Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 24.07.2013, 17:50   #1
-Tahsin
 
FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen - Icon32

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen



Hallo,
ich hab mir den FBDownloader eingefangen und brauche jetzt eure Hilfe den zu entfernen.
Leider habe ich, ohne vorher die Regeln durchzulesen, einige Schritte einfach so von anderen Threads befolgt (Programme gedownloadet - ausgeführt etc.)

Es wäre deshalb vielleicht hilfreich als erstes einen Scan durchzuführen, ob ich den FBDownloader überhaupt noch habe.

Ich danke euch/dir schonmal im Vorraus !
Grüße

Alt 24.07.2013, 18:23   #2
schrauber
/// the machine
/// TB-Ausbilder
 

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen - Standard

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 24.07.2013, 19:13   #3
-Tahsin
 
FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen - Standard

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen



FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2013
Ran by Tahsin (administrator) on 24-07-2013 19:49:30
Running from C:\Users\Tahsin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Spotify Ltd) C:\Users\Tahsin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PremiumCraft) C:\Users\Tahsin\Desktop\PremiumCraft.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Tahsin\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Tahsin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-15] (Spotify Ltd)
HKCU\...\Run: [SSync] - C:\Users\Tahsin\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [SCheck] - C:\Users\Tahsin\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [Snoozer] - C:\Users\Tahsin\AppData\Roaming\Snz\Snz.exe [1137673 2013-07-21] ()
HKCU\...\Run: [Intermediate] - C:\Users\Tahsin\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] - "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
ShortcutTarget: HDDHealth.lnk -> C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {BAF60B34-BC2D-4D38-BF52-8D31949C6020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: iMacros Browser Helper Object - {34D5A80A-992D-4F07-9509-66E9E133BAAF} - C:\Program Files (x86)\iOpus\iMacros\iMacrosBHO.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.71\npchrome_frame.dll (Google Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.71\npchrome_frame.dll (Google Inc.)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tahsin\AppData\Roaming\Mozilla\Firefox\Profiles\5ruscmlq.default
FF Keyword.URL: hxxp://www.google.de/search?q=
FF NetworkProxy: "ftp", "178.253.249.109"
FF NetworkProxy: "ftp_port", 6666
FF NetworkProxy: "http", "178.253.249.109"
FF NetworkProxy: "http_port", 6666
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "178.253.249.109"
FF NetworkProxy: "socks_port", 6666
FF NetworkProxy: "ssl", "178.253.249.109"
FF NetworkProxy: "ssl_port", 6666
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Tahsin\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tahsin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tahsin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Tahsin\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
FF Extension: iMacros for Firefox - C:\Users\Tahsin\AppData\Roaming\Mozilla\Firefox\Profiles\5ruscmlq.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF Extension: No Name - C:\Users\Tahsin\AppData\Roaming\Mozilla\Firefox\Profiles\5ruscmlq.default\Extensions\WTB_GLOBAL.sqlite
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (SOE Web Installer) - C:\Users\Tahsin\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Logitech SetPoint) - C:\Users\Tahsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0
CHR Extension: (AdBlock) - C:\Users\Tahsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Tahsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [315392 2005-03-04] (AVM Berlin)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-10-13] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP3\RpcAgentSrv.exe [95896 2009-03-28] (SiSoftware)

==================== Drivers (Whitelisted) ====================

R1 acedrv08; C:\Windows\system32\drivers\acedrv08.sys [133856 2012-08-22] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP3\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
S3 X6va005; \??\C:\Users\Tahsin\AppData\Local\Temp\005D1DF.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-24 19:48 - 2013-07-24 19:49 - 01779757 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64 (1).exe
2013-07-24 18:03 - 2013-07-24 18:30 - 00000000 ____D C:\ComboFix
2013-07-24 18:03 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-24 18:03 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-24 18:03 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-24 18:03 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-24 18:03 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-24 18:03 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-24 18:03 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-24 18:03 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-24 18:01 - 2013-07-24 18:29 - 00000000 ____D C:\Windows\erdnt
2013-07-24 18:01 - 2013-07-24 18:03 - 00000000 ____D C:\Qoobox
2013-07-24 17:58 - 2013-07-24 17:58 - 00003590 _____ C:\Users\Tahsin\Desktop\JRT.txt
2013-07-24 17:46 - 2013-07-24 17:46 - 05092950 ____R (Swearware) C:\Users\Tahsin\Downloads\ComboFix.exe
2013-07-24 17:45 - 2013-07-24 17:45 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Tahsin\Downloads\JRT.exe
2013-07-24 17:45 - 2013-07-24 17:45 - 00000000 ____D C:\Windows\ERUNT
2013-07-24 17:37 - 2013-07-24 17:37 - 00022193 _____ C:\AdwCleaner[S1].txt
2013-07-24 17:35 - 2013-07-24 17:35 - 00666633 _____ C:\Users\Tahsin\Downloads\adwcleaner.exe
2013-07-24 17:33 - 2013-07-24 17:33 - 00030511 _____ C:\Users\Tahsin\Downloads\Addition.txt
2013-07-24 17:31 - 2013-07-24 17:31 - 01779757 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64.exe
2013-07-24 17:31 - 2013-07-24 17:31 - 00000000 ____D C:\FRST
2013-07-24 17:20 - 2013-07-24 17:20 - 00422944 _____ C:\Users\Tahsin\Downloads\PremiumCraft_2.1.0.1.rar
2013-07-24 11:11 - 2013-07-24 11:11 - 00030998 _____ C:\Users\Tahsin\Downloads\emaaaails.txt
2013-07-23 18:10 - 2013-07-23 18:10 - 00003361 _____ C:\Users\Tahsin\.recently-used.xbel
2013-07-23 15:00 - 2013-07-23 15:09 - 00000000 ____D C:\Users\Tahsin\Desktop\Unbenannt
2013-07-23 14:57 - 2013-07-23 14:57 - 00000000 ____D C:\Users\Tahsin\Desktop\gr
2013-07-23 14:02 - 2013-07-23 14:02 - 19152896 _____ C:\Users\Tahsin\Desktop\AMF Bot Video.camrec
2013-07-23 13:25 - 2013-07-23 13:25 - 00004333 _____ C:\Users\Tahsin\Downloads\AddmeFast IMacro Youtube.js
2013-07-23 11:37 - 2013-07-23 11:37 - 00023753 _____ C:\Users\Tahsin\Documents\Ihrlenkungsspezialist.odt
2013-07-23 03:10 - 2013-07-23 03:10 - 00586896 _____ C:\Users\Tahsin\Downloads\RE Retourenlabel zu Ihrer DHL Sendung 412668179.eml
2013-07-23 01:44 - 2013-07-23 01:44 - 00000000 ____D C:\Users\Tahsin\Desktop\2013-07 (Jul)
2013-07-23 01:36 - 2013-07-23 01:36 - 00291744 _____ C:\Windows\Minidump\072313-18751-01.dmp
2013-07-22 17:30 - 2013-07-22 17:30 - 00000000 _____ C:\Users\Tahsin\Desktop\Neue Bitmap.bmp
2013-07-22 17:21 - 2013-07-22 17:21 - 00001060 _____ C:\Users\Tahsin\Documents\YouTube Like Treasures.txt
2013-07-22 09:24 - 2013-07-22 09:24 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Snz
2013-07-21 19:34 - 2013-07-21 19:34 - 00018889 _____ C:\Users\Tahsin\Downloads\Grobold Font   dafont.com.htm
2013-07-21 19:34 - 2013-07-21 19:34 - 00000000 ____D C:\Users\Tahsin\Downloads\Grobold Font   dafont.com_files
2013-07-21 18:43 - 2013-07-21 18:43 - 00001278 _____ C:\Users\Tahsin\Downloads\addmefastbotfblikes.rar
2013-07-21 14:24 - 2013-07-21 14:24 - 00041618 _____ C:\Users\Tahsin\Desktop\Neues Textdokument (2).txt
2013-07-21 14:24 - 2013-07-10 21:33 - 00020480 _____ C:\Users\Tahsin\Desktop\AddMeFastBot (Update 1).exe
2013-07-21 13:44 - 2013-07-21 13:44 - 00009272 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1 (1).rar
2013-07-21 12:12 - 2013-07-21 13:17 - 00221184 _____ (PremiumCraft) C:\Users\Tahsin\Desktop\PremiumCraft.exe
2013-07-21 12:12 - 2013-07-19 11:09 - 00475136 _____ C:\Users\Tahsin\Desktop\SharpCompress.dll
2013-07-21 12:12 - 2013-07-02 19:59 - 00150016 _____ (restsharp.org) C:\Users\Tahsin\Desktop\RestSharp.dll
2013-07-21 11:49 - 2013-07-24 18:54 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\PremiumCraft
2013-07-21 11:48 - 2013-07-21 11:48 - 00422927 _____ C:\Users\Tahsin\Downloads\PremiumCraft_2.1.0.rar
2013-07-20 18:16 - 2013-07-20 18:16 - 00001168 _____ C:\Users\Tahsin\Desktop\iMacros Batch Sample.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00000874 _____ C:\Users\Tahsin\Desktop\Examples.lnk
2013-07-20 18:02 - 2013-07-20 18:02 - 32409360 _____ (iOpus                                                       ) C:\Users\Tahsin\Downloads\iMacros-Setup.exe
2013-07-20 18:02 - 2013-07-20 18:02 - 00269967 _____ C:\Users\Tahsin\Downloads\imacros_for_firefox-8.3.0-fx.xpi
2013-07-20 17:59 - 2013-07-20 18:00 - 49868140 _____ C:\Users\Tahsin\Downloads\iMacrosWikiOfflineVersion.zip
2013-07-20 16:29 - 2013-07-20 16:32 - 00003191 _____ C:\Users\Tahsin\Downloads\zp_facebook.zip
2013-07-20 14:28 - 2013-07-20 14:28 - 00003506 _____ C:\Windows\System32\Tasks\DealPly
2013-07-20 14:28 - 2013-07-20 14:28 - 00000000 ____D C:\Program Files (x86)\iOpus
2013-07-20 14:27 - 2013-07-20 14:27 - 02026456 _____ C:\Users\Tahsin\Downloads\imacros.exe
2013-07-20 14:23 - 2013-07-20 14:31 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-20 14:23 - 2013-07-20 14:23 - 31022640 _____ (Opera Software ASA) C:\Users\Tahsin\Downloads\Opera_15.0.1147.141_Setup.exe
2013-07-20 14:23 - 2013-07-20 14:23 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Opera Software
2013-07-20 14:23 - 2013-07-20 14:23 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Opera Software
2013-07-20 10:39 - 2013-07-20 10:40 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Steganos VPN
2013-07-20 10:37 - 2013-07-20 10:39 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Steganos
2013-07-20 10:37 - 2013-07-20 10:37 - 14696720 _____ (Steganos Software GmbH) C:\Users\Tahsin\Downloads\okayfreedomwr110.exe
2013-07-20 10:02 - 2013-07-20 10:26 - 00000000 ____D C:\ProgramData\notracks.com
2013-07-20 10:00 - 2013-07-20 10:42 - 00000000 ____D C:\Program Files\Easy-Hide-IP
2013-07-20 10:00 - 2013-07-20 10:36 - 00003520 _____ C:\Windows\SysWOW64\EasyRedirect.ini
2013-07-20 10:00 - 2013-07-20 10:36 - 00002040 _____ C:\Windows\SysWOW64\EasyRedirectOff.ini
2013-07-20 10:00 - 2013-07-20 10:36 - 00002040 _____ C:\Windows\system32\EasyRedirectOff.ini
2013-07-20 10:00 - 2013-07-20 10:00 - 06248752 _____ (EasyTech                                                    ) C:\Users\Tahsin\Downloads\easy-hide-ip-5.0.0.3.1.exe
2013-07-20 10:00 - 2012-11-22 15:10 - 00539984 _____ (EasyTech) C:\Windows\system32\EasyRedirect64.dll
2013-07-20 10:00 - 2012-11-22 15:10 - 00380240 _____ (EasyTech) C:\Windows\SysWOW64\EasyRedirect.dll
2013-07-19 22:51 - 2013-07-19 22:51 - 00000584 _____ C:\Users\Tahsin\Downloads\AMF.12.Script.34.DADEX.rar
2013-07-19 17:22 - 2013-07-19 17:22 - 05835181 _____ C:\Users\Tahsin\Downloads\proxies.txt
2013-07-19 17:21 - 2013-07-19 17:21 - 00041618 _____ C:\Users\Tahsin\Downloads\proxy (1).txt
2013-07-19 17:20 - 2013-07-19 17:20 - 00041618 _____ C:\Users\Tahsin\Downloads\proxy.txt
2013-07-19 16:17 - 2013-07-19 16:17 - 00000279 _____ C:\Users\Tahsin\Downloads\YT-BOT-ADDMEFAST.iim
2013-07-19 16:16 - 2013-07-20 18:16 - 00000000 ____D C:\Users\Tahsin\Documents\iMacros
2013-07-19 15:42 - 2013-07-19 15:42 - 00009272 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1.rar
2013-07-18 09:56 - 2013-07-18 09:56 - 00291752 _____ C:\Windows\Minidump\071813-42588-01.dmp
2013-07-17 18:38 - 2013-07-17 18:38 - 00017385 _____ C:\Users\Tahsin\Desktop\Quizfragen 22 Stück.ods
2013-07-17 18:02 - 2013-07-17 18:02 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\OpenOffice.org
2013-07-17 18:00 - 2013-07-17 18:00 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-07-17 17:58 - 2013-07-17 17:59 - 152249762 _____ C:\Users\Tahsin\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
2013-07-15 00:20 - 2013-07-15 00:20 - 00291744 _____ C:\Windows\Minidump\071513-45567-01.dmp
2013-07-15 00:09 - 2013-07-15 00:09 - 00020678 _____ C:\Users\Tahsin\Downloads\HesapHareketleri.do
2013-07-14 13:25 - 2013-07-14 13:25 - 00000956 _____ C:\Users\Tahsin\Desktop\Guild Wars 2.lnk
2013-07-13 10:43 - 2013-07-13 10:43 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Tahsin\Downloads\Shockwave_Installer_Slim (2).exe
2013-07-12 19:38 - 2013-07-12 19:38 - 00007684 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot.rar
2013-07-11 15:01 - 2013-07-11 15:02 - 00291744 _____ C:\Windows\Minidump\071113-41402-01.dmp
2013-07-11 02:36 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 02:36 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 02:36 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 02:36 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 02:36 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 02:36 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 02:36 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 02:36 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 02:36 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 18:00 - 2013-07-22 16:24 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Intermediate
2013-07-10 18:00 - 2013-07-10 18:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\SSync
2013-07-10 18:00 - 2013-07-10 18:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\SCheck
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\PiccShare
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Common
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Program Files (x86)\Axife Mouse Recorder DEMO
2013-07-10 17:58 - 2013-07-10 17:58 - 00393064 _____ (Softonic                                        ) C:\Users\Tahsin\Downloads\SoftonicDownloader_fuer_axife-mouse-recorder.exe
2013-07-10 17:54 - 2013-07-10 17:58 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2013-07-10 17:53 - 2013-07-10 17:53 - 00910736 _____ (ghost-mouse.com                                             ) C:\Users\Tahsin\Downloads\GhostMouse321-Setup.exe
2013-07-10 14:53 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 14:53 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 14:52 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 14:52 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 14:52 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 14:52 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 14:52 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-05 17:39 - 2013-07-05 17:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-05 17:37 - 2013-07-05 17:37 - 31954536 _____ (Skype Technologies S.A.) C:\Users\Tahsin\Downloads\SkypeSetup66Full.exe
2013-07-05 17:36 - 2013-07-05 17:36 - 22716480 _____ (ArenaNet) C:\Users\Tahsin\Downloads\Gw2Setup.exe
2013-07-02 21:04 - 2013-07-02 21:05 - 39358651 _____ C:\Users\Tahsin\Downloads\bg Raw File.rar
2013-07-02 19:48 - 2013-07-02 19:48 - 00291744 _____ C:\Windows\Minidump\070213-15303-01.dmp
2013-07-01 19:04 - 2013-07-01 19:04 - 00057012 _____ C:\Users\Tahsin\Downloads\Rechnung zu Order-ID 3133899 -  304-3212191-5198757 vom 21.06.2013 182556.zip
2013-06-30 20:28 - 2013-06-30 20:29 - 00291744 _____ C:\Windows\Minidump\063013-36519-01.dmp
2013-06-30 18:17 - 2013-06-30 18:17 - 02596440 _____ (Sandboxie Holdings, LLC) C:\Users\Tahsin\Downloads\SandboxieInstall.exe
2013-06-30 17:57 - 2013-06-30 17:57 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2013-06-30 17:57 - 2013-06-30 17:57 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-06-30 10:58 - 2013-06-30 10:58 - 00167536 _____ () C:\Users\Tahsin\Downloads\OnlineWeatherSetup-3M80IlG.exe
2013-06-30 10:57 - 2013-06-30 10:57 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-0M6Elbp.exe
2013-06-30 10:56 - 2013-06-30 10:56 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-0ISfsny.exe
2013-06-30 10:54 - 2013-06-30 10:54 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-4NyfsgM.exe
2013-06-28 16:21 - 2013-06-28 16:21 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-28 16:21 - 2013-06-28 16:21 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-06-28 16:19 - 2013-06-28 16:19 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-28 16:19 - 2013-06-28 16:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-28 16:17 - 2013-06-28 16:17 - 33150376 _____ (Oracle Corporation) C:\Users\Tahsin\Downloads\jre-7u25-windows-x64.exe
2013-06-28 16:17 - 2013-06-28 16:17 - 31714216 _____ (Oracle Corporation) C:\Users\Tahsin\Downloads\jre-7u25-windows-i586.exe
2013-06-28 14:57 - 2013-06-28 14:57 - 33578320 _____ (Dropbox, Inc.) C:\Users\Tahsin\Downloads\Dropbox 2.2.8.exe
2013-06-28 07:37 - 2013-06-28 07:37 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-27 19:40 - 2013-07-24 19:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-27 19:40 - 2013-07-23 01:42 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-27 19:40 - 2013-07-23 01:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-27 19:40 - 2013-07-23 01:42 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-27 19:19 - 2013-06-27 19:19 - 00814472 _____ (Adobe Systems Incorporated) C:\Users\Tahsin\Downloads\uninstall_flash_player.exe
2013-06-27 16:50 - 2013-06-27 16:50 - 00000000 ____D C:\Users\Public\Documents\sun
2013-06-27 16:48 - 2013-06-27 16:49 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4.0
2013-06-27 16:39 - 2013-06-27 16:41 - 192004096 _____ C:\Users\Tahsin\Downloads\LibreOffice_4.0.4_Win_x86.msi
2013-06-26 19:00 - 2013-06-28 07:37 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-26 19:00 - 2013-06-28 07:37 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-26 13:06 - 2013-06-26 13:11 - 00000680 _____ C:\Windows\LkmdfCoInst.log
2013-06-26 13:06 - 2013-06-26 13:10 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-06-26 13:06 - 2013-06-26 13:10 - 00000000 ____D C:\Users\Public\Documents\LogiShrd
2013-06-26 13:06 - 2013-06-26 13:06 - 00006871 _____ C:\Windows\LDPINST.LOG
2013-06-26 13:06 - 2013-06-26 13:06 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Logishrd
2013-06-26 13:05 - 2013-06-26 13:06 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2013-06-26 13:05 - 2013-06-26 13:05 - 00000000 ____D C:\ProgramData\Logitech
2013-06-26 13:05 - 2013-06-26 13:05 - 00000000 ____D C:\Program Files\Logitech
2013-06-26 13:04 - 2013-06-26 13:04 - 59248080 _____ (Logitech Inc.) C:\Users\Tahsin\Downloads\setpoint652_x64.exe
2013-06-24 21:32 - 2013-06-24 21:32 - 00006256 _____ C:\Users\Tahsin\Downloads\Enzo  Tahsin Projekt.rar
2013-06-24 20:29 - 2013-06-24 20:29 - 00000000 _____ C:\Users\Tahsin\Desktop\Neues Textdokument.txt
2013-06-24 16:59 - 2013-06-24 16:59 - 12666892 _____ C:\Users\Tahsin\Downloads\gs907w32.exe
2013-06-24 16:59 - 2013-06-24 16:59 - 00000000 ____D C:\Program Files (x86)\gs

==================== One Month Modified Files and Folders =======

2013-07-24 19:49 - 2013-07-24 19:48 - 01779757 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64 (1).exe
2013-07-24 19:48 - 2013-07-21 11:49 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\PremiumCraft
2013-07-24 19:33 - 2013-06-27 19:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-24 19:04 - 2012-05-26 20:35 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-24 19:01 - 2012-07-26 21:17 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2912419440-2868778846-4110425731-1000UA.job
2013-07-24 18:46 - 2009-07-14 06:45 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-24 18:46 - 2009-07-14 06:45 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-24 18:38 - 2012-05-26 20:35 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-24 18:37 - 2012-11-10 13:09 - 00037798 _____ C:\Windows\setupact.log
2013-07-24 18:37 - 2011-10-28 00:03 - 01709948 _____ C:\Windows\WindowsUpdate.log
2013-07-24 18:37 - 2009-09-22 17:28 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-24 18:37 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-24 18:30 - 2013-07-24 18:03 - 00000000 ____D C:\ComboFix
2013-07-24 18:29 - 2013-07-24 18:01 - 00000000 ____D C:\Windows\erdnt
2013-07-24 18:29 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-24 18:23 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-24 18:21 - 2012-11-10 13:09 - 00235826 _____ C:\Windows\PFRO.log
2013-07-24 18:03 - 2013-07-24 18:01 - 00000000 ____D C:\Qoobox
2013-07-24 17:58 - 2013-07-24 17:58 - 00003590 _____ C:\Users\Tahsin\Desktop\JRT.txt
2013-07-24 17:46 - 2013-07-24 17:46 - 05092950 ____R (Swearware) C:\Users\Tahsin\Downloads\ComboFix.exe
2013-07-24 17:45 - 2013-07-24 17:45 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Tahsin\Downloads\JRT.exe
2013-07-24 17:45 - 2013-07-24 17:45 - 00000000 ____D C:\Windows\ERUNT
2013-07-24 17:41 - 2013-06-04 17:24 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-24 17:37 - 2013-07-24 17:37 - 00022193 _____ C:\AdwCleaner[S1].txt
2013-07-24 17:35 - 2013-07-24 17:35 - 00666633 _____ C:\Users\Tahsin\Downloads\adwcleaner.exe
2013-07-24 17:33 - 2013-07-24 17:33 - 00030511 _____ C:\Users\Tahsin\Downloads\Addition.txt
2013-07-24 17:31 - 2013-07-24 17:31 - 01779757 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64.exe
2013-07-24 17:31 - 2013-07-24 17:31 - 00000000 ____D C:\FRST
2013-07-24 17:26 - 2013-05-04 15:35 - 00004208 _____ C:\Windows\System32\Tasks\Software Updater
2013-07-24 17:26 - 2013-05-04 15:35 - 00004148 _____ C:\Windows\System32\Tasks\Software Updater Ui
2013-07-24 17:20 - 2013-07-24 17:20 - 00422944 _____ C:\Users\Tahsin\Downloads\PremiumCraft_2.1.0.1.rar
2013-07-24 13:18 - 2012-05-04 14:07 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Skype
2013-07-24 11:11 - 2013-07-24 11:11 - 00030998 _____ C:\Users\Tahsin\Downloads\emaaaails.txt
2013-07-24 09:31 - 2011-11-24 17:47 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Adobe
2013-07-23 21:01 - 2012-07-26 21:17 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2912419440-2868778846-4110425731-1000Core.job
2013-07-23 20:13 - 2011-11-12 12:58 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-23 19:31 - 2011-11-18 15:20 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-23 19:31 - 2011-11-18 14:49 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-23 19:31 - 2011-11-18 14:49 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-23 18:42 - 2011-10-28 00:09 - 00000000 ___RD C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-23 18:11 - 2012-01-18 15:18 - 00000000 ____D C:\Users\Tahsin\.gimp-2.6
2013-07-23 18:10 - 2013-07-23 18:10 - 00003361 _____ C:\Users\Tahsin\.recently-used.xbel
2013-07-23 18:10 - 2012-01-18 15:29 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\gtk-2.0
2013-07-23 18:10 - 2011-10-28 00:03 - 00000000 ____D C:\Users\Tahsin
2013-07-23 15:09 - 2013-07-23 15:00 - 00000000 ____D C:\Users\Tahsin\Desktop\Unbenannt
2013-07-23 14:57 - 2013-07-23 14:57 - 00000000 ____D C:\Users\Tahsin\Desktop\gr
2013-07-23 14:02 - 2013-07-23 14:02 - 19152896 _____ C:\Users\Tahsin\Desktop\AMF Bot Video.camrec
2013-07-23 14:01 - 2011-12-02 18:41 - 00007680 _____ C:\Users\Tahsin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-23 13:25 - 2013-07-23 13:25 - 00004333 _____ C:\Users\Tahsin\Downloads\AddmeFast IMacro Youtube.js
2013-07-23 11:37 - 2013-07-23 11:37 - 00023753 _____ C:\Users\Tahsin\Documents\Ihrlenkungsspezialist.odt
2013-07-23 03:10 - 2013-07-23 03:10 - 00586896 _____ C:\Users\Tahsin\Downloads\RE Retourenlabel zu Ihrer DHL Sendung 412668179.eml
2013-07-23 01:44 - 2013-07-23 01:44 - 00000000 ____D C:\Users\Tahsin\Desktop\2013-07 (Jul)
2013-07-23 01:42 - 2013-06-27 19:40 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-23 01:42 - 2013-06-27 19:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-23 01:42 - 2013-06-27 19:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-23 01:36 - 2013-07-23 01:36 - 00291744 _____ C:\Windows\Minidump\072313-18751-01.dmp
2013-07-23 01:36 - 2012-11-15 19:56 - 618175716 _____ C:\Windows\MEMORY.DMP
2013-07-23 01:36 - 2011-12-25 19:15 - 00000000 ____D C:\Windows\Minidump
2013-07-22 18:56 - 2013-05-30 17:13 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-07-22 17:30 - 2013-07-22 17:30 - 00000000 _____ C:\Users\Tahsin\Desktop\Neue Bitmap.bmp
2013-07-22 17:21 - 2013-07-22 17:21 - 00001060 _____ C:\Users\Tahsin\Documents\YouTube Like Treasures.txt
2013-07-22 16:24 - 2013-07-10 18:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Intermediate
2013-07-22 09:24 - 2013-07-22 09:24 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Snz
2013-07-21 19:34 - 2013-07-21 19:34 - 00018889 _____ C:\Users\Tahsin\Downloads\Grobold Font   dafont.com.htm
2013-07-21 19:34 - 2013-07-21 19:34 - 00000000 ____D C:\Users\Tahsin\Downloads\Grobold Font   dafont.com_files
2013-07-21 18:43 - 2013-07-21 18:43 - 00001278 _____ C:\Users\Tahsin\Downloads\addmefastbotfblikes.rar
2013-07-21 14:24 - 2013-07-21 14:24 - 00041618 _____ C:\Users\Tahsin\Desktop\Neues Textdokument (2).txt
2013-07-21 13:44 - 2013-07-21 13:44 - 00009272 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1 (1).rar
2013-07-21 13:17 - 2013-07-21 12:12 - 00221184 _____ (PremiumCraft) C:\Users\Tahsin\Desktop\PremiumCraft.exe
2013-07-21 11:48 - 2013-07-21 11:48 - 00422927 _____ C:\Users\Tahsin\Downloads\PremiumCraft_2.1.0.rar
2013-07-20 18:16 - 2013-07-20 18:16 - 00001168 _____ C:\Users\Tahsin\Desktop\iMacros Batch Sample.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00000874 _____ C:\Users\Tahsin\Desktop\Examples.lnk
2013-07-20 18:16 - 2013-07-19 16:16 - 00000000 ____D C:\Users\Tahsin\Documents\iMacros
2013-07-20 18:02 - 2013-07-20 18:02 - 32409360 _____ (iOpus                                                       ) C:\Users\Tahsin\Downloads\iMacros-Setup.exe
2013-07-20 18:02 - 2013-07-20 18:02 - 00269967 _____ C:\Users\Tahsin\Downloads\imacros_for_firefox-8.3.0-fx.xpi
2013-07-20 18:00 - 2013-07-20 17:59 - 49868140 _____ C:\Users\Tahsin\Downloads\iMacrosWikiOfflineVersion.zip
2013-07-20 16:32 - 2013-07-20 16:29 - 00003191 _____ C:\Users\Tahsin\Downloads\zp_facebook.zip
2013-07-20 14:31 - 2013-07-20 14:23 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-20 14:28 - 2013-07-20 14:28 - 00003506 _____ C:\Windows\System32\Tasks\DealPly
2013-07-20 14:28 - 2013-07-20 14:28 - 00000000 ____D C:\Program Files (x86)\iOpus
2013-07-20 14:27 - 2013-07-20 14:27 - 02026456 _____ C:\Users\Tahsin\Downloads\imacros.exe
2013-07-20 14:23 - 2013-07-20 14:23 - 31022640 _____ (Opera Software ASA) C:\Users\Tahsin\Downloads\Opera_15.0.1147.141_Setup.exe
2013-07-20 14:23 - 2013-07-20 14:23 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Opera Software
2013-07-20 14:23 - 2013-07-20 14:23 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Opera Software
2013-07-20 10:42 - 2013-07-20 10:00 - 00000000 ____D C:\Program Files\Easy-Hide-IP
2013-07-20 10:40 - 2013-07-20 10:39 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Steganos VPN
2013-07-20 10:39 - 2013-07-20 10:37 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Steganos
2013-07-20 10:37 - 2013-07-20 10:37 - 14696720 _____ (Steganos Software GmbH) C:\Users\Tahsin\Downloads\okayfreedomwr110.exe
2013-07-20 10:36 - 2013-07-20 10:00 - 00003520 _____ C:\Windows\SysWOW64\EasyRedirect.ini
2013-07-20 10:36 - 2013-07-20 10:00 - 00002040 _____ C:\Windows\SysWOW64\EasyRedirectOff.ini
2013-07-20 10:36 - 2013-07-20 10:00 - 00002040 _____ C:\Windows\system32\EasyRedirectOff.ini
2013-07-20 10:26 - 2013-07-20 10:02 - 00000000 ____D C:\ProgramData\notracks.com
2013-07-20 10:00 - 2013-07-20 10:00 - 06248752 _____ (EasyTech                                                    ) C:\Users\Tahsin\Downloads\easy-hide-ip-5.0.0.3.1.exe
2013-07-19 22:51 - 2013-07-19 22:51 - 00000584 _____ C:\Users\Tahsin\Downloads\AMF.12.Script.34.DADEX.rar
2013-07-19 17:22 - 2013-07-19 17:22 - 05835181 _____ C:\Users\Tahsin\Downloads\proxies.txt
2013-07-19 17:21 - 2013-07-19 17:21 - 00041618 _____ C:\Users\Tahsin\Downloads\proxy (1).txt
2013-07-19 17:20 - 2013-07-19 17:20 - 00041618 _____ C:\Users\Tahsin\Downloads\proxy.txt
2013-07-19 16:17 - 2013-07-19 16:17 - 00000279 _____ C:\Users\Tahsin\Downloads\YT-BOT-ADDMEFAST.iim
2013-07-19 15:42 - 2013-07-19 15:42 - 00009272 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1.rar
2013-07-19 11:09 - 2013-07-21 12:12 - 00475136 _____ C:\Users\Tahsin\Desktop\SharpCompress.dll
2013-07-19 05:19 - 2009-09-23 03:14 - 00698124 _____ C:\Windows\system32\perfh007.dat
2013-07-19 05:19 - 2009-09-23 03:14 - 00148820 _____ C:\Windows\system32\perfc007.dat
2013-07-19 05:19 - 2009-07-14 07:13 - 01616954 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-18 23:16 - 2012-11-16 17:18 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-18 09:57 - 2009-07-14 06:45 - 05063512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-18 09:56 - 2013-07-18 09:56 - 00291752 _____ C:\Windows\Minidump\071813-42588-01.dmp
2013-07-17 19:48 - 2011-11-12 12:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Origin
2013-07-17 19:48 - 2011-11-12 12:59 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Origin
2013-07-17 19:27 - 2011-10-28 00:08 - 00132576 _____ C:\Users\Tahsin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-17 18:38 - 2013-07-17 18:38 - 00017385 _____ C:\Users\Tahsin\Desktop\Quizfragen 22 Stück.ods
2013-07-17 18:02 - 2013-07-17 18:02 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\OpenOffice.org
2013-07-17 18:00 - 2013-07-17 18:00 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-07-17 17:59 - 2013-07-17 17:58 - 152249762 _____ C:\Users\Tahsin\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
2013-07-17 17:13 - 2013-04-30 15:36 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Spotify
2013-07-17 17:10 - 2013-04-30 15:36 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Spotify
2013-07-15 00:20 - 2013-07-15 00:20 - 00291744 _____ C:\Windows\Minidump\071513-45567-01.dmp
2013-07-15 00:09 - 2013-07-15 00:09 - 00020678 _____ C:\Users\Tahsin\Downloads\HesapHareketleri.do
2013-07-14 18:02 - 2012-02-10 17:15 - 00000132 _____ C:\Users\Tahsin\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-14 13:25 - 2013-07-14 13:25 - 00000956 _____ C:\Users\Tahsin\Desktop\Guild Wars 2.lnk
2013-07-13 11:06 - 2013-01-25 23:52 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 10:59 - 2012-05-26 20:35 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 10:59 - 2012-05-26 20:35 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 10:43 - 2013-07-13 10:43 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Tahsin\Downloads\Shockwave_Installer_Slim (2).exe
2013-07-13 10:43 - 2011-11-12 22:28 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-07-12 20:56 - 2012-07-26 21:17 - 00004096 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2912419440-2868778846-4110425731-1000UA
2013-07-12 20:56 - 2012-07-26 21:17 - 00003700 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2912419440-2868778846-4110425731-1000Core
2013-07-12 19:38 - 2013-07-12 19:38 - 00007684 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot.rar
2013-07-11 15:02 - 2013-07-11 15:01 - 00291744 _____ C:\Windows\Minidump\071113-41402-01.dmp
2013-07-11 09:04 - 2013-03-13 17:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 09:04 - 2013-03-13 17:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 09:04 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 09:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 09:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 02:38 - 2011-11-02 13:52 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 02:37 - 2012-06-04 18:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 21:33 - 2013-07-21 14:24 - 00020480 _____ C:\Users\Tahsin\Desktop\AddMeFastBot (Update 1).exe
2013-07-10 18:00 - 2013-07-10 18:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\SSync
2013-07-10 18:00 - 2013-07-10 18:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\SCheck
2013-07-10 18:00 - 2011-11-04 16:57 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Google
2013-07-10 18:00 - 2011-11-04 16:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\PiccShare
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Common
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Program Files (x86)\Axife Mouse Recorder DEMO
2013-07-10 17:58 - 2013-07-10 17:58 - 00393064 _____ (Softonic                                        ) C:\Users\Tahsin\Downloads\SoftonicDownloader_fuer_axife-mouse-recorder.exe
2013-07-10 17:58 - 2013-07-10 17:54 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2013-07-10 17:53 - 2013-07-10 17:53 - 00910736 _____ (ghost-mouse.com                                             ) C:\Users\Tahsin\Downloads\GhostMouse321-Setup.exe
2013-07-10 09:56 - 2011-10-28 11:51 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Mozilla
2013-07-05 17:39 - 2013-07-05 17:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-05 17:39 - 2012-05-04 14:06 - 00000000 ____D C:\ProgramData\Skype
2013-07-05 17:37 - 2013-07-05 17:37 - 31954536 _____ (Skype Technologies S.A.) C:\Users\Tahsin\Downloads\SkypeSetup66Full.exe
2013-07-05 17:36 - 2013-07-05 17:36 - 22716480 _____ (ArenaNet) C:\Users\Tahsin\Downloads\Gw2Setup.exe
2013-07-03 05:02 - 2012-01-04 05:23 - 00000000 ____D C:\ProgramData\Recovery
2013-07-02 21:05 - 2013-07-02 21:04 - 39358651 _____ C:\Users\Tahsin\Downloads\bg Raw File.rar
2013-07-02 19:59 - 2013-07-21 12:12 - 00150016 _____ (restsharp.org) C:\Users\Tahsin\Desktop\RestSharp.dll
2013-07-02 19:48 - 2013-07-02 19:48 - 00291744 _____ C:\Windows\Minidump\070213-15303-01.dmp
2013-07-01 19:04 - 2013-07-01 19:04 - 00057012 _____ C:\Users\Tahsin\Downloads\Rechnung zu Order-ID 3133899 -  304-3212191-5198757 vom 21.06.2013 182556.zip
2013-06-30 20:29 - 2013-06-30 20:28 - 00291744 _____ C:\Windows\Minidump\063013-36519-01.dmp
2013-06-30 18:17 - 2013-06-30 18:17 - 02596440 _____ (Sandboxie Holdings, LLC) C:\Users\Tahsin\Downloads\SandboxieInstall.exe
2013-06-30 17:57 - 2013-06-30 17:57 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2013-06-30 17:57 - 2013-06-30 17:57 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-06-30 10:58 - 2013-06-30 10:58 - 00167536 _____ () C:\Users\Tahsin\Downloads\OnlineWeatherSetup-3M80IlG.exe
2013-06-30 10:57 - 2013-06-30 10:57 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-0M6Elbp.exe
2013-06-30 10:56 - 2013-06-30 10:56 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-0ISfsny.exe
2013-06-30 10:54 - 2013-06-30 10:54 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-4NyfsgM.exe
2013-06-30 10:22 - 2011-10-28 11:22 - 00004996 _____ C:\Windows\System32\Tasks\PCDRScheduledMaintenance
2013-06-30 10:22 - 2011-10-28 11:22 - 00000552 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-06-28 16:21 - 2013-06-28 16:21 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-28 16:21 - 2013-06-28 16:21 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-06-28 16:21 - 2013-06-04 17:41 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-28 16:21 - 2013-06-04 17:41 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-28 16:21 - 2012-08-31 12:57 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-06-28 16:21 - 2012-08-31 12:57 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-06-28 16:21 - 2012-08-31 12:57 - 00000000 ____D C:\Program Files\Java
2013-06-28 16:19 - 2013-06-28 16:19 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-28 16:19 - 2013-06-28 16:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-28 16:19 - 2013-01-23 20:07 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-28 16:19 - 2013-01-23 20:07 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-28 16:19 - 2012-08-31 12:56 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-28 16:19 - 2011-11-12 00:21 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-28 16:17 - 2013-06-28 16:17 - 33150376 _____ (Oracle Corporation) C:\Users\Tahsin\Downloads\jre-7u25-windows-x64.exe
2013-06-28 16:17 - 2013-06-28 16:17 - 31714216 _____ (Oracle Corporation) C:\Users\Tahsin\Downloads\jre-7u25-windows-i586.exe
2013-06-28 15:37 - 2012-06-29 19:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Dropbox
2013-06-28 15:01 - 2012-06-29 19:01 - 00000000 ___RD C:\Users\Tahsin\Dropbox
2013-06-28 14:58 - 2012-12-24 20:01 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-06-28 14:57 - 2013-06-28 14:57 - 33578320 _____ (Dropbox, Inc.) C:\Users\Tahsin\Downloads\Dropbox 2.2.8.exe
2013-06-28 07:37 - 2013-06-28 07:37 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-28 07:37 - 2013-06-26 19:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-28 07:37 - 2013-06-26 19:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-28 07:37 - 2013-06-04 17:24 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-06-28 07:37 - 2013-06-04 17:24 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-06-28 07:37 - 2013-06-04 17:24 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-06-28 07:37 - 2011-11-12 13:04 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-06-27 19:19 - 2013-06-27 19:19 - 00814472 _____ (Adobe Systems Incorporated) C:\Users\Tahsin\Downloads\uninstall_flash_player.exe
2013-06-27 16:50 - 2013-06-27 16:50 - 00000000 ____D C:\Users\Public\Documents\sun
2013-06-27 16:49 - 2013-06-27 16:48 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4.0
2013-06-27 16:41 - 2013-06-27 16:39 - 192004096 _____ C:\Users\Tahsin\Downloads\LibreOffice_4.0.4_Win_x86.msi
2013-06-26 18:57 - 2012-04-27 17:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-26 13:21 - 2011-10-28 11:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-26 13:11 - 2013-06-26 13:06 - 00000680 _____ C:\Windows\LkmdfCoInst.log
2013-06-26 13:10 - 2013-06-26 13:06 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-06-26 13:10 - 2013-06-26 13:06 - 00000000 ____D C:\Users\Public\Documents\LogiShrd
2013-06-26 13:06 - 2013-06-26 13:06 - 00006871 _____ C:\Windows\LDPINST.LOG
2013-06-26 13:06 - 2013-06-26 13:06 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Logishrd
2013-06-26 13:06 - 2013-06-26 13:05 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2013-06-26 13:06 - 2013-01-03 14:16 - 00000000 ____D C:\ProgramData\LogiShrd
2013-06-26 13:06 - 2013-01-03 14:15 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Logitech
2013-06-26 13:05 - 2013-06-26 13:05 - 00000000 ____D C:\ProgramData\Logitech
2013-06-26 13:05 - 2013-06-26 13:05 - 00000000 ____D C:\Program Files\Logitech
2013-06-26 13:05 - 2013-01-03 14:15 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Logishrd
2013-06-26 13:04 - 2013-06-26 13:04 - 59248080 _____ (Logitech Inc.) C:\Users\Tahsin\Downloads\setpoint652_x64.exe
2013-06-25 19:53 - 2013-03-28 22:11 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2013-06-24 21:32 - 2013-06-24 21:32 - 00006256 _____ C:\Users\Tahsin\Downloads\Enzo  Tahsin Projekt.rar
2013-06-24 20:29 - 2013-06-24 20:29 - 00000000 _____ C:\Users\Tahsin\Desktop\Neues Textdokument.txt
2013-06-24 16:59 - 2013-06-24 16:59 - 12666892 _____ C:\Users\Tahsin\Downloads\gs907w32.exe
2013-06-24 16:59 - 2013-06-24 16:59 - 00000000 ____D C:\Program Files (x86)\gs

Files to move or delete:
====================
C:\ProgramData\ntuser.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-15 18:57

==================== End Of Log ============================
         
--- --- ---


JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Home Premium x64
Ran by Tahsin on 24.07.2013 at 17:45:24,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BAF60B34-BC2D-4D38-BF52-8D31949C6020}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Tahsin\appdata\local\{2E0345F2-AA31-4629-801E-87A4EBC170B4}
Successfully deleted: [Empty Folder] C:\Users\Tahsin\appdata\local\{307DEBF5-50CA-4555-868C-3FF9A99F7DAE}
Successfully deleted: [Empty Folder] C:\Users\Tahsin\appdata\local\{393B0942-9549-4D36-B07C-D99B0C9D01DB}
Successfully deleted: [Empty Folder] C:\Users\Tahsin\appdata\local\{507017DE-C850-4CD8-927F-B5242A835E33}
Successfully deleted: [Empty Folder] C:\Users\Tahsin\appdata\local\{57B665EA-247B-4ACA-B95D-0C3963E25CE9}
Successfully deleted: [Empty Folder] C:\Users\Tahsin\appdata\local\{5B4D3BFA-C58F-48B7-BC8E-E34A5565E6CF}
Successfully deleted: [Empty Folder] C:\Users\Tahsin\appdata\local\{7474984F-AEC3-4BF7-8592-0E6F01D92557}
Successfully deleted: [Empty Folder] C:\Users\Tahsin\appdata\local\{EC8D9FF5-1837-4191-9343-60557BA177A5}
Successfully deleted: [Empty Folder] C:\Users\Tahsin\appdata\local\{FAE4827A-F4EE-4920-8BDA-33F096E35050}
Successfully deleted: [Empty Folder] C:\Users\Tahsin\appdata\local\{FD62BD98-E034-43D2-A9EC-C8AE20D3D073}



~~~ FireFox

Successfully deleted: [File] C:\Users\Tahsin\AppData\Roaming\mozilla\firefox\profiles\5ruscmlq.default\invalidprefs.js
Successfully deleted the following from C:\Users\Tahsin\AppData\Roaming\mozilla\firefox\profiles\5ruscmlq.default\prefs.js

user_pref("om.config", "{\"active\":true,\"name\":\"twde\",\"id\":25,\"dispId\":\"CH-25\",\"aboutLink\":\"\",\"trackingGeneral\":true,\"gaAccount\":\"UA-39484183-1\",\"gaDomai
Emptied folder: C:\Users\Tahsin\AppData\Roaming\mozilla\firefox\profiles\5ruscmlq.default\minidumps [136 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.07.2013 at 17:58:36,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Vielen Dank für die Hilfe, und tut mir Leid für die späte Antwort
__________________

Alt 25.07.2013, 07:15   #4
schrauber
/// the machine
/// TB-Ausbilder
 

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen - Standard

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.07.2013, 11:33   #5
-Tahsin
 
FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen - Standard

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen



AdwCleaner
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 25/07/2013 um 12:25:07 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Tahsin - ÜCTAS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tahsin\Downloads\adwcleaner (1).exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Tahsin\AppData\Roaming\Mozilla\Firefox\Profiles\5ruscmlq.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Tahsin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [22193 octets] - [24/07/2013 17:37:03]
AdwCleaner[S2].txt - [941 octets] - [25/07/2013 12:25:07]

########## EOF - C:\AdwCleaner[S2].txt - [1000 octets] ##########
         
FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013
Ran by Tahsin (administrator) on 25-07-2013 12:31:15
Running from C:\Users\Tahsin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Spotify Ltd) C:\Users\Tahsin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Farbar) C:\Users\Tahsin\Downloads\FRST64 (2).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Tahsin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-15] (Spotify Ltd)
HKCU\...\Run: [SSync] - C:\Users\Tahsin\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [SCheck] - C:\Users\Tahsin\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [Snoozer] - C:\Users\Tahsin\AppData\Roaming\Snz\Snz.exe [1137673 2013-07-21] ()
HKCU\...\Run: [Intermediate] - C:\Users\Tahsin\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] - "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
ShortcutTarget: HDDHealth.lnk -> C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {BAF60B34-BC2D-4D38-BF52-8D31949C6020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: iMacros Browser Helper Object - {34D5A80A-992D-4F07-9509-66E9E133BAAF} - C:\Program Files (x86)\iOpus\iMacros\iMacrosBHO.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.71\npchrome_frame.dll (Google Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.71\npchrome_frame.dll (Google Inc.)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tahsin\AppData\Roaming\Mozilla\Firefox\Profiles\5ruscmlq.default
FF Keyword.URL: hxxp://www.google.de/search?q=
FF NetworkProxy: "ftp", "178.253.249.109"
FF NetworkProxy: "ftp_port", 6666
FF NetworkProxy: "http", "178.253.249.109"
FF NetworkProxy: "http_port", 6666
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "178.253.249.109"
FF NetworkProxy: "socks_port", 6666
FF NetworkProxy: "ssl", "178.253.249.109"
FF NetworkProxy: "ssl_port", 6666
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Tahsin\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tahsin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tahsin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Tahsin\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
FF Extension: iMacros for Firefox - C:\Users\Tahsin\AppData\Roaming\Mozilla\Firefox\Profiles\5ruscmlq.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF Extension: No Name - C:\Users\Tahsin\AppData\Roaming\Mozilla\Firefox\Profiles\5ruscmlq.default\Extensions\WTB_GLOBAL.sqlite
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (SOE Web Installer) - C:\Users\Tahsin\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Logitech SetPoint) - C:\Users\Tahsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0
CHR Extension: (AdBlock) - C:\Users\Tahsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Tahsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [315392 2005-03-04] (AVM Berlin)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-10-13] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP3\RpcAgentSrv.exe [95896 2009-03-28] (SiSoftware)

==================== Drivers (Whitelisted) ====================

R1 acedrv08; C:\Windows\system32\drivers\acedrv08.sys [133856 2012-08-22] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP3\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
S3 X6va005; \??\C:\Users\Tahsin\AppData\Local\Temp\005D1DF.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-25 12:30 - 2013-07-25 12:31 - 01779761 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64 (2).exe
2013-07-25 12:25 - 2013-07-25 12:25 - 00001069 _____ C:\AdwCleaner[S2].txt
2013-07-25 12:23 - 2013-07-25 12:24 - 00666633 _____ C:\Users\Tahsin\Downloads\adwcleaner (1).exe
2013-07-24 19:48 - 2013-07-24 19:49 - 01779757 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64 (1).exe
2013-07-24 18:03 - 2013-07-24 18:30 - 00000000 ____D C:\ComboFix
2013-07-24 18:03 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-24 18:03 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-24 18:03 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-24 18:03 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-24 18:03 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-24 18:03 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-24 18:03 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-24 18:03 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-24 18:01 - 2013-07-24 18:29 - 00000000 ____D C:\Windows\erdnt
2013-07-24 18:01 - 2013-07-24 18:03 - 00000000 ____D C:\Qoobox
2013-07-24 17:58 - 2013-07-24 17:58 - 00003590 _____ C:\Users\Tahsin\Desktop\JRT.txt
2013-07-24 17:46 - 2013-07-24 17:46 - 05092950 ____R (Swearware) C:\Users\Tahsin\Downloads\ComboFix.exe
2013-07-24 17:45 - 2013-07-24 17:45 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Tahsin\Downloads\JRT.exe
2013-07-24 17:45 - 2013-07-24 17:45 - 00000000 ____D C:\Windows\ERUNT
2013-07-24 17:37 - 2013-07-24 17:37 - 00022193 _____ C:\AdwCleaner[S1].txt
2013-07-24 17:35 - 2013-07-24 17:35 - 00666633 _____ C:\Users\Tahsin\Downloads\adwcleaner.exe
2013-07-24 17:33 - 2013-07-24 17:33 - 00030511 _____ C:\Users\Tahsin\Downloads\Addition.txt
2013-07-24 17:31 - 2013-07-24 17:31 - 01779757 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64.exe
2013-07-24 17:31 - 2013-07-24 17:31 - 00000000 ____D C:\FRST
2013-07-24 17:20 - 2013-07-24 17:20 - 00422944 _____ C:\Users\Tahsin\Downloads\PremiumCraft_2.1.0.1.rar
2013-07-24 11:11 - 2013-07-24 11:11 - 00030998 _____ C:\Users\Tahsin\Downloads\emaaaails.txt
2013-07-23 18:10 - 2013-07-23 18:10 - 00003361 _____ C:\Users\Tahsin\.recently-used.xbel
2013-07-23 15:00 - 2013-07-23 15:09 - 00000000 ____D C:\Users\Tahsin\Desktop\Unbenannt
2013-07-23 14:57 - 2013-07-23 14:57 - 00000000 ____D C:\Users\Tahsin\Desktop\gr
2013-07-23 14:02 - 2013-07-23 14:02 - 19152896 _____ C:\Users\Tahsin\Desktop\AMF Bot Video.camrec
2013-07-23 13:25 - 2013-07-23 13:25 - 00004333 _____ C:\Users\Tahsin\Downloads\AddmeFast IMacro Youtube.js
2013-07-23 11:37 - 2013-07-23 11:37 - 00023753 _____ C:\Users\Tahsin\Documents\Ihrlenkungsspezialist.odt
2013-07-23 03:10 - 2013-07-23 03:10 - 00586896 _____ C:\Users\Tahsin\Downloads\RE Retourenlabel zu Ihrer DHL Sendung 412668179.eml
2013-07-23 01:44 - 2013-07-25 00:30 - 00000000 ____D C:\Users\Tahsin\Desktop\2013-07 (Jul)
2013-07-23 01:36 - 2013-07-23 01:36 - 00291744 _____ C:\Windows\Minidump\072313-18751-01.dmp
2013-07-22 17:30 - 2013-07-22 17:30 - 00000000 _____ C:\Users\Tahsin\Desktop\Neue Bitmap.bmp
2013-07-22 17:21 - 2013-07-22 17:21 - 00001060 _____ C:\Users\Tahsin\Documents\YouTube Like Treasures.txt
2013-07-22 09:24 - 2013-07-22 09:24 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Snz
2013-07-21 19:34 - 2013-07-21 19:34 - 00018889 _____ C:\Users\Tahsin\Downloads\Grobold Font   dafont.com.htm
2013-07-21 19:34 - 2013-07-21 19:34 - 00000000 ____D C:\Users\Tahsin\Downloads\Grobold Font   dafont.com_files
2013-07-21 18:43 - 2013-07-21 18:43 - 00001278 _____ C:\Users\Tahsin\Downloads\addmefastbotfblikes.rar
2013-07-21 14:24 - 2013-07-21 14:24 - 00041618 _____ C:\Users\Tahsin\Desktop\Neues Textdokument (2).txt
2013-07-21 14:24 - 2013-07-10 21:33 - 00020480 _____ C:\Users\Tahsin\Desktop\AddMeFastBot (Update 1).exe
2013-07-21 13:44 - 2013-07-21 13:44 - 00009272 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1 (1).rar
2013-07-21 12:12 - 2013-07-21 13:17 - 00221184 _____ (PremiumCraft) C:\Users\Tahsin\Desktop\PremiumCraft.exe
2013-07-21 12:12 - 2013-07-19 11:09 - 00475136 _____ C:\Users\Tahsin\Desktop\SharpCompress.dll
2013-07-21 12:12 - 2013-07-02 19:59 - 00150016 _____ (restsharp.org) C:\Users\Tahsin\Desktop\RestSharp.dll
2013-07-21 11:49 - 2013-07-24 19:48 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\PremiumCraft
2013-07-21 11:48 - 2013-07-21 11:48 - 00422927 _____ C:\Users\Tahsin\Downloads\PremiumCraft_2.1.0.rar
2013-07-20 18:16 - 2013-07-20 18:16 - 00001168 _____ C:\Users\Tahsin\Desktop\iMacros Batch Sample.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00000874 _____ C:\Users\Tahsin\Desktop\Examples.lnk
2013-07-20 18:02 - 2013-07-20 18:02 - 32409360 _____ (iOpus                                                       ) C:\Users\Tahsin\Downloads\iMacros-Setup.exe
2013-07-20 18:02 - 2013-07-20 18:02 - 00269967 _____ C:\Users\Tahsin\Downloads\imacros_for_firefox-8.3.0-fx.xpi
2013-07-20 17:59 - 2013-07-20 18:00 - 49868140 _____ C:\Users\Tahsin\Downloads\iMacrosWikiOfflineVersion.zip
2013-07-20 16:29 - 2013-07-20 16:32 - 00003191 _____ C:\Users\Tahsin\Downloads\zp_facebook.zip
2013-07-20 14:28 - 2013-07-20 14:28 - 00003506 _____ C:\Windows\System32\Tasks\DealPly
2013-07-20 14:28 - 2013-07-20 14:28 - 00000000 ____D C:\Program Files (x86)\iOpus
2013-07-20 14:27 - 2013-07-20 14:27 - 02026456 _____ C:\Users\Tahsin\Downloads\imacros.exe
2013-07-20 14:23 - 2013-07-20 14:31 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-20 14:23 - 2013-07-20 14:23 - 31022640 _____ (Opera Software ASA) C:\Users\Tahsin\Downloads\Opera_15.0.1147.141_Setup.exe
2013-07-20 14:23 - 2013-07-20 14:23 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Opera Software
2013-07-20 14:23 - 2013-07-20 14:23 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Opera Software
2013-07-20 10:39 - 2013-07-20 10:40 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Steganos VPN
2013-07-20 10:37 - 2013-07-20 10:39 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Steganos
2013-07-20 10:37 - 2013-07-20 10:37 - 14696720 _____ (Steganos Software GmbH) C:\Users\Tahsin\Downloads\okayfreedomwr110.exe
2013-07-20 10:02 - 2013-07-20 10:26 - 00000000 ____D C:\ProgramData\notracks.com
2013-07-20 10:00 - 2013-07-20 10:42 - 00000000 ____D C:\Program Files\Easy-Hide-IP
2013-07-20 10:00 - 2013-07-20 10:36 - 00003520 _____ C:\Windows\SysWOW64\EasyRedirect.ini
2013-07-20 10:00 - 2013-07-20 10:36 - 00002040 _____ C:\Windows\SysWOW64\EasyRedirectOff.ini
2013-07-20 10:00 - 2013-07-20 10:36 - 00002040 _____ C:\Windows\system32\EasyRedirectOff.ini
2013-07-20 10:00 - 2013-07-20 10:00 - 06248752 _____ (EasyTech                                                    ) C:\Users\Tahsin\Downloads\easy-hide-ip-5.0.0.3.1.exe
2013-07-20 10:00 - 2012-11-22 15:10 - 00539984 _____ (EasyTech) C:\Windows\system32\EasyRedirect64.dll
2013-07-20 10:00 - 2012-11-22 15:10 - 00380240 _____ (EasyTech) C:\Windows\SysWOW64\EasyRedirect.dll
2013-07-19 22:51 - 2013-07-19 22:51 - 00000584 _____ C:\Users\Tahsin\Downloads\AMF.12.Script.34.DADEX.rar
2013-07-19 17:22 - 2013-07-19 17:22 - 05835181 _____ C:\Users\Tahsin\Downloads\proxies.txt
2013-07-19 17:21 - 2013-07-19 17:21 - 00041618 _____ C:\Users\Tahsin\Downloads\proxy (1).txt
2013-07-19 17:20 - 2013-07-19 17:20 - 00041618 _____ C:\Users\Tahsin\Downloads\proxy.txt
2013-07-19 16:17 - 2013-07-19 16:17 - 00000279 _____ C:\Users\Tahsin\Downloads\YT-BOT-ADDMEFAST.iim
2013-07-19 16:16 - 2013-07-20 18:16 - 00000000 ____D C:\Users\Tahsin\Documents\iMacros
2013-07-19 15:42 - 2013-07-19 15:42 - 00009272 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1.rar
2013-07-18 09:56 - 2013-07-18 09:56 - 00291752 _____ C:\Windows\Minidump\071813-42588-01.dmp
2013-07-17 18:38 - 2013-07-17 18:38 - 00017385 _____ C:\Users\Tahsin\Desktop\Quizfragen 22 Stück.ods
2013-07-17 18:02 - 2013-07-17 18:02 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\OpenOffice.org
2013-07-17 18:00 - 2013-07-17 18:00 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-07-17 17:58 - 2013-07-17 17:59 - 152249762 _____ C:\Users\Tahsin\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
2013-07-15 00:20 - 2013-07-15 00:20 - 00291744 _____ C:\Windows\Minidump\071513-45567-01.dmp
2013-07-15 00:09 - 2013-07-15 00:09 - 00020678 _____ C:\Users\Tahsin\Downloads\HesapHareketleri.do
2013-07-14 13:25 - 2013-07-14 13:25 - 00000956 _____ C:\Users\Tahsin\Desktop\Guild Wars 2.lnk
2013-07-13 10:43 - 2013-07-13 10:43 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Tahsin\Downloads\Shockwave_Installer_Slim (2).exe
2013-07-12 19:38 - 2013-07-12 19:38 - 00007684 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot.rar
2013-07-11 15:01 - 2013-07-11 15:02 - 00291744 _____ C:\Windows\Minidump\071113-41402-01.dmp
2013-07-11 02:36 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 02:36 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 02:36 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 02:36 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 02:36 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 02:36 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 02:36 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 02:36 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 02:36 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 18:00 - 2013-07-22 16:24 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Intermediate
2013-07-10 18:00 - 2013-07-10 18:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\SSync
2013-07-10 18:00 - 2013-07-10 18:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\SCheck
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\PiccShare
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Common
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Program Files (x86)\Axife Mouse Recorder DEMO
2013-07-10 17:58 - 2013-07-10 17:58 - 00393064 _____ (Softonic                                        ) C:\Users\Tahsin\Downloads\SoftonicDownloader_fuer_axife-mouse-recorder.exe
2013-07-10 17:54 - 2013-07-10 17:58 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2013-07-10 17:53 - 2013-07-10 17:53 - 00910736 _____ (ghost-mouse.com                                             ) C:\Users\Tahsin\Downloads\GhostMouse321-Setup.exe
2013-07-10 14:53 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 14:53 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 14:52 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 14:52 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 14:52 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 14:52 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 14:52 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-05 17:39 - 2013-07-05 17:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-05 17:37 - 2013-07-05 17:37 - 31954536 _____ (Skype Technologies S.A.) C:\Users\Tahsin\Downloads\SkypeSetup66Full.exe
2013-07-05 17:36 - 2013-07-05 17:36 - 22716480 _____ (ArenaNet) C:\Users\Tahsin\Downloads\Gw2Setup.exe
2013-07-02 21:04 - 2013-07-02 21:05 - 39358651 _____ C:\Users\Tahsin\Downloads\bg Raw File.rar
2013-07-02 19:48 - 2013-07-02 19:48 - 00291744 _____ C:\Windows\Minidump\070213-15303-01.dmp
2013-07-01 19:04 - 2013-07-01 19:04 - 00057012 _____ C:\Users\Tahsin\Downloads\Rechnung zu Order-ID 3133899 -  304-3212191-5198757 vom 21.06.2013 182556.zip
2013-06-30 20:28 - 2013-06-30 20:29 - 00291744 _____ C:\Windows\Minidump\063013-36519-01.dmp
2013-06-30 18:17 - 2013-06-30 18:17 - 02596440 _____ (Sandboxie Holdings, LLC) C:\Users\Tahsin\Downloads\SandboxieInstall.exe
2013-06-30 17:57 - 2013-06-30 17:57 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2013-06-30 17:57 - 2013-06-30 17:57 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-06-30 10:58 - 2013-06-30 10:58 - 00167536 _____ () C:\Users\Tahsin\Downloads\OnlineWeatherSetup-3M80IlG.exe
2013-06-30 10:57 - 2013-06-30 10:57 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-0M6Elbp.exe
2013-06-30 10:56 - 2013-06-30 10:56 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-0ISfsny.exe
2013-06-30 10:54 - 2013-06-30 10:54 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-4NyfsgM.exe
2013-06-28 16:21 - 2013-06-28 16:21 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-28 16:21 - 2013-06-28 16:21 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-06-28 16:19 - 2013-06-28 16:19 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-28 16:19 - 2013-06-28 16:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-28 16:17 - 2013-06-28 16:17 - 33150376 _____ (Oracle Corporation) C:\Users\Tahsin\Downloads\jre-7u25-windows-x64.exe
2013-06-28 16:17 - 2013-06-28 16:17 - 31714216 _____ (Oracle Corporation) C:\Users\Tahsin\Downloads\jre-7u25-windows-i586.exe
2013-06-28 14:57 - 2013-06-28 14:57 - 33578320 _____ (Dropbox, Inc.) C:\Users\Tahsin\Downloads\Dropbox 2.2.8.exe
2013-06-28 07:37 - 2013-06-28 07:37 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-27 19:40 - 2013-07-25 11:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-27 19:40 - 2013-07-23 01:42 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-27 19:40 - 2013-07-23 01:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-27 19:40 - 2013-07-23 01:42 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-27 19:19 - 2013-06-27 19:19 - 00814472 _____ (Adobe Systems Incorporated) C:\Users\Tahsin\Downloads\uninstall_flash_player.exe
2013-06-27 16:50 - 2013-06-27 16:50 - 00000000 ____D C:\Users\Public\Documents\sun
2013-06-27 16:48 - 2013-06-27 16:49 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4.0
2013-06-27 16:39 - 2013-06-27 16:41 - 192004096 _____ C:\Users\Tahsin\Downloads\LibreOffice_4.0.4_Win_x86.msi
2013-06-26 19:00 - 2013-06-28 07:37 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-26 19:00 - 2013-06-28 07:37 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-26 13:06 - 2013-06-26 13:11 - 00000680 _____ C:\Windows\LkmdfCoInst.log
2013-06-26 13:06 - 2013-06-26 13:10 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-06-26 13:06 - 2013-06-26 13:10 - 00000000 ____D C:\Users\Public\Documents\LogiShrd
2013-06-26 13:06 - 2013-06-26 13:06 - 00006871 _____ C:\Windows\LDPINST.LOG
2013-06-26 13:06 - 2013-06-26 13:06 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Logishrd
2013-06-26 13:05 - 2013-06-26 13:06 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2013-06-26 13:05 - 2013-06-26 13:05 - 00000000 ____D C:\ProgramData\Logitech
2013-06-26 13:05 - 2013-06-26 13:05 - 00000000 ____D C:\Program Files\Logitech
2013-06-26 13:04 - 2013-06-26 13:04 - 59248080 _____ (Logitech Inc.) C:\Users\Tahsin\Downloads\setpoint652_x64.exe

==================== One Month Modified Files and Folders =======

2013-07-25 12:31 - 2013-07-25 12:30 - 01779761 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64 (2).exe
2013-07-25 12:29 - 2013-06-04 17:24 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-25 12:28 - 2012-05-26 20:35 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-25 12:26 - 2012-11-10 13:09 - 00037854 _____ C:\Windows\setupact.log
2013-07-25 12:26 - 2009-09-22 17:28 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-25 12:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-25 12:25 - 2013-07-25 12:25 - 00001069 _____ C:\AdwCleaner[S2].txt
2013-07-25 12:25 - 2011-10-28 00:03 - 01763856 _____ C:\Windows\WindowsUpdate.log
2013-07-25 12:24 - 2013-07-25 12:23 - 00666633 _____ C:\Users\Tahsin\Downloads\adwcleaner (1).exe
2013-07-25 12:04 - 2012-05-26 20:35 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-25 12:01 - 2012-07-26 21:17 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2912419440-2868778846-4110425731-1000UA.job
2013-07-25 11:44 - 2013-06-27 19:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-25 02:00 - 2011-11-24 17:47 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Adobe
2013-07-25 00:30 - 2013-07-23 01:44 - 00000000 ____D C:\Users\Tahsin\Desktop\2013-07 (Jul)
2013-07-24 23:10 - 2012-07-26 21:17 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2912419440-2868778846-4110425731-1000Core.job
2013-07-24 19:49 - 2013-07-24 19:48 - 01779757 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64 (1).exe
2013-07-24 19:48 - 2013-07-21 11:49 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\PremiumCraft
2013-07-24 18:46 - 2009-07-14 06:45 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-24 18:46 - 2009-07-14 06:45 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-24 18:30 - 2013-07-24 18:03 - 00000000 ____D C:\ComboFix
2013-07-24 18:29 - 2013-07-24 18:01 - 00000000 ____D C:\Windows\erdnt
2013-07-24 18:29 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-24 18:23 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-07-24 18:21 - 2012-11-10 13:09 - 00235826 _____ C:\Windows\PFRO.log
2013-07-24 18:03 - 2013-07-24 18:01 - 00000000 ____D C:\Qoobox
2013-07-24 17:58 - 2013-07-24 17:58 - 00003590 _____ C:\Users\Tahsin\Desktop\JRT.txt
2013-07-24 17:46 - 2013-07-24 17:46 - 05092950 ____R (Swearware) C:\Users\Tahsin\Downloads\ComboFix.exe
2013-07-24 17:45 - 2013-07-24 17:45 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Tahsin\Downloads\JRT.exe
2013-07-24 17:45 - 2013-07-24 17:45 - 00000000 ____D C:\Windows\ERUNT
2013-07-24 17:37 - 2013-07-24 17:37 - 00022193 _____ C:\AdwCleaner[S1].txt
2013-07-24 17:35 - 2013-07-24 17:35 - 00666633 _____ C:\Users\Tahsin\Downloads\adwcleaner.exe
2013-07-24 17:33 - 2013-07-24 17:33 - 00030511 _____ C:\Users\Tahsin\Downloads\Addition.txt
2013-07-24 17:31 - 2013-07-24 17:31 - 01779757 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64.exe
2013-07-24 17:31 - 2013-07-24 17:31 - 00000000 ____D C:\FRST
2013-07-24 17:26 - 2013-05-04 15:35 - 00004208 _____ C:\Windows\System32\Tasks\Software Updater
2013-07-24 17:26 - 2013-05-04 15:35 - 00004148 _____ C:\Windows\System32\Tasks\Software Updater Ui
2013-07-24 17:20 - 2013-07-24 17:20 - 00422944 _____ C:\Users\Tahsin\Downloads\PremiumCraft_2.1.0.1.rar
2013-07-24 13:18 - 2012-05-04 14:07 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Skype
2013-07-24 11:11 - 2013-07-24 11:11 - 00030998 _____ C:\Users\Tahsin\Downloads\emaaaails.txt
2013-07-23 20:13 - 2011-11-12 12:58 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-23 19:31 - 2011-11-18 15:20 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-23 19:31 - 2011-11-18 14:49 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-23 19:31 - 2011-11-18 14:49 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-23 18:42 - 2011-10-28 00:09 - 00000000 ___RD C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-23 18:11 - 2012-01-18 15:18 - 00000000 ____D C:\Users\Tahsin\.gimp-2.6
2013-07-23 18:10 - 2013-07-23 18:10 - 00003361 _____ C:\Users\Tahsin\.recently-used.xbel
2013-07-23 18:10 - 2012-01-18 15:29 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\gtk-2.0
2013-07-23 18:10 - 2011-10-28 00:03 - 00000000 ____D C:\Users\Tahsin
2013-07-23 15:09 - 2013-07-23 15:00 - 00000000 ____D C:\Users\Tahsin\Desktop\Unbenannt
2013-07-23 14:57 - 2013-07-23 14:57 - 00000000 ____D C:\Users\Tahsin\Desktop\gr
2013-07-23 14:02 - 2013-07-23 14:02 - 19152896 _____ C:\Users\Tahsin\Desktop\AMF Bot Video.camrec
2013-07-23 14:01 - 2011-12-02 18:41 - 00007680 _____ C:\Users\Tahsin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-23 13:25 - 2013-07-23 13:25 - 00004333 _____ C:\Users\Tahsin\Downloads\AddmeFast IMacro Youtube.js
2013-07-23 11:37 - 2013-07-23 11:37 - 00023753 _____ C:\Users\Tahsin\Documents\Ihrlenkungsspezialist.odt
2013-07-23 03:10 - 2013-07-23 03:10 - 00586896 _____ C:\Users\Tahsin\Downloads\RE Retourenlabel zu Ihrer DHL Sendung 412668179.eml
2013-07-23 01:42 - 2013-06-27 19:40 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-23 01:42 - 2013-06-27 19:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-23 01:42 - 2013-06-27 19:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-23 01:36 - 2013-07-23 01:36 - 00291744 _____ C:\Windows\Minidump\072313-18751-01.dmp
2013-07-23 01:36 - 2012-11-15 19:56 - 618175716 _____ C:\Windows\MEMORY.DMP
2013-07-23 01:36 - 2011-12-25 19:15 - 00000000 ____D C:\Windows\Minidump
2013-07-22 18:56 - 2013-05-30 17:13 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-07-22 17:30 - 2013-07-22 17:30 - 00000000 _____ C:\Users\Tahsin\Desktop\Neue Bitmap.bmp
2013-07-22 17:21 - 2013-07-22 17:21 - 00001060 _____ C:\Users\Tahsin\Documents\YouTube Like Treasures.txt
2013-07-22 16:24 - 2013-07-10 18:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Intermediate
2013-07-22 09:24 - 2013-07-22 09:24 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Snz
2013-07-21 19:34 - 2013-07-21 19:34 - 00018889 _____ C:\Users\Tahsin\Downloads\Grobold Font   dafont.com.htm
2013-07-21 19:34 - 2013-07-21 19:34 - 00000000 ____D C:\Users\Tahsin\Downloads\Grobold Font   dafont.com_files
2013-07-21 18:43 - 2013-07-21 18:43 - 00001278 _____ C:\Users\Tahsin\Downloads\addmefastbotfblikes.rar
2013-07-21 14:24 - 2013-07-21 14:24 - 00041618 _____ C:\Users\Tahsin\Desktop\Neues Textdokument (2).txt
2013-07-21 13:44 - 2013-07-21 13:44 - 00009272 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1 (1).rar
2013-07-21 13:17 - 2013-07-21 12:12 - 00221184 _____ (PremiumCraft) C:\Users\Tahsin\Desktop\PremiumCraft.exe
2013-07-21 11:48 - 2013-07-21 11:48 - 00422927 _____ C:\Users\Tahsin\Downloads\PremiumCraft_2.1.0.rar
2013-07-20 18:16 - 2013-07-20 18:16 - 00001168 _____ C:\Users\Tahsin\Desktop\iMacros Batch Sample.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00000874 _____ C:\Users\Tahsin\Desktop\Examples.lnk
2013-07-20 18:16 - 2013-07-19 16:16 - 00000000 ____D C:\Users\Tahsin\Documents\iMacros
2013-07-20 18:02 - 2013-07-20 18:02 - 32409360 _____ (iOpus                                                       ) C:\Users\Tahsin\Downloads\iMacros-Setup.exe
2013-07-20 18:02 - 2013-07-20 18:02 - 00269967 _____ C:\Users\Tahsin\Downloads\imacros_for_firefox-8.3.0-fx.xpi
2013-07-20 18:00 - 2013-07-20 17:59 - 49868140 _____ C:\Users\Tahsin\Downloads\iMacrosWikiOfflineVersion.zip
2013-07-20 16:32 - 2013-07-20 16:29 - 00003191 _____ C:\Users\Tahsin\Downloads\zp_facebook.zip
2013-07-20 14:31 - 2013-07-20 14:23 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-20 14:28 - 2013-07-20 14:28 - 00003506 _____ C:\Windows\System32\Tasks\DealPly
2013-07-20 14:28 - 2013-07-20 14:28 - 00000000 ____D C:\Program Files (x86)\iOpus
2013-07-20 14:27 - 2013-07-20 14:27 - 02026456 _____ C:\Users\Tahsin\Downloads\imacros.exe
2013-07-20 14:23 - 2013-07-20 14:23 - 31022640 _____ (Opera Software ASA) C:\Users\Tahsin\Downloads\Opera_15.0.1147.141_Setup.exe
2013-07-20 14:23 - 2013-07-20 14:23 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Opera Software
2013-07-20 14:23 - 2013-07-20 14:23 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Opera Software
2013-07-20 10:42 - 2013-07-20 10:00 - 00000000 ____D C:\Program Files\Easy-Hide-IP
2013-07-20 10:40 - 2013-07-20 10:39 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Steganos VPN
2013-07-20 10:39 - 2013-07-20 10:37 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Steganos
2013-07-20 10:37 - 2013-07-20 10:37 - 14696720 _____ (Steganos Software GmbH) C:\Users\Tahsin\Downloads\okayfreedomwr110.exe
2013-07-20 10:36 - 2013-07-20 10:00 - 00003520 _____ C:\Windows\SysWOW64\EasyRedirect.ini
2013-07-20 10:36 - 2013-07-20 10:00 - 00002040 _____ C:\Windows\SysWOW64\EasyRedirectOff.ini
2013-07-20 10:36 - 2013-07-20 10:00 - 00002040 _____ C:\Windows\system32\EasyRedirectOff.ini
2013-07-20 10:26 - 2013-07-20 10:02 - 00000000 ____D C:\ProgramData\notracks.com
2013-07-20 10:00 - 2013-07-20 10:00 - 06248752 _____ (EasyTech                                                    ) C:\Users\Tahsin\Downloads\easy-hide-ip-5.0.0.3.1.exe
2013-07-19 22:51 - 2013-07-19 22:51 - 00000584 _____ C:\Users\Tahsin\Downloads\AMF.12.Script.34.DADEX.rar
2013-07-19 17:22 - 2013-07-19 17:22 - 05835181 _____ C:\Users\Tahsin\Downloads\proxies.txt
2013-07-19 17:21 - 2013-07-19 17:21 - 00041618 _____ C:\Users\Tahsin\Downloads\proxy (1).txt
2013-07-19 17:20 - 2013-07-19 17:20 - 00041618 _____ C:\Users\Tahsin\Downloads\proxy.txt
2013-07-19 16:17 - 2013-07-19 16:17 - 00000279 _____ C:\Users\Tahsin\Downloads\YT-BOT-ADDMEFAST.iim
2013-07-19 15:42 - 2013-07-19 15:42 - 00009272 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1.rar
2013-07-19 11:09 - 2013-07-21 12:12 - 00475136 _____ C:\Users\Tahsin\Desktop\SharpCompress.dll
2013-07-19 05:19 - 2009-09-23 03:14 - 00698124 _____ C:\Windows\system32\perfh007.dat
2013-07-19 05:19 - 2009-09-23 03:14 - 00148820 _____ C:\Windows\system32\perfc007.dat
2013-07-19 05:19 - 2009-07-14 07:13 - 01616954 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-18 23:16 - 2012-11-16 17:18 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-18 09:57 - 2009-07-14 06:45 - 05063512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-18 09:56 - 2013-07-18 09:56 - 00291752 _____ C:\Windows\Minidump\071813-42588-01.dmp
2013-07-17 19:48 - 2011-11-12 12:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Origin
2013-07-17 19:48 - 2011-11-12 12:59 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Origin
2013-07-17 19:27 - 2011-10-28 00:08 - 00132576 _____ C:\Users\Tahsin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-17 18:38 - 2013-07-17 18:38 - 00017385 _____ C:\Users\Tahsin\Desktop\Quizfragen 22 Stück.ods
2013-07-17 18:02 - 2013-07-17 18:02 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\OpenOffice.org
2013-07-17 18:00 - 2013-07-17 18:00 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-07-17 17:59 - 2013-07-17 17:58 - 152249762 _____ C:\Users\Tahsin\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
2013-07-17 17:13 - 2013-04-30 15:36 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Spotify
2013-07-17 17:10 - 2013-04-30 15:36 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Spotify
2013-07-15 00:20 - 2013-07-15 00:20 - 00291744 _____ C:\Windows\Minidump\071513-45567-01.dmp
2013-07-15 00:09 - 2013-07-15 00:09 - 00020678 _____ C:\Users\Tahsin\Downloads\HesapHareketleri.do
2013-07-14 18:02 - 2012-02-10 17:15 - 00000132 _____ C:\Users\Tahsin\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-14 13:25 - 2013-07-14 13:25 - 00000956 _____ C:\Users\Tahsin\Desktop\Guild Wars 2.lnk
2013-07-13 11:06 - 2013-01-25 23:52 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 10:59 - 2012-05-26 20:35 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 10:59 - 2012-05-26 20:35 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 10:43 - 2013-07-13 10:43 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Tahsin\Downloads\Shockwave_Installer_Slim (2).exe
2013-07-13 10:43 - 2011-11-12 22:28 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-07-12 20:56 - 2012-07-26 21:17 - 00004096 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2912419440-2868778846-4110425731-1000UA
2013-07-12 20:56 - 2012-07-26 21:17 - 00003700 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2912419440-2868778846-4110425731-1000Core
2013-07-12 19:38 - 2013-07-12 19:38 - 00007684 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot.rar
2013-07-11 15:02 - 2013-07-11 15:01 - 00291744 _____ C:\Windows\Minidump\071113-41402-01.dmp
2013-07-11 09:04 - 2013-03-13 17:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 09:04 - 2013-03-13 17:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 09:04 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 09:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 09:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 02:38 - 2011-11-02 13:52 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 02:37 - 2012-06-04 18:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 21:33 - 2013-07-21 14:24 - 00020480 _____ C:\Users\Tahsin\Desktop\AddMeFastBot (Update 1).exe
2013-07-10 18:00 - 2013-07-10 18:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\SSync
2013-07-10 18:00 - 2013-07-10 18:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\SCheck
2013-07-10 18:00 - 2011-11-04 16:57 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Google
2013-07-10 18:00 - 2011-11-04 16:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\PiccShare
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Common
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Program Files (x86)\Axife Mouse Recorder DEMO
2013-07-10 17:58 - 2013-07-10 17:58 - 00393064 _____ (Softonic                                        ) C:\Users\Tahsin\Downloads\SoftonicDownloader_fuer_axife-mouse-recorder.exe
2013-07-10 17:58 - 2013-07-10 17:54 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2013-07-10 17:53 - 2013-07-10 17:53 - 00910736 _____ (ghost-mouse.com                                             ) C:\Users\Tahsin\Downloads\GhostMouse321-Setup.exe
2013-07-10 09:56 - 2011-10-28 11:51 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Mozilla
2013-07-05 17:39 - 2013-07-05 17:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-05 17:39 - 2012-05-04 14:06 - 00000000 ____D C:\ProgramData\Skype
2013-07-05 17:37 - 2013-07-05 17:37 - 31954536 _____ (Skype Technologies S.A.) C:\Users\Tahsin\Downloads\SkypeSetup66Full.exe
2013-07-05 17:36 - 2013-07-05 17:36 - 22716480 _____ (ArenaNet) C:\Users\Tahsin\Downloads\Gw2Setup.exe
2013-07-03 05:02 - 2012-01-04 05:23 - 00000000 ____D C:\ProgramData\Recovery
2013-07-02 21:05 - 2013-07-02 21:04 - 39358651 _____ C:\Users\Tahsin\Downloads\bg Raw File.rar
2013-07-02 19:59 - 2013-07-21 12:12 - 00150016 _____ (restsharp.org) C:\Users\Tahsin\Desktop\RestSharp.dll
2013-07-02 19:48 - 2013-07-02 19:48 - 00291744 _____ C:\Windows\Minidump\070213-15303-01.dmp
2013-07-01 19:04 - 2013-07-01 19:04 - 00057012 _____ C:\Users\Tahsin\Downloads\Rechnung zu Order-ID 3133899 -  304-3212191-5198757 vom 21.06.2013 182556.zip
2013-06-30 20:29 - 2013-06-30 20:28 - 00291744 _____ C:\Windows\Minidump\063013-36519-01.dmp
2013-06-30 18:17 - 2013-06-30 18:17 - 02596440 _____ (Sandboxie Holdings, LLC) C:\Users\Tahsin\Downloads\SandboxieInstall.exe
2013-06-30 17:57 - 2013-06-30 17:57 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2013-06-30 17:57 - 2013-06-30 17:57 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-06-30 10:58 - 2013-06-30 10:58 - 00167536 _____ () C:\Users\Tahsin\Downloads\OnlineWeatherSetup-3M80IlG.exe
2013-06-30 10:57 - 2013-06-30 10:57 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-0M6Elbp.exe
2013-06-30 10:56 - 2013-06-30 10:56 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-0ISfsny.exe
2013-06-30 10:54 - 2013-06-30 10:54 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-4NyfsgM.exe
2013-06-30 10:22 - 2011-10-28 11:22 - 00004996 _____ C:\Windows\System32\Tasks\PCDRScheduledMaintenance
2013-06-30 10:22 - 2011-10-28 11:22 - 00000552 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-06-28 16:21 - 2013-06-28 16:21 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-28 16:21 - 2013-06-28 16:21 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-06-28 16:21 - 2013-06-04 17:41 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-28 16:21 - 2013-06-04 17:41 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-28 16:21 - 2012-08-31 12:57 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-06-28 16:21 - 2012-08-31 12:57 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-06-28 16:21 - 2012-08-31 12:57 - 00000000 ____D C:\Program Files\Java
2013-06-28 16:19 - 2013-06-28 16:19 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-28 16:19 - 2013-06-28 16:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-28 16:19 - 2013-01-23 20:07 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-28 16:19 - 2013-01-23 20:07 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-28 16:19 - 2012-08-31 12:56 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-28 16:19 - 2011-11-12 00:21 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-28 16:17 - 2013-06-28 16:17 - 33150376 _____ (Oracle Corporation) C:\Users\Tahsin\Downloads\jre-7u25-windows-x64.exe
2013-06-28 16:17 - 2013-06-28 16:17 - 31714216 _____ (Oracle Corporation) C:\Users\Tahsin\Downloads\jre-7u25-windows-i586.exe
2013-06-28 15:37 - 2012-06-29 19:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Dropbox
2013-06-28 15:01 - 2012-06-29 19:01 - 00000000 ___RD C:\Users\Tahsin\Dropbox
2013-06-28 14:58 - 2012-12-24 20:01 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-06-28 14:57 - 2013-06-28 14:57 - 33578320 _____ (Dropbox, Inc.) C:\Users\Tahsin\Downloads\Dropbox 2.2.8.exe
2013-06-28 07:37 - 2013-06-28 07:37 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-28 07:37 - 2013-06-26 19:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-28 07:37 - 2013-06-26 19:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-28 07:37 - 2013-06-04 17:24 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-06-28 07:37 - 2013-06-04 17:24 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-06-28 07:37 - 2013-06-04 17:24 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-06-28 07:37 - 2011-11-12 13:04 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-06-27 19:19 - 2013-06-27 19:19 - 00814472 _____ (Adobe Systems Incorporated) C:\Users\Tahsin\Downloads\uninstall_flash_player.exe
2013-06-27 16:50 - 2013-06-27 16:50 - 00000000 ____D C:\Users\Public\Documents\sun
2013-06-27 16:49 - 2013-06-27 16:48 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4.0
2013-06-27 16:41 - 2013-06-27 16:39 - 192004096 _____ C:\Users\Tahsin\Downloads\LibreOffice_4.0.4_Win_x86.msi
2013-06-26 18:57 - 2012-04-27 17:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-26 13:21 - 2011-10-28 11:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-26 13:11 - 2013-06-26 13:06 - 00000680 _____ C:\Windows\LkmdfCoInst.log
2013-06-26 13:10 - 2013-06-26 13:06 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-06-26 13:10 - 2013-06-26 13:06 - 00000000 ____D C:\Users\Public\Documents\LogiShrd
2013-06-26 13:06 - 2013-06-26 13:06 - 00006871 _____ C:\Windows\LDPINST.LOG
2013-06-26 13:06 - 2013-06-26 13:06 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Logishrd
2013-06-26 13:06 - 2013-06-26 13:05 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2013-06-26 13:06 - 2013-01-03 14:16 - 00000000 ____D C:\ProgramData\LogiShrd
2013-06-26 13:06 - 2013-01-03 14:15 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Logitech
2013-06-26 13:05 - 2013-06-26 13:05 - 00000000 ____D C:\ProgramData\Logitech
2013-06-26 13:05 - 2013-06-26 13:05 - 00000000 ____D C:\Program Files\Logitech
2013-06-26 13:05 - 2013-01-03 14:15 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Logishrd
2013-06-26 13:04 - 2013-06-26 13:04 - 59248080 _____ (Logitech Inc.) C:\Users\Tahsin\Downloads\setpoint652_x64.exe
2013-06-25 19:53 - 2013-03-28 22:11 - 00000000 ____D C:\Program Files (x86)\StarCraft II

Files to move or delete:
====================
C:\ProgramData\ntuser.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-15 18:57

==================== End Of Log ============================
         
--- --- ---


Alt 25.07.2013, 14:35   #6
schrauber
/// the machine
/// TB-Ausbilder
 

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen - Standard

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
--> FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen

Alt 25.07.2013, 18:56   #7
-Tahsin
 
FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen - Unglücklich

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen



Lasse ESET jetzt seit über 'ner Stunde durchlaufen. Seit ner langen Zeit hängt er bei 31%. Alle anderen Anzeigen laufen.
Ist das normal, oder sollte ich ihn nochmal neustarten ?

Grüße

Alt 26.07.2013, 09:10   #8
schrauber
/// the machine
/// TB-Ausbilder
 

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen - Standard

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen



Normal, der Scan kann gerne mehrere Stunden dauern.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.07.2013, 09:43   #9
-Tahsin
 
FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen - Standard

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen



LOG.txt

Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0cdd485e3587d34fb9f8b9d7825a7097
# engine=14530
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-26 01:47:19
# local_time=2013-07-26 03:47:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 1258061 151513111 0 0
# compatibility_mode=5893 16776573 100 94 55295 126433089 0 0
# scanned=459243
# found=1
# cleaned=0
# scan_time=33087
sh=F4DC05599113DDA691DD1AB7A3EE197D7A000752 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="C:\Users\Tahsin\Downloads\[RevelatioN]Name Changer-Injector Fixed.rar"
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0cdd485e3587d34fb9f8b9d7825a7097
# engine=14530
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-26 02:19:38
# local_time=2013-07-26 04:19:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 1303200 151558250 0 0
# compatibility_mode=5893 16776573 100 94 24894 126478228 0 0
# scanned=393600
# found=1
# cleaned=0
# scan_time=20950
sh=F4DC05599113DDA691DD1AB7A3EE197D7A000752 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="C:\Users\Tahsin\Downloads\[RevelatioN]Name Changer-Injector Fixed.rar"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ec63fd7ebe179440865a49c2ada27996
# engine=14545
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-27 04:06:27
# local_time=2013-07-27 06:06:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 1352809 151607859 0 0
# compatibility_mode=5893 16776574 100 82 48882 126527837 0 0
# scanned=460975
# found=3
# cleaned=0
# scan_time=23209
sh=4EB4F3F26522EDAF591A23AD83CAA548122929E5 ft=1 fh=43f4ce582e9bb6e8 vn="multiple threats" ac=I fn="C:\Users\Tahsin\AppData\Local\Temp\is2036094744\FindLyrics.exe"
sh=DA602313EC344E31F340105C29DF699267F73B84 ft=1 fh=34999f3f19837452 vn="multiple threats" ac=I fn="C:\Users\Tahsin\AppData\Local\Temp\is2036094744\yontoo-C4.exe"
sh=F4DC05599113DDA691DD1AB7A3EE197D7A000752 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="C:\Users\Tahsin\Downloads\[RevelatioN]Name Changer-Injector Fixed.rar"
Checkup.txt
Zitat:
Results of screen317's Security Check version 0.99.70
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Java(TM) 6 Update 45
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Adobe Reader XI
Mozilla Firefox (22.0)
Google Chrome 28.0.1500.71
Google Chrome 28.0.1500.72
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-07-2013
Ran by Tahsin (administrator) on 27-07-2013 10:41:55
Running from C:\Users\Tahsin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Spotify Ltd) C:\Users\Tahsin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\HPWUCli.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Tahsin\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Tahsin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-15] (Spotify Ltd)
HKCU\...\Run: [Google Update] - C:\Users\Tahsin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-12] (Google Inc.)
HKCU\...\Run: [SCheck] - C:\Users\Tahsin\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [SSync] - C:\Users\Tahsin\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [Intermediate] - C:\Users\Tahsin\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
MountPoints2: {7f33953d-96a3-11e1-aa67-4061860de3de} - J:\preinst.exe
HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
IMEO\taskmgr.exe: [Debugger] "C:\USERS\TAHSIN\DOCUMENTS\PROCEXP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
ShortcutTarget: HDDHealth.lnk -> C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {BAF60B34-BC2D-4D38-BF52-8D31949C6020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 - {BAF60B34-BC2D-4D38-BF52-8D31949C6020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKCU - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: iMacros Browser Helper Object - {34D5A80A-992D-4F07-9509-66E9E133BAAF} - C:\Program Files (x86)\iOpus\iMacros\iMacrosBHO.dll ()
BHO-x32: PiccShare BHO - {553318DA-D010-469E-84B1-496563CAE1C0} - C:\Users\Tahsin\AppData\Local\ext_piccshare\ext_piccshare.dll (HTTO Group, Ltd)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.71\npchrome_frame.dll (Google Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.71\npchrome_frame.dll (Google Inc.)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tahsin\AppData\Roaming\Mozilla\Firefox\Profiles\5ruscmlq.default
FF Keyword.URL: hxxp://www.google.de/search?q=
FF NetworkProxy: "ftp", "178.253.249.109"
FF NetworkProxy: "ftp_port", 6666
FF NetworkProxy: "http", "178.253.249.109"
FF NetworkProxy: "http_port", 6666
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "178.253.249.109"
FF NetworkProxy: "socks_port", 6666
FF NetworkProxy: "ssl", "178.253.249.109"
FF NetworkProxy: "ssl_port", 6666
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Tahsin\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tahsin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tahsin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Tahsin\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
FF Extension: iMacros for Firefox - C:\Users\Tahsin\AppData\Roaming\Mozilla\Firefox\Profiles\5ruscmlq.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF Extension: No Name - C:\Users\Tahsin\AppData\Roaming\Mozilla\Firefox\Profiles\5ruscmlq.default\Extensions\WTB_GLOBAL.sqlite
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (SOE Web Installer) - C:\Users\Tahsin\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Logitech SetPoint) - C:\Users\Tahsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0
CHR Extension: (AdBlock) - C:\Users\Tahsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.3_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Tahsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-09] (BitRaider, LLC)
S3 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [315392 2005-03-04] (AVM Berlin)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-10-13] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP3\RpcAgentSrv.exe [95896 2009-03-28] (SiSoftware)

==================== Drivers (Whitelisted) ====================

R1 acedrv08; C:\Windows\system32\drivers\acedrv08.sys [133856 2012-08-22] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP3\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
S3 X6va005; \??\C:\Users\Tahsin\AppData\Local\Temp\005D1DF.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-27 10:41 - 2013-07-27 10:41 - 01780407 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64 (1).exe
2013-07-26 23:38 - 2013-07-26 23:38 - 02347384 _____ (ESET) C:\Users\Tahsin\Downloads\esetsmartinstaller_enu.exe
2013-07-26 23:26 - 2013-07-26 23:26 - 00891062 _____ C:\Users\Tahsin\Downloads\SecurityCheck.exe
2013-07-26 23:16 - 2013-07-26 23:16 - 00666633 _____ C:\Users\Tahsin\Downloads\adwcleaner.exe
2013-07-26 23:13 - 2013-07-26 23:13 - 00003130 _____ C:\Windows\System32\Tasks\{FB9CFFB8-C159-48DB-80B7-63EEBDBE3EAA}
2013-07-26 21:32 - 2013-07-26 21:32 - 01780233 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64.exe
2013-07-26 16:37 - 2013-07-26 16:37 - 00001924 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-26 00:34 - 2013-07-26 01:09 - 00000000 ____D C:\Users\Tahsin\Desktop\VW
2013-07-25 18:33 - 2013-07-25 18:33 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-25 12:25 - 2013-07-25 12:25 - 00001069 _____ C:\AdwCleaner[S2].txt
2013-07-24 18:03 - 2013-07-26 16:31 - 00000000 ____D C:\ComboFix
2013-07-24 18:01 - 2013-07-26 16:31 - 00000000 ____D C:\Windows\erdnt
2013-07-24 18:01 - 2013-07-24 18:03 - 00000000 ____D C:\Qoobox
2013-07-24 17:58 - 2013-07-24 17:58 - 00003590 _____ C:\Users\Tahsin\Desktop\JRT.txt
2013-07-24 17:45 - 2013-07-26 16:31 - 00000000 ____D C:\Windows\ERUNT
2013-07-24 17:33 - 2013-07-24 17:33 - 00030511 _____ C:\Users\Tahsin\Downloads\Addition.txt
2013-07-24 17:31 - 2013-07-24 17:31 - 00000000 ____D C:\FRST
2013-07-24 17:20 - 2013-07-24 17:20 - 00422944 _____ C:\Users\Tahsin\Downloads\PremiumCraft_2.1.0.1.rar
2013-07-24 11:11 - 2013-07-24 11:11 - 00030998 _____ C:\Users\Tahsin\Downloads\emaaaails.txt
2013-07-23 18:10 - 2013-07-23 18:10 - 00003361 _____ C:\Users\Tahsin\.recently-used.xbel
2013-07-23 15:00 - 2013-07-23 15:09 - 00000000 ____D C:\Users\Tahsin\Desktop\Unbenannt
2013-07-23 14:57 - 2013-07-23 14:57 - 00000000 ____D C:\Users\Tahsin\Desktop\gr
2013-07-23 14:02 - 2013-07-23 14:02 - 19152896 _____ C:\Users\Tahsin\Desktop\AMF Bot Video.camrec
2013-07-23 11:37 - 2013-07-23 11:37 - 00023753 _____ C:\Users\Tahsin\Documents\Ihrlenkungsspezialist.odt
2013-07-23 03:10 - 2013-07-23 03:10 - 00586896 _____ C:\Users\Tahsin\Downloads\RE Retourenlabel zu Ihrer DHL Sendung 412668179.eml
2013-07-23 01:44 - 2013-07-25 00:30 - 00000000 ____D C:\Users\Tahsin\Desktop\2013-07 (Jul)
2013-07-22 17:30 - 2013-07-22 17:30 - 00000000 _____ C:\Users\Tahsin\Desktop\Neue Bitmap.bmp
2013-07-22 17:21 - 2013-07-22 17:21 - 00001060 _____ C:\Users\Tahsin\Documents\YouTube Like Treasures.txt
2013-07-21 19:34 - 2013-07-26 16:31 - 00000000 ____D C:\Users\Tahsin\Downloads\Grobold Font   dafont.com_files
2013-07-21 19:34 - 2013-07-21 19:34 - 00018889 _____ C:\Users\Tahsin\Downloads\Grobold Font   dafont.com.htm
2013-07-21 18:43 - 2013-07-21 18:43 - 00001278 _____ C:\Users\Tahsin\Downloads\addmefastbotfblikes.rar
2013-07-21 14:24 - 2013-07-21 14:24 - 00041618 _____ C:\Users\Tahsin\Desktop\Neues Textdokument (2).txt
2013-07-21 13:44 - 2013-07-21 13:44 - 00009272 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1 (1).rar
2013-07-21 11:49 - 2013-07-25 14:28 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\PremiumCraft
2013-07-21 11:48 - 2013-07-21 11:48 - 00422927 _____ C:\Users\Tahsin\Downloads\PremiumCraft_2.1.0.rar
2013-07-20 18:16 - 2013-07-20 18:16 - 00002125 _____ C:\Users\Tahsin\Desktop\iMacros for IE10.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00002031 _____ C:\Users\Tahsin\Desktop\iMacros 9.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00001290 _____ C:\Users\Tahsin\Desktop\iMacros Scripting Interface Sample.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00001168 _____ C:\Users\Tahsin\Desktop\iMacros Batch Sample.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00000874 _____ C:\Users\Tahsin\Desktop\Examples.lnk
2013-07-20 18:02 - 2013-07-20 18:02 - 32409360 _____ (iOpus                                                       ) C:\Users\Tahsin\Downloads\iMacros-Setup.exe
2013-07-20 18:02 - 2013-07-20 18:02 - 00269967 _____ C:\Users\Tahsin\Downloads\imacros_for_firefox-8.3.0-fx.xpi
2013-07-20 17:59 - 2013-07-20 18:00 - 49868140 _____ C:\Users\Tahsin\Downloads\iMacrosWikiOfflineVersion.zip
2013-07-20 16:29 - 2013-07-20 16:32 - 00003191 _____ C:\Users\Tahsin\Downloads\zp_facebook.zip
2013-07-20 14:28 - 2013-07-20 14:28 - 00003506 _____ C:\Windows\System32\Tasks\DealPly
2013-07-20 14:28 - 2013-07-20 14:28 - 00000000 ____D C:\Program Files (x86)\iOpus
2013-07-20 14:27 - 2013-07-20 14:27 - 02026456 _____ C:\Users\Tahsin\Downloads\imacros.exe
2013-07-20 14:23 - 2013-07-20 14:31 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-20 14:23 - 2013-07-20 14:23 - 31022640 _____ (Opera Software ASA) C:\Users\Tahsin\Downloads\Opera_15.0.1147.141_Setup.exe
2013-07-20 14:23 - 2013-07-20 14:23 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Opera Software
2013-07-20 14:23 - 2013-07-20 14:23 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Opera Software
2013-07-20 10:39 - 2013-07-20 10:40 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Steganos VPN
2013-07-20 10:37 - 2013-07-20 10:39 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Steganos
2013-07-20 10:37 - 2013-07-20 10:37 - 14696720 _____ (Steganos Software GmbH) C:\Users\Tahsin\Downloads\okayfreedomwr110.exe
2013-07-20 10:02 - 2013-07-20 10:26 - 00000000 ____D C:\ProgramData\notracks.com
2013-07-20 10:00 - 2013-07-20 10:42 - 00000000 ____D C:\Program Files\Easy-Hide-IP
2013-07-20 10:00 - 2013-07-20 10:36 - 00003520 _____ C:\Windows\SysWOW64\EasyRedirect.ini
2013-07-20 10:00 - 2013-07-20 10:36 - 00002040 _____ C:\Windows\SysWOW64\EasyRedirectOff.ini
2013-07-20 10:00 - 2013-07-20 10:36 - 00002040 _____ C:\Windows\system32\EasyRedirectOff.ini
2013-07-20 10:00 - 2013-07-20 10:00 - 06248752 _____ (EasyTech                                                    ) C:\Users\Tahsin\Downloads\easy-hide-ip-5.0.0.3.1.exe
2013-07-20 10:00 - 2012-11-22 15:10 - 00539984 _____ (EasyTech) C:\Windows\system32\EasyRedirect64.dll
2013-07-20 10:00 - 2012-11-22 15:10 - 00380240 _____ (EasyTech) C:\Windows\SysWOW64\EasyRedirect.dll
2013-07-19 22:51 - 2013-07-19 22:51 - 00000584 _____ C:\Users\Tahsin\Downloads\AMF.12.Script.34.DADEX.rar
2013-07-19 17:22 - 2013-07-19 17:22 - 05835181 _____ C:\Users\Tahsin\Downloads\proxies.txt
2013-07-19 17:21 - 2013-07-19 17:21 - 00041618 _____ C:\Users\Tahsin\Downloads\proxy (1).txt
2013-07-19 17:20 - 2013-07-19 17:20 - 00041618 _____ C:\Users\Tahsin\Downloads\proxy.txt
2013-07-19 16:17 - 2013-07-19 16:17 - 00000279 _____ C:\Users\Tahsin\Downloads\YT-BOT-ADDMEFAST.iim
2013-07-19 16:16 - 2013-07-20 18:16 - 00000000 ____D C:\Users\Tahsin\Documents\iMacros
2013-07-19 15:42 - 2013-07-19 15:42 - 00009272 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1.rar
2013-07-18 09:56 - 2013-07-18 09:56 - 00291752 _____ C:\Windows\Minidump\071813-42588-01.dmp
2013-07-17 18:38 - 2013-07-17 18:38 - 00017385 _____ C:\Users\Tahsin\Desktop\Quizfragen 22 Stück.ods
2013-07-17 18:02 - 2013-07-17 18:02 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\OpenOffice.org
2013-07-17 18:00 - 2013-07-17 18:00 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-07-17 17:58 - 2013-07-17 17:59 - 152249762 _____ C:\Users\Tahsin\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
2013-07-15 00:20 - 2013-07-15 00:20 - 00291744 _____ C:\Windows\Minidump\071513-45567-01.dmp
2013-07-15 00:09 - 2013-07-15 00:09 - 00020678 _____ C:\Users\Tahsin\Downloads\HesapHareketleri.do
2013-07-14 13:25 - 2013-07-14 13:25 - 00000956 _____ C:\Users\Tahsin\Desktop\Guild Wars 2.lnk
2013-07-13 10:43 - 2013-07-13 10:43 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Tahsin\Downloads\Shockwave_Installer_Slim (2).exe
2013-07-12 19:38 - 2013-07-12 19:38 - 00007684 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot.rar
2013-07-11 15:01 - 2013-07-11 15:02 - 00291744 _____ C:\Windows\Minidump\071113-41402-01.dmp
2013-07-11 02:36 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 02:36 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 02:36 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 02:36 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 02:36 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 02:36 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 02:36 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 02:36 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 02:36 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 18:00 - 2013-07-26 16:32 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\SCheck
2013-07-10 18:00 - 2013-07-26 16:32 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Intermediate
2013-07-10 18:00 - 2013-07-26 16:31 - 00000000 ____D C:\Users\Tahsin\AppData\Local\ext_piccshare
2013-07-10 18:00 - 2013-07-10 18:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\SSync
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\PiccShare
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Common
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Program Files (x86)\Axife Mouse Recorder DEMO
2013-07-10 17:58 - 2013-07-10 17:58 - 00393064 _____ (Softonic                                        ) C:\Users\Tahsin\Downloads\SoftonicDownloader_fuer_axife-mouse-recorder.exe
2013-07-10 17:54 - 2013-07-10 17:58 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2013-07-10 17:53 - 2013-07-10 17:53 - 00910736 _____ (ghost-mouse.com                                             ) C:\Users\Tahsin\Downloads\GhostMouse321-Setup.exe
2013-07-10 14:53 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 14:53 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 14:52 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 14:52 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 14:52 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 14:52 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 14:52 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-05 17:39 - 2013-07-05 17:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-05 17:37 - 2013-07-05 17:37 - 31954536 _____ (Skype Technologies S.A.) C:\Users\Tahsin\Downloads\SkypeSetup66Full.exe
2013-07-05 17:36 - 2013-07-05 17:36 - 22716480 _____ (ArenaNet) C:\Users\Tahsin\Downloads\Gw2Setup.exe
2013-07-02 21:04 - 2013-07-02 21:05 - 39358651 _____ C:\Users\Tahsin\Downloads\bg Raw File.rar
2013-07-02 19:48 - 2013-07-02 19:48 - 00291744 _____ C:\Windows\Minidump\070213-15303-01.dmp
2013-07-01 19:04 - 2013-07-01 19:04 - 00057012 _____ C:\Users\Tahsin\Downloads\Rechnung zu Order-ID 3133899 -  304-3212191-5198757 vom 21.06.2013 182556.zip
2013-06-30 20:28 - 2013-06-30 20:29 - 00291744 _____ C:\Windows\Minidump\063013-36519-01.dmp
2013-06-30 18:17 - 2013-06-30 18:17 - 02596440 _____ (Sandboxie Holdings, LLC) C:\Users\Tahsin\Downloads\SandboxieInstall.exe
2013-06-30 17:57 - 2013-06-30 17:57 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2013-06-30 17:57 - 2013-06-30 17:57 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-06-30 10:58 - 2013-06-30 10:58 - 00167536 _____ () C:\Users\Tahsin\Downloads\OnlineWeatherSetup-3M80IlG.exe
2013-06-30 10:57 - 2013-06-30 10:57 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-0M6Elbp.exe
2013-06-30 10:56 - 2013-06-30 10:56 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-0ISfsny.exe
2013-06-30 10:54 - 2013-06-30 10:54 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-4NyfsgM.exe
2013-06-28 16:21 - 2013-06-28 16:21 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-28 16:21 - 2013-06-28 16:21 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-06-28 16:19 - 2013-06-28 16:19 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-28 16:19 - 2013-06-28 16:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-28 16:17 - 2013-06-28 16:17 - 33150376 _____ (Oracle Corporation) C:\Users\Tahsin\Downloads\jre-7u25-windows-x64.exe
2013-06-28 16:17 - 2013-06-28 16:17 - 31714216 _____ (Oracle Corporation) C:\Users\Tahsin\Downloads\jre-7u25-windows-i586.exe
2013-06-28 14:57 - 2013-06-28 14:57 - 33578320 _____ (Dropbox, Inc.) C:\Users\Tahsin\Downloads\Dropbox 2.2.8.exe
2013-06-28 07:37 - 2013-06-28 07:37 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-27 19:40 - 2013-07-27 10:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-27 19:40 - 2013-07-13 10:43 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-27 19:40 - 2013-07-13 10:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-27 19:40 - 2013-07-13 10:43 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-27 19:19 - 2013-06-27 19:19 - 00814472 _____ (Adobe Systems Incorporated) C:\Users\Tahsin\Downloads\uninstall_flash_player.exe
2013-06-27 16:50 - 2013-06-27 16:50 - 00000000 ____D C:\Users\Public\Documents\sun
2013-06-27 16:48 - 2013-06-27 16:49 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4.0
2013-06-27 16:39 - 2013-06-27 16:41 - 192004096 _____ C:\Users\Tahsin\Downloads\LibreOffice_4.0.4_Win_x86.msi

==================== One Month Modified Files and Folders =======

2013-07-27 10:41 - 2013-07-27 10:41 - 01780407 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64 (1).exe
2013-07-27 10:33 - 2013-06-27 19:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-27 10:26 - 2011-10-28 00:03 - 01563916 _____ C:\Windows\WindowsUpdate.log
2013-07-27 10:04 - 2012-05-26 20:35 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-27 10:01 - 2012-07-26 21:17 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2912419440-2868778846-4110425731-1000UA.job
2013-07-27 02:00 - 2011-11-24 17:47 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Adobe
2013-07-26 23:38 - 2013-07-26 23:38 - 02347384 _____ (ESET) C:\Users\Tahsin\Downloads\esetsmartinstaller_enu.exe
2013-07-26 23:26 - 2013-07-26 23:26 - 00891062 _____ C:\Users\Tahsin\Downloads\SecurityCheck.exe
2013-07-26 23:26 - 2009-07-14 06:45 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-26 23:26 - 2009-07-14 06:45 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-26 23:20 - 2013-06-04 17:24 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-26 23:19 - 2012-05-26 20:35 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-26 23:18 - 2012-11-10 13:09 - 00037406 _____ C:\Windows\setupact.log
2013-07-26 23:18 - 2009-09-22 17:28 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-26 23:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-26 23:17 - 2012-11-10 13:09 - 00231676 _____ C:\Windows\PFRO.log
2013-07-26 23:16 - 2013-07-26 23:16 - 00666633 _____ C:\Users\Tahsin\Downloads\adwcleaner.exe
2013-07-26 23:14 - 2013-06-10 19:06 - 00000000 ____D C:\Program Files (x86)\ShareKM
2013-07-26 23:13 - 2013-07-26 23:13 - 00003130 _____ C:\Windows\System32\Tasks\{FB9CFFB8-C159-48DB-80B7-63EEBDBE3EAA}
2013-07-26 21:32 - 2013-07-26 21:32 - 01780233 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64.exe
2013-07-26 21:30 - 2012-07-26 21:17 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2912419440-2868778846-4110425731-1000Core.job
2013-07-26 16:39 - 2013-05-04 15:35 - 00004208 _____ C:\Windows\System32\Tasks\Software Updater
2013-07-26 16:39 - 2013-05-04 15:35 - 00004148 _____ C:\Windows\System32\Tasks\Software Updater Ui
2013-07-26 16:37 - 2013-07-26 16:37 - 00001924 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-26 16:37 - 2013-06-04 17:24 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-26 16:33 - 2013-03-12 00:37 - 00000000 ____D C:\Program Files (x86)\TomTom HOME 2
2013-07-26 16:32 - 2013-07-10 18:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\SCheck
2013-07-26 16:32 - 2013-07-10 18:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Intermediate
2013-07-26 16:32 - 2012-07-01 12:46 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
2013-07-26 16:32 - 2012-01-18 15:29 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\gtk-2.0
2013-07-26 16:32 - 2011-10-28 00:09 - 00000000 ___RD C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-26 16:32 - 2011-10-28 00:03 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wiederherstellungsmanager
2013-07-26 16:32 - 2011-10-28 00:03 - 00000000 ____D C:\Users\Tahsin
2013-07-26 16:32 - 2009-07-14 09:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-26 16:32 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-26 16:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-26 16:31 - 2013-07-24 18:03 - 00000000 ____D C:\ComboFix
2013-07-26 16:31 - 2013-07-24 18:01 - 00000000 ____D C:\Windows\erdnt
2013-07-26 16:31 - 2013-07-24 17:45 - 00000000 ____D C:\Windows\ERUNT
2013-07-26 16:31 - 2013-07-21 19:34 - 00000000 ____D C:\Users\Tahsin\Downloads\Grobold Font   dafont.com_files
2013-07-26 16:31 - 2013-07-10 18:00 - 00000000 ____D C:\Users\Tahsin\AppData\Local\ext_piccshare
2013-07-26 16:31 - 2013-06-09 15:08 - 00000000 ____D C:\ProgramData\BitRaider
2013-07-26 16:31 - 2013-05-30 17:13 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-07-26 16:31 - 2011-11-12 12:58 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-26 16:31 - 2011-10-28 11:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-26 16:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-26 16:30 - 2012-05-04 14:07 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Skype
2013-07-26 16:28 - 2013-06-09 15:08 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-07-26 16:28 - 2012-07-21 20:16 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2013-07-26 16:07 - 2012-01-04 05:23 - 00000000 ____D C:\ProgramData\Recovery
2013-07-26 01:09 - 2013-07-26 00:34 - 00000000 ____D C:\Users\Tahsin\Desktop\VW
2013-07-25 18:33 - 2013-07-25 18:33 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-25 14:28 - 2013-07-21 11:49 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\PremiumCraft
2013-07-25 12:25 - 2013-07-25 12:25 - 00001069 _____ C:\AdwCleaner[S2].txt
2013-07-25 00:30 - 2013-07-23 01:44 - 00000000 ____D C:\Users\Tahsin\Desktop\2013-07 (Jul)
2013-07-24 18:03 - 2013-07-24 18:01 - 00000000 ____D C:\Qoobox
2013-07-24 17:58 - 2013-07-24 17:58 - 00003590 _____ C:\Users\Tahsin\Desktop\JRT.txt
2013-07-24 17:33 - 2013-07-24 17:33 - 00030511 _____ C:\Users\Tahsin\Downloads\Addition.txt
2013-07-24 17:31 - 2013-07-24 17:31 - 00000000 ____D C:\FRST
2013-07-24 17:20 - 2013-07-24 17:20 - 00422944 _____ C:\Users\Tahsin\Downloads\PremiumCraft_2.1.0.1.rar
2013-07-24 11:11 - 2013-07-24 11:11 - 00030998 _____ C:\Users\Tahsin\Downloads\emaaaails.txt
2013-07-23 18:11 - 2012-01-18 15:18 - 00000000 ____D C:\Users\Tahsin\.gimp-2.6
2013-07-23 18:10 - 2013-07-23 18:10 - 00003361 _____ C:\Users\Tahsin\.recently-used.xbel
2013-07-23 15:09 - 2013-07-23 15:00 - 00000000 ____D C:\Users\Tahsin\Desktop\Unbenannt
2013-07-23 14:57 - 2013-07-23 14:57 - 00000000 ____D C:\Users\Tahsin\Desktop\gr
2013-07-23 14:02 - 2013-07-23 14:02 - 19152896 _____ C:\Users\Tahsin\Desktop\AMF Bot Video.camrec
2013-07-23 11:37 - 2013-07-23 11:37 - 00023753 _____ C:\Users\Tahsin\Documents\Ihrlenkungsspezialist.odt
2013-07-23 03:10 - 2013-07-23 03:10 - 00586896 _____ C:\Users\Tahsin\Downloads\RE Retourenlabel zu Ihrer DHL Sendung 412668179.eml
2013-07-22 17:30 - 2013-07-22 17:30 - 00000000 _____ C:\Users\Tahsin\Desktop\Neue Bitmap.bmp
2013-07-22 17:21 - 2013-07-22 17:21 - 00001060 _____ C:\Users\Tahsin\Documents\YouTube Like Treasures.txt
2013-07-21 19:34 - 2013-07-21 19:34 - 00018889 _____ C:\Users\Tahsin\Downloads\Grobold Font   dafont.com.htm
2013-07-21 18:43 - 2013-07-21 18:43 - 00001278 _____ C:\Users\Tahsin\Downloads\addmefastbotfblikes.rar
2013-07-21 14:24 - 2013-07-21 14:24 - 00041618 _____ C:\Users\Tahsin\Desktop\Neues Textdokument (2).txt
2013-07-21 13:44 - 2013-07-21 13:44 - 00009272 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1 (1).rar
2013-07-21 11:48 - 2013-07-21 11:48 - 00422927 _____ C:\Users\Tahsin\Downloads\PremiumCraft_2.1.0.rar
2013-07-20 18:16 - 2013-07-20 18:16 - 00002125 _____ C:\Users\Tahsin\Desktop\iMacros for IE10.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00002031 _____ C:\Users\Tahsin\Desktop\iMacros 9.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00001290 _____ C:\Users\Tahsin\Desktop\iMacros Scripting Interface Sample.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00001168 _____ C:\Users\Tahsin\Desktop\iMacros Batch Sample.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00000874 _____ C:\Users\Tahsin\Desktop\Examples.lnk
2013-07-20 18:16 - 2013-07-19 16:16 - 00000000 ____D C:\Users\Tahsin\Documents\iMacros
2013-07-20 18:02 - 2013-07-20 18:02 - 32409360 _____ (iOpus                                                       ) C:\Users\Tahsin\Downloads\iMacros-Setup.exe
2013-07-20 18:02 - 2013-07-20 18:02 - 00269967 _____ C:\Users\Tahsin\Downloads\imacros_for_firefox-8.3.0-fx.xpi
2013-07-20 18:00 - 2013-07-20 17:59 - 49868140 _____ C:\Users\Tahsin\Downloads\iMacrosWikiOfflineVersion.zip
2013-07-20 16:32 - 2013-07-20 16:29 - 00003191 _____ C:\Users\Tahsin\Downloads\zp_facebook.zip
2013-07-20 14:31 - 2013-07-20 14:23 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-20 14:28 - 2013-07-20 14:28 - 00003506 _____ C:\Windows\System32\Tasks\DealPly
2013-07-20 14:28 - 2013-07-20 14:28 - 00000000 ____D C:\Program Files (x86)\iOpus
2013-07-20 14:27 - 2013-07-20 14:27 - 02026456 _____ C:\Users\Tahsin\Downloads\imacros.exe
2013-07-20 14:23 - 2013-07-20 14:23 - 31022640 _____ (Opera Software ASA) C:\Users\Tahsin\Downloads\Opera_15.0.1147.141_Setup.exe
2013-07-20 14:23 - 2013-07-20 14:23 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Opera Software
2013-07-20 14:23 - 2013-07-20 14:23 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Opera Software
2013-07-20 10:42 - 2013-07-20 10:00 - 00000000 ____D C:\Program Files\Easy-Hide-IP
2013-07-20 10:40 - 2013-07-20 10:39 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Steganos VPN
2013-07-20 10:39 - 2013-07-20 10:37 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Steganos
2013-07-20 10:37 - 2013-07-20 10:37 - 14696720 _____ (Steganos Software GmbH) C:\Users\Tahsin\Downloads\okayfreedomwr110.exe
2013-07-20 10:36 - 2013-07-20 10:00 - 00003520 _____ C:\Windows\SysWOW64\EasyRedirect.ini
2013-07-20 10:36 - 2013-07-20 10:00 - 00002040 _____ C:\Windows\SysWOW64\EasyRedirectOff.ini
2013-07-20 10:36 - 2013-07-20 10:00 - 00002040 _____ C:\Windows\system32\EasyRedirectOff.ini
2013-07-20 10:26 - 2013-07-20 10:02 - 00000000 ____D C:\ProgramData\notracks.com
2013-07-20 10:00 - 2013-07-20 10:00 - 06248752 _____ (EasyTech                                                    ) C:\Users\Tahsin\Downloads\easy-hide-ip-5.0.0.3.1.exe
2013-07-19 22:51 - 2013-07-19 22:51 - 00000584 _____ C:\Users\Tahsin\Downloads\AMF.12.Script.34.DADEX.rar
2013-07-19 17:22 - 2013-07-19 17:22 - 05835181 _____ C:\Users\Tahsin\Downloads\proxies.txt
2013-07-19 17:21 - 2013-07-19 17:21 - 00041618 _____ C:\Users\Tahsin\Downloads\proxy (1).txt
2013-07-19 17:20 - 2013-07-19 17:20 - 00041618 _____ C:\Users\Tahsin\Downloads\proxy.txt
2013-07-19 16:17 - 2013-07-19 16:17 - 00000279 _____ C:\Users\Tahsin\Downloads\YT-BOT-ADDMEFAST.iim
2013-07-19 15:42 - 2013-07-19 15:42 - 00009272 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1.rar
2013-07-19 11:31 - 2011-11-18 15:20 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-19 11:31 - 2011-11-18 14:49 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-19 11:31 - 2011-11-18 14:49 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-19 05:19 - 2009-09-23 03:14 - 00698124 _____ C:\Windows\system32\perfh007.dat
2013-07-19 05:19 - 2009-09-23 03:14 - 00148820 _____ C:\Windows\system32\perfc007.dat
2013-07-19 05:19 - 2009-07-14 07:13 - 01616954 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-18 23:16 - 2012-11-16 17:18 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-18 09:57 - 2009-07-14 06:45 - 05063512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-18 09:56 - 2013-07-18 09:56 - 00291752 _____ C:\Windows\Minidump\071813-42588-01.dmp
2013-07-18 09:56 - 2011-12-25 19:15 - 00000000 ____D C:\Windows\Minidump
2013-07-18 09:55 - 2012-11-15 19:56 - 347012828 _____ C:\Windows\MEMORY.DMP
2013-07-17 19:48 - 2011-11-12 12:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Origin
2013-07-17 19:48 - 2011-11-12 12:59 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Origin
2013-07-17 19:27 - 2011-10-28 00:08 - 00132576 _____ C:\Users\Tahsin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-17 18:38 - 2013-07-17 18:38 - 00017385 _____ C:\Users\Tahsin\Desktop\Quizfragen 22 Stück.ods
2013-07-17 18:02 - 2013-07-17 18:02 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\OpenOffice.org
2013-07-17 18:00 - 2013-07-17 18:00 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-07-17 17:59 - 2013-07-17 17:58 - 152249762 _____ C:\Users\Tahsin\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
2013-07-17 17:13 - 2013-04-30 15:36 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Spotify
2013-07-17 17:10 - 2013-04-30 15:36 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Spotify
2013-07-15 00:20 - 2013-07-15 00:20 - 00291744 _____ C:\Windows\Minidump\071513-45567-01.dmp
2013-07-15 00:09 - 2013-07-15 00:09 - 00020678 _____ C:\Users\Tahsin\Downloads\HesapHareketleri.do
2013-07-14 18:02 - 2012-02-10 17:15 - 00000132 _____ C:\Users\Tahsin\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-14 13:25 - 2013-07-14 13:25 - 00000956 _____ C:\Users\Tahsin\Desktop\Guild Wars 2.lnk
2013-07-13 11:06 - 2013-01-25 23:52 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 10:59 - 2012-05-26 20:35 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 10:59 - 2012-05-26 20:35 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 10:43 - 2013-07-13 10:43 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Tahsin\Downloads\Shockwave_Installer_Slim (2).exe
2013-07-13 10:43 - 2013-06-27 19:40 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-13 10:43 - 2013-06-27 19:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-13 10:43 - 2013-06-27 19:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-13 10:43 - 2011-11-12 22:28 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-07-12 20:56 - 2012-07-26 21:17 - 00004096 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2912419440-2868778846-4110425731-1000UA
2013-07-12 20:56 - 2012-07-26 21:17 - 00003700 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2912419440-2868778846-4110425731-1000Core
2013-07-12 19:38 - 2013-07-12 19:38 - 00007684 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot.rar
2013-07-11 15:02 - 2013-07-11 15:01 - 00291744 _____ C:\Windows\Minidump\071113-41402-01.dmp
2013-07-11 09:04 - 2013-03-13 17:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 09:04 - 2013-03-13 17:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 09:04 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 09:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 09:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 02:38 - 2011-11-02 13:52 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 02:37 - 2012-06-04 18:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 18:00 - 2013-07-10 18:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\SSync
2013-07-10 18:00 - 2011-11-04 16:57 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Google
2013-07-10 18:00 - 2011-11-04 16:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\PiccShare
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Common
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Program Files (x86)\Axife Mouse Recorder DEMO
2013-07-10 17:58 - 2013-07-10 17:58 - 00393064 _____ (Softonic                                        ) C:\Users\Tahsin\Downloads\SoftonicDownloader_fuer_axife-mouse-recorder.exe
2013-07-10 17:58 - 2013-07-10 17:54 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2013-07-10 17:53 - 2013-07-10 17:53 - 00910736 _____ (ghost-mouse.com                                             ) C:\Users\Tahsin\Downloads\GhostMouse321-Setup.exe
2013-07-10 09:56 - 2011-10-28 11:51 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Mozilla
2013-07-05 17:39 - 2013-07-05 17:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-05 17:39 - 2012-05-04 14:06 - 00000000 ____D C:\ProgramData\Skype
2013-07-05 17:37 - 2013-07-05 17:37 - 31954536 _____ (Skype Technologies S.A.) C:\Users\Tahsin\Downloads\SkypeSetup66Full.exe
2013-07-05 17:36 - 2013-07-05 17:36 - 22716480 _____ (ArenaNet) C:\Users\Tahsin\Downloads\Gw2Setup.exe
2013-07-02 21:05 - 2013-07-02 21:04 - 39358651 _____ C:\Users\Tahsin\Downloads\bg Raw File.rar
2013-07-02 19:48 - 2013-07-02 19:48 - 00291744 _____ C:\Windows\Minidump\070213-15303-01.dmp
2013-07-01 19:04 - 2013-07-01 19:04 - 00057012 _____ C:\Users\Tahsin\Downloads\Rechnung zu Order-ID 3133899 -  304-3212191-5198757 vom 21.06.2013 182556.zip
2013-06-30 20:29 - 2013-06-30 20:28 - 00291744 _____ C:\Windows\Minidump\063013-36519-01.dmp
2013-06-30 18:17 - 2013-06-30 18:17 - 02596440 _____ (Sandboxie Holdings, LLC) C:\Users\Tahsin\Downloads\SandboxieInstall.exe
2013-06-30 17:57 - 2013-06-30 17:57 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2013-06-30 17:57 - 2013-06-30 17:57 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-06-30 10:58 - 2013-06-30 10:58 - 00167536 _____ () C:\Users\Tahsin\Downloads\OnlineWeatherSetup-3M80IlG.exe
2013-06-30 10:57 - 2013-06-30 10:57 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-0M6Elbp.exe
2013-06-30 10:56 - 2013-06-30 10:56 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-0ISfsny.exe
2013-06-30 10:54 - 2013-06-30 10:54 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-4NyfsgM.exe
2013-06-30 10:22 - 2011-10-28 11:22 - 00004996 _____ C:\Windows\System32\Tasks\PCDRScheduledMaintenance
2013-06-30 10:22 - 2011-10-28 11:22 - 00000552 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-06-28 16:21 - 2013-06-28 16:21 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-28 16:21 - 2013-06-28 16:21 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-06-28 16:21 - 2013-06-04 17:41 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-28 16:21 - 2013-06-04 17:41 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-28 16:21 - 2012-08-31 12:57 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-06-28 16:21 - 2012-08-31 12:57 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-06-28 16:21 - 2012-08-31 12:57 - 00000000 ____D C:\Program Files\Java
2013-06-28 16:19 - 2013-06-28 16:19 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-28 16:19 - 2013-06-28 16:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-28 16:19 - 2013-01-23 20:07 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-28 16:19 - 2013-01-23 20:07 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-28 16:19 - 2012-08-31 12:56 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-28 16:19 - 2011-11-12 00:21 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-28 16:17 - 2013-06-28 16:17 - 33150376 _____ (Oracle Corporation) C:\Users\Tahsin\Downloads\jre-7u25-windows-x64.exe
2013-06-28 16:17 - 2013-06-28 16:17 - 31714216 _____ (Oracle Corporation) C:\Users\Tahsin\Downloads\jre-7u25-windows-i586.exe
2013-06-28 15:37 - 2012-06-29 19:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Dropbox
2013-06-28 15:01 - 2012-06-29 19:01 - 00000000 ___RD C:\Users\Tahsin\Dropbox
2013-06-28 14:58 - 2012-12-24 20:01 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-06-28 14:57 - 2013-06-28 14:57 - 33578320 _____ (Dropbox, Inc.) C:\Users\Tahsin\Downloads\Dropbox 2.2.8.exe
2013-06-28 07:37 - 2013-06-28 07:37 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-28 07:37 - 2013-06-26 19:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-28 07:37 - 2013-06-26 19:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-28 07:37 - 2013-06-04 17:24 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-06-28 07:37 - 2013-06-04 17:24 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-06-28 07:37 - 2013-06-04 17:24 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-06-28 07:37 - 2011-11-12 13:04 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-06-27 19:19 - 2013-06-27 19:19 - 00814472 _____ (Adobe Systems Incorporated) C:\Users\Tahsin\Downloads\uninstall_flash_player.exe
2013-06-27 16:50 - 2013-06-27 16:50 - 00000000 ____D C:\Users\Public\Documents\sun
2013-06-27 16:49 - 2013-06-27 16:48 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4.0
2013-06-27 16:41 - 2013-06-27 16:39 - 192004096 _____ C:\Users\Tahsin\Downloads\LibreOffice_4.0.4_Win_x86.msi

Files to move or delete:
====================
C:\ProgramData\ntuser.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-26 04:10

==================== End Of Log ============================
         
--- --- ---

Alt 27.07.2013, 11:20   #10
schrauber
/// the machine
/// TB-Ausbilder
 

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen - Standard

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen



Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKCU\...\Run: [SCheck] - C:\Users\Tahsin\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [SSync] - C:\Users\Tahsin\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [Intermediate] - C:\Users\Tahsin\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
C:\Users\Tahsin\AppData\Roaming\SCheck
C:\Users\Tahsin\AppData\Roaming\SSync
C:\Users\Tahsin\AppData\Roaming\Intermediate
IMEO\taskmgr.exe: [Debugger] "C:\USERS\TAHSIN\DOCUMENTS\PROCEXP.EXE"
C:\USERS\TAHSIN\DOCUMENTS\PROCEXP.EXE
S3 X6va005; \??\C:\Users\Tahsin\AppData\Local\Temp\005D1DF.tmp [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
C:\Windows\SysWOW64\Drivers\X6va008
C:\Windows\SysWOW64\Drivers\X6va012
C:\ProgramData\ntuser.dat
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.




und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.07.2013, 12:10   #11
-Tahsin
 
FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen - Standard

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen



Fixlog
Zitat:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-07-2013
Ran by Tahsin at 2013-07-27 13:07:15 Run:1
Running from C:\Users\Tahsin\Downloads
Boot Mode: Normal
==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SCheck => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SSync => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Intermediate => Value deleted successfully.
C:\Users\Tahsin\AppData\Roaming\SCheck => Moved successfully.
C:\Users\Tahsin\AppData\Roaming\SSync => Moved successfully.
C:\Users\Tahsin\AppData\Roaming\Intermediate => Moved successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe => Key deleted successfully.
C:\USERS\TAHSIN\DOCUMENTS\PROCEXP.EXE => Moved successfully.
X6va005 => Service deleted successfully.
X6va008 => Service deleted successfully.
X6va012 => Service deleted successfully.
"C:\Windows\SysWOW64\Drivers\X6va008" => File/Directory not found.
"C:\Windows\SysWOW64\Drivers\X6va012" => File/Directory not found.
C:\ProgramData\ntuser.dat => Moved successfully.

==== End of Fixlog ====
FSS
Zitat:
Farbar Service Scanner Version: 26-07-2013
Ran by Tahsin (administrator) on 27-07-2013 at 13:08:25
Running from "C:\Users\Tahsin\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
IE proxy is enabled.



Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-07-2013
Ran by Tahsin (administrator) on 27-07-2013 13:09:07
Running from C:\Users\Tahsin\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Spotify Ltd) C:\Users\Tahsin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(CyberLink) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Tahsin\Downloads\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe [45568 2009-07-14] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-21] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [AdobeBridge] -  [x]
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Tahsin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-15] (Spotify Ltd)
HKCU\...\Run: [Google Update] - C:\Users\Tahsin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-12] (Google Inc.)
MountPoints2: {7f33953d-96a3-11e1-aa67-4061860de3de} - J:\preinst.exe
HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdatePRCShortCut] - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
ShortcutTarget: HDDHealth.lnk -> C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM - {BAF60B34-BC2D-4D38-BF52-8D31949C6020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 - {BAF60B34-BC2D-4D38-BF52-8D31949C6020} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKCU - {902D76CD-4644-4E24-B5B4-3F14BEC37261} URL = 
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: iMacros Browser Helper Object - {34D5A80A-992D-4F07-9509-66E9E133BAAF} - C:\Program Files (x86)\iOpus\iMacros\iMacrosBHO.dll ()
BHO-x32: PiccShare BHO - {553318DA-D010-469E-84B1-496563CAE1C0} - C:\Users\Tahsin\AppData\Local\ext_piccshare\ext_piccshare.dll (HTTO Group, Ltd)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.71\npchrome_frame.dll (Google Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.71\npchrome_frame.dll (Google Inc.)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Tahsin\AppData\Roaming\Mozilla\Firefox\Profiles\5ruscmlq.default
FF Keyword.URL: hxxp://www.google.de/search?q=
FF NetworkProxy: "ftp", "178.253.249.109"
FF NetworkProxy: "ftp_port", 6666
FF NetworkProxy: "http", "178.253.249.109"
FF NetworkProxy: "http_port", 6666
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "178.253.249.109"
FF NetworkProxy: "socks_port", 6666
FF NetworkProxy: "ssl", "178.253.249.109"
FF NetworkProxy: "ssl_port", 6666
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\Tahsin\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Tahsin\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Tahsin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Tahsin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Tahsin\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
FF Extension: iMacros for Firefox - C:\Users\Tahsin\AppData\Roaming\Mozilla\Firefox\Profiles\5ruscmlq.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF Extension: No Name - C:\Users\Tahsin\AppData\Roaming\Mozilla\Firefox\Profiles\5ruscmlq.default\Extensions\WTB_GLOBAL.sqlite
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR Extension: (Logitech SetPoint) - C:\Users\Tahsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0
CHR Extension: (AdBlock) - C:\Users\Tahsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.3_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Tahsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-06-09] (BitRaider, LLC)
S3 de_serv; C:\Program Files (x86)\Common Files\AVM\de_serv.exe [315392 2005-03-04] (AVM Berlin)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-10-13] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP3\RpcAgentSrv.exe [95896 2009-03-28] (SiSoftware)

==================== Drivers (Whitelisted) ====================

R1 acedrv08; C:\Windows\system32\drivers\acedrv08.sys [133856 2012-08-22] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-28] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-28] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-28] ()
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP3\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-27 13:08 - 2013-07-27 13:08 - 00357145 _____ (Farbar) C:\Users\Tahsin\Downloads\FSS.exe
2013-07-27 13:08 - 2013-07-27 13:08 - 00004271 _____ C:\Users\Tahsin\Downloads\FSS.txt
2013-07-27 12:40 - 2013-07-27 12:40 - 00296056 _____ C:\Windows\Minidump\072713-74084-01.dmp
2013-07-27 12:21 - 2013-07-27 12:21 - 00448512 _____ (OldTimer Tools) C:\Users\Tahsin\Downloads\TFC.exe
2013-07-27 11:36 - 2013-07-27 11:36 - 00003320 _____ C:\Users\Tahsin\Downloads\YouTube Like Bot by Eroor [Fast].js
2013-07-27 11:36 - 2013-07-27 11:36 - 00002841 _____ C:\Users\Tahsin\Downloads\Facebook Like Bot by Eroor [Fast].js
2013-07-27 11:35 - 2013-07-27 11:35 - 00002784 _____ C:\Users\Tahsin\Downloads\Twitter Follower Bot by Eroor [Fast].js
2013-07-27 11:10 - 2013-07-27 11:10 - 00023516 _____ C:\Users\Tahsin\Downloads\AddMeFastBot-Sourcecode.rar
2013-07-27 11:10 - 2013-07-27 11:10 - 00008906 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1 (2).rar
2013-07-27 10:41 - 2013-07-27 10:41 - 01780407 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64 (1).exe
2013-07-26 23:38 - 2013-07-26 23:38 - 02347384 _____ (ESET) C:\Users\Tahsin\Downloads\esetsmartinstaller_enu.exe
2013-07-26 23:26 - 2013-07-26 23:26 - 00891062 _____ C:\Users\Tahsin\Downloads\SecurityCheck.exe
2013-07-26 23:16 - 2013-07-26 23:16 - 00666633 _____ C:\Users\Tahsin\Downloads\adwcleaner.exe
2013-07-26 23:13 - 2013-07-26 23:13 - 00003130 _____ C:\Windows\System32\Tasks\{FB9CFFB8-C159-48DB-80B7-63EEBDBE3EAA}
2013-07-26 21:32 - 2013-07-26 21:32 - 01780233 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64.exe
2013-07-26 16:37 - 2013-07-26 16:37 - 00001924 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-26 00:34 - 2013-07-26 01:09 - 00000000 ____D C:\Users\Tahsin\Desktop\VW
2013-07-25 18:33 - 2013-07-25 18:33 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-25 12:25 - 2013-07-25 12:25 - 00001069 _____ C:\AdwCleaner[S2].txt
2013-07-24 18:03 - 2013-07-26 16:31 - 00000000 ____D C:\ComboFix
2013-07-24 18:01 - 2013-07-26 16:31 - 00000000 ____D C:\Windows\erdnt
2013-07-24 18:01 - 2013-07-24 18:03 - 00000000 ____D C:\Qoobox
2013-07-24 17:58 - 2013-07-24 17:58 - 00003590 _____ C:\Users\Tahsin\Desktop\JRT.txt
2013-07-24 17:45 - 2013-07-26 16:31 - 00000000 ____D C:\Windows\ERUNT
2013-07-24 17:33 - 2013-07-27 10:43 - 00035010 _____ C:\Users\Tahsin\Downloads\Addition.txt
2013-07-24 17:31 - 2013-07-24 17:31 - 00000000 ____D C:\FRST
2013-07-24 17:20 - 2013-07-24 17:20 - 00422944 _____ C:\Users\Tahsin\Downloads\PremiumCraft_2.1.0.1.rar
2013-07-24 11:11 - 2013-07-24 11:11 - 00030998 _____ C:\Users\Tahsin\Downloads\emaaaails.txt
2013-07-23 18:10 - 2013-07-23 18:10 - 00003361 _____ C:\Users\Tahsin\.recently-used.xbel
2013-07-23 15:00 - 2013-07-23 15:09 - 00000000 ____D C:\Users\Tahsin\Desktop\Unbenannt
2013-07-23 14:57 - 2013-07-23 14:57 - 00000000 ____D C:\Users\Tahsin\Desktop\gr
2013-07-23 14:02 - 2013-07-23 14:02 - 19152896 _____ C:\Users\Tahsin\Desktop\AMF Bot Video.camrec
2013-07-23 11:37 - 2013-07-23 11:37 - 00023753 _____ C:\Users\Tahsin\Documents\Ihrlenkungsspezialist.odt
2013-07-23 03:10 - 2013-07-23 03:10 - 00586896 _____ C:\Users\Tahsin\Downloads\RE Retourenlabel zu Ihrer DHL Sendung 412668179.eml
2013-07-23 01:44 - 2013-07-25 00:30 - 00000000 ____D C:\Users\Tahsin\Desktop\2013-07 (Jul)
2013-07-22 17:30 - 2013-07-22 17:30 - 00000000 _____ C:\Users\Tahsin\Desktop\Neue Bitmap.bmp
2013-07-22 17:21 - 2013-07-22 17:21 - 00001060 _____ C:\Users\Tahsin\Documents\YouTube Like Treasures.txt
2013-07-21 19:34 - 2013-07-26 16:31 - 00000000 ____D C:\Users\Tahsin\Downloads\Grobold Font   dafont.com_files
2013-07-21 19:34 - 2013-07-21 19:34 - 00018889 _____ C:\Users\Tahsin\Downloads\Grobold Font   dafont.com.htm
2013-07-21 18:43 - 2013-07-21 18:43 - 00001278 _____ C:\Users\Tahsin\Downloads\addmefastbotfblikes.rar
2013-07-21 14:24 - 2013-07-21 14:24 - 00041618 _____ C:\Users\Tahsin\Desktop\Neues Textdokument (2).txt
2013-07-21 13:44 - 2013-07-21 13:44 - 00009272 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1 (1).rar
2013-07-21 11:49 - 2013-07-25 14:28 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\PremiumCraft
2013-07-21 11:48 - 2013-07-21 11:48 - 00422927 _____ C:\Users\Tahsin\Downloads\PremiumCraft_2.1.0.rar
2013-07-20 18:16 - 2013-07-20 18:16 - 00002125 _____ C:\Users\Tahsin\Desktop\iMacros for IE10.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00002031 _____ C:\Users\Tahsin\Desktop\iMacros 9.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00001290 _____ C:\Users\Tahsin\Desktop\iMacros Scripting Interface Sample.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00001168 _____ C:\Users\Tahsin\Desktop\iMacros Batch Sample.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00000874 _____ C:\Users\Tahsin\Desktop\Examples.lnk
2013-07-20 18:02 - 2013-07-20 18:02 - 32409360 _____ (iOpus                                                       ) C:\Users\Tahsin\Downloads\iMacros-Setup.exe
2013-07-20 18:02 - 2013-07-20 18:02 - 00269967 _____ C:\Users\Tahsin\Downloads\imacros_for_firefox-8.3.0-fx.xpi
2013-07-20 17:59 - 2013-07-20 18:00 - 49868140 _____ C:\Users\Tahsin\Downloads\iMacrosWikiOfflineVersion.zip
2013-07-20 16:29 - 2013-07-20 16:32 - 00003191 _____ C:\Users\Tahsin\Downloads\zp_facebook.zip
2013-07-20 14:28 - 2013-07-20 14:28 - 00003506 _____ C:\Windows\System32\Tasks\DealPly
2013-07-20 14:28 - 2013-07-20 14:28 - 00000000 ____D C:\Program Files (x86)\iOpus
2013-07-20 14:27 - 2013-07-20 14:27 - 02026456 _____ C:\Users\Tahsin\Downloads\imacros.exe
2013-07-20 14:23 - 2013-07-20 14:31 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-20 14:23 - 2013-07-20 14:23 - 31022640 _____ (Opera Software ASA) C:\Users\Tahsin\Downloads\Opera_15.0.1147.141_Setup.exe
2013-07-20 14:23 - 2013-07-20 14:23 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Opera Software
2013-07-20 14:23 - 2013-07-20 14:23 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Opera Software
2013-07-20 10:39 - 2013-07-20 10:40 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Steganos VPN
2013-07-20 10:37 - 2013-07-20 10:39 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Steganos
2013-07-20 10:37 - 2013-07-20 10:37 - 14696720 _____ (Steganos Software GmbH) C:\Users\Tahsin\Downloads\okayfreedomwr110.exe
2013-07-20 10:02 - 2013-07-20 10:26 - 00000000 ____D C:\ProgramData\notracks.com
2013-07-20 10:00 - 2013-07-20 10:42 - 00000000 ____D C:\Program Files\Easy-Hide-IP
2013-07-20 10:00 - 2013-07-20 10:36 - 00003520 _____ C:\Windows\SysWOW64\EasyRedirect.ini
2013-07-20 10:00 - 2013-07-20 10:36 - 00002040 _____ C:\Windows\SysWOW64\EasyRedirectOff.ini
2013-07-20 10:00 - 2013-07-20 10:36 - 00002040 _____ C:\Windows\system32\EasyRedirectOff.ini
2013-07-20 10:00 - 2013-07-20 10:00 - 06248752 _____ (EasyTech                                                    ) C:\Users\Tahsin\Downloads\easy-hide-ip-5.0.0.3.1.exe
2013-07-20 10:00 - 2012-11-22 15:10 - 00539984 _____ (EasyTech) C:\Windows\system32\EasyRedirect64.dll
2013-07-20 10:00 - 2012-11-22 15:10 - 00380240 _____ (EasyTech) C:\Windows\SysWOW64\EasyRedirect.dll
2013-07-19 22:51 - 2013-07-19 22:51 - 00000584 _____ C:\Users\Tahsin\Downloads\AMF.12.Script.34.DADEX.rar
2013-07-19 17:22 - 2013-07-19 17:22 - 05835181 _____ C:\Users\Tahsin\Downloads\proxies.txt
2013-07-19 17:21 - 2013-07-19 17:21 - 00041618 _____ C:\Users\Tahsin\Downloads\proxy (1).txt
2013-07-19 17:20 - 2013-07-19 17:20 - 00041618 _____ C:\Users\Tahsin\Downloads\proxy.txt
2013-07-19 16:17 - 2013-07-19 16:17 - 00000279 _____ C:\Users\Tahsin\Downloads\YT-BOT-ADDMEFAST.iim
2013-07-19 16:16 - 2013-07-27 11:36 - 00000000 ____D C:\Users\Tahsin\Documents\iMacros
2013-07-19 15:42 - 2013-07-19 15:42 - 00009272 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1.rar
2013-07-18 09:56 - 2013-07-18 09:56 - 00291752 _____ C:\Windows\Minidump\071813-42588-01.dmp
2013-07-17 18:38 - 2013-07-17 18:38 - 00017385 _____ C:\Users\Tahsin\Desktop\Quizfragen 22 Stück.ods
2013-07-17 18:02 - 2013-07-17 18:02 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\OpenOffice.org
2013-07-17 18:00 - 2013-07-17 18:00 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-07-17 17:58 - 2013-07-17 17:59 - 152249762 _____ C:\Users\Tahsin\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
2013-07-15 00:20 - 2013-07-15 00:20 - 00291744 _____ C:\Windows\Minidump\071513-45567-01.dmp
2013-07-15 00:09 - 2013-07-15 00:09 - 00020678 _____ C:\Users\Tahsin\Downloads\HesapHareketleri.do
2013-07-14 13:25 - 2013-07-14 13:25 - 00000956 _____ C:\Users\Tahsin\Desktop\Guild Wars 2.lnk
2013-07-13 10:43 - 2013-07-13 10:43 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Tahsin\Downloads\Shockwave_Installer_Slim (2).exe
2013-07-12 19:38 - 2013-07-12 19:38 - 00007684 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot.rar
2013-07-11 15:01 - 2013-07-11 15:02 - 00291744 _____ C:\Windows\Minidump\071113-41402-01.dmp
2013-07-11 02:36 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 02:36 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 02:36 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 02:36 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 02:36 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 02:36 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 02:36 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 02:36 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 02:36 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 02:36 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 02:36 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 02:36 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 18:00 - 2013-07-26 16:31 - 00000000 ____D C:\Users\Tahsin\AppData\Local\ext_piccshare
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\PiccShare
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Common
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Program Files (x86)\Axife Mouse Recorder DEMO
2013-07-10 17:58 - 2013-07-10 17:58 - 00393064 _____ (Softonic                                        ) C:\Users\Tahsin\Downloads\SoftonicDownloader_fuer_axife-mouse-recorder.exe
2013-07-10 17:54 - 2013-07-10 17:58 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2013-07-10 17:53 - 2013-07-10 17:53 - 00910736 _____ (ghost-mouse.com                                             ) C:\Users\Tahsin\Downloads\GhostMouse321-Setup.exe
2013-07-10 14:53 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 14:53 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 14:52 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 14:52 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 14:52 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 14:52 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 14:52 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-05 17:39 - 2013-07-05 17:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-05 17:37 - 2013-07-05 17:37 - 31954536 _____ (Skype Technologies S.A.) C:\Users\Tahsin\Downloads\SkypeSetup66Full.exe
2013-07-05 17:36 - 2013-07-05 17:36 - 22716480 _____ (ArenaNet) C:\Users\Tahsin\Downloads\Gw2Setup.exe
2013-07-02 21:04 - 2013-07-02 21:05 - 39358651 _____ C:\Users\Tahsin\Downloads\bg Raw File.rar
2013-07-02 19:48 - 2013-07-02 19:48 - 00291744 _____ C:\Windows\Minidump\070213-15303-01.dmp
2013-07-01 19:04 - 2013-07-01 19:04 - 00057012 _____ C:\Users\Tahsin\Downloads\Rechnung zu Order-ID 3133899 -  304-3212191-5198757 vom 21.06.2013 182556.zip
2013-06-30 20:28 - 2013-06-30 20:29 - 00291744 _____ C:\Windows\Minidump\063013-36519-01.dmp
2013-06-30 18:17 - 2013-06-30 18:17 - 02596440 _____ (Sandboxie Holdings, LLC) C:\Users\Tahsin\Downloads\SandboxieInstall.exe
2013-06-30 17:57 - 2013-06-30 17:57 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2013-06-30 17:57 - 2013-06-30 17:57 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-06-30 10:58 - 2013-06-30 10:58 - 00167536 _____ () C:\Users\Tahsin\Downloads\OnlineWeatherSetup-3M80IlG.exe
2013-06-30 10:57 - 2013-06-30 10:57 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-0M6Elbp.exe
2013-06-30 10:56 - 2013-06-30 10:56 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-0ISfsny.exe
2013-06-30 10:54 - 2013-06-30 10:54 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-4NyfsgM.exe
2013-06-28 16:21 - 2013-06-28 16:21 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-28 16:21 - 2013-06-28 16:21 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-06-28 16:19 - 2013-06-28 16:19 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-28 16:19 - 2013-06-28 16:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-28 16:17 - 2013-06-28 16:17 - 33150376 _____ (Oracle Corporation) C:\Users\Tahsin\Downloads\jre-7u25-windows-x64.exe
2013-06-28 16:17 - 2013-06-28 16:17 - 31714216 _____ (Oracle Corporation) C:\Users\Tahsin\Downloads\jre-7u25-windows-i586.exe
2013-06-28 14:57 - 2013-06-28 14:57 - 33578320 _____ (Dropbox, Inc.) C:\Users\Tahsin\Downloads\Dropbox 2.2.8.exe
2013-06-28 07:37 - 2013-06-28 07:37 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-27 19:40 - 2013-07-27 12:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-27 19:40 - 2013-07-13 10:43 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-27 19:40 - 2013-07-13 10:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-27 19:40 - 2013-07-13 10:43 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-27 19:19 - 2013-06-27 19:19 - 00814472 _____ (Adobe Systems Incorporated) C:\Users\Tahsin\Downloads\uninstall_flash_player.exe
2013-06-27 16:50 - 2013-06-27 16:50 - 00000000 ____D C:\Users\Public\Documents\sun
2013-06-27 16:48 - 2013-06-27 16:49 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4.0
2013-06-27 16:39 - 2013-06-27 16:41 - 192004096 _____ C:\Users\Tahsin\Downloads\LibreOffice_4.0.4_Win_x86.msi

==================== One Month Modified Files and Folders =======

2013-07-27 13:08 - 2013-07-27 13:08 - 00357145 _____ (Farbar) C:\Users\Tahsin\Downloads\FSS.exe
2013-07-27 13:08 - 2013-07-27 13:08 - 00004271 _____ C:\Users\Tahsin\Downloads\FSS.txt
2013-07-27 13:04 - 2012-05-26 20:35 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-27 13:01 - 2012-07-26 21:17 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2912419440-2868778846-4110425731-1000UA.job
2013-07-27 12:49 - 2009-07-14 06:45 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-27 12:49 - 2009-07-14 06:45 - 00018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-27 12:40 - 2013-07-27 12:40 - 00296056 _____ C:\Windows\Minidump\072713-74084-01.dmp
2013-07-27 12:40 - 2012-11-10 13:09 - 00037518 _____ C:\Windows\setupact.log
2013-07-27 12:40 - 2012-05-26 20:35 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-27 12:40 - 2011-12-25 19:15 - 00000000 ____D C:\Windows\Minidump
2013-07-27 12:40 - 2009-09-22 17:28 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-27 12:40 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-27 12:39 - 2012-11-15 19:56 - 693878012 _____ C:\Windows\MEMORY.DMP
2013-07-27 12:37 - 2011-10-28 00:03 - 01596458 _____ C:\Windows\WindowsUpdate.log
2013-07-27 12:33 - 2013-06-27 19:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-27 12:21 - 2013-07-27 12:21 - 00448512 _____ (OldTimer Tools) C:\Users\Tahsin\Downloads\TFC.exe
2013-07-27 11:36 - 2013-07-27 11:36 - 00003320 _____ C:\Users\Tahsin\Downloads\YouTube Like Bot by Eroor [Fast].js
2013-07-27 11:36 - 2013-07-27 11:36 - 00002841 _____ C:\Users\Tahsin\Downloads\Facebook Like Bot by Eroor [Fast].js
2013-07-27 11:36 - 2013-07-19 16:16 - 00000000 ____D C:\Users\Tahsin\Documents\iMacros
2013-07-27 11:35 - 2013-07-27 11:35 - 00002784 _____ C:\Users\Tahsin\Downloads\Twitter Follower Bot by Eroor [Fast].js
2013-07-27 11:10 - 2013-07-27 11:10 - 00023516 _____ C:\Users\Tahsin\Downloads\AddMeFastBot-Sourcecode.rar
2013-07-27 11:10 - 2013-07-27 11:10 - 00008906 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1 (2).rar
2013-07-27 10:43 - 2013-07-24 17:33 - 00035010 _____ C:\Users\Tahsin\Downloads\Addition.txt
2013-07-27 10:41 - 2013-07-27 10:41 - 01780407 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64 (1).exe
2013-07-27 02:00 - 2011-11-24 17:47 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Adobe
2013-07-26 23:38 - 2013-07-26 23:38 - 02347384 _____ (ESET) C:\Users\Tahsin\Downloads\esetsmartinstaller_enu.exe
2013-07-26 23:26 - 2013-07-26 23:26 - 00891062 _____ C:\Users\Tahsin\Downloads\SecurityCheck.exe
2013-07-26 23:20 - 2013-06-04 17:24 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-26 23:17 - 2012-11-10 13:09 - 00231676 _____ C:\Windows\PFRO.log
2013-07-26 23:16 - 2013-07-26 23:16 - 00666633 _____ C:\Users\Tahsin\Downloads\adwcleaner.exe
2013-07-26 23:14 - 2013-06-10 19:06 - 00000000 ____D C:\Program Files (x86)\ShareKM
2013-07-26 23:13 - 2013-07-26 23:13 - 00003130 _____ C:\Windows\System32\Tasks\{FB9CFFB8-C159-48DB-80B7-63EEBDBE3EAA}
2013-07-26 21:32 - 2013-07-26 21:32 - 01780233 _____ (Farbar) C:\Users\Tahsin\Downloads\FRST64.exe
2013-07-26 21:30 - 2012-07-26 21:17 - 00001072 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2912419440-2868778846-4110425731-1000Core.job
2013-07-26 16:39 - 2013-05-04 15:35 - 00004208 _____ C:\Windows\System32\Tasks\Software Updater
2013-07-26 16:39 - 2013-05-04 15:35 - 00004148 _____ C:\Windows\System32\Tasks\Software Updater Ui
2013-07-26 16:37 - 2013-07-26 16:37 - 00001924 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-26 16:37 - 2013-06-04 17:24 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-26 16:33 - 2013-03-12 00:37 - 00000000 ____D C:\Program Files (x86)\TomTom HOME 2
2013-07-26 16:32 - 2012-07-01 12:46 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
2013-07-26 16:32 - 2012-01-18 15:29 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\gtk-2.0
2013-07-26 16:32 - 2011-10-28 00:09 - 00000000 ___RD C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-26 16:32 - 2011-10-28 00:03 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wiederherstellungsmanager
2013-07-26 16:32 - 2011-10-28 00:03 - 00000000 ____D C:\Users\Tahsin
2013-07-26 16:32 - 2009-07-14 09:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-26 16:32 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-26 16:32 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-26 16:31 - 2013-07-24 18:03 - 00000000 ____D C:\ComboFix
2013-07-26 16:31 - 2013-07-24 18:01 - 00000000 ____D C:\Windows\erdnt
2013-07-26 16:31 - 2013-07-24 17:45 - 00000000 ____D C:\Windows\ERUNT
2013-07-26 16:31 - 2013-07-21 19:34 - 00000000 ____D C:\Users\Tahsin\Downloads\Grobold Font   dafont.com_files
2013-07-26 16:31 - 2013-07-10 18:00 - 00000000 ____D C:\Users\Tahsin\AppData\Local\ext_piccshare
2013-07-26 16:31 - 2013-06-09 15:08 - 00000000 ____D C:\ProgramData\BitRaider
2013-07-26 16:31 - 2013-05-30 17:13 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-07-26 16:31 - 2011-11-12 12:58 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-26 16:31 - 2011-10-28 11:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-26 16:31 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-07-26 16:30 - 2012-05-04 14:07 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Skype
2013-07-26 16:28 - 2013-06-09 15:08 - 00000000 ____D C:\Users\Public\Documents\BitRaider
2013-07-26 16:28 - 2012-07-21 20:16 - 00000000 ____D C:\Users\Public\Sony Online Entertainment
2013-07-26 16:07 - 2012-01-04 05:23 - 00000000 ____D C:\ProgramData\Recovery
2013-07-26 01:09 - 2013-07-26 00:34 - 00000000 ____D C:\Users\Tahsin\Desktop\VW
2013-07-25 18:33 - 2013-07-25 18:33 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-25 14:28 - 2013-07-21 11:49 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\PremiumCraft
2013-07-25 12:25 - 2013-07-25 12:25 - 00001069 _____ C:\AdwCleaner[S2].txt
2013-07-25 00:30 - 2013-07-23 01:44 - 00000000 ____D C:\Users\Tahsin\Desktop\2013-07 (Jul)
2013-07-24 18:03 - 2013-07-24 18:01 - 00000000 ____D C:\Qoobox
2013-07-24 17:58 - 2013-07-24 17:58 - 00003590 _____ C:\Users\Tahsin\Desktop\JRT.txt
2013-07-24 17:31 - 2013-07-24 17:31 - 00000000 ____D C:\FRST
2013-07-24 17:20 - 2013-07-24 17:20 - 00422944 _____ C:\Users\Tahsin\Downloads\PremiumCraft_2.1.0.1.rar
2013-07-24 11:11 - 2013-07-24 11:11 - 00030998 _____ C:\Users\Tahsin\Downloads\emaaaails.txt
2013-07-23 18:11 - 2012-01-18 15:18 - 00000000 ____D C:\Users\Tahsin\.gimp-2.6
2013-07-23 18:10 - 2013-07-23 18:10 - 00003361 _____ C:\Users\Tahsin\.recently-used.xbel
2013-07-23 15:09 - 2013-07-23 15:00 - 00000000 ____D C:\Users\Tahsin\Desktop\Unbenannt
2013-07-23 14:57 - 2013-07-23 14:57 - 00000000 ____D C:\Users\Tahsin\Desktop\gr
2013-07-23 14:02 - 2013-07-23 14:02 - 19152896 _____ C:\Users\Tahsin\Desktop\AMF Bot Video.camrec
2013-07-23 11:37 - 2013-07-23 11:37 - 00023753 _____ C:\Users\Tahsin\Documents\Ihrlenkungsspezialist.odt
2013-07-23 03:10 - 2013-07-23 03:10 - 00586896 _____ C:\Users\Tahsin\Downloads\RE Retourenlabel zu Ihrer DHL Sendung 412668179.eml
2013-07-22 17:30 - 2013-07-22 17:30 - 00000000 _____ C:\Users\Tahsin\Desktop\Neue Bitmap.bmp
2013-07-22 17:21 - 2013-07-22 17:21 - 00001060 _____ C:\Users\Tahsin\Documents\YouTube Like Treasures.txt
2013-07-21 19:34 - 2013-07-21 19:34 - 00018889 _____ C:\Users\Tahsin\Downloads\Grobold Font   dafont.com.htm
2013-07-21 18:43 - 2013-07-21 18:43 - 00001278 _____ C:\Users\Tahsin\Downloads\addmefastbotfblikes.rar
2013-07-21 14:24 - 2013-07-21 14:24 - 00041618 _____ C:\Users\Tahsin\Desktop\Neues Textdokument (2).txt
2013-07-21 13:44 - 2013-07-21 13:44 - 00009272 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1 (1).rar
2013-07-21 11:48 - 2013-07-21 11:48 - 00422927 _____ C:\Users\Tahsin\Downloads\PremiumCraft_2.1.0.rar
2013-07-20 18:16 - 2013-07-20 18:16 - 00002125 _____ C:\Users\Tahsin\Desktop\iMacros for IE10.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00002031 _____ C:\Users\Tahsin\Desktop\iMacros 9.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00001290 _____ C:\Users\Tahsin\Desktop\iMacros Scripting Interface Sample.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00001168 _____ C:\Users\Tahsin\Desktop\iMacros Batch Sample.lnk
2013-07-20 18:16 - 2013-07-20 18:16 - 00000874 _____ C:\Users\Tahsin\Desktop\Examples.lnk
2013-07-20 18:02 - 2013-07-20 18:02 - 32409360 _____ (iOpus                                                       ) C:\Users\Tahsin\Downloads\iMacros-Setup.exe
2013-07-20 18:02 - 2013-07-20 18:02 - 00269967 _____ C:\Users\Tahsin\Downloads\imacros_for_firefox-8.3.0-fx.xpi
2013-07-20 18:00 - 2013-07-20 17:59 - 49868140 _____ C:\Users\Tahsin\Downloads\iMacrosWikiOfflineVersion.zip
2013-07-20 16:32 - 2013-07-20 16:29 - 00003191 _____ C:\Users\Tahsin\Downloads\zp_facebook.zip
2013-07-20 14:31 - 2013-07-20 14:23 - 00000000 ____D C:\Program Files (x86)\Opera
2013-07-20 14:28 - 2013-07-20 14:28 - 00003506 _____ C:\Windows\System32\Tasks\DealPly
2013-07-20 14:28 - 2013-07-20 14:28 - 00000000 ____D C:\Program Files (x86)\iOpus
2013-07-20 14:27 - 2013-07-20 14:27 - 02026456 _____ C:\Users\Tahsin\Downloads\imacros.exe
2013-07-20 14:23 - 2013-07-20 14:23 - 31022640 _____ (Opera Software ASA) C:\Users\Tahsin\Downloads\Opera_15.0.1147.141_Setup.exe
2013-07-20 14:23 - 2013-07-20 14:23 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Opera Software
2013-07-20 14:23 - 2013-07-20 14:23 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Opera Software
2013-07-20 10:42 - 2013-07-20 10:00 - 00000000 ____D C:\Program Files\Easy-Hide-IP
2013-07-20 10:40 - 2013-07-20 10:39 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Steganos VPN
2013-07-20 10:39 - 2013-07-20 10:37 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Steganos
2013-07-20 10:37 - 2013-07-20 10:37 - 14696720 _____ (Steganos Software GmbH) C:\Users\Tahsin\Downloads\okayfreedomwr110.exe
2013-07-20 10:36 - 2013-07-20 10:00 - 00003520 _____ C:\Windows\SysWOW64\EasyRedirect.ini
2013-07-20 10:36 - 2013-07-20 10:00 - 00002040 _____ C:\Windows\SysWOW64\EasyRedirectOff.ini
2013-07-20 10:36 - 2013-07-20 10:00 - 00002040 _____ C:\Windows\system32\EasyRedirectOff.ini
2013-07-20 10:26 - 2013-07-20 10:02 - 00000000 ____D C:\ProgramData\notracks.com
2013-07-20 10:00 - 2013-07-20 10:00 - 06248752 _____ (EasyTech                                                    ) C:\Users\Tahsin\Downloads\easy-hide-ip-5.0.0.3.1.exe
2013-07-19 22:51 - 2013-07-19 22:51 - 00000584 _____ C:\Users\Tahsin\Downloads\AMF.12.Script.34.DADEX.rar
2013-07-19 17:22 - 2013-07-19 17:22 - 05835181 _____ C:\Users\Tahsin\Downloads\proxies.txt
2013-07-19 17:21 - 2013-07-19 17:21 - 00041618 _____ C:\Users\Tahsin\Downloads\proxy (1).txt
2013-07-19 17:20 - 2013-07-19 17:20 - 00041618 _____ C:\Users\Tahsin\Downloads\proxy.txt
2013-07-19 16:17 - 2013-07-19 16:17 - 00000279 _____ C:\Users\Tahsin\Downloads\YT-BOT-ADDMEFAST.iim
2013-07-19 15:42 - 2013-07-19 15:42 - 00009272 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot_update1.rar
2013-07-19 11:31 - 2011-11-18 15:20 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-07-19 11:31 - 2011-11-18 14:49 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-07-19 11:31 - 2011-11-18 14:49 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-07-19 05:19 - 2009-09-23 03:14 - 00698124 _____ C:\Windows\system32\perfh007.dat
2013-07-19 05:19 - 2009-09-23 03:14 - 00148820 _____ C:\Windows\system32\perfc007.dat
2013-07-19 05:19 - 2009-07-14 07:13 - 01616954 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-18 23:16 - 2012-11-16 17:18 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-18 09:57 - 2009-07-14 06:45 - 05063512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-18 09:56 - 2013-07-18 09:56 - 00291752 _____ C:\Windows\Minidump\071813-42588-01.dmp
2013-07-17 19:48 - 2011-11-12 12:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Origin
2013-07-17 19:48 - 2011-11-12 12:59 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Origin
2013-07-17 19:27 - 2011-10-28 00:08 - 00132576 _____ C:\Users\Tahsin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-17 18:38 - 2013-07-17 18:38 - 00017385 _____ C:\Users\Tahsin\Desktop\Quizfragen 22 Stück.ods
2013-07-17 18:02 - 2013-07-17 18:02 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\OpenOffice.org
2013-07-17 18:00 - 2013-07-17 18:00 - 00000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2013-07-17 17:59 - 2013-07-17 17:58 - 152249762 _____ C:\Users\Tahsin\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
2013-07-17 17:13 - 2013-04-30 15:36 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Spotify
2013-07-17 17:10 - 2013-04-30 15:36 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Spotify
2013-07-15 00:20 - 2013-07-15 00:20 - 00291744 _____ C:\Windows\Minidump\071513-45567-01.dmp
2013-07-15 00:09 - 2013-07-15 00:09 - 00020678 _____ C:\Users\Tahsin\Downloads\HesapHareketleri.do
2013-07-14 18:02 - 2012-02-10 17:15 - 00000132 _____ C:\Users\Tahsin\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-07-14 13:25 - 2013-07-14 13:25 - 00000956 _____ C:\Users\Tahsin\Desktop\Guild Wars 2.lnk
2013-07-13 11:06 - 2013-01-25 23:52 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 10:59 - 2012-05-26 20:35 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 10:59 - 2012-05-26 20:35 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 10:43 - 2013-07-13 10:43 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Tahsin\Downloads\Shockwave_Installer_Slim (2).exe
2013-07-13 10:43 - 2013-06-27 19:40 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-13 10:43 - 2013-06-27 19:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-13 10:43 - 2013-06-27 19:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-13 10:43 - 2011-11-12 22:28 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-07-12 20:56 - 2012-07-26 21:17 - 00004096 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2912419440-2868778846-4110425731-1000UA
2013-07-12 20:56 - 2012-07-26 21:17 - 00003700 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2912419440-2868778846-4110425731-1000Core
2013-07-12 19:38 - 2013-07-12 19:38 - 00007684 _____ C:\Users\Tahsin\Downloads\AddMeFast-Bot.rar
2013-07-11 15:02 - 2013-07-11 15:01 - 00291744 _____ C:\Windows\Minidump\071113-41402-01.dmp
2013-07-11 09:04 - 2013-03-13 17:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 09:04 - 2013-03-13 17:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 09:04 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 09:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 09:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 02:38 - 2011-11-02 13:52 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 02:37 - 2012-06-04 18:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 18:00 - 2011-11-04 16:57 - 00000000 ____D C:\Users\Tahsin\AppData\Local\Google
2013-07-10 18:00 - 2011-11-04 16:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\PiccShare
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Common
2013-07-10 17:59 - 2013-07-10 17:59 - 00000000 ____D C:\Program Files (x86)\Axife Mouse Recorder DEMO
2013-07-10 17:58 - 2013-07-10 17:58 - 00393064 _____ (Softonic                                        ) C:\Users\Tahsin\Downloads\SoftonicDownloader_fuer_axife-mouse-recorder.exe
2013-07-10 17:58 - 2013-07-10 17:54 - 00000000 ____D C:\Program Files (x86)\GhostMouse
2013-07-10 17:53 - 2013-07-10 17:53 - 00910736 _____ (ghost-mouse.com                                             ) C:\Users\Tahsin\Downloads\GhostMouse321-Setup.exe
2013-07-10 09:56 - 2011-10-28 11:51 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Mozilla
2013-07-05 17:39 - 2013-07-05 17:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-05 17:39 - 2012-05-04 14:06 - 00000000 ____D C:\ProgramData\Skype
2013-07-05 17:37 - 2013-07-05 17:37 - 31954536 _____ (Skype Technologies S.A.) C:\Users\Tahsin\Downloads\SkypeSetup66Full.exe
2013-07-05 17:36 - 2013-07-05 17:36 - 22716480 _____ (ArenaNet) C:\Users\Tahsin\Downloads\Gw2Setup.exe
2013-07-02 21:05 - 2013-07-02 21:04 - 39358651 _____ C:\Users\Tahsin\Downloads\bg Raw File.rar
2013-07-02 19:48 - 2013-07-02 19:48 - 00291744 _____ C:\Windows\Minidump\070213-15303-01.dmp
2013-07-01 19:04 - 2013-07-01 19:04 - 00057012 _____ C:\Users\Tahsin\Downloads\Rechnung zu Order-ID 3133899 -  304-3212191-5198757 vom 21.06.2013 182556.zip
2013-06-30 20:29 - 2013-06-30 20:28 - 00291744 _____ C:\Windows\Minidump\063013-36519-01.dmp
2013-06-30 18:17 - 2013-06-30 18:17 - 02596440 _____ (Sandboxie Holdings, LLC) C:\Users\Tahsin\Downloads\SandboxieInstall.exe
2013-06-30 17:57 - 2013-06-30 17:57 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2013-06-30 17:57 - 2013-06-30 17:57 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2013-06-30 10:58 - 2013-06-30 10:58 - 00167536 _____ () C:\Users\Tahsin\Downloads\OnlineWeatherSetup-3M80IlG.exe
2013-06-30 10:57 - 2013-06-30 10:57 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-0M6Elbp.exe
2013-06-30 10:56 - 2013-06-30 10:56 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-0ISfsny.exe
2013-06-30 10:54 - 2013-06-30 10:54 - 00167304 _____ () C:\Users\Tahsin\Downloads\7ZipSetup-4NyfsgM.exe
2013-06-30 10:22 - 2011-10-28 11:22 - 00004996 _____ C:\Windows\System32\Tasks\PCDRScheduledMaintenance
2013-06-30 10:22 - 2011-10-28 11:22 - 00000552 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-06-28 16:21 - 2013-06-28 16:21 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-28 16:21 - 2013-06-28 16:21 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-06-28 16:21 - 2013-06-04 17:41 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-28 16:21 - 2013-06-04 17:41 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-28 16:21 - 2012-08-31 12:57 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-06-28 16:21 - 2012-08-31 12:57 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-06-28 16:21 - 2012-08-31 12:57 - 00000000 ____D C:\Program Files\Java
2013-06-28 16:19 - 2013-06-28 16:19 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-28 16:19 - 2013-06-28 16:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-28 16:19 - 2013-01-23 20:07 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-28 16:19 - 2013-01-23 20:07 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-28 16:19 - 2012-08-31 12:56 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-28 16:19 - 2011-11-12 00:21 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-28 16:17 - 2013-06-28 16:17 - 33150376 _____ (Oracle Corporation) C:\Users\Tahsin\Downloads\jre-7u25-windows-x64.exe
2013-06-28 16:17 - 2013-06-28 16:17 - 31714216 _____ (Oracle Corporation) C:\Users\Tahsin\Downloads\jre-7u25-windows-i586.exe
2013-06-28 15:37 - 2012-06-29 19:00 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Dropbox
2013-06-28 15:01 - 2012-06-29 19:01 - 00000000 ___RD C:\Users\Tahsin\Dropbox
2013-06-28 14:58 - 2012-12-24 20:01 - 00000000 ____D C:\Users\Tahsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-06-28 14:57 - 2013-06-28 14:57 - 33578320 _____ (Dropbox, Inc.) C:\Users\Tahsin\Downloads\Dropbox 2.2.8.exe
2013-06-28 07:37 - 2013-06-28 07:37 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-06-28 07:37 - 2013-06-26 19:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-06-28 07:37 - 2013-06-26 19:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-06-28 07:37 - 2013-06-04 17:24 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-06-28 07:37 - 2013-06-04 17:24 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-06-28 07:37 - 2013-06-04 17:24 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-06-28 07:37 - 2011-11-12 13:04 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-06-27 19:19 - 2013-06-27 19:19 - 00814472 _____ (Adobe Systems Incorporated) C:\Users\Tahsin\Downloads\uninstall_flash_player.exe
2013-06-27 16:50 - 2013-06-27 16:50 - 00000000 ____D C:\Users\Public\Documents\sun
2013-06-27 16:49 - 2013-06-27 16:48 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4.0
2013-06-27 16:41 - 2013-06-27 16:39 - 192004096 _____ C:\Users\Tahsin\Downloads\LibreOffice_4.0.4_Win_x86.msi

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-26 04:10

==================== End Of Log ============================
         
--- --- ---

Alt 27.07.2013, 12:23   #12
schrauber
/// the machine
/// TB-Ausbilder
 

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen - Standard

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen



Downloade dir bitte Windows Repair (All In One) von hier.
  • Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
  • Klicke auf Step 2 und drücke unter Check Disk auf Do It.

  • Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.

  • Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.

  • Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
  • Hake Restart System when Finished an.
  • Drücke Start.



danach bitte ein frisches FSS log.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.07.2013, 14:35   #13
-Tahsin
 
FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen - Standard

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen



FSS
Zitat:
Farbar Service Scanner Version: 26-07-2013
Ran by Tahsin (administrator) on 27-07-2013 at 15:34:51
Running from "C:\Users\Tahsin\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Alt 27.07.2013, 18:00   #14
schrauber
/// the machine
/// TB-Ausbilder
 

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen - Standard

FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen



Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen
andere, anderen, ausgeführt, befolgt, brauche, einfach, eingefangen, entferne, entfernen, fbdownloader, gefangen, gen, hilfe, hilfreich, loader, programme, regeln, scan, schonmal, schritte, threads, überhaupt, überprüfe, überprüfen




Ähnliche Themen: FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen


  1. PC infiziert (vorher) + Win32/Obfuscator.XZ
    Plagegeister aller Art und deren Bekämpfung - 29.10.2014 (34)
  2. feed.safefinder.com entfernen und System auf Viren überprüfen
    Log-Analyse und Auswertung - 20.09.2014 (12)
  3. Entfernen von http://search.fbdownloader.com/?channel=de_nt
    Plagegeister aller Art und deren Bekämpfung - 03.08.2014 (6)
  4. http://search.fbdownloader.com/?channel=de_nt entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.08.2014 (3)
  5. Fbdownloader search entfernen
    Plagegeister aller Art und deren Bekämpfung - 08.12.2013 (9)
  6. fbdownloader entfernen
    Anleitungen, FAQs & Links - 21.10.2013 (2)
  7. fbdownloader entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.09.2013 (13)
  8. fbDownloader vollständig entfernen
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (10)
  9. fbDownloader vollständig entfernen
    Plagegeister aller Art und deren Bekämpfung - 02.08.2013 (19)
  10. fbDownloader entfernen
    Plagegeister aller Art und deren Bekämpfung - 29.07.2013 (4)
  11. FBdownloader lässt sich nicht endgültig entfernen (Reste in Chrome sichtbar)
    Plagegeister aller Art und deren Bekämpfung - 24.06.2013 (11)
  12. FbDownloader lässt sich nicht entfernen
    Log-Analyse und Auswertung - 11.03.2013 (3)
  13. fbDownloader entfernen
    Log-Analyse und Auswertung - 18.02.2013 (23)
  14. Pc viel langsamer als vorher
    Log-Analyse und Auswertung - 30.12.2008 (5)
  15. Vorher vs. nachher. Auffälligkeiten?
    Log-Analyse und Auswertung - 09.05.2006 (10)
  16. logfile vorher fixen?!?
    Log-Analyse und Auswertung - 27.07.2005 (2)
  17. Hilfe!Existenz gefährdet
    Log-Analyse und Auswertung - 19.02.2005 (5)

Zum Thema FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen - Hallo, ich hab mir den FBDownloader eingefangen und brauche jetzt eure Hilfe den zu entfernen. Leider habe ich, ohne vorher die Regeln durchzulesen, einige Schritte einfach so von anderen Threads - FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen...
Archiv
Du betrachtest: FBDownloader entfernen - Bzw. vorher auf Existenz überprüfen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.