013-07-21 04:32 - 00389937 _____ C:\windows\system32\Drivers\sfi.dat 2013-07-21 02:48 - 2013-07-21 02:50 - 00000000 ____D C:\ProgramData\Comodo 2013-07-21 02:48 - 2013-07-21 02:48 - 00000000 ____D C:\Program Files\COMODO 2013-07-21 02:35 - 2013-07-21 02:35 - 01700352 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdiplus.dll 2013-07-21 02:35 - 2013-07-21 02:35 - 01060864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc71.dll 2013-07-21 02:35 - 2013-07-21 02:35 - 00348160 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll 2013-07-21 02:30 - 2013-07-21 03:21 - 00000000 ____D C:\Program Files (x86)\Comodo 2013-07-21 02:28 - 2013-07-21 02:28 - 00000000 ____D C:\ProgramData\Comodo Downloader 2013-07-21 02:21 - 2013-06-06 22:41 - 00489392 _____ (Ask Partner Network) C:\Users\Bert\Documents\APNSetup.exe 2013-07-21 02:19 - 2013-07-21 06:00 - 00000000 ____D C:\ProgramData\Avira 2013-07-21 01:43 - 2013-07-21 01:43 - 00001130 _____ C:\DelFix.txt 2013-07-21 00:46 - 2013-07-21 01:31 - 00000000 ____D C:\windows\erdnt 2013-07-20 12:53 - 2013-07-20 12:54 - 00000000 ____D C:\EEK 2013-07-20 11:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-07-20 01:24 - 2013-07-20 01:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-20 00:43 - 2013-07-20 00:43 - 00312232 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00188840 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2013-07-20 00:43 - 2013-07-20 00:43 - 00000000 ____D C:\Program Files\Java 2013-07-20 00:33 - 2013-07-20 00:33 - 00000000 _____ C:\autoexec.bat 2013-07-20 00:30 - 2013-07-21 08:00 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-07-20 00:25 - 2013-07-21 00:05 - 00000000 ____D C:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP 2013-07-18 21:38 - 2013-07-19 11:44 - 00018944 _____ C:\Users\Bert\Desktop\Bundestagswahlprognose.xls 2013-07-17 05:21 - 2013-07-20 01:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak 2013-07-16 05:40 - 2013-07-21 03:36 - 00000000 ____D C:\Program Files\Unlocker 2013-07-16 05:40 - 2013-07-16 05:40 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker 2013-07-16 05:34 - 2013-07-16 05:34 - 00000000 ____D C:\Users\Bert\Documents\Art 2013-07-16 04:42 - 2013-07-16 05:27 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Jitsi 2013-07-16 04:42 - 2013-07-16 04:42 - 00000000 ____D C:\Program Files (x86)\Jitsi 2013-07-16 02:49 - 2013-07-16 03:32 - 00000000 ____D C:\Program Files (x86)\KVIrc 2013-07-15 22:52 - 2013-07-22 20:10 - 00000000 ____D C:\Users\Bert\Desktop\Elfriede Jelinek - Neid 2013-07-15 17:47 - 2013-07-22 16:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-07-11 23:48 - 2013-07-11 23:51 - 00000000 ____D C:\Program Files (x86)\LibreOffice 3.6 2013-07-10 01:44 - 2013-07-10 01:44 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-10 01:43 - 2013-07-10 01:43 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-07-10 01:43 - 2013-07-10 01:43 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-10 01:43 - 2013-07-10 01:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-07-10 01:41 - 2013-07-10 01:41 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-10 01:41 - 2013-07-10 01:41 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2013-07-10 01:31 - 2013-07-10 01:31 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-10 01:31 - 2013-07-10 01:31 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-07-10 01:31 - 2013-07-10 01:31 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2013-07-10 01:31 - 2013-07-10 01:31 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll 2013-07-10 01:09 - 2013-07-10 01:09 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll 2013-07-10 01:09 - 2013-07-10 01:09 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01505280 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2013-07-10 01:07 - 2013-07-10 01:07 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2013-07-10 01:07 - 2013-07-10 01:07 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys 2013-07-10 01:07 - 2013-07-10 01:07 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll 2013-07-10 00:55 - 2013-07-10 00:55 - 00001262 _____ C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk 2013-07-10 00:14 - 2013-07-10 00:16 - 00000000 ____D C:\Program Files (x86)\Clover 2013-07-10 00:14 - 2013-07-10 00:14 - 00000000 ____D C:\Users\Bert\AppData\Local\Clover 2013-07-10 00:12 - 2012-12-20 22:24 - 03837440 _____ (Qualcomm Atheros Communications, Inc.) C:\windows\system32\Drivers\athrx.sys 2013-07-10 00:11 - 2013-07-10 00:11 - 00000000 ____D C:\Program Files (x86)\SpeedyFox 2013-07-10 00:09 - 2013-07-10 00:12 - 00000000 ____D C:\Program Files\DIFX 2013-07-10 00:06 - 2013-07-10 00:06 - 00000000 ____D C:\Program Files (x86)\MSECache 2013-07-10 00:05 - 2013-07-10 00:42 - 00000000 ____D C:\Program Files\Office Tab 2013-07-10 00:03 - 2013-07-10 00:03 - 00000000 ____D C:\Users\Bert\ultracopier 2013-07-10 00:02 - 2013-07-20 19:10 - 00000000 ____D C:\Program Files\Supercopier 2013-07-10 00:02 - 2012-12-27 01:26 - 00805088 _____ (Realtek ) C:\windows\system32\Drivers\Rt64win7.sys 2013-07-10 00:02 - 2012-12-27 01:26 - 00074344 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll 2013-07-10 00:00 - 2013-07-21 00:26 - 00003214 _____ C:\windows\System32\Tasks\Driver Booster Update 2013-07-09 23:58 - 2013-07-16 03:57 - 00000000 ____D C:\Users\Bert\AppData\Roaming\PasteCopy.NET 2013-07-08 23:50 - 2013-07-08 23:50 - 00000000 ____D C:\Users\Bert\AppData\Roaming\aignes 2013-07-08 23:50 - 2013-07-08 23:50 - 00000000 ____D C:\Program Files (x86)\AM-DeadLink 2013-07-04 14:44 - 2013-07-04 14:44 - 00000000 _____ C:\windows\SysWOW64\FAPED09.tmp 2013-07-04 14:41 - 2013-07-04 14:41 - 00000000 _____ C:\windows\SysWOW64\FAP6BE6.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAPFFE9.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAP54F8.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAP3D90.tmp 2013-07-04 14:39 - 2013-07-04 14:39 - 00000000 _____ C:\windows\SysWOW64\FAP713B.tmp 2013-07-04 14:38 - 2013-07-04 14:38 - 00000000 _____ C:\windows\SysWOW64\FAPD69F.tmp 2013-07-04 14:36 - 2013-07-04 14:36 - 00000000 _____ C:\windows\SysWOW64\FAP2D.tmp 2013-07-04 14:35 - 2013-07-04 14:35 - 00000000 _____ C:\windows\SysWOW64\FAP76FF.tmp 2013-07-04 13:03 - 2013-07-04 13:03 - 00000000 _____ C:\windows\SysWOW64\FAPE22C.tmp 2013-07-04 13:02 - 2013-07-04 13:02 - 00000000 _____ C:\windows\SysWOW64\FAP5739.tmp 2013-07-04 13:00 - 2013-07-04 13:00 - 00000000 _____ C:\windows\SysWOW64\FAP5B7B.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPFE8B.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPF8A0.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPF840.tmp 2013-07-04 12:57 - 2013-07-04 12:57 - 00000000 _____ C:\windows\SysWOW64\FAP7402.tmp 2013-07-04 12:50 - 2013-07-04 12:50 - 00000000 _____ C:\windows\SysWOW64\FAPDA60.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPEACA.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPD381.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPBBF9.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP906.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP740E.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP5D8F.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP2001.tmp 2013-07-04 12:48 - 2013-07-04 12:48 - 00000000 _____ C:\windows\SysWOW64\FAP8C31.tmp 2013-07-04 12:48 - 2013-07-04 12:48 - 00000000 _____ C:\windows\SysWOW64\FAP78ED.tmp 2013-07-04 12:42 - 2013-07-04 12:42 - 00000000 _____ C:\windows\SysWOW64\FAP8450.tmp 2013-07-04 12:33 - 2013-07-04 12:33 - 00000000 _____ C:\windows\SysWOW64\FAP1334.tmp 2013-07-04 12:17 - 2013-07-04 12:17 - 00000000 _____ C:\windows\SysWOW64\FAP815F.tmp 2013-07-04 04:09 - 2013-07-04 04:09 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-07-04 01:24 - 2013-07-04 01:24 - 00000000 ____D C:\Users\Bert\.macromedia 2013-07-04 00:16 - 2013-07-14 01:00 - 00000000 ____D C:\Program Files (x86)\FEBE 2013-07-03 16:39 - 2013-07-03 16:44 - 00000600 _____ C:\Users\Bert\PUTTY.RND 2013-07-03 14:59 - 2013-07-03 14:59 - 00000000 _____ C:\Users\Bert\mm_backup.cfg 2013-07-02 17:21 - 2013-07-02 17:21 - 00000000 ____D C:\Program Files (x86)\Tor 2013-07-02 17:17 - 2013-07-02 17:18 - 00000000 ____D C:\Users\Bert\Documents\Calibre Library 2013-07-02 17:13 - 2013-07-02 17:18 - 00000000 ____D C:\Users\Bert\AppData\Roaming\calibre 2013-07-02 17:13 - 2013-07-02 17:13 - 00000000 ____D C:\Users\Bert\Documents\Calibre Bibliothek 2013-07-02 17:12 - 2013-07-02 17:12 - 00000000 ____D C:\Program Files (x86)\Calibre2 2013-07-02 03:06 - 2013-07-02 03:06 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2013-07-02 03:06 - 2013-07-02 03:06 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2013-07-02 03:06 - 2013-07-02 03:06 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat 2013-07-02 03:06 - 2013-07-02 03:06 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat 2013-07-02 03:06 - 2013-07-02 03:06 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00599552 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2013-07-02 03:06 - 2013-07-02 03:06 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2013-07-02 03:06 - 2013-07-02 03:06 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00270848 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00242200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx 2013-07-02 03:06 - 2013-07-02 03:06 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx 2013-07-02 03:06 - 2013-07-02 03:06 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe 2013-06-28 00:11 - 2013-07-21 15:46 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum 2013-06-27 01:54 - 2013-07-21 15:46 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum 2013-06-27 01:54 - 2013-07-21 15:46 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum 2013-06-25 21:52 - 2013-07-21 00:26 - 00002966 _____ C:\windows\System32\Tasks\{BBF7C257-78DB-4727-AAD0-4AC4EE99BFC6} ==================== One Month Modified Files and Folders ======= 2013-07-23 15:29 - 2013-07-23 03:01 - 00042623 _____ C:\windows\WindowsUpdate.log 2013-07-23 15:29 - 2012-06-07 11:56 - 00327680 _____ C:\windows\system32\Ikeext.etl 2013-07-23 15:28 - 2013-07-23 15:11 - 00003408 _____ C:\Users\Bert\Desktop\Nmc_2013-07-23_15-11-20.log 2013-07-23 15:27 - 2013-07-23 15:27 - 00000000 _____ C:\Users\Bert\Desktop\Addition.txt 2013-07-23 15:19 - 2011-11-19 17:17 - 00000000 ____D C:\Users\Administrator 2013-07-23 15:18 - 2013-07-23 15:18 - 01779447 _____ (Farbar) C:\Users\Bert\Desktop\FRST64.exe 2013-07-23 15:17 - 2013-02-08 12:37 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-07-23 14:55 - 2013-07-23 14:55 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin 2013-07-23 14:55 - 2013-07-23 14:55 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It 2013-07-23 14:55 - 2013-07-23 14:55 - 00000000 ____D C:\Program Files (x86)\Reason 2013-07-23 14:21 - 2011-11-15 22:44 - 00000000 ____D C:\Users\Bert\AppData\Roaming\vlc 2013-07-23 13:56 - 2013-07-23 13:56 - 00377856 _____ C:\Users\Bert\Desktop\gmer_2.1.19163.exe 2013-07-23 13:53 - 2013-07-23 13:51 - 00724952 _____ C:\Users\Bert\Desktop\avenger.zip 2013-07-23 13:24 - 2013-07-23 13:24 - 00001247 _____ C:\Users\Administrator\Desktop\SpyDLLRemover.lnk 2013-07-23 13:24 - 2013-07-23 12:56 - 00000000 ____D C:\Program Files (x86)\SecurityXploded 2013-07-23 13:04 - 2009-07-14 06:45 - 00028624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-23 13:04 - 2009-07-14 06:45 - 00028624 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-23 13:02 - 2011-11-16 10:08 - 00000000 ____D C:\Users\Bert\AppData\Local\CrashDumps 2013-07-23 12:58 - 2013-07-21 15:37 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update 2013-07-23 12:56 - 2013-07-23 12:56 - 00001247 _____ C:\Users\Administrator\Desktop\SpyBHORemover.lnk 2013-07-23 12:53 - 2011-11-19 16:47 - 00000000 ____D C:\Users\Bert\.rainlendar2 2013-07-23 12:51 - 2013-07-23 05:50 - 00000112 _____ C:\windows\setupact.log 2013-07-23 12:51 - 2013-07-21 16:06 - 00000324 _____ C:\windows\Tasks\GlaryInitialize.job 2013-07-23 12:51 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-07-23 05:50 - 2013-07-23 05:50 - 00000000 _____ C:\windows\setuperr.log 2013-07-23 05:41 - 2013-07-23 05:35 - 255018056 _____ (Norman AS) C:\Users\Bert\Desktop\Norman_Malware_Cleaner.exe 2013-07-23 04:39 - 2011-11-15 22:18 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware 2013-07-23 04:12 - 2013-07-23 04:12 - 00000000 ____D C:\Program Files (x86)\BootkitRemovalTool 2013-07-23 03:46 - 2011-11-15 22:18 - 00000000 ____D C:\Users\Bert\Documents\Anti-Malware 2013-07-23 03:33 - 2013-07-23 03:33 - 00000000 ____D C:\windows\System32\Tasks\COMODO 2013-07-23 03:32 - 2013-07-23 03:30 - 00000000 ___SD C:\ProgramData\Shared Space 2013-07-23 03:25 - 2013-07-23 03:24 - 20553576 _____ (Simply Super Software ) C:\Users\Bert\Desktop\trjsetup687.exe 2013-07-23 03:23 - 2013-07-23 03:22 - 04095448 _____ (BrightFort LLC ) C:\Users\Bert\Desktop\spywareblastersetup50.exe 2013-07-23 03:22 - 2013-07-23 03:22 - 05049344 _____ (Crawler.com ) C:\Users\Bert\Desktop\SpywareTerminatorSetup_3.0.0.82.exe 2013-07-23 03:22 - 2013-07-23 03:21 - 21516064 _____ (IObit ) C:\Users\Bert\Desktop\imf-setup_2.0.5.0.exe 2013-07-23 03:20 - 2013-07-23 03:20 - 00618912 _____ (www.download-sponsor.de) C:\Users\Bert\Desktop\tfinstall_universal.exe 2013-07-23 03:17 - 2013-07-23 03:15 - 36271144 _____ (Safer-Networking Ltd. ) C:\Users\Bert\Desktop\spybot-2.1.exe 2013-07-23 03:04 - 2013-07-21 15:02 - 00000000 ____D C:\Program Files (x86)\Junkware Removal Tool 2013-07-23 02:47 - 2013-07-23 02:47 - 00039015 _____ C:\ComboFix.txt 2013-07-23 02:47 - 2013-07-23 02:20 - 00000000 ____D C:\Qoobox 2013-07-23 02:45 - 2009-07-14 04:34 - 00000215 _____ C:\windows\system.ini 2013-07-23 02:20 - 2013-07-23 02:20 - 00000624 _____ C:\Users\Bert\Desktop\JRT.txt 2013-07-23 02:15 - 2013-07-23 02:15 - 05091940 ____R (Swearware) C:\Users\Bert\Desktop\ComboFix.exe 2013-07-23 02:01 - 2011-11-15 20:15 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Macromedia 2013-07-23 01:36 - 2013-06-04 11:39 - 00000000 ____D C:\Program Files (x86)\AdWareCleaner 2013-07-23 01:27 - 2013-07-23 01:27 - 00002742 _____ C:\AdwCleaner[S14].txt 2013-07-23 01:26 - 2013-07-23 01:26 - 00002679 _____ C:\AdwCleaner[R11].txt 2013-07-23 00:47 - 2012-04-26 21:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-07-23 00:45 - 2012-11-04 17:51 - 00000000 ____D C:\Program Files (x86)\ThreatFire 2013-07-22 20:10 - 2013-07-15 22:52 - 00000000 ____D C:\Users\Bert\Desktop\Elfriede Jelinek - Neid 2013-07-22 20:06 - 2011-11-16 18:57 - 00000000 ____D C:\Program Files (x86)\Opera 2013-07-22 20:00 - 2013-07-22 19:59 - 00000000 ____D C:\56793e0a4fd0078f320ad77a323185 2013-07-22 19:58 - 2011-11-15 22:29 - 00000000 ____D C:\Program Files (x86)\Google 2013-07-22 19:56 - 2011-11-19 17:05 - 00000000 ____D C:\Program Files (x86)\Prozess Manager 2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Opera Software 2013-07-22 19:44 - 2013-07-22 19:44 - 00000000 ____D C:\Users\Bert\AppData\Local\Opera Software 2013-07-22 19:32 - 2013-07-22 19:32 - 00000000 ____D C:\Program Files\K-Lite Codec Pack x64 2013-07-22 19:29 - 2013-07-22 19:26 - 00000000 ____D C:\windows\system32\MRT 2013-07-22 19:00 - 2011-07-29 06:05 - 00696870 _____ C:\windows\system32\perfh007.dat 2013-07-22 19:00 - 2011-07-29 06:05 - 00148134 _____ C:\windows\system32\perfc007.dat 2013-07-22 19:00 - 2009-07-14 07:13 - 01612484 _____ C:\windows\system32\PerfStringBackup.INI 2013-07-22 17:21 - 2013-07-22 17:21 - 00003108 _____ C:\windows\System32\Tasks\{52A44EB5-8B6C-4DED-854C-7508DAB59319} 2013-07-22 17:13 - 2013-07-22 17:13 - 00003106 _____ C:\windows\System32\Tasks\{AE3C16E4-0F4D-4972-8A98-CE970C563718} 2013-07-22 17:07 - 2013-07-22 17:07 - 00003200 _____ C:\windows\System32\Tasks\{B731165D-DFA0-477A-807B-6426A31A9672} 2013-07-22 17:05 - 2013-07-22 17:05 - 00003100 _____ C:\windows\System32\Tasks\{509B46B2-466E-4EE9-846C-9A3D86EEE8AD} 2013-07-22 16:48 - 2013-07-22 16:47 - 00001601 _____ C:\AdwCleaner[S2].txt 2013-07-22 16:46 - 2013-07-22 16:46 - 00001539 _____ C:\AdwCleaner[R2].txt 2013-07-22 16:37 - 2013-07-15 17:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-07-22 16:32 - 2013-07-22 16:31 - 00003842 _____ C:\AdwCleaner[S1].txt 2013-07-22 16:30 - 2013-07-22 16:30 - 00003838 _____ C:\AdwCleaner[R1].txt 2013-07-22 04:04 - 2013-07-22 04:04 - 00000000 ____D C:\windows\system32\SRSLabs 2013-07-22 04:04 - 2013-07-22 04:04 - 00000000 ____D C:\Program Files\Realtek 2013-07-22 04:04 - 2011-07-29 01:49 - 00000000 ____D C:\windows\SysWOW64\RTCOM 2013-07-22 01:47 - 2013-07-21 16:56 - 00000000 ____D C:\Users\Bert\Documents\Trojaner-Board 2013-07-22 01:16 - 2013-07-22 01:16 - 00000000 ____D C:\FRST 2013-07-21 22:01 - 2013-06-04 11:11 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK 2013-07-21 18:22 - 2013-07-21 18:21 - 00000000 ____D C:\Program Files\ExtMan (IconTweak) 2013-07-21 17:54 - 2013-06-04 11:11 - 00000000 ____D C:\Program Files (x86)\Zemana AntiLogger 2013-07-21 17:51 - 2013-07-21 17:34 - 00000000 ____D C:\Users\Bert\AppData\Roaming\IcoFX2X 2013-07-21 17:48 - 2013-07-21 17:48 - 00003186 _____ C:\windows\System32\Tasks\{9544E3BB-C36F-45F9-8CCB-F04A5417C807} 2013-07-21 16:06 - 2013-07-21 16:06 - 00002600 _____ C:\windows\System32\Tasks\GlaryInitialize 2013-07-21 16:06 - 2011-11-16 09:01 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 2013-07-21 15:46 - 2013-07-21 15:37 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys 2013-07-21 15:46 - 2013-07-21 15:37 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys 2013-07-21 15:46 - 2013-07-21 15:37 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys 2013-07-21 15:46 - 2013-06-28 00:11 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum 2013-07-21 15:46 - 2013-06-27 01:54 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum 2013-07-21 15:46 - 2013-06-27 01:54 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum 2013-07-21 15:37 - 2012-11-04 17:05 - 00000000 _____ C:\windows\SysWOW64\config.nt 2013-07-21 15:35 - 2012-11-04 17:03 - 00000000 ____D C:\ProgramData\AVAST Software 2013-07-21 15:35 - 2012-11-04 17:03 - 00000000 ____D C:\Program Files\AVAST Software 2013-07-21 09:05 - 2009-07-14 05:20 - 00000000 ____D C:\windows\rescache 2013-07-21 08:00 - 2013-07-20 00:30 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-07-21 08:00 - 2012-07-13 13:04 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Launchy 2013-07-21 08:00 - 2009-07-14 05:20 - 00000000 ____D C:\windows\registration 2013-07-21 06:00 - 2013-07-21 06:00 - 00000000 _____ C:\ProgramData\rebootpending.txt 2013-07-21 06:00 - 2013-07-21 02:19 - 00000000 ____D C:\ProgramData\Avira 2013-07-21 04:32 - 2013-07-21 03:52 - 00040534 _____ C:\windows\system32\Drivers\fvstore.dat 2013-07-21 04:32 - 2013-07-21 02:50 - 00389937 _____ C:\windows\system32\Drivers\sfi.dat 2013-07-21 03:52 - 2013-07-21 03:52 - 00000000 ____D C:\VTRoot 2013-07-21 03:36 - 2013-07-16 05:40 - 00000000 ____D C:\Program Files\Unlocker 2013-07-21 03:21 - 2013-07-21 02:30 - 00000000 ____D C:\Program Files (x86)\Comodo 2013-07-21 02:50 - 2013-07-21 02:48 - 00000000 ____D C:\ProgramData\Comodo 2013-07-21 02:48 - 2013-07-21 02:48 - 00000000 ____D C:\Program Files\COMODO 2013-07-21 02:35 - 2013-07-21 02:35 - 01700352 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdiplus.dll 2013-07-21 02:35 - 2013-07-21 02:35 - 01060864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc71.dll 2013-07-21 02:35 - 2013-07-21 02:35 - 00348160 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll 2013-07-21 02:28 - 2013-07-21 02:28 - 00000000 ____D C:\ProgramData\Comodo Downloader 2013-07-21 02:19 - 2011-11-16 07:51 - 00000000 ____D C:\Program Files (x86)\Avira 2013-07-21 02:00 - 2011-11-15 19:48 - 00000000 ____D C:\Users\Bert 2013-07-21 01:43 - 2013-07-21 01:43 - 00001130 _____ C:\DelFix.txt 2013-07-21 01:40 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-07-21 01:31 - 2013-07-21 00:46 - 00000000 ____D C:\windows\erdnt 2013-07-21 00:39 - 2012-11-16 10:35 - 00000444 _____ C:\windows\Tasks\Wise Registry Cleaner Schedule Task.job 2013-07-21 00:30 - 2011-11-15 20:01 - 00000000 ___RD C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-07-21 00:28 - 2012-09-05 14:32 - 00002772 _____ C:\windows\System32\Tasks\CCleanerSkipUAC 2013-07-21 00:27 - 2012-11-16 10:35 - 00003314 _____ C:\windows\System32\Tasks\Wise Registry Cleaner Schedule Task 2013-07-21 00:26 - 2013-07-10 00:00 - 00003214 _____ C:\windows\System32\Tasks\Driver Booster Update 2013-07-21 00:26 - 2013-06-25 21:52 - 00002966 _____ C:\windows\System32\Tasks\{BBF7C257-78DB-4727-AAD0-4AC4EE99BFC6} 2013-07-21 00:16 - 2011-11-26 22:40 - 00000000 ____D C:\ProgramData\Giraffic 2013-07-21 00:13 - 2011-11-26 22:40 - 00000000 ____D C:\Program Files (x86)\Giraffic 2013-07-21 00:05 - 2013-07-20 00:25 - 00000000 ____D C:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP 2013-07-20 19:10 - 2013-07-10 00:02 - 00000000 ____D C:\Program Files\Supercopier 2013-07-20 12:54 - 2013-07-20 12:53 - 00000000 ____D C:\EEK 2013-07-20 02:21 - 2013-02-08 12:37 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2013-07-20 02:21 - 2013-02-08 12:37 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-20 02:21 - 2013-02-08 12:37 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater 2013-07-20 02:01 - 2012-04-25 12:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-20 01:30 - 2013-07-20 01:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-20 01:29 - 2013-07-17 05:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak 2013-07-20 00:43 - 2013-07-20 00:43 - 00312232 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00188840 _____ (Oracle Corporation) C:\windows\system32\java.exe 2013-07-20 00:43 - 2013-07-20 00:43 - 00108968 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2013-07-20 00:43 - 2013-07-20 00:43 - 00000000 ____D C:\Program Files\Java 2013-07-20 00:43 - 2012-06-25 19:32 - 01093032 _____ (Oracle Corporation) C:\windows\system32\npDeployJava1.dll 2013-07-20 00:43 - 2012-01-17 21:33 - 00972712 _____ (Oracle Corporation) C:\windows\system32\deployJava1.dll 2013-07-20 00:33 - 2013-07-20 00:33 - 00000000 _____ C:\autoexec.bat 2013-07-19 22:20 - 2011-12-23 15:46 - 00000000 ____D C:\Users\Bert\Documents\FFOutput 2013-07-19 11:44 - 2013-07-18 21:38 - 00018944 _____ C:\Users\Bert\Desktop\Bundestagswahlprognose.xls 2013-07-18 15:03 - 2013-06-04 11:11 - 00025568 _____ (Zemana Ltd.) C:\windows\system32\Drivers\KeyCrypt64.sys 2013-07-18 04:43 - 2013-06-06 04:01 - 00000000 ____D C:\Users\Bert\MediathekView 2013-07-16 05:40 - 2013-07-16 05:40 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker 2013-07-16 05:34 - 2013-07-16 05:34 - 00000000 ____D C:\Users\Bert\Documents\Art 2013-07-16 05:27 - 2013-07-16 04:42 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Jitsi 2013-07-16 04:42 - 2013-07-16 04:42 - 00000000 ____D C:\Program Files (x86)\Jitsi 2013-07-16 04:14 - 2013-05-07 17:25 - 00000000 ____D C:\Users\Bert\Documents\Statistik 2013-07-16 04:02 - 2011-11-16 08:34 - 00131136 _____ C:\Users\Bert\AppData\Local\GDIPFONTCACHEV1.DAT 2013-07-16 04:02 - 2009-07-14 06:45 - 00481992 _____ C:\windows\system32\FNTCACHE.DAT 2013-07-16 04:01 - 2012-11-04 18:05 - 00002382 _____ C:\windows\Sandboxie.ini 2013-07-16 03:57 - 2013-07-09 23:58 - 00000000 ____D C:\Users\Bert\AppData\Roaming\PasteCopy.NET 2013-07-16 03:53 - 2011-11-15 19:56 - 00000000 ____D C:\ProgramData\Skype 2013-07-16 03:32 - 2013-07-16 02:49 - 00000000 ____D C:\Program Files (x86)\KVIrc 2013-07-14 01:00 - 2013-07-04 00:16 - 00000000 ____D C:\Program Files (x86)\FEBE 2013-07-11 23:51 - 2013-07-11 23:48 - 00000000 ____D C:\Program Files (x86)\LibreOffice 3.6 2013-07-11 23:51 - 2011-07-29 05:57 - 00000000 ____D C:\windows\ShellNew 2013-07-10 02:14 - 2012-04-07 05:56 - 00000000 ____D C:\windows\Minidump 2013-07-10 02:14 - 2011-02-11 21:57 - 00000000 ____D C:\windows\Panther 2013-07-10 02:03 - 2011-11-19 10:35 - 00000000 ____D C:\Program Files (x86)\Registry System Wizard 2013-07-10 01:51 - 2009-07-14 07:08 - 00032640 _____ C:\windows\Tasks\SCHEDLGU.TXT 2013-07-10 01:47 - 2011-07-29 05:57 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-10 01:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-10 01:47 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-10 01:44 - 2013-07-10 01:44 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2013-07-10 01:43 - 2013-07-10 01:43 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-07-10 01:43 - 2013-07-10 01:43 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-10 01:43 - 2013-07-10 01:43 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-10 01:43 - 2013-07-10 01:43 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-07-10 01:43 - 2013-07-10 01:43 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-07-10 01:41 - 2013-07-10 01:41 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll 2013-07-10 01:41 - 2013-07-10 01:41 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll 2013-07-10 01:31 - 2013-07-10 01:31 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL 2013-07-10 01:31 - 2013-07-10 01:31 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll 2013-07-10 01:31 - 2013-07-10 01:31 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL 2013-07-10 01:31 - 2013-07-10 01:31 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll 2013-07-10 01:19 - 2012-09-05 14:56 - 01590378 _____ C:\windows\SysWOW64\PerfStringBackup.INI 2013-07-10 01:09 - 2013-07-10 01:09 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll 2013-07-10 01:09 - 2013-07-10 01:09 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01505280 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2013-07-10 01:08 - 2013-07-10 01:08 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2013-07-10 01:07 - 2013-07-10 01:07 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2013-07-10 01:07 - 2013-07-10 01:07 - 00223752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys 2013-07-10 01:07 - 2013-07-10 01:07 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wwanprotdim.dll 2013-07-10 00:55 - 2013-07-10 00:55 - 00001262 _____ C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk 2013-07-10 00:54 - 2011-12-04 12:01 - 00000000 ____D C:\Users\Bert\AppData\Roaming\Apple Computer 2013-07-10 00:42 - 2013-07-10 00:05 - 00000000 ____D C:\Program Files\Office Tab 2013-07-10 00:16 - 2013-07-10 00:14 - 00000000 ____D C:\Program Files (x86)\Clover 2013-07-10 00:14 - 2013-07-10 00:14 - 00000000 ____D C:\Users\Bert\AppData\Local\Clover 2013-07-10 00:12 - 2013-07-10 00:09 - 00000000 ____D C:\Program Files\DIFX 2013-07-10 00:11 - 2013-07-10 00:11 - 00000000 ____D C:\Program Files (x86)\SpeedyFox 2013-07-10 00:07 - 2012-09-03 04:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-07-10 00:06 - 2013-07-10 00:06 - 00000000 ____D C:\Program Files (x86)\MSECache 2013-07-10 00:05 - 2013-03-05 02:39 - 00000000 ____D C:\ProgramData\Licenses 2013-07-10 00:03 - 2013-07-10 00:03 - 00000000 ____D C:\Users\Bert\ultracopier 2013-07-10 00:00 - 2011-11-19 10:24 - 00000000 ____D C:\Program Files (x86)\IObit 2013-07-10 00:00 - 2011-11-16 09:03 - 00000000 ____D C:\Users\Bert\AppData\Roaming\IObit 2013-07-09 16:06 - 2013-01-29 00:53 - 00000000 ____D C:\Users\Bert\Desktop\Institut für soziale Berufe 2013-07-08 23:50 - 2013-07-08 23:50 - 00000000 ____D C:\Users\Bert\AppData\Roaming\aignes 2013-07-08 23:50 - 2013-07-08 23:50 - 00000000 ____D C:\Program Files (x86)\AM-DeadLink 2013-07-04 14:44 - 2013-07-04 14:44 - 00000000 _____ C:\windows\SysWOW64\FAPED09.tmp 2013-07-04 14:41 - 2013-07-04 14:41 - 00000000 _____ C:\windows\SysWOW64\FAP6BE6.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAPFFE9.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAP54F8.tmp 2013-07-04 14:40 - 2013-07-04 14:40 - 00000000 _____ C:\windows\SysWOW64\FAP3D90.tmp 2013-07-04 14:39 - 2013-07-04 14:39 - 00000000 _____ C:\windows\SysWOW64\FAP713B.tmp 2013-07-04 14:38 - 2013-07-04 14:38 - 00000000 _____ C:\windows\SysWOW64\FAPD69F.tmp 2013-07-04 14:36 - 2013-07-04 14:36 - 00000000 _____ C:\windows\SysWOW64\FAP2D.tmp 2013-07-04 14:35 - 2013-07-04 14:35 - 00000000 _____ C:\windows\SysWOW64\FAP76FF.tmp 2013-07-04 13:03 - 2013-07-04 13:03 - 00000000 _____ C:\windows\SysWOW64\FAPE22C.tmp 2013-07-04 13:02 - 2013-07-04 13:02 - 00000000 _____ C:\windows\SysWOW64\FAP5739.tmp 2013-07-04 13:00 - 2013-07-04 13:00 - 00000000 _____ C:\windows\SysWOW64\FAP5B7B.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPFE8B.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPF8A0.tmp 2013-07-04 12:58 - 2013-07-04 12:58 - 00000000 _____ C:\windows\SysWOW64\FAPF840.tmp 2013-07-04 12:57 - 2013-07-04 12:57 - 00000000 _____ C:\windows\SysWOW64\FAP7402.tmp 2013-07-04 12:50 - 2013-07-04 12:50 - 00000000 _____ C:\windows\SysWOW64\FAPDA60.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPEACA.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPD381.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAPBBF9.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP906.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP740E.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP5D8F.tmp 2013-07-04 12:49 - 2013-07-04 12:49 - 00000000 _____ C:\windows\SysWOW64\FAP2001.tmp 2013-07-04 12:48 - 2013-07-04 12:48 - 00000000 _____ C:\windows\SysWOW64\FAP8C31.tmp 2013-07-04 12:48 - 2013-07-04 12:48 - 00000000 _____ C:\windows\SysWOW64\FAP78ED.tmp 2013-07-04 12:42 - 2013-07-04 12:42 - 00000000 _____ C:\windows\SysWOW64\FAP8450.tmp 2013-07-04 12:33 - 2013-07-04 12:33 - 00000000 _____ C:\windows\SysWOW64\FAP1334.tmp 2013-07-04 12:17 - 2013-07-04 12:17 - 00000000 _____ C:\windows\SysWOW64\FAP815F.tmp 2013-07-04 12:11 - 2012-12-04 23:54 - 00000000 ____D C:\Program Files (x86)\URLSnooper2 2013-07-04 11:14 - 2012-12-18 17:00 - 00084027 _____ C:\Users\Bert\Desktop\Mjusiq.xspf 2013-07-04 11:10 - 2011-11-18 16:13 - 00000000 ____D C:\Program Files (x86)\Java 2013-07-04 04:09 - 2013-07-04 04:09 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2013-07-04 04:09 - 2013-07-04 04:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2013-07-04 04:09 - 2012-07-13 01:33 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll 2013-07-04 04:09 - 2011-11-18 16:14 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll 2013-07-04 03:43 - 2012-10-11 11:23 - 00007607 _____ C:\Users\Bert\AppData\Local\Resmon.ResmonCfg 2013-07-04 01:24 - 2013-07-04 01:24 - 00000000 ____D C:\Users\Bert\.macromedia 2013-07-03 23:04 - 2012-09-04 05:42 - 00000000 ____D C:\Program Files\Puran Defrag 2013-07-03 17:05 - 2011-11-15 22:30 - 00000000 ____D C:\Program Files\CCleaner 2013-07-03 16:44 - 2013-07-03 16:39 - 00000600 _____ C:\Users\Bert\PUTTY.RND 2013-07-03 14:59 - 2013-07-03 14:59 - 00000000 _____ C:\Users\Bert\mm_backup.cfg 2013-07-02 17:21 - 2013-07-02 17:21 - 00000000 ____D C:\Program Files (x86)\Tor 2013-07-02 17:18 - 2013-07-02 17:17 - 00000000 ____D C:\Users\Bert\Documents\Calibre Library 2013-07-02 17:18 - 2013-07-02 17:13 - 00000000 ____D C:\Users\Bert\AppData\Roaming\calibre 2013-07-02 17:13 - 2013-07-02 17:13 - 00000000 ____D C:\Users\Bert\Documents\Calibre Bibliothek 2013-07-02 17:12 - 2013-07-02 17:12 - 00000000 ____D C:\Program Files (x86)\Calibre2 2013-07-02 03:32 - 2009-07-14 05:20 - 00000000 ____D C:\windows\PolicyDefinitions 2013-07-02 03:06 - 2013-07-02 03:06 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2013-07-02 03:06 - 2013-07-02 03:06 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2013-07-02 03:06 - 2013-07-02 03:06 - 01400416 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat 2013-07-02 03:06 - 2013-07-02 03:06 - 01400416 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat 2013-07-02 03:06 - 2013-07-02 03:06 - 01054720 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00905728 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00719360 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00599552 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00523264 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2013-07-02 03:06 - 2013-07-02 03:06 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2013-07-02 03:06 - 2013-07-02 03:06 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00270848 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00247296 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00242200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00232960 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00216064 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00185344 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00173568 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00150528 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00138752 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00137216 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00117248 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00110592 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx 2013-07-02 03:06 - 2013-07-02 03:06 - 00073728 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx 2013-07-02 03:06 - 2013-07-02 03:06 - 00057344 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll 2013-07-02 03:06 - 2013-07-02 03:06 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe 2013-07-02 03:06 - 2013-07-02 03:06 - 00011776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe 2013-06-26 20:29 - 2012-10-02 11:09 - 00000000 ____D C:\Users\Bert\Desktop\2nd 2013-06-24 00:57 - 2011-11-17 05:14 - 78277128 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-23 08:33 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-07-2013 01 Ran by Bert at 2013-07-23 15:31:40 Running from C:\Users\Bert\Desktop Boot Mode: Safe Mode (minimal) ========================================================== ==================== Installed Programs ======================= 7-Zip 9.22 (x64 edition) (Version: 9.22.00.0) Any Video Converter 5.0.7 (x32) Broadcom 802.11 Network Adapter (Version: 5.60.48.55) Canon MG5100 series MP Drivers CCleaner (Version: 4.03) COMODO Firewall (Version: 6.2.20728.2847) dows-Treiberpaket - Qualcomm Atheros Communications Inc. Net (12/20/2012 10.0.0.222) (Version: 12/20/2012 10.0.0.222) Emsisoft Anti-Malware (x32 Version: 8.0) Eraser 6.0.10.2620 (Version: 6.0.2620) ETDWare PS/2-X64 8.0.7.2_WHQL (Version: 8.0.7.2) Finanzausgleich zum Selberrechnen (Version: 1.0.2) GIMP 2.8.2 (Version: 2.8.2) Google Earth (x32 Version: 7.1.1.1888) Intel(R) PROSet/Wireless WiFi Software (Version: 14.01.1000) Java 7 Update 25 (64-bit) (Version: 7.0.250) Jitsi (Version: 2.2.4603.9615) K-Lite Codec Pack 9.9.5 (64-bit) (Version: 9.9.5) Media Preview (Version: 1.2.5.264) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) O&O Defrag Free Edition (Version: 14.1.431) Paint.NET v3.5.10 (Version: 3.60.0) PDF Split And Merge Basic (Version: 2.2.2) PDF-XChange Viewer (Version: 2.5.199.0) PhotoFiltre 7 (HKCU) Puran Defrag 7.5 Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873) Recuva (Version: 1.47) Sandboxie 4.04 (64-bit) (Version: 4.04) Should I Remove It (HKCU Version: 1.0.4) Should I Remove It (x32 Version: 1.0.4) Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.0.82.0) Unlocker 1.9.1-x64 (Version: 1.9.1) VLC media player 2.0.7 (Version: 2.0.7) Windows-Treiberpaket - Qualcomm Atheros Communications Inc. (athr) Net (12/20/2012 10.0.0.222) (Version: 12/20/2012 10.0.0.222) Windows-Treiberpaket - Realtek (RTL8167) Net (12/26/2012 7.067.1226.2012) (Version: 12/26/2012 7.067.1226.2012) Windows-Treiberpaket - Realtek Net (12/26/2012 7.067.1226.2012) (Version: 12/26/2012 7.067.1226.2012) ==================== Restore Points ========================= 23-07-2013 12:53:26 Installed Should I Remove It ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-07-23 02:30 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {052FF8F9-17E5-46CE-92E9-2459D443BE1D} - System32\Tasks\WifiManager => %programfiles(x86)%\Samsung\Easy Display Manager\WifiManager.exe No File Task: {07BA8459-7B7A-4378-BA93-87DAF8F39996} - System32\Tasks\SamsungSupportCenter => %programfiles(x86)%\Samsung\Samsung Support Center\SSCKbdHk.exe No File Task: {10A79368-98DA-4ACF-BECF-C06C43ED2E4B} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {121D8FED-57CE-49BA-A249-6F4B0FB52E2B} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe No File Task: {1B988CEF-61CE-415B-BA9E-DF7E634739CD} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2013-06-18] (COMODO) Task: {1D3851B4-445B-4305-8350-7780C810AE89} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.) Task: {20EE00D5-6A47-499F-8646-0EEECB513933} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software) Task: {362D8E5A-6F06-4B37-A8BC-362361B37052} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.) Task: {3D505DDD-A399-485D-BE86-3973F4B7B2B4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-592597040-2687735098-3077039613-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File Task: {485C9238-50AE-4DBB-BB0C-BCD991F50DBD} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-20] (Adobe Systems Incorporated) Task: {4BE9723B-5BFB-4B57-B199-62385B836FE7} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-13] () Task: {4D6F3CD8-7EAE-4856-81B9-362478929477} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe No File Task: {710D33EB-91F9-486B-B7BD-3F854CA02D54} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink) Task: {7A2B3EFC-3362-4935-B339-884F665B6953} - System32\Tasks\Wise Registry Cleaner Schedule Task => C:\Program Files (x86)\Wise Registry Cleaner\WiseRegCleaner.exe [2012-11-08] (WiseCleaner.com) Task: {7D5CB5A2-919E-4192-A53A-AB0928AB102F} - System32\Tasks\{BBF7C257-78DB-4727-AAD0-4AC4EE99BFC6} => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013-07-20] (Mozilla Corporation) Task: {91586A9A-F31D-46B0-AD12-B2EA51F12FB5} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {92801305-2B16-4643-A691-588E7158BDD4} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2013-05-27] (Glarysoft Ltd) Task: {9424B58E-CC51-430F-B47D-AF5ADA340E8B} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-23] (Samsung Electronics Co., Ltd.) Task: {9809E7C2-3D95-425E-806A-CCC7DA20450E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software) Task: {A2EC6E16-DD7C-42E6-A5BB-55CE62962A8B} - System32\Tasks\EasyBatteryManager => %ProgramFiles(x86)%\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe No File Task: {A754AED3-5EAC-4B65-AE7C-49DC73AA420B} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {B971BF12-5F0B-4B04-A0DD-92042CAE76EC} - System32\Tasks\EasySpeedUpManager => %programfiles(x86)%\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe No File Task: {C2390F26-B14C-45EF-AE0D-BDB414531F1B} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-02-14] (SEC) Task: {C40C0685-91D5-4663-89AD-3E9C29063AA7} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe [2013-06-18] (COMODO) Task: {C50A22D2-F54D-482A-9577-DF42FF3B6FC8} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.) Task: {C7F32861-B0A4-450B-A160-0EFCB9969A8E} - System32\Tasks\SUPBackground => %ProgramFiles(x86)%\Samsung\Samsung Update Plus\SUPBackground.exe No File Task: {CE138B3D-A62C-41D2-AD85-F767AB0971FD} - System32\Tasks\CCleanerSkipUAC => C:\PROGRAM FILES\CCLEANER\CCLEANER.EXE [2013-06-19] (Piriform Ltd) Task: {DC7F9992-F690-448D-976A-21B1347CC9FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {EA4ED269-2A24-41F4-9428-38506827D19F} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2013-06-08] (IObit) Task: {FFBED0E0-3C47-49A8-8D34-064CA7B1A8D9} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-592597040-2687735098-3077039613-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe Task: C:\windows\Tasks\Wise Registry Cleaner Schedule Task.job => C:\Program Files (x86)\Wise Registry Cleaner\WiseRegCleaner.exe ==================== Faulty Device Manager Devices ============= Name: aswVmm Description: aswVmm Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswVmm Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: aswRvrt Description: aswRvrt Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: aswRvrt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/23/2013 03:17:49 PM) (Source: .NET Runtime) (User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 5176. Meldungs-ID: [0x2509]. Error: (07/23/2013 03:16:18 PM) (Source: .NET Runtime) (User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 5852. Meldungs-ID: [0x2509]. Error: (07/23/2013 03:15:04 PM) (Source: .NET Runtime) (User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 2708. Meldungs-ID: [0x2509]. Error: (07/23/2013 03:10:59 PM) (Source: .NET Runtime) (User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 5708. Meldungs-ID: [0x2509]. Error: (07/23/2013 03:10:50 PM) (Source: .NET Runtime) (User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 2996. Meldungs-ID: [0x2509]. Error: (07/23/2013 01:34:19 PM) (Source: .NET Runtime) (User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 5260. Meldungs-ID: [0x2509]. Error: (07/23/2013 01:29:08 PM) (Source: .NET Runtime) (User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 2860. Meldungs-ID: [0x2509]. Error: (07/23/2013 01:24:44 PM) (Source: .NET Runtime) (User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 5696. Meldungs-ID: [0x2509]. Error: (07/23/2013 01:17:04 PM) (Source: .NET Runtime) (User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 3488. Meldungs-ID: [0x2509]. Error: (07/23/2013 01:02:32 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: CLMLSvc.exe, Version: 2.1.1803.0, Zeitstempel: 0x4a2670aa Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0007898d ID des fehlerhaften Prozesses: 0x1310 Startzeit der fehlerhaften Anwendung: 0xCLMLSvc.exe0 Pfad der fehlerhaften Anwendung: CLMLSvc.exe1 Pfad des fehlerhaften Moduls: CLMLSvc.exe2 Berichtskennung: CLMLSvc.exe3 System errors: ============= Error: (07/23/2013 03:30:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/23/2013 03:30:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/23/2013 03:30:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/23/2013 03:30:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/23/2013 03:30:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/23/2013 03:30:30 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/23/2013 03:30:29 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/23/2013 03:30:28 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error: (07/23/2013 03:30:28 PM) (Source: DCOM) (User: ) Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89} Error: (07/23/2013 03:30:28 PM) (Source: DCOM) (User: ) Description: 1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E} Microsoft Office Sessions: ========================= Error: (07/23/2013 03:31:48 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/23/2013 03:17:49 PM) (Source: .NET Runtime)(User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 5176. Meldungs-ID: [0x2509]. Error: (07/23/2013 03:16:18 PM) (Source: .NET Runtime)(User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 5852. Meldungs-ID: [0x2509]. Error: (07/23/2013 03:15:04 PM) (Source: .NET Runtime)(User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 2708. Meldungs-ID: [0x2509]. Error: (07/23/2013 03:10:59 PM) (Source: .NET Runtime)(User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 5708. Meldungs-ID: [0x2509]. Error: (07/23/2013 03:10:50 PM) (Source: .NET Runtime)(User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 2996. Meldungs-ID: [0x2509]. Error: (07/23/2013 01:34:19 PM) (Source: .NET Runtime)(User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 5260. Meldungs-ID: [0x2509]. Error: (07/23/2013 01:29:08 PM) (Source: .NET Runtime)(User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 2860. Meldungs-ID: [0x2509]. Error: (07/23/2013 01:24:44 PM) (Source: .NET Runtime)(User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 5696. Meldungs-ID: [0x2509]. Error: (07/23/2013 01:17:04 PM) (Source: .NET Runtime)(User: ) Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 3488. Meldungs-ID: [0x2509]. CodeIntegrity Errors: =================================== Date: 2013-07-23 03:18:41.635 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\A795.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-23 03:18:41.408 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\A795.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-23 03:10:23.899 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\B74D.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-23 03:10:23.720 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\B74D.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-23 03:07:50.294 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\B74D.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-23 03:07:50.106 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\B74D.tmp" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-23 02:29:47.957 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-23 02:29:47.910 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-21 01:22:44.929 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-21 01:22:44.773 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 4009.55 MB Available physical RAM: 3042.62 MB Total Pagefile: 8017.28 MB Available Pagefile: 7072.59 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:71 GB) (Free:17.99 GB) NTFS (Disk=0 Partition=2) Drive d: () (Fixed) (Total:203.63 GB) (Free:1.5 GB) NTFS (Disk=0 Partition=4) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 010722F6) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=71 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=204 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=23 GB) - (Type=27) ==================== End Of Log ============================ Schon mal ein großes Dankeschön für deine bisherige Hilfe! Anbei noch ein Ergebnis aus meinem Norma Malware Cleaner Scan, der gerade läuft: "C:\Windows\Installer\34c2dc.msi/Binary.WidgiInstallHelper.dll". Könnte das evtl. mit dem Kram was zu tun haben? |
23.07.2013, 19:07 | #14 | |
/// the machine /// TB-Ausbilder | Nervige Werbung: 'Ads not by this site'-Problem Nee aber die Datei kannst löschen. Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.07.2013, 19:56 | #15 |
| Nervige Werbung: 'Ads not by this site'-Problem Ja, hab ich irgendwann mal aufgespielt! |
Themen zu Nervige Werbung: 'Ads not by this site'-Problem |
ads, ads not by this site, adware entfernen, anhänge, anhängen, bekannte, ergebnis, gen, help, hänge, hängen, häufiger, junkware, junkware removal tool, klasse, nervige, not, please, please help, rechner, removal, schließe, this, tool, werbung |