Abstürze und Probleme mit Netzerkkonnektivität bei Outlook, Internet Explorer und Chrome

The Idler · 22.08.2013, 23:23

Hallo,

folgendes tut sich auf meinem Computer:

Outlook hängt beim Senden/Empfangen. Es lässt sich beim Starten, wo das automatisch passiert, noch 1x durchführen danach hängt das Sende/Empfange Fenster. Ich kann dann noch arbeiten aber nicht mehr senden oder empfangen. Beenden lässt sich Outlook dann nur noch über den Taskmanager. (In der Praxis heißt das, dass ich beim Starten von Outlook E-Mails empfangen kann. Schreibe ich eine Antwort, muss ich diese als Entwurf speichern, senden und Outlook über den Taskmanager schließen. Danach starte ich Outlook und Senden/Empfangen funktioniert genau 1x, meine E-Mail ist dann im Postausgang und geht raus. Danach ist wieder nichts mit Senden/Empfangen. Dies betrifft mehrere E-Mails-Konten die eingerichtet sind, genauer gesagt alle.

Internet Explorer und Chrome (exakter: Comodo Dragon) laden sporadisch Webseiten. Mal geht es und dann wieder nicht. Internet Explorer hat Probleme beim Download von Dateien: "Smartscreen-Filter kann nicht erreicht warden.

Mein dritter Browser, Firefox (exakter: Comodo Dragon), funktioniert immer fehlerfrei. Auch andere Programme wie Skype funktionieren normal.

Das Ganze geht seit 1-2 Wochen so. Ich habe Comodo Internet Security und AVG Antivirus deinstalliert und Avira installiert. Leider ohne Wirkung.

Mein System:
Windows 8 Pro mit Media Center x64 build 6.2.9200
Office 2010 (Outlook 2010)

Was könnte das sein?

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2013 02
Ran by *replaced* at 2013-08-22 22:28:45
Running from C:\Users\*replaced*\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
µTorrent (x32 Version: 3.2.0)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
aptics Pointing Device Driver (Version: 15.2.20.0)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Babylon (x32)
CameraHelperMsi (x32 Version: 13.51.815.0)
Canon MG5200 series MP Drivers
Command & Conquer™ Red Alert™ 3 Uprising (x32 Version: 1.0.1.0)
Comodo Dragon (x32 Version: 28.1.0.0)
Comodo IceDragon (x32 Version: 22.0.0.1)
CrystalDiskInfo 5.4.2 Shizuku Edition (x32 Version: 5.4.2)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
EMET 4.0 (x32 Version: 4.0)
erLT (x32 Version: 1.20.138.34)
Foxit Reader (x32 Version: 6.0.6.722)
GO Contact Sync Mod (x32 Version: 3.5.24)
Google Drive (x32 Version: 1.11.4865.2530)
Google Talk Plugin (x32 Version: 4.4.2.14502)
Google Update Helper (x32 Version: 1.3.21.153)
inSSIDer 3 (x32 Version: 3.0.7.48)
ISO Recorder (Version: 3.1.0)
Logitech Webcam Software (x32 Version: 2.80)
LWS Facebook (x32 Version: 13.50.854.0)
LWS Gallery (x32 Version: 13.51.827.0)
LWS Help_main (x32 Version: 13.51.828.0)
LWS Launcher (x32 Version: 13.51.828.0)
LWS Motion Detection (x32 Version: 13.51.815.0)
LWS Pictures And Video (x32 Version: 13.51.815.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Webcam Software (x32 Version: 13.51.815.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.31.1038.0)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Expression Encoder 4 (x32 Version: 4.0.4276.0)
Microsoft Expression Encoder 4 Screen Capture Codec (x32 Version: 4.0.4276.0)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office IME (Chinese (Simplified)) 2010 (Version: 14.0.7015.1000)
Microsoft Office IME (Chinese (Simplified)) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office IME (Chinese (Traditional)) 2010 (Version: 14.0.7015.1000)
Microsoft Office IME (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office IME (Japanese) 2010 (Version: 14.0.7015.1000)
Microsoft Office IME (Japanese) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office IME (Korean) 2010 (Version: 14.0.7015.1000)
Microsoft Office IME (Korean) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Arabic) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Basque) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Bulgarian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Catalan) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Chinese (Simplified)) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Chinese (Traditional)) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Croatian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Czech) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Danish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Dutch) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Estonian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Finnish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Galician) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Greek) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Gujarati) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Hebrew) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Hindi) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Hungarian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Japanese) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Kannada) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Kazakh) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Korean) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Latvian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Lithuanian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Marathi) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Norwegian (Bokmål)) 2010 (x32 Version: 14.0.4999.1028)
Microsoft Office Proof (Norwegian (Nynorsk)) 2010 (x32 Version: 14.0.4999.1028)
Microsoft Office Proof (Polish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Portuguese (Portugal)) 2010 (x32 Version: 14.0.4999.1028)
Microsoft Office Proof (Punjabi) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Romanian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Russian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Serbian (Latin)) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Slovak) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Slovenian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Swedish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Tamil) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Telugu) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Thai) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Turkish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Ukrainian) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Urdu) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing Kit 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing Tools Kit Compilation 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office ProofMUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Standard 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Visio 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Visio MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visio Premium 2010 (x32 Version: 14.0.7015.1000)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3505.0912)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Paint.NET v3.5.11 (Version: 3.61.0)
Password Safe (x32)
Photo Common (x32 Version: 16.4.3505.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
PrimoPDF -- brought to you by Nitro PDF Software (x32 Version: 5)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)
Secunia PSI (3.0.0.4001) (x32 Version: 3.0.0.4001)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Skype™ 6.6 (x32 Version: 6.6.106)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Trillian (x32)
TrueCrypt (x32 Version: 7.1a)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.7 (Version: 2.0.7)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)

==================== Restore Points  =========================

18-08-2013 13:14:48 Installed GO Contact Sync Mod
22-08-2013 20:04:25 Installed EMET 4.0

==================== Hosts content: ==========================

2012-07-26 07:26 - 2013-01-08 18:11 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0D01A56C-8C2D-4B7B-8495-4B9A146E7E87} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {15D71C0A-BAAD-4C57-A9A3-D9E32B577149} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1976D235-F62E-4255-B0A2-F5C565C83DFE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {260F3BE6-6062-4B46-B269-8F1BBA899446} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2012-07-26] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {3D160C00-B9D2-4E89-A950-B135FB9A0820} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {3F76D881-ADC7-42B2-902D-708643302A91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-12] (Adobe Systems Incorporated)
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {491B4BCC-39A6-49C4-B411-D62377D6CDBB} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {8F201B27-5AD4-4334-9200-FBD83AC0AECB} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {9138166D-6253-4A11-8ED4-18471B313B93} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A06967D4-A4A9-4ACA-8931-CBB3B1D072C3} - System32\Tasks\{A61BBC38-7D3F-4ADC-ACA0-3A225A608B5B} => c:\program files\internet explorer\iexplore.exe [2013-07-26] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {A85AC938-65F4-4056-BEED-110A9A9810C2} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BCE5C217-8F83-4F6D-AAB6-8C01B2F5E9A5} - System32\Tasks\CrystalDiskInfo => C:\Program Files (x86)\CrystalDiskInfo\DiskInfoS.exe [2013-03-06] (Crystal Dew World)
Task: {C171610F-5902-40C8-9E05-2793CBEDB09E} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {C9586687-2D98-42D3-BA0A-D9FD5FA8C13E} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {CBA2CD45-976C-49D0-8F00-0FC2982E0A86} - System32\Tasks\User_Feed_Synchronization-{4E6FBDAF-E8FB-47FD-8E08-3703492983D2} => C:\Windows\system32\msfeedssync.exe [2012-07-26] (Microsoft Corporation)
Task: {CD0B4CF4-C3A3-48DE-A72D-70D76B415CAE} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3155787074-1265918781-1706113256-2647
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D12D7EC5-DD4F-498A-8131-D12427ED71B9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3155787074-1265918781-1706113256-2647UA => C:\Users\*replaced*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14] (Google Inc.)
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DC83FEBE-B8A5-4284-BEFA-4A4C05F2543B} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EA1A6717-E388-4EDD-B8CC-E14162021218} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F7FBDC99-C758-4EAC-A767-F237EBC6FC2B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {F8640014-7B3D-418C-9EE5-E2F28C9CDFEE} - System32\Tasks\Boot into desktop => C:\Users\*replaced*\Documents\Deskboot.scf [2012-08-27] ()
Task: {FAABE651-EEF3-4773-A65E-3D619F22735E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe No File
Task: {FAD736F0-3DF4-4296-9034-4BEEC4BFFD57} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3155787074-1265918781-1706113256-2647Core => C:\Users\*replaced*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155787074-1265918781-1706113256-2647Core.job => C:\Users\*replaced*\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155787074-1265918781-1706113256-2647UA.job => C:\Users\*replaced*\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Faulty Device Manager Devices =============

Name: Agere Systems HDA Modem
Description: Agere Systems HDA Modem
Class Guid: {4d36e96d-e325-11ce-bfc1-08002be10318}
Manufacturer: Agere
Service: Modem
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/22/2013 10:26:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: *replaced*)
Description: Activation of app 13387RevolutionSoftware.SaveTheDate_ey93dt8f74erj!App failed with error: -2144927140 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/22/2013 10:24:41 PM) (Source: Application Hang) (User: )
Description: The program explorer.exe version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cdc

Start Time: 01ce9f7559f87249

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: de9a562b-0b68-11e3-bfd6-c417fe06ebae

Faulting package full name: 

Faulting package-relative application ID:

Error: (08/22/2013 10:22:54 PM) (Source: Application Hang) (User: )
Description: The program OUTLOOK.EXE version 14.0.7012.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 128c

Start Time: 01ce9f741c702f48

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

Report Id: 9fa9b15d-0b68-11e3-bfd6-c417fe06ebae

Faulting package full name: 

Faulting package-relative application ID:

Error: (08/22/2013 10:22:40 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e60

Start Time: 01ce9f73ec07d3d8

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: 969c197f-0b68-11e3-bfd6-c417fe06ebae

Faulting package full name: 

Faulting package-relative application ID:

Error: (08/22/2013 10:17:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR(1).exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x00051f81
Faulting process id: 0x4dc
Faulting application start time: 0xaswMBR(1).exe0
Faulting application path: aswMBR(1).exe1
Faulting module path: aswMBR(1).exe2
Report Id: aswMBR(1).exe3
Faulting package full name: aswMBR(1).exe4
Faulting package-relative application ID: aswMBR(1).exe5

Error: (08/22/2013 10:10:43 PM) (Source: Application Hang) (User: )
Description: The program OUTLOOK.EXE version 14.0.7012.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e2c

Start Time: 01ce9f735c45f6c3

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

Report Id: eba3ab1f-0b66-11e3-bfd5-00262d79d176

Faulting package full name: 

Faulting package-relative application ID:

Error: (08/22/2013 10:08:19 PM) (Source: Application Hang) (User: )
Description: The program OUTLOOK.EXE version 14.0.7012.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 139c

Start Time: 01ce9f7337205143

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

Report Id: 963cea1a-0b66-11e3-bfd5-00262d79d176

Faulting package full name: 

Faulting package-relative application ID:

Error: (08/22/2013 09:56:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: ti94055o.exe, version: 2.1.19163.0, time stamp: 0x515d31f0
Faulting module name: ti94055o.exe, version: 2.1.19163.0, time stamp: 0x515d31f0
Exception code: 0xc0000005
Fault offset: 0x0000218a
Faulting process id: 0x1194
Faulting application start time: 0xti94055o.exe0
Faulting application path: ti94055o.exe1
Faulting module path: ti94055o.exe2
Report Id: ti94055o.exe3
Faulting package full name: ti94055o.exe4
Faulting package-relative application ID: ti94055o.exe5

Error: (08/22/2013 09:48:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR(1).exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x00051f81
Faulting process id: 0xb24
Faulting application start time: 0xaswMBR(1).exe0
Faulting application path: aswMBR(1).exe1
Faulting module path: aswMBR(1).exe2
Report Id: aswMBR(1).exe3
Faulting package full name: aswMBR(1).exe4
Faulting package-relative application ID: aswMBR(1).exe5

Error: (08/22/2013 09:46:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR(1).exe, version: 0.9.9.1771, time stamp: 0x5147644e
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000005
Fault offset: 0x00051f81
Faulting process id: 0xe20
Faulting application start time: 0xaswMBR(1).exe0
Faulting application path: aswMBR(1).exe1
Faulting module path: aswMBR(1).exe2
Report Id: aswMBR(1).exe3
Faulting package full name: aswMBR(1).exe4
Faulting package-relative application ID: aswMBR(1).exe5


System errors:
=============
Error: (08/22/2013 10:11:28 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (08/22/2013 10:02:31 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (08/22/2013 09:08:02 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (08/22/2013 08:31:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (08/22/2013 07:41:12 PM) (Source: Microsoft-Windows-GroupPolicy) (User: *replaced*)
Description: The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (08/22/2013 07:39:59 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (08/22/2013 07:39:28 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (08/22/2013 07:38:40 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5

Error: (08/22/2013 07:38:40 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5

Error: (08/22/2013 07:26:13 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.


Microsoft Office Sessions:
=========================
Error: (08/22/2013 10:26:54 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: *replaced*)
Description: 13387RevolutionSoftware.SaveTheDate_ey93dt8f74erj!App-2144927140

Error: (08/22/2013 10:24:41 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.2.9200.16628cdc01ce9f7559f872490C:\Windows\explorer.exede9a562b-0b68-11e3-bfd6-c417fe06ebae

Error: (08/22/2013 10:22:54 PM) (Source: Application Hang)(User: )
Description: OUTLOOK.EXE14.0.7012.1000128c01ce9f741c702f484294967295C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE9fa9b15d-0b68-11e3-bfd6-c417fe06ebae

Error: (08/22/2013 10:22:40 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.2.9200.16628e6001ce9f73ec07d3d80C:\Windows\Explorer.EXE969c197f-0b68-11e3-bfd6-c417fe06ebae

Error: (08/22/2013 10:17:52 PM) (Source: Application Error)(User: )
Description: aswMBR(1).exe0.9.9.17715147644entdll.dll6.2.9200.16578515fac6ec000000500051f814dc01ce9f7489c4d054C:\Users\*replaced*\Downloads\aswMBR(1).exeC:\Windows\SYSTEM32\ntdll.dllebe6e4ba-0b67-11e3-bfd6-c417fe06ebae

Error: (08/22/2013 10:10:43 PM) (Source: Application Hang)(User: )
Description: OUTLOOK.EXE14.0.7012.1000e2c01ce9f735c45f6c34294967295C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXEeba3ab1f-0b66-11e3-bfd5-00262d79d176

Error: (08/22/2013 10:08:19 PM) (Source: Application Hang)(User: )
Description: OUTLOOK.EXE14.0.7012.1000139c01ce9f73372051434294967295C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE963cea1a-0b66-11e3-bfd5-00262d79d176

Error: (08/22/2013 09:56:57 PM) (Source: Application Error)(User: )
Description: ti94055o.exe2.1.19163.0515d31f0ti94055o.exe2.1.19163.0515d31f0c00000050000218a119401ce9f717cd2691eC:\Users\*replaced*\Downloads\ti94055o.exeC:\Users\*replaced*\Downloads\ti94055o.exeffdd5a9a-0b64-11e3-bfd4-c417fe06ebae

Error: (08/22/2013 09:48:41 PM) (Source: Application Error)(User: )
Description: aswMBR(1).exe0.9.9.17715147644entdll.dll6.2.9200.16578515fac6ec000000500051f81b2401ce9f707eaabc04C:\Users\*replaced*\Downloads\aswMBR(1).exeC:\Windows\SYSTEM32\ntdll.dlld7d89380-0b63-11e3-bfd4-c417fe06ebae

Error: (08/22/2013 09:46:57 PM) (Source: Application Error)(User: )
Description: aswMBR(1).exe0.9.9.17715147644entdll.dll6.2.9200.16578515fac6ec000000500051f81e2001ce9f70290f7305C:\Users\*replaced*\Downloads\aswMBR(1).exeC:\Windows\SYSTEM32\ntdll.dll99be891d-0b63-11e3-bfd4-c417fe06ebae


CodeIntegrity Errors:
===================================
  Date: 2013-08-11 21:23:03.729
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-11 21:21:00.839
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-11 21:14:35.593
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-11 21:12:39.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-11 21:12:29.682
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-11 21:06:26.298
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-11 20:40:50.313
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-11 20:38:54.843
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-11 20:38:44.230
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-11 20:37:39.248
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 40%
Total physical RAM: 3956.5 MB
Available physical RAM: 2365.31 MB
Total Pagefile: 7924.5 MB
Available Pagefile: 6217.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.9 GB) (Free:21.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: F98CCDDD)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

==================== End Of Log ============================

defogger_disable.log

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:23 on 22/08/2013 (*replaced*)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST.txt

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by *replaced* (administrator) on 22-08-2013 22:25:49
Running from C:\Users\*replaced*\Downloads
Windows 8 Pro with Media Center (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
() C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\*replaced*\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe
(Babylon Ltd.) C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
(Babylon) C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 4.0\EMET_Agent.exe
(Crystal Dew World) C:\Program Files (x86)\CrystalDiskInfo\DiskInfoS.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 4.0\EMET_GUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(COMODO Security Solutions) C:\Program Files (x86)\Comodo\IceDragon\icedragon.exe
(Mozilla Corporation) C:\Program Files (x86)\Comodo\IceDragon\plugin-container.exe
(Google) C:\Users\*replaced*\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)
HKCU\...\Run: [Google Update] - C:\Users\*replaced*\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-14] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\*replaced*\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-13] (Spotify Ltd)
MountPoints2: {95bfcafd-13e9-11e2-bedb-00262d79d176} - "E:\LaunchU3.exe" -a
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Babylon Client] - C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe [3590224 2013-01-14] (Babylon Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EMET Agent] - C:\Program Files (x86)\EMET 4.0\EMET_agent.exe [78496 2013-06-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
Startup: C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *replaced*
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
SearchScopes: HKCU - DefaultScope {DA1D0AAD-4DB6-4893-B6D1-8CF1E2733BA1} URL = https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english
SearchScopes: HKCU - {15E0A161-FCF5-4192-BFB8-90D1669949F9} URL = hxxp://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
SearchScopes: HKCU - {4715856C-73CD-4C64-AEE8-BF4C3283EC12} URL = hxxp://thepiratebay.org/search/{searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {78460D16-90A3-433B-A5DD-AEC2B68AD55B} URL = hxxp://duckduckgo.com/?q={searchTerms}
SearchScopes: HKCU - {AA34F274-939D-40C3-B835-FEBC03E3107E} URL = https://ixquick.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english
SearchScopes: HKCU - {AA39126C-36CC-481F-A89F-E73DAD4AB51F} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
SearchScopes: HKCU - {C2C85E21-39AD-4FEE-BEF6-FCE93DA7F0E9} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
SearchScopes: HKCU - {DA1D0AAD-4DB6-4893-B6D1-8CF1E2733BA1} URL = https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [811064 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2095808 2013-08-01] ()
R2 IceDragonUpdater; C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [1821384 2013-07-14] ()
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-02-26] (Avira Operations GmbH & Co. KG)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2012-07-26] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 ssudobex; C:\Windows\system32\DRIVERS\ssudobex.sys [203104 2012-09-19] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-03-15] (Oracle Corporation)
S3 ALSysIO; \??\C:\Users\*replaced*\AppData\Local\Temp\ALSysIO64.sys [x]
S0 dcmwwg; No ImagePath
S0 iswtwq; No ImagePath
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [x]
U3 aswMBR; \??\C:\Users\*replaced*\AppData\Local\Temp\aswMBR.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-22 22:24 - 2013-08-22 22:24 - 01576476 _____ (Farbar) C:\Users\*replaced*\Downloads\FRST64.exe
2013-08-22 22:23 - 2013-08-22 22:23 - 00000472 _____ C:\Users\*replaced*\Downloads\defogger_disable.log
2013-08-22 22:23 - 2013-08-22 22:23 - 00000000 _____ C:\Users\*replaced*\defogger_reenable
2013-08-22 22:19 - 2013-08-22 22:19 - 00050477 _____ C:\Users\*replaced*\Downloads\Defogger.exe
2013-08-22 22:04 - 2013-08-22 22:04 - 00000000 ____D C:\Program Files (x86)\EMET 4.0
2013-08-22 22:01 - 2013-08-22 22:01 - 00000000 ____D C:\Users\*replaced*\Downloads\Enhanced Mitigation Experience Toolkit (EMET) 4.0
2013-08-22 21:54 - 2013-08-22 21:54 - 00377856 _____ C:\Users\*replaced*\Downloads\ti94055o.exe
2013-08-22 21:44 - 2013-08-22 21:45 - 04745728 _____ (AVAST Software) C:\Users\*replaced*\Downloads\aswMBR(1).exe
2013-08-22 21:06 - 2013-08-22 21:08 - 00410642 _____ C:\Users\*replaced*\Downloads\avgremover.log
2013-08-22 21:06 - 2013-08-22 21:06 - 03529160 _____ (AVG Technologies CZ, s.r.o.) C:\Users\*replaced*\Downloads\avg_remover_stf_x64_2013_3341.exe
2013-08-21 02:06 - 2013-08-21 02:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
2013-08-20 22:37 - 2013-08-20 22:39 - 337301504 _____ C:\Users\*replaced*\Downloads\kav_rescue_10.iso
2013-08-20 22:37 - 2013-08-20 22:37 - 00387584 _____ C:\Users\*replaced*\Downloads\rescue2usb.exe
2013-08-20 19:30 - 2013-08-21 02:06 - 00001618 _____ C:\Windows\setupact.log
2013-08-20 19:30 - 2013-08-20 19:30 - 00000000 _____ C:\Windows\setuperr.log
2013-08-19 03:16 - 2013-08-19 03:16 - 00001314 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 17:22 - 2013-08-18 17:23 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 16:20 - 2013-08-18 16:20 - 115191921 _____ C:\Users\*replaced*\Downloads\CM-10.1-Release-Candidate-v3.0-[OWLPROJECT].zip
2013-08-18 15:26 - 2013-08-18 15:26 - 00001176 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2013-08-18 15:09 - 2013-08-18 15:09 - 02062336 _____ C:\Users\*replaced*\Downloads\GCSMSetup_3_5_24.msi
2013-08-18 15:09 - 2013-08-18 15:09 - 00011348 _____ C:\Users\*replaced*\Downloads\ReadMe.txt
2013-08-17 16:42 - 2013-08-18 15:21 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-14 13:17 - 2013-08-14 13:17 - 00430008 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-14 13:12 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-08-14 13:12 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-08-14 13:12 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-08-14 13:12 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-08-14 13:12 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-08-14 13:12 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-08-14 13:12 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-08-14 13:12 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-08-14 13:12 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-08-14 13:12 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-08-14 13:12 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-08-14 13:12 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-08-14 13:12 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-08-14 13:12 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-08-14 13:12 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-08-14 13:12 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-08-14 13:12 - 2013-07-03 01:51 - 04039680 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-14 13:12 - 2013-07-02 00:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml
2013-08-14 13:12 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-08-14 13:12 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-08-14 13:12 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-08-14 13:12 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-08-14 13:12 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-08-14 13:12 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-08-14 13:12 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-08-14 13:12 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-08-14 13:12 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-14 13:12 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-08-14 13:12 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-08-14 13:12 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-08-14 13:12 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-08-14 13:12 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-08-14 13:12 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-08-14 13:12 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-08-14 13:12 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-08-14 13:12 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-08-14 13:12 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-08-14 13:12 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-08-14 13:12 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-08-14 13:12 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-08-14 13:12 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-08-14 13:12 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-08-14 13:12 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-08-14 12:57 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 12:57 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 12:57 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-14 12:57 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-14 12:57 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 12:57 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 12:57 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 12:57 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 12:57 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 12:57 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 12:57 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 12:57 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 12:57 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 12:57 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-14 12:56 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 12:56 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 12:56 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 12:56 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-08-14 12:56 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-08-14 12:56 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 12:56 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 12:56 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-08-14 12:56 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-08-14 12:56 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 12:56 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-08-14 12:56 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-08-14 12:56 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 12:56 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 12:41 - 2013-08-14 12:41 - 628826822 _____ C:\Windows\MEMORY.DMP
2013-08-14 12:41 - 2013-08-14 12:41 - 00279072 _____ C:\Windows\Minidump\081413-11281-01.dmp
2013-08-13 22:27 - 2013-08-14 09:37 - 00011876 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 22:26 - 2013-08-13 22:26 - 00000000 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 18:51 - 2013-08-13 18:51 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 16:39 - 2013-08-13 16:39 - 38923112 _____ (R-Tools Technology Inc.) C:\Users\*replaced*\Downloads\RStudioEmg6.exe
2013-08-13 16:39 - 2013-08-13 16:39 - 33469352 _____ (R-Tools Technology Inc.) C:\Users\*replaced*\Downloads\RStudio6.exe
2013-08-13 16:21 - 2013-08-18 15:23 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 09:54 - 2013-08-13 09:54 - 00000165 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 07:37 - 2013-08-13 07:37 - 00008746 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 05:48 - 2013-08-13 05:48 - 00000043 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 05:08 - 2013-08-13 10:54 - 00000000 ____D C:\Users\*replaced*\Downloads\iperf-2.0.5-2-win32
2013-08-13 05:08 - 2013-08-13 05:08 - 01268927 _____ C:\Users\*replaced*\Downloads\iperf-2.0.5-2-win32.zip
2013-08-13 05:03 - 2013-08-13 05:03 - 00248583 _____ C:\Users\*replaced*\Downloads\iperf-2.0.5.tar.gz
2013-08-13 04:50 - 2013-08-13 04:50 - 00002483 _____ C:\Users\Public\Desktop\inSSIDer 3.lnk
2013-08-13 04:50 - 2013-08-13 04:50 - 00000000 ____D C:\Program Files (x86)\MetaGeek
2013-08-12 01:44 - 2013-08-12 01:44 - 00001120 _____ C:\Users\Public\Desktop\Comodo Dragon.lnk
2013-08-12 01:43 - 2013-08-12 01:43 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-08-12 01:43 - 2013-08-12 01:43 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-08-11 21:43 - 2013-08-11 21:43 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Avira
2013-08-11 21:38 - 2013-08-11 21:38 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-11 21:36 - 2013-08-11 21:36 - 00000000 ____D C:\ProgramData\Avira
2013-08-11 21:36 - 2013-08-11 21:36 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-11 21:36 - 2013-07-18 08:03 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-11 21:36 - 2013-07-18 08:03 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-11 21:36 - 2013-02-26 16:56 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-11 20:36 - 2013-08-11 20:36 - 00000048 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-11 20:09 - 2013-08-18 15:23 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-11 06:28 - 2013-08-11 06:53 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-11 00:13 - 2013-08-11 00:13 - 06639616 _____ C:\Users\*replaced*\Downloads\inSSIDer-installer.msi
2013-08-11 00:13 - 2013-08-11 00:13 - 00000037 ___SH C:\Users\*replaced*\AppData\Local\70149b02515b3bb20dd492.47983420
2013-08-11 00:13 - 2013-08-11 00:13 - 00000000 ____D C:\Users\*replaced*\AppData\Local\MetaGeek,_LLC
2013-08-10 23:44 - 2013-08-10 23:44 - 00001245 _____ C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Comodo Dragon.lnk
2013-08-10 06:28 - 2013-08-20 15:18 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\vlc
2013-08-10 06:11 - 2013-08-10 06:11 - 00495616 _____ (Simon Tatham) C:\Users\*replaced*\Documents\putty.exe
2013-08-10 06:09 - 2013-08-10 06:09 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-08-10 05:43 - 2013-06-09 21:59 - 00216064 _____ C:\Windows\SysWOW64\gcapi_dll.dll
2013-08-01 21:59 - 2013-08-10 04:15 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-01 01:40 - 2013-08-01 01:40 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-07-26 16:12 - 2013-07-04 15:58 - 00238352 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-07-26 16:12 - 2013-07-04 15:57 - 00120080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-07-23 07:20 - 2013-07-23 07:20 - 00000019 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-07-23 04:58 - 2013-07-23 04:58 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*

==================== One Month Modified Files and Folders =======

2013-08-22 22:24 - 2013-08-22 22:24 - 01576476 _____ (Farbar) C:\Users\*replaced*\Downloads\FRST64.exe
2013-08-22 22:23 - 2013-08-22 22:23 - 00000472 _____ C:\Users\*replaced*\Downloads\defogger_disable.log
2013-08-22 22:23 - 2013-08-22 22:23 - 00000000 _____ C:\Users\*replaced*\defogger_reenable
2013-08-22 22:23 - 2012-10-03 01:33 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4E6FBDAF-E8FB-47FD-8E08-3703492983D2}
2013-08-22 22:23 - 2012-08-26 13:22 - 00000000 ____D C:\Users\*replaced*
2013-08-22 22:19 - 2013-08-22 22:19 - 00050477 _____ C:\Users\*replaced*\Downloads\Defogger.exe
2013-08-22 22:19 - 2013-06-14 00:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-22 22:16 - 2012-07-26 09:28 - 00852298 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-22 22:13 - 2012-08-27 13:42 - 00000000 ____D C:\Users\*replaced*\Documents\Outlook Files
2013-08-22 22:12 - 2013-01-25 00:39 - 00000000 ____D C:\ProgramData\Babylon
2013-08-22 22:12 - 2012-10-16 20:08 - 00000000 ____D C:\Users\*replaced*\AppData\Local\PasswordSafe
2013-08-22 22:12 - 2012-08-30 11:14 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-22 22:12 - 2012-08-26 22:12 - 00000136 _____ C:\Windows\system32\config\netlogon.ftl
2013-08-22 22:12 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-22 22:12 - 2012-04-26 23:33 - 00000000 ___RD C:\Users\*replaced*\Google Drive
2013-08-22 22:10 - 2012-08-26 22:19 - 01450279 _____ C:\Windows\WindowsUpdate.log
2013-08-22 22:04 - 2013-08-22 22:04 - 00000000 ____D C:\Program Files (x86)\EMET 4.0
2013-08-22 22:02 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-22 22:01 - 2013-08-22 22:01 - 00000000 ____D C:\Users\*replaced*\Downloads\Enhanced Mitigation Experience Toolkit (EMET) 4.0
2013-08-22 21:59 - 2012-10-01 21:33 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155787074-1265918781-1706113256-2647UA.job
2013-08-22 21:54 - 2013-08-22 21:54 - 00377856 _____ C:\Users\*replaced*\Downloads\ti94055o.exe
2013-08-22 21:46 - 2012-08-30 11:14 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-22 21:45 - 2013-08-22 21:44 - 04745728 _____ (AVAST Software) C:\Users\*replaced*\Downloads\aswMBR(1).exe
2013-08-22 21:44 - 2012-08-27 20:46 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Skype
2013-08-22 21:08 - 2013-08-22 21:06 - 00410642 _____ C:\Users\*replaced*\Downloads\avgremover.log
2013-08-22 21:08 - 2012-08-26 22:11 - 00097236 _____ C:\Windows\PFRO.log
2013-08-22 21:06 - 2013-08-22 21:06 - 03529160 _____ (AVG Technologies CZ, s.r.o.) C:\Users\*replaced*\Downloads\avg_remover_stf_x64_2013_3341.exe
2013-08-22 20:47 - 2013-07-16 17:16 - 00001246 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-22 13:59 - 2012-10-01 21:33 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155787074-1265918781-1706113256-2647Core.job
2013-08-22 01:30 - 2013-06-19 04:55 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Spotify
2013-08-21 02:06 - 2013-08-21 02:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
2013-08-21 02:06 - 2013-08-20 19:30 - 00001618 _____ C:\Windows\setupact.log
2013-08-20 23:00 - 2013-04-18 19:27 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Foxit Scanner Images
2013-08-20 22:39 - 2013-08-20 22:37 - 337301504 _____ C:\Users\*replaced*\Downloads\kav_rescue_10.iso
2013-08-20 22:37 - 2013-08-20 22:37 - 00387584 _____ C:\Users\*replaced*\Downloads\rescue2usb.exe
2013-08-20 19:30 - 2013-08-20 19:30 - 00000000 _____ C:\Windows\setuperr.log
2013-08-20 15:18 - 2013-08-10 06:28 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\vlc
2013-08-20 03:03 - 2013-06-19 04:55 - 00000000 ____D C:\Users\*replaced*\AppData\Local\Spotify
2013-08-19 14:48 - 2012-08-26 13:49 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3155787074-1265918781-1706113256-2647
2013-08-19 14:32 - 2013-05-27 04:50 - 00000000 ____D C:\Users\*replaced*\AppData\Local\Paint.NET
2013-08-19 03:23 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-19 03:16 - 2013-08-19 03:16 - 00001314 _____ C:\Users\*replaced*\Desktop\1.txt
2013-08-19 02:11 - 2011-10-14 16:12 - 00127179 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 17:23 - 2013-08-18 17:22 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 16:20 - 2013-08-18 16:20 - 115191921 _____ C:\Users\*replaced*\Downloads\CM-10.1-Release-Candidate-v3.0-[OWLPROJECT].zip
2013-08-18 15:57 - 2012-08-26 13:22 - 00000000 ____D C:\Users\*replaced*\AppData\Local\Packages
2013-08-18 15:26 - 2013-08-18 15:26 - 00001176 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2013-08-18 15:26 - 2013-05-27 04:50 - 00000000 ____D C:\Program Files\Paint.NET
2013-08-18 15:23 - 2013-08-13 16:21 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 15:23 - 2013-08-11 20:09 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 15:21 - 2013-08-17 16:42 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 15:09 - 2013-08-18 15:09 - 02062336 _____ C:\Users\*replaced*\Downloads\GCSMSetup_3_5_24.msi
2013-08-18 15:09 - 2013-08-18 15:09 - 00011348 _____ C:\Users\*replaced*\Downloads\ReadMe.txt
2013-08-16 08:03 - 2012-08-27 04:42 - 00002366 ____H C:\Users\*replaced*\Documents\Default.rdp
2013-08-16 06:19 - 2010-04-30 11:44 - 00000000 ____D C:\Users\*replaced*\.VirtualBox
2013-08-14 23:46 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-08-14 23:36 - 2012-10-31 23:09 - 00000600 _____ C:\Users\*replaced*\AppData\Local\PUTTY.RND
2013-08-14 15:11 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-08-14 13:17 - 2013-08-14 13:17 - 00430008 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-14 13:13 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-08-14 13:13 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-08-14 13:04 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-14 13:04 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-14 12:59 - 2013-07-10 16:57 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 12:58 - 2012-11-14 05:06 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 12:41 - 2013-08-14 12:41 - 628826822 _____ C:\Windows\MEMORY.DMP
2013-08-14 12:41 - 2013-08-14 12:41 - 00279072 _____ C:\Windows\Minidump\081413-11281-01.dmp
2013-08-14 09:37 - 2013-08-13 22:27 - 00011876 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 22:26 - 2013-08-13 22:26 - 00000000 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 18:51 - 2013-08-13 18:51 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 18:48 - 2012-11-19 22:19 - 00000000 ____D C:\Program Files (x86)\R-Studio
2013-08-13 16:39 - 2013-08-13 16:39 - 38923112 _____ (R-Tools Technology Inc.) C:\Users\*replaced*\Downloads\RStudioEmg6.exe
2013-08-13 16:39 - 2013-08-13 16:39 - 33469352 _____ (R-Tools Technology Inc.) C:\Users\*replaced*\Downloads\RStudio6.exe
2013-08-13 10:54 - 2013-08-13 05:08 - 00000000 ____D C:\Users\*replaced*\Downloads\iperf-2.0.5-2-win32
2013-08-13 09:54 - 2013-08-13 09:54 - 00000165 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 07:37 - 2013-08-13 07:37 - 00008746 _____ C:\Users\*replaced*\Desktop\WiFi *replaced*
2013-08-13 05:48 - 2013-08-13 05:48 - 00000043 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 05:08 - 2013-08-13 05:08 - 01268927 _____ C:\Users\*replaced*\Downloads\iperf-2.0.5-2-win32.zip
2013-08-13 05:03 - 2013-08-13 05:03 - 00248583 _____ C:\Users\*replaced*\Downloads\iperf-2.0.5.tar.gz
2013-08-13 04:50 - 2013-08-13 04:50 - 00002483 _____ C:\Users\Public\Desktop\inSSIDer 3.lnk
2013-08-13 04:50 - 2013-08-13 04:50 - 00000000 ____D C:\Program Files (x86)\MetaGeek
2013-08-12 01:44 - 2013-08-12 01:44 - 00001120 _____ C:\Users\Public\Desktop\Comodo Dragon.lnk
2013-08-12 01:44 - 2013-06-14 00:34 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-12 01:43 - 2013-08-12 01:43 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-08-12 01:43 - 2013-08-12 01:43 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-08-12 01:43 - 2012-10-09 23:37 - 00000000 ____D C:\Users\*replaced*\AppData\Local\Comodo
2013-08-12 01:43 - 2012-10-09 23:37 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-08-11 21:43 - 2013-08-11 21:43 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Avira
2013-08-11 21:38 - 2013-08-11 21:38 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-11 21:36 - 2013-08-11 21:36 - 00000000 ____D C:\ProgramData\Avira
2013-08-11 21:36 - 2013-08-11 21:36 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-11 21:28 - 2013-01-08 15:39 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-08-11 21:21 - 2012-09-10 19:04 - 00000000 ____D C:\Windows\AutoKMS
2013-08-11 21:12 - 2013-01-08 15:38 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-08-11 21:12 - 2012-09-10 19:04 - 00003484 _____ C:\Windows\System32\Tasks\AutoKMS
2013-08-11 21:08 - 2013-01-25 00:38 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Babylon
2013-08-11 20:57 - 2013-01-08 15:39 - 00000593 _____ C:\Users\Public\Desktop\Shared Space.lnk
2013-08-11 20:36 - 2013-08-11 20:36 - 00000048 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-11 17:40 - 2012-08-29 17:25 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\uTorrent
2013-08-11 06:53 - 2013-08-11 06:28 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-11 01:53 - 2013-06-21 15:58 - 00125240 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-08-11 00:13 - 2013-08-11 00:13 - 06639616 _____ C:\Users\*replaced*\Downloads\inSSIDer-installer.msi
2013-08-11 00:13 - 2013-08-11 00:13 - 00000037 ___SH C:\Users\*replaced*\AppData\Local\70149b02515b3bb20dd492.47983420
2013-08-11 00:13 - 2013-08-11 00:13 - 00000000 ____D C:\Users\*replaced*\AppData\Local\MetaGeek,_LLC
2013-08-10 23:44 - 2013-08-10 23:44 - 00001245 _____ C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Comodo Dragon.lnk
2013-08-10 21:41 - 2012-07-26 07:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-08-10 06:11 - 2013-08-10 06:11 - 00495616 _____ (Simon Tatham) C:\Users\*replaced*\Documents\putty.exe
2013-08-10 06:10 - 2013-04-17 17:16 - 00000000 ____D C:\Program Files\VideoLAN
2013-08-10 06:09 - 2013-08-10 06:09 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-08-10 04:15 - 2013-08-01 21:59 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-10 02:53 - 2013-02-10 09:44 - 00000000 ____D C:\Windows\Minidump
2013-08-09 20:07 - 2012-09-29 04:55 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\dvdcss
2013-08-09 17:53 - 2012-08-27 13:21 - 00000000 ___DC C:\Users\*replaced*\AppData\Local\MigWiz
2013-08-08 16:58 - 2013-03-29 13:30 - 00000064 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-07 10:00 - 2012-11-01 23:38 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Mozilla
2013-08-01 11:55 - 2012-11-15 01:35 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-01 01:40 - 2013-08-01 01:40 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-07-26 07:13 - 2013-08-14 12:57 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-14 12:57 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-14 12:57 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-07-26 07:13 - 2013-08-14 12:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-07-26 07:13 - 2013-08-14 12:57 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-14 12:57 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-14 12:57 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-14 12:57 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-14 12:57 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:13 - 2013-08-14 12:57 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-14 12:57 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-14 12:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-14 12:57 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 02:54 - 2013-08-14 12:57 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-07-25 23:27 - 2012-08-27 14:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-25 23:27 - 2012-07-26 07:26 - 00000167 _____ C:\Windows\win.ini
2013-07-25 23:26 - 2012-08-27 14:20 - 00000039 _____ C:\Windows\vbaddin.ini
2013-07-23 08:22 - 2011-10-02 13:32 - 00000000 ____D C:\Users\*replaced*\Documents\My Safes
2013-07-23 07:20 - 2013-07-23 07:20 - 00000019 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-07-23 04:58 - 2013-07-23 04:58 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-21 03:13

==================== End Of Log ============================

GMER.log (stürzt ab, funktioniert aber im abgesicherten Modus)

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-22 22:56:52
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002f OCZ-AGILITY4 rev.1.5.2 119,24GB
Running: 14yeu6yl.exe; Driver: C:\Users\*replaced*\AppData\Local\Temp\kxdcypow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Windows\Explorer.EXE[364] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                         000007fb52db177a 4 bytes [DB, 52, FB, 07]
.text   C:\Windows\Explorer.EXE[364] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                         000007fb52db1782 4 bytes [DB, 52, FB, 07]
.text   C:\Windows\Explorer.EXE[364] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                                   000007fb4cdf1532 4 bytes [DF, 4C, FB, 07]
.text   C:\Windows\Explorer.EXE[364] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                                   000007fb4cdf153a 4 bytes [DF, 4C, FB, 07]
.text   C:\Windows\Explorer.EXE[364] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                                 000007fb4cdf165a 4 bytes [DF, 4C, FB, 07]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [404:420]                                                                                                                                                           fffff960009505e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                                                                 -2019940729
Reg     HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\*replaced*\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe  1

---- EOF - GMER 2.1 ----

schrauber · 23.08.2013, 05:25

hi,

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

The Idler · 23.08.2013, 09:10

Hallo schrauber,

vielen Dank dass du dich der Sache angenommen hast.

Betreffend Combofix: Wird das auch gut gehen? Ich habe gelesen es wurde vom Entwickler noch nicht für WIndows 8 freigegeben:

Zitat:

Bleep Bleep!
Admin
Posted 10 December 2012 - 01:11 PM

Please be patient while the developer gets CF ready for Windows 8. At this time there is no eta as to when it will be available

hxxp://www.bleepingcomputer.com/forums/t/477671/please-login-experts/

bzw.:

Zitat:

Author:sUBs
License:Free
Operating System:Windows XP/Vista/7
32-bit program. Can run on both a 32-bit and 64-bit OS.
Version:13.8.22.1
File Size:4.87 MBs
Downloads:11,446,768

hxxp://www.bleepingcomputer.com/download/combofix/

schrauber · 23.08.2013, 10:46

Mittlerweile ist es draussen für Win 8

The Idler · 23.08.2013, 18:54

Bitte sehr: ComboFix.txt

Code:

ATTFilter

ComboFix 13-08-22.01 - *replaced* 23.08.2013  16:55:39.1.4 - x64
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.44.1033.18.3956.2488 [GMT 2:00]
Running from: c:\users\*replaced*\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\*replaced*\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2718E19C-984A-40B3-A12C-B59CE664FC32}.xps
c:\users\*replaced*\AppData\Local\Microsoft\Windows\Temporary Internet Files\{29A867D4-196A-4A17-B768-DA4897E030CF}.xps
c:\users\*replaced*\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3013A866-7BDD-49FD-86BB-EC218C37E918}.xps
c:\users\*replaced*\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3EBD3F15-94B8-4922-A3D7-FB2086BF9172}.xps
c:\users\*replaced*\AppData\Local\Microsoft\Windows\Temporary Internet Files\{52A2F9CD-D6C8-46F5-B595-A7E4F4873437}.xps
c:\users\*replaced*\AppData\Local\Microsoft\Windows\Temporary Internet Files\{60B1D2B0-7DBF-4C2F-BD00-FBBDF5E8BB58}.xps
c:\users\*replaced*\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6DF9C73F-DC95-451B-A8EB-5AB718451458}.xps
c:\users\*replaced*\AppData\Local\Microsoft\Windows\Temporary Internet Files\{729006C0-250B-41BB-BCFD-55CD31D13EB6}.xps
c:\users\*replaced*\AppData\Local\Microsoft\Windows\Temporary Internet Files\{949B3D8C-0275-4860-B952-B834B578740E}.xps
c:\users\*replaced*\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A014DDFA-5457-46BF-A915-F4A39C7E66B0}.xps
c:\users\*replaced*\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AAE72C3C-F687-4819-A46A-7246704E2A60}.xps
c:\users\*replaced*\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BF6FE297-A397-4C70-9EA3-CE8AB122433B}.xps
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\_ctypes.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\_elementtree.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\_hashlib.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\_multiprocessing.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\_socket.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\_ssl.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\msvcp100.dll
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\msvcr100.dll
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\pyexpat.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\pysqlite2._sqlite.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\python27.dll
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\pythoncom27.dll
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\PyWinTypes27.dll
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\select.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\unicodedata.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\win32api.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\win32com.shell.shell.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\win32crypt.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\win32event.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\win32file.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\win32inet.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\win32pdh.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\win32process.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\win32profile.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\win32security.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\win32ts.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\windows._cacheinvalidation.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\wx._controls_.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\wx._core_.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\wx._gdi_.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\wx._html2.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\wx._misc_.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\wx._windows_.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\wx._wizard.pyd
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\wxbase294u_net_vc90.dll
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\wxbase294u_vc90.dll
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\wxmsw294u_adv_vc90.dll
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\wxmsw294u_core_vc90.dll
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\wxmsw294u_html_vc90.dll
c:\users\*replaced*\AppData\Local\Temp\_MEI39802\wxmsw294u_webview_vc90.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-23 to 2013-08-23  )))))))))))))))))))))))))))))))
.
.
2013-08-23 15:01 . 2013-08-23 15:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-08-22 20:25 . 2013-08-22 20:25	--------	d-----w-	C:\FRST
2013-08-22 20:04 . 2013-08-22 20:04	--------	d-----w-	c:\program files (x86)\EMET 4.0
2013-08-14 10:57 . 2013-07-26 05:13	915968	----a-w-	c:\windows\system32\uxtheme.dll
2013-08-14 10:56 . 2013-07-01 22:08	60648	----a-w-	c:\program files\Windows Defender\MpUXSrv.exe
2013-08-13 02:50 . 2013-08-13 02:50	--------	d-----w-	c:\program files (x86)\MetaGeek
2013-08-11 23:43 . 2013-08-11 23:43	57096	----a-w-	c:\windows\system32\certsentry.dll
2013-08-11 23:43 . 2013-08-11 23:43	48392	----a-w-	c:\windows\SysWow64\certsentry.dll
2013-08-11 19:43 . 2013-08-11 19:43	--------	d-----w-	c:\users\*replaced*\AppData\Roaming\Avira
2013-08-11 19:38 . 2013-08-11 19:38	83672	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-08-11 19:36 . 2013-07-18 06:03	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-08-11 19:36 . 2013-07-18 06:03	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-08-11 19:36 . 2013-02-26 14:56	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-08-11 19:36 . 2013-08-11 19:36	--------	d-----w-	c:\programdata\Avira
2013-08-11 19:36 . 2013-08-11 19:36	--------	d-----w-	c:\program files (x86)\Avira
2013-08-10 22:13 . 2013-08-10 22:13	--------	d-sh--w-	c:\users\*replaced*\AppData\Local\ms-drivers
2013-08-10 22:13 . 2013-08-10 22:13	--------	d-----w-	c:\users\*replaced*\AppData\Local\MetaGeek,_LLC
2013-08-10 04:28 . 2013-08-20 13:18	--------	d-----w-	c:\users\*replaced*\AppData\Roaming\vlc
2013-08-10 04:09 . 2013-08-10 04:09	--------	d-----w-	c:\program files (x86)\VideoLAN
2013-08-10 03:43 . 2013-06-09 19:59	216064	----a-w-	c:\windows\SysWow64\gcapi_dll.dll
2013-07-26 14:12 . 2013-07-04 13:58	238352	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2013-07-26 14:12 . 2013-07-04 13:57	120080	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-19 11:41 . 2013-03-10 01:00	17536	----a-w-	c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-08-14 10:58 . 2012-11-14 03:06	78161360	----a-w-	c:\windows\system32\MRT.exe
2013-06-27 22:04 . 2012-07-26 08:14	78200	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2012-07-26 08:14	693112	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-16 22:41 . 2013-07-10 14:56	997632	----a-w-	c:\windows\system32\drivers\ndis.sys
2013-06-14 14:19 . 2013-06-14 14:19	549536	----a-w-	c:\windows\apppatch\EMET.dll
2013-06-14 14:19 . 2013-06-14 14:19	149664	----a-w-	c:\windows\apppatch\apppatch64\EMET64.dll
2013-06-01 11:34 . 2013-07-10 14:56	2391280	----a-w-	c:\windows\explorer.exe
2013-06-01 11:29 . 2013-07-10 14:56	213248	----a-w-	c:\windows\system32\drivers\UCX01000.SYS
2013-06-01 11:29 . 2013-07-10 14:56	337152	----a-w-	c:\windows\system32\drivers\USBXHCI.SYS
2013-06-01 11:26 . 2013-07-10 14:56	327936	----a-w-	c:\windows\system32\drivers\volsnap.sys
2013-06-01 11:26 . 2013-07-10 14:56	6987008	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-06-01 10:24 . 2013-07-10 14:56	2106176	----a-w-	c:\windows\SysWow64\explorer.exe
2013-06-01 09:25 . 2013-07-10 14:56	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25 . 2013-07-10 14:56	67584	----a-w-	c:\windows\SysWow64\samlib.dll
2013-06-01 09:25 . 2013-07-10 14:40	496640	----a-w-	c:\windows\SysWow64\qedit.dll
2013-06-01 09:24 . 2013-07-10 14:56	493056	----a-w-	c:\windows\SysWow64\mscms.dll
2013-06-01 09:24 . 2013-07-10 14:56	1453568	----a-w-	c:\windows\SysWow64\mfcore.dll
2013-06-01 09:24 . 2013-07-10 14:56	850944	----a-w-	c:\windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:23 . 2013-07-10 14:56	1842176	----a-w-	c:\windows\SysWow64\dwmcore.dll
2013-06-01 09:23 . 2013-07-10 14:56	680960	----a-w-	c:\windows\system32\vds.exe
2013-06-01 09:22 . 2013-07-10 14:56	80896	----a-w-	c:\windows\system32\MbaeParserTask.exe
2013-06-01 09:22 . 2013-07-10 14:56	523264	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-06-01 09:22 . 2013-07-10 14:56	190976	----a-w-	c:\windows\system32\vdsutil.dll
2013-06-01 09:21 . 2013-07-10 14:56	729600	----a-w-	c:\windows\system32\samsrv.dll
2013-06-01 09:21 . 2013-07-10 14:56	106496	----a-w-	c:\windows\system32\samlib.dll
2013-06-01 09:21 . 2013-07-10 14:40	595968	----a-w-	c:\windows\system32\qedit.dll
2013-06-01 09:20 . 2013-07-10 14:56	583168	----a-w-	c:\windows\system32\mscms.dll
2013-06-01 09:20 . 2013-07-10 14:56	1527808	----a-w-	c:\windows\system32\mfcore.dll
2013-06-01 09:20 . 2013-07-10 14:56	1048576	----a-w-	c:\windows\system32\mfasfsrcsnk.dll
2013-06-01 09:20 . 2013-07-10 14:56	2219520	----a-w-	c:\windows\system32\dwmcore.dll
2013-06-01 09:19 . 2013-07-10 14:56	207872	----a-w-	c:\windows\system32\DeviceSetupManager.dll
2013-06-01 09:19 . 2013-07-10 14:56	785408	----a-w-	c:\windows\system32\audiosrv.dll
2013-06-01 03:08 . 2013-07-10 14:56	37632	----a-w-	c:\windows\system32\drivers\BthAvrcpTg.sys
2013-05-30 23:24 . 2013-06-12 08:00	1257472	----a-w-	c:\windows\system32\kernel32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Spotify Web Helper"="c:\users\*replaced*\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-12 1104384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2013-01-14 3590224]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-18 345144]
"EMET Agent"="c:\program files (x86)\EMET 4.0\EMET_agent.exe" [2013-06-14 78496]
.
c:\users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe /remind /language=DEA /_WFM="." [2009-11-16 517384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
Password Safe.lnk - c:\program files (x86)\Password Safe\pwsafe.exe -s [2012-6-21 3825152]
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2013-6-17 2606448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R0 dcmwwg;dcmwwg; [x]
R0 iswtwq;iswtwq; [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\*replaced*\AppData\Local\Temp\ALSysIO64.sys;c:\users\*replaced*\AppData\Local\Temp\ALSysIO64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\System32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\System32\drivers\dc3d.sys;c:\windows\SYSNATIVE\drivers\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;@oem5.inf,%PID_0825_DD%(UVC);Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 NdisImPlatformMp;Microsoft Network Adapter Multiplexor Driver;c:\windows\system32\DRIVERS\NdisImPlatform.sys;c:\windows\SYSNATIVE\DRIVERS\NdisImPlatform.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe;c:\windows\SYSNATIVE\SUPDSvc2.exe [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\System32\drivers\ssadbus.sys;c:\windows\SYSNATIVE\drivers\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\System32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 VMSMP;VMSMP;c:\windows\system32\DRIVERS\vmswitch.sys;c:\windows\SYSNATIVE\DRIVERS\vmswitch.sys [x]
R3 WSDScan;WSD Scan Support;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files (x86)\Comodo\IceDragon\icedragon_updater.exe;c:\program files (x86)\Comodo\IceDragon\icedragon_updater.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\System32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-13 23:44]
.
2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 09:14]
.
2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 09:14]
.
2013-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155787074-1265918781-1706113256-2647Core.job
- c:\users\*replaced*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-01 11:19]
.
2013-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155787074-1265918781-1706113256-2647UA.job
- c:\users\*replaced*\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-01 11:19]
.
2013-01-25 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-21 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11	778704	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = *replaced*
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: instantssl.com\secure
Trusted Zone: *replaced*.co.at\wwwtb
Trusted Zone: *replaced*.ac.at\*replaced*
Trusted Zone: *replaced*.ac.at\webmail
TCP: DhcpNameServer = 192.168.3.1 192.168.3.5
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b8,34,b7,95,bc,57,ce,01
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Password Safe\pwsafe.exe
c:\program files (x86)\CrystalDiskInfo\DiskInfoS.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2013-08-23  18:16:31 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-23 16:16
.
Pre-Run: 22.518.042.624 bytes free
Post-Run: 27.187.462.144 bytes free
.
- - End Of File - - 7F96031EF0D8E6A4931E6F4B12193992
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 24.08.2013, 09:11

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

The Idler · 24.08.2013, 23:47

Okay, hier sind die neuen Logdateien:

mbam-log-2013-08-24 (19-53-07).txt

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.24.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16660
*replaced* :: *replaced* [administrator]

24.08.2013 19:53:07
mbam-log-2013-08-24 (19-53-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230277
Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\*replaced*\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Delete on reboot.
C:\Users\*replaced*\AppData\Roaming\Babylon\Content (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\*replaced*\AppData\Roaming\Babylon\Content\icons (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\*replaced*\AppData\Roaming\Babylon\updates (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

Files Detected: 11
C:\Users\*replaced*\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Delete on reboot.
C:\Users\*replaced*\AppData\Roaming\Babylon\FLStat.dat (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\*replaced*\AppData\Roaming\Babylon\MyList.dat (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\*replaced*\AppData\Roaming\Babylon\ocr_cache (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\*replaced*\AppData\Roaming\Babylon\ocr_data (PUP.Optional.Babylon.A) -> Delete on reboot.
C:\Users\*replaced*\AppData\Roaming\Babylon\Content\icons\B3UREHM8F6_glossary_icon.ico (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\*replaced*\AppData\Roaming\Babylon\Content\icons\BTMJWKZGYE_glossary_icon.ico (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\*replaced*\AppData\Roaming\Babylon\Content\icons\BTMJWKZGYE_glossary_icon2.ico (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\*replaced*\AppData\Roaming\Babylon\Content\icons\QGDUSRR4JA_glossary_icon.ico (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\*replaced*\AppData\Roaming\Babylon\updates\convert.dat (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\*replaced*\AppData\Roaming\Babylon\updates\rates.dat (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

(end)

AdwCleaner[S0].txt

Code:

ATTFilter

# AdwCleaner v3.001 - Report created 24/08/2013 at 23:24:23
# Updated 24/08/2013 by Xplode
# Operating System : Windows 8 Pro with Media Center  (64 bits)
# Username : *replaced* - *replaced*
# Running from : C:\Users\*replaced*\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Deleted : C:\Program Files (x86)\Babylon
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Users\*replaced*\AppData\Local\Babylon
Folder Deleted : C:\Users\*replaced*\AppData\Roaming\Babylon

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ocr@babylon.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Deleted : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Key Deleted : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BabyDict
Key Deleted : HKLM\SOFTWARE\Classes\BabyGloss
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Deleted : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Deleted : HKLM\SOFTWARE\Classes\BabyOptFile
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Babylon
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


*************************

AdwCleaner[R0].txt - [3937 octets] - [24/08/2013 23:20:59]
AdwCleaner[S0].txt - [3825 octets] - [24/08/2013 23:24:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3885 octets] ##########

JRT.txt

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 8 Pro with Media Center x64
Ran by *replaced* on 25.08.2013 at  0:00:39,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{15E0A161-FCF5-4192-BFB8-90D1669949F9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AA34F274-939D-40C3-B835-FEBC03E3107E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AA39126C-36CC-481F-A89F-E73DAD4AB51F}



~~~ Files

Successfully deleted: [File] "C:\Users\*replaced*\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\babylon.lnk"



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.08.2013 at  0:04:16,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2013 01
Ran by *replaced*(administrator) on 25-08-2013 00:08:25
Running from C:\Users\*replaced*\Downloads
Windows 8 Pro with Media Center (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
() C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\*replaced*\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe
(Cerulean Studios) C:\Program Files (x86)\Trillian\trillian.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 4.0\EMET_Agent.exe
(Crystal Dew World) C:\Program Files (x86)\CrystalDiskInfo\DiskInfoS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\*replaced*\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-13] (Spotify Ltd)
HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EMET Agent] - C:\Program Files (x86)\EMET 4.0\EMET_agent.exe [78496 2013-06-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
Startup: C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *replaced*
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {DA1D0AAD-4DB6-4893-B6D1-8CF1E2733BA1} URL = https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english
SearchScopes: HKCU - {4715856C-73CD-4C64-AEE8-BF4C3283EC12} URL = hxxp://thepiratebay.org/search/{searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {78460D16-90A3-433B-A5DD-AEC2B68AD55B} URL = hxxp://duckduckgo.com/?q={searchTerms}
SearchScopes: HKCU - {C2C85E21-39AD-4FEE-BEF6-FCE93DA7F0E9} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
SearchScopes: HKCU - {DA1D0AAD-4DB6-4893-B6D1-8CF1E2733BA1} URL = https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [811064 2013-07-18] (Avira Operations GmbH & Co. KG)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2095808 2013-08-01] ()
R2 IceDragonUpdater; C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [1821384 2013-07-14] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 Samsung UPD Service2; C:\Windows\System32\SUPDSvc2.exe [158208 2012-04-06] (Samsung Electronics)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130016 2013-07-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-02-26] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [126464 2012-07-26] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 ssudobex; C:\Windows\system32\DRIVERS\ssudobex.sys [203104 2012-09-19] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-03-15] (Oracle Corporation)
S3 ALSysIO; \??\C:\Users\*replaced*\AppData\Local\Temp\ALSysIO64.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S0 dcmwwg; No ImagePath
S0 iswtwq; No ImagePath
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 VMSMP; \SystemRoot\system32\DRIVERS\vmswitch.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-25 00:04 - 2013-08-25 00:04 - 00001189 _____ C:\Users\*replaced*\Desktop\JRT.txt
2013-08-25 00:00 - 2013-08-25 00:00 - 00000000 ____D C:\Windows\ERUNT
2013-08-24 23:59 - 2013-08-24 23:59 - 01021434 _____ (Thisisu) C:\Users\*replaced*\Downloads\JRT.exe
2013-08-24 23:20 - 2013-08-24 23:24 - 00000000 ____D C:\AdwCleaner
2013-08-24 19:51 - 2013-08-24 19:51 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-24 19:51 - 2013-08-24 19:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-24 19:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-23 18:16 - 2013-08-23 18:16 - 00023007 _____ C:\ComboFix.txt
2013-08-23 16:53 - 2013-08-23 18:16 - 00000000 ____D C:\Qoobox
2013-08-23 16:53 - 2013-08-23 18:14 - 00000000 ____D C:\Windows\erdnt
2013-08-23 16:53 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-23 16:53 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-23 16:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-23 16:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-23 16:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-23 16:53 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-08-23 16:53 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-23 16:53 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-23 16:53 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-23 16:43 - 2013-08-23 16:43 - 05111180 ____R (Swearware) C:\Users\*replaced*\Desktop\ComboFix.exe
2013-08-22 22:50 - 2013-08-25 00:04 - 00000000 ____D C:\Users\*replaced*\Downloads\201308 Outlook, IE, Chrome Netzwerkproblem
2013-08-22 22:25 - 2013-08-22 22:25 - 00000000 ____D C:\FRST
2013-08-22 22:23 - 2013-08-22 22:23 - 00000000 _____ C:\Users\*replaced*\defogger_reenable
2013-08-22 22:04 - 2013-08-22 22:04 - 00000000 ____D C:\Program Files (x86)\EMET 4.0
2013-08-22 22:01 - 2013-08-22 22:01 - 00000000 ____D C:\Users\*replaced*\Downloads\Enhanced Mitigation Experience Toolkit (EMET) 4.0
2013-08-22 21:06 - 2013-08-22 21:08 - 00410642 _____ C:\Users\*replaced*\Downloads\avgremover.log
2013-08-22 21:06 - 2013-08-22 21:06 - 03529160 _____ (AVG Technologies CZ, s.r.o.) C:\Users\*replaced*\Downloads\avg_remover_stf_x64_2013_3341.exe
2013-08-21 02:06 - 2013-08-21 02:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
2013-08-20 22:37 - 2013-08-20 22:39 - 337301504 _____ C:\Users\*replaced*\Downloads\kav_rescue_10.iso
2013-08-20 22:37 - 2013-08-20 22:37 - 00387584 _____ C:\Users\*replaced*\Downloads\rescue2usb.exe
2013-08-20 19:30 - 2013-08-21 02:06 - 00001618 _____ C:\Windows\setupact.log
2013-08-20 19:30 - 2013-08-20 19:30 - 00000000 _____ C:\Windows\setuperr.log
2013-08-19 03:16 - 2013-08-19 03:16 - 00001314 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 17:22 - 2013-08-18 17:23 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 16:20 - 2013-08-18 16:20 - 115191921 _____ C:\Users\*replaced*\Downloads\CM-10.1-Release-Candidate-v3.0-[OWLPROJECT].zip
2013-08-18 15:26 - 2013-08-18 15:26 - 00001176 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2013-08-18 15:09 - 2013-08-18 15:09 - 02062336 _____ C:\Users\*replaced*\Downloads\GCSMSetup_3_5_24.msi
2013-08-18 15:09 - 2013-08-18 15:09 - 00011348 _____ C:\Users\*replaced*\Downloads\ReadMe.txt
2013-08-17 16:42 - 2013-08-18 15:21 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-14 13:17 - 2013-08-14 13:17 - 00430008 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-14 13:12 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2013-08-14 13:12 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2013-08-14 13:12 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2013-08-14 13:12 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2013-08-14 13:12 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2013-08-14 13:12 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2013-08-14 13:12 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll
2013-08-14 13:12 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2013-08-14 13:12 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-08-14 13:12 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-08-14 13:12 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-08-14 13:12 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2013-08-14 13:12 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-08-14 13:12 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2013-08-14 13:12 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-08-14 13:12 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2013-08-14 13:12 - 2013-07-03 01:51 - 04039680 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-14 13:12 - 2013-07-02 00:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml
2013-08-14 13:12 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe
2013-08-14 13:12 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe
2013-08-14 13:12 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2013-08-14 13:12 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2013-08-14 13:12 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2013-08-14 13:12 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-08-14 13:12 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2013-08-14 13:12 - 2013-06-26 04:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2013-08-14 13:12 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-14 13:12 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2013-08-14 13:12 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2013-08-14 13:12 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2013-08-14 13:12 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2013-08-14 13:12 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2013-08-14 13:12 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2013-08-14 13:12 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2013-08-14 13:12 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2013-08-14 13:12 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-08-14 13:12 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-08-14 13:12 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-08-14 13:12 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-08-14 13:12 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-08-14 13:12 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-08-14 13:12 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-08-14 13:12 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-08-14 12:57 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 12:57 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 12:57 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-08-14 12:57 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-08-14 12:57 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 12:57 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 12:57 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 12:57 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 12:57 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 12:57 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 12:57 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 12:57 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 12:57 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 12:57 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 12:57 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 12:57 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-08-14 12:56 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 12:56 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 12:56 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 12:56 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2013-08-14 12:56 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2013-08-14 12:56 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 12:56 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 12:56 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2013-08-14 12:56 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2013-08-14 12:56 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 12:56 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2013-08-14 12:56 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2013-08-14 12:56 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 12:56 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 12:41 - 2013-08-14 12:41 - 628826822 _____ C:\Windows\MEMORY.DMP
2013-08-14 12:41 - 2013-08-14 12:41 - 00279072 _____ C:\Windows\Minidump\081413-11281-01.dmp
2013-08-13 22:27 - 2013-08-14 09:37 - 00011876 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 22:26 - 2013-08-13 22:26 - 00000000 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 18:51 - 2013-08-13 18:51 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 16:39 - 2013-08-13 16:39 - 38923112 _____ (R-Tools Technology Inc.) C:\Users\*replaced*\Downloads\RStudioEmg6.exe
2013-08-13 16:39 - 2013-08-13 16:39 - 33469352 _____ (R-Tools Technology Inc.) C:\Users\*replaced*\Downloads\RStudio6.exe
2013-08-13 16:21 - 2013-08-18 15:23 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 09:54 - 2013-08-13 09:54 - 00000165 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 07:37 - 2013-08-13 07:37 - 00008746 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 05:48 - 2013-08-13 05:48 - 00000043 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 05:08 - 2013-08-13 10:54 - 00000000 ____D C:\Users\*replaced*\Downloads\iperf-2.0.5-2-win32
2013-08-13 05:08 - 2013-08-13 05:08 - 01268927 _____ C:\Users\*replaced*\Downloads\iperf-2.0.5-2-win32.zip
2013-08-13 05:03 - 2013-08-13 05:03 - 00248583 _____ C:\Users\*replaced*\Downloads\iperf-2.0.5.tar.gz
2013-08-13 04:50 - 2013-08-13 04:50 - 00002483 _____ C:\Users\Public\Desktop\inSSIDer 3.lnk
2013-08-13 04:50 - 2013-08-13 04:50 - 00000000 ____D C:\Program Files (x86)\MetaGeek
2013-08-12 01:44 - 2013-08-12 01:44 - 00001120 _____ C:\Users\Public\Desktop\Comodo Dragon.lnk
2013-08-12 01:43 - 2013-08-12 01:43 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-08-12 01:43 - 2013-08-12 01:43 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-08-11 21:43 - 2013-08-11 21:43 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Avira
2013-08-11 21:38 - 2013-08-11 21:38 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-11 21:36 - 2013-08-11 21:36 - 00000000 ____D C:\ProgramData\Avira
2013-08-11 21:36 - 2013-08-11 21:36 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-11 21:36 - 2013-07-18 08:03 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-11 21:36 - 2013-07-18 08:03 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-11 21:36 - 2013-02-26 16:56 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-11 20:36 - 2013-08-11 20:36 - 00000048 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-11 20:09 - 2013-08-18 15:23 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-11 06:28 - 2013-08-11 06:53 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-11 00:13 - 2013-08-11 00:13 - 06639616 _____ C:\Users\*replaced*\Downloads\inSSIDer-installer.msi
2013-08-11 00:13 - 2013-08-11 00:13 - 00000037 ___SH C:\Users\*replaced*\AppData\Local\70149b02515b3bb20dd492.47983420
2013-08-11 00:13 - 2013-08-11 00:13 - 00000000 ____D C:\Users\*replaced*\AppData\Local\MetaGeek,_LLC
2013-08-10 23:44 - 2013-08-10 23:44 - 00001245 _____ C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Comodo Dragon.lnk
2013-08-10 06:28 - 2013-08-24 19:47 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\vlc
2013-08-10 06:11 - 2013-08-10 06:11 - 00495616 _____ (Simon Tatham) C:\Users\*replaced*\Documents\putty.exe
2013-08-10 06:09 - 2013-08-10 06:09 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-08-10 05:43 - 2013-06-09 21:59 - 00216064 _____ C:\Windows\SysWOW64\gcapi_dll.dll
2013-08-01 21:59 - 2013-08-10 04:15 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-01 01:40 - 2013-08-01 01:40 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-07-26 16:12 - 2013-07-04 15:58 - 00238352 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-07-26 16:12 - 2013-07-04 15:57 - 00120080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys

==================== One Month Modified Files and Folders =======

2013-08-25 00:07 - 2012-08-26 13:49 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3155787074-1265918781-1706113256-2647
2013-08-25 00:06 - 2012-10-03 01:33 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4E6FBDAF-E8FB-47FD-8E08-3703492983D2}
2013-08-25 00:05 - 2012-08-27 13:42 - 00000000 ____D C:\Users\*replaced*\Documents\Outlook Files
2013-08-25 00:04 - 2013-08-25 00:04 - 00001189 _____ C:\Users\*replaced*\Desktop\JRT.txt
2013-08-25 00:04 - 2013-08-22 22:50 - 00000000 ____D C:\Users\*replaced*\Downloads\201308 Outlook, IE, Chrome Netzwerkproblem
2013-08-25 00:00 - 2013-08-25 00:00 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 00:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru
2013-08-24 23:59 - 2013-08-24 23:59 - 01021434 _____ (Thisisu) C:\Users\*replaced*\Downloads\JRT.exe
2013-08-24 23:59 - 2012-10-01 21:33 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155787074-1265918781-1706113256-2647UA.job
2013-08-24 23:47 - 2012-08-30 11:14 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-24 23:32 - 2012-07-26 09:28 - 00852298 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-24 23:28 - 2012-08-27 20:46 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Skype
2013-08-24 23:28 - 2012-04-26 23:33 - 00000000 ___RD C:\Users\*replaced*\Google Drive
2013-08-24 23:27 - 2012-10-16 20:08 - 00000000 ____D C:\Users\*replaced*\AppData\Local\PasswordSafe
2013-08-24 23:27 - 2012-08-30 11:14 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-24 23:26 - 2012-08-26 22:12 - 00000136 _____ C:\Windows\system32\config\netlogon.ftl
2013-08-24 23:26 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-24 23:24 - 2013-08-24 23:20 - 00000000 ____D C:\AdwCleaner
2013-08-24 20:37 - 2013-03-03 00:01 - 00000000 ____D C:\Windows\pss
2013-08-24 20:37 - 2012-08-26 22:19 - 01647257 _____ C:\Windows\WindowsUpdate.log
2013-08-24 20:20 - 2013-06-14 00:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-24 20:05 - 2012-08-26 22:11 - 00100788 _____ C:\Windows\PFRO.log
2013-08-24 19:51 - 2013-08-24 19:51 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-24 19:51 - 2013-08-24 19:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-24 19:47 - 2013-08-10 06:28 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\vlc
2013-08-24 13:59 - 2012-10-01 21:33 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3155787074-1265918781-1706113256-2647Core.job
2013-08-24 04:44 - 2013-07-16 17:16 - 00001414 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-23 18:16 - 2013-08-23 18:16 - 00023007 _____ C:\ComboFix.txt
2013-08-23 18:16 - 2013-08-23 16:53 - 00000000 ____D C:\Qoobox
2013-08-23 18:14 - 2013-08-23 16:53 - 00000000 ____D C:\Windows\erdnt
2013-08-23 18:13 - 2012-07-26 07:26 - 00000215 _____ C:\Windows\system.ini
2013-08-23 16:43 - 2013-08-23 16:43 - 05111180 ____R (Swearware) C:\Users\*replaced*\Desktop\ComboFix.exe
2013-08-22 23:51 - 2013-03-29 13:30 - 00000034 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-22 23:40 - 2011-10-02 13:32 - 00000000 ____D C:\Users\*replaced*\Documents\My Safes
2013-08-22 22:25 - 2013-08-22 22:25 - 00000000 ____D C:\FRST
2013-08-22 22:23 - 2013-08-22 22:23 - 00000000 _____ C:\Users\*replaced*\defogger_reenable
2013-08-22 22:23 - 2012-08-26 13:22 - 00000000 ____D C:\Users\*replaced*
2013-08-22 22:04 - 2013-08-22 22:04 - 00000000 ____D C:\Program Files (x86)\EMET 4.0
2013-08-22 22:01 - 2013-08-22 22:01 - 00000000 ____D C:\Users\*replaced*\Downloads\Enhanced Mitigation Experience Toolkit (EMET) 4.0
2013-08-22 21:08 - 2013-08-22 21:06 - 00410642 _____ C:\Users\*replaced*\Downloads\avgremover.log
2013-08-22 21:06 - 2013-08-22 21:06 - 03529160 _____ (AVG Technologies CZ, s.r.o.) C:\Users\*replaced*\Downloads\avg_remover_stf_x64_2013_3341.exe
2013-08-22 01:30 - 2013-06-19 04:55 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Spotify
2013-08-21 02:06 - 2013-08-21 02:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf
2013-08-21 02:06 - 2013-08-20 19:30 - 00001618 _____ C:\Windows\setupact.log
2013-08-20 23:00 - 2013-04-18 19:27 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Foxit Scanner Images
2013-08-20 22:39 - 2013-08-20 22:37 - 337301504 _____ C:\Users\*replaced*\Downloads\kav_rescue_10.iso
2013-08-20 22:37 - 2013-08-20 22:37 - 00387584 _____ C:\Users\*replaced*\Downloads\rescue2usb.exe
2013-08-20 19:30 - 2013-08-20 19:30 - 00000000 _____ C:\Windows\setuperr.log
2013-08-20 03:03 - 2013-06-19 04:55 - 00000000 ____D C:\Users\*replaced*\AppData\Local\Spotify
2013-08-19 14:32 - 2013-05-27 04:50 - 00000000 ____D C:\Users\*replaced*\AppData\Local\Paint.NET
2013-08-19 03:23 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-19 03:16 - 2013-08-19 03:16 - 00001314 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-19 02:11 - 2011-10-14 16:12 - 00127179 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 17:23 - 2013-08-18 17:22 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 16:20 - 2013-08-18 16:20 - 115191921 _____ C:\Users\*replaced*\Downloads\CM-10.1-Release-Candidate-v3.0-[OWLPROJECT].zip
2013-08-18 15:57 - 2012-08-26 13:22 - 00000000 ____D C:\Users\*replaced*\AppData\Local\Packages
2013-08-18 15:26 - 2013-08-18 15:26 - 00001176 _____ C:\Users\Public\Desktop\Paint.NET.lnk
2013-08-18 15:26 - 2013-05-27 04:50 - 00000000 ____D C:\Program Files\Paint.NET
2013-08-18 15:23 - 2013-08-13 16:21 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 15:23 - 2013-08-11 20:09 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 15:21 - 2013-08-17 16:42 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-18 15:09 - 2013-08-18 15:09 - 02062336 _____ C:\Users\*replaced*\Downloads\GCSMSetup_3_5_24.msi
2013-08-18 15:09 - 2013-08-18 15:09 - 00011348 _____ C:\Users\*replaced*\Downloads\ReadMe.txt
2013-08-16 08:03 - 2012-08-27 04:42 - 00002366 ____H C:\Users\*replaced*\Documents\Default.rdp
2013-08-16 06:19 - 2010-04-30 11:44 - 00000000 ____D C:\Users\*replaced*\.VirtualBox
2013-08-14 23:46 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF
2013-08-14 23:36 - 2012-10-31 23:09 - 00000600 _____ C:\Users\*replaced*\AppData\Local\PUTTY.RND
2013-08-14 15:11 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-08-14 13:17 - 2013-08-14 13:17 - 00430008 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-14 13:13 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-08-14 13:13 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
2013-08-14 13:04 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-14 13:04 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-14 12:59 - 2013-07-10 16:57 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 12:58 - 2012-11-14 05:06 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 12:41 - 2013-08-14 12:41 - 628826822 _____ C:\Windows\MEMORY.DMP
2013-08-14 12:41 - 2013-08-14 12:41 - 00279072 _____ C:\Windows\Minidump\081413-11281-01.dmp
2013-08-14 09:37 - 2013-08-13 22:27 - 00011876 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 22:26 - 2013-08-13 22:26 - 00000000 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 18:51 - 2013-08-13 18:51 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 18:48 - 2012-11-19 22:19 - 00000000 ____D C:\Program Files (x86)\R-Studio
2013-08-13 16:39 - 2013-08-13 16:39 - 38923112 _____ (R-Tools Technology Inc.) C:\Users\*replaced*\Downloads\RStudioEmg6.exe
2013-08-13 16:39 - 2013-08-13 16:39 - 33469352 _____ (R-Tools Technology Inc.) C:\Users\*replaced*\Downloads\RStudio6.exe
2013-08-13 10:54 - 2013-08-13 05:08 - 00000000 ____D C:\Users\*replaced*\Downloads\iperf-2.0.5-2-win32
2013-08-13 09:54 - 2013-08-13 09:54 - 00000165 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 07:37 - 2013-08-13 07:37 - 00008746 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 05:48 - 2013-08-13 05:48 - 00000043 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-13 05:08 - 2013-08-13 05:08 - 01268927 _____ C:\Users\*replaced*\Downloads\iperf-2.0.5-2-win32.zip
2013-08-13 05:03 - 2013-08-13 05:03 - 00248583 _____ C:\Users\*replaced*\Downloads\iperf-2.0.5.tar.gz
2013-08-13 04:50 - 2013-08-13 04:50 - 00002483 _____ C:\Users\Public\Desktop\inSSIDer 3.lnk
2013-08-13 04:50 - 2013-08-13 04:50 - 00000000 ____D C:\Program Files (x86)\MetaGeek
2013-08-12 01:44 - 2013-08-12 01:44 - 00001120 _____ C:\Users\Public\Desktop\Comodo Dragon.lnk
2013-08-12 01:44 - 2013-06-14 00:34 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-12 01:43 - 2013-08-12 01:43 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
2013-08-12 01:43 - 2013-08-12 01:43 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
2013-08-12 01:43 - 2012-10-09 23:37 - 00000000 ____D C:\Users\*replaced*\AppData\Local\Comodo
2013-08-12 01:43 - 2012-10-09 23:37 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-08-11 21:43 - 2013-08-11 21:43 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Avira
2013-08-11 21:38 - 2013-08-11 21:38 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-11 21:36 - 2013-08-11 21:36 - 00000000 ____D C:\ProgramData\Avira
2013-08-11 21:36 - 2013-08-11 21:36 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-11 21:28 - 2013-01-08 15:39 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2013-08-11 21:21 - 2012-09-10 19:04 - 00000000 ____D C:\Windows\AutoKMS
2013-08-11 21:12 - 2013-01-08 15:38 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2013-08-11 21:12 - 2012-09-10 19:04 - 00003484 _____ C:\Windows\System32\Tasks\AutoKMS
2013-08-11 20:57 - 2013-01-08 15:39 - 00000593 _____ C:\Users\Public\Desktop\Shared Space.lnk
2013-08-11 20:36 - 2013-08-11 20:36 - 00000048 _____ C:\Users\*replaced*\Desktop\*replaced*
2013-08-11 17:40 - 2012-08-29 17:25 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\uTorrent
2013-08-11 06:53 - 2013-08-11 06:28 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-11 01:53 - 2013-06-21 15:58 - 00125240 _____ C:\Windows\system32\Drivers\fvstore.dat
2013-08-11 00:13 - 2013-08-11 00:13 - 06639616 _____ C:\Users\*replaced*\Downloads\inSSIDer-installer.msi
2013-08-11 00:13 - 2013-08-11 00:13 - 00000037 ___SH C:\Users\*replaced*\AppData\Local\70149b02515b3bb20dd492.47983420
2013-08-11 00:13 - 2013-08-11 00:13 - 00000000 ____D C:\Users\*replaced*\AppData\Local\MetaGeek,_LLC
2013-08-10 23:44 - 2013-08-10 23:44 - 00001245 _____ C:\Users\*replaced*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Comodo Dragon.lnk
2013-08-10 21:41 - 2012-07-26 07:26 - 00524288 ___SH C:\Windows\system32\config\BBI
2013-08-10 06:11 - 2013-08-10 06:11 - 00495616 _____ (Simon Tatham) C:\Users\*replaced*\Documents\putty.exe
2013-08-10 06:10 - 2013-04-17 17:16 - 00000000 ____D C:\Program Files\VideoLAN
2013-08-10 06:09 - 2013-08-10 06:09 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-08-10 04:15 - 2013-08-01 21:59 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-10 02:53 - 2013-02-10 09:44 - 00000000 ____D C:\Windows\Minidump
2013-08-09 20:07 - 2012-09-29 04:55 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\dvdcss
2013-08-09 17:53 - 2012-08-27 13:21 - 00000000 ___DC C:\Users\*replaced*\AppData\Local\MigWiz
2013-08-07 10:00 - 2012-11-01 23:38 - 00000000 ____D C:\Users\*replaced*\AppData\Roaming\Mozilla
2013-08-01 11:55 - 2012-11-15 01:35 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-08-01 01:40 - 2013-08-01 01:40 - 00000000 ____D C:\Users\*replaced*\Desktop\*replaced*
2013-07-26 07:13 - 2013-08-14 12:57 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-14 12:57 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-14 12:57 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-07-26 07:13 - 2013-08-14 12:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-07-26 07:13 - 2013-08-14 12:57 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-14 12:57 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-14 12:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-14 12:57 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-14 12:57 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-14 12:57 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:13 - 2013-08-14 12:57 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-14 12:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-14 12:57 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-14 12:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-14 12:57 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 02:54 - 2013-08-14 12:57 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

Files to move or delete:
====================
C:\Users\*replaced*\AppData\Local\Temp\Quarantine.exe
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\kernel32.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\main.exe.manifest
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\mfc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\mfc90u.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\mfcm90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\mfcm90u.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\msvcp100.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\msvcr100.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\psapi.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\python27.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\pythoncom27.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\PyWinTypes27.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\shell32.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\wxbase294u_net_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\wxbase294u_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\wxmsw294u_adv_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\wxmsw294u_core_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\wxmsw294u_html_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI35522\wxmsw294u_webview_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\kernel32.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\main.exe.manifest
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\mfc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\mfc90u.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\mfcm90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\mfcm90u.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\msvcp100.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\msvcr100.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\psapi.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\python27.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\pythoncom27.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\PyWinTypes27.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\shell32.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\wxbase294u_net_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\wxbase294u_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\wxmsw294u_adv_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\wxmsw294u_core_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\wxmsw294u_html_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI21322\wxmsw294u_webview_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI20322\msvcp100.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI20322\msvcr100.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI20322\python27.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI20322\pythoncom27.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI20322\PyWinTypes27.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI20322\wxbase294u_net_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI20322\wxbase294u_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI20322\wxmsw294u_adv_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI20322\wxmsw294u_core_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI20322\wxmsw294u_html_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\_MEI20322\wxmsw294u_webview_vc90.dll
C:\Users\*replaced*\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\*replaced*\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-21 03:13

==================== End Of Log ============================

--- --- ---

schrauber · 25.08.2013, 10:28

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

The Idler · 17.03.2014, 15:16

Danke nochmal für die Hilfe. Mein Laptop wurde physikalisch defekt. Da ist jetzt gar nichts mehr zu machen.

schrauber · 18.03.2014, 10:56

nit so doll.

23.08.2013, 10:46	#4
schrauber /// the machine /// TB-Ausbilder	Abstürze und Probleme mit Netzerkkonnektivität bei Outlook, Internet Explorer und Chrome Mittlerweile ist es draussen für Win 8 __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

18.03.2014, 10:56	#10
schrauber /// the machine /// TB-Ausbilder	Abstürze und Probleme mit Netzerkkonnektivität bei Outlook, Internet Explorer und Chrome nit so doll. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Abstürze und Probleme mit Netzerkkonnektivität bei Outlook, Internet Explorer und Chrome

Log-Analyse und Auswertung: Abstürze und Probleme mit Netzerkkonnektivität bei Outlook, Internet Explorer und Chrome