| |
| |||||||
Log-Analyse und Auswertung: Weißer Bildschirm Windows 7 64bitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
27.08.2013, 20:24
| #1 |
| |  Weißer Bildschirm Windows 7 64bit Hallo, ich habe wie viele andere hier auch, das Problem mit dem weißen Hintergrund (Notebook Fujitsu AH530). Habe auch schon mit FRST ein Logfile erstellt. ----------------------------------------------- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-08-2013 03 Ran by SYSTEM on 27-08-2013 21:07:34 Running from G:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet002 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated) HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED) HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED) HKLM\...\Run: [PfNet] - C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-23] (FUJITSU LIMITED) HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED) HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc) HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc) HKLM\...\Run: [BthSyncServ] - "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe" [x] HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor) HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED) HKLM-x32\...\Run: [LoadFUJ02E3] - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-15] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2012-01-19] (SweetIM Technologies Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.) HKU\Ferdinand\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x] HKU\Ferdinand\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-29] (Google Inc.) HKU\Ferdinand\...\Winlogon: [Shell] explorer.exe,C:\Users\Ferdinand\AppData\Roaming\skype.dat [114688 2011-11-17] () <==== ATTENTION Startup: C:\Users\Ferdinand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) S2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-23] (FUJITSU LIMITED) S2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED) S2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc) ==================== Drivers (Whitelisted) ==================== S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH) S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH) S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH) S3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED) S3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x] S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-27 21:07 - 2013-08-27 21:07 - 00000000 ____D C:\FRST ==================== One Month Modified Files and Folders ======= 2013-08-27 19:44 - 2013-03-12 20:12 - 00000004 _____ C:\Users\Ferdinand\AppData\Roaming\skype.ini 2013-08-27 19:43 - 2012-02-29 17:08 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-27 19:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-27 19:42 - 2009-07-14 05:51 - 00047802 _____ C:\Windows\setupact.log 2013-08-27 19:36 - 2012-01-11 11:58 - 02086258 _____ C:\Windows\WindowsUpdate.log 2013-08-27 19:36 - 2009-07-14 05:45 - 00022336 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-27 19:36 - 2009-07-14 05:45 - 00022336 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-27 19:32 - 2011-04-12 08:43 - 00654166 _____ C:\Windows\System32\perfh007.dat 2013-08-27 19:32 - 2011-04-12 08:43 - 00130006 _____ C:\Windows\System32\perfc007.dat 2013-08-27 19:32 - 2009-07-14 06:13 - 01498506 _____ C:\Windows\System32\PerfStringBackup.INI 2013-08-09 12:18 - 2012-02-29 17:08 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job Files to move or delete: ==================== C:\ProgramData\ism_0_llatsni.pad C:\Users\Ferdinand\AppData\Roaming\skype.dat C:\Users\Ferdinand\AppData\Roaming\skype.ini C:\Users\Ferdinand\AppData\Local\Temp\3b2qkkiql06luuf288zosv.exe C:\Users\Ferdinand\AppData\Local\Temp\AutoRun.exe C:\Users\Ferdinand\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Ferdinand\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe C:\Users\Ferdinand\AppData\Local\Temp\install_reader10_de_aih[1].exe C:\Users\Ferdinand\AppData\Local\Temp\iupdate.exe C:\Users\Ferdinand\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe C:\Users\Ferdinand\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Ferdinand\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Ferdinand\AppData\Local\Temp\SQLite.dll C:\Users\Ferdinand\AppData\Local\Temp\{34117417-AD49-4377-8D80-89F29BA1CEEF}-GoogleUpdateSetup.exe C:\Users\Ferdinand\AppData\Local\Temp\{F3881A57-1E01-478F-B043-402057AB073A}\_Setup.dll C:\Users\Ferdinand\AppData\Local\Temp\{C948E563-3995-4540-8A78-F8DE7C646250}\_Setup.dll C:\Users\Ferdinand\AppData\Local\Temp\nsm5077.tmp\Time.dll C:\Users\Ferdinand\AppData\Local\Temp\nsb4DC8.tmp\Time.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_2\cfwrun32.exe C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_2\dxsw_wnd.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_2\Dxtmeta2.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_2\flashwnd.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_2\iexp_wnd.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_2\libmySQL.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_2\mply_wnd.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_2\mysqlhelper.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_2\odbc_merge.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_2\pcdlib32.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_2\qt_wnd.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_2\riched32.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_2\transitn.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_1\cfwrun32.exe C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_1\dxsw_wnd.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_1\Dxtmeta2.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_1\flashwnd.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_1\iexp_wnd.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_1\libmySQL.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_1\mply_wnd.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_1\mysqlhelper.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_1\odbc_merge.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_1\pcdlib32.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_1\qt_wnd.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_1\riched32.dll C:\Users\Ferdinand\AppData\Local\Temp\cfwrun_1\transitn.dll C:\Users\Ferdinand\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ffx.exe C:\Users\Ferdinand\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe C:\Users\Ferdinand\AppData\Local\Temp\75BC.dir\InstallFlashPlayer.exe C:\Users\Ferdinand\AppData\Local\Temp\57D029DE-BAB0-7891-9145-D427046CA070\BExternal.dll C:\Users\Ferdinand\AppData\Local\Temp\57D029DE-BAB0-7891-9145-D427046CA070\IECookieLow.dll C:\Users\Ferdinand\AppData\Local\Temp\57D029DE-BAB0-7891-9145-D427046CA070\MyBabylonTB.exe C:\Users\Ferdinand\AppData\Local\Temp\57D029DE-BAB0-7891-9145-D427046CA070\Setup.exe C:\Users\Ferdinand\AppData\Local\Temp\57D029DE-BAB0-7891-9145-D427046CA070\sqlite3.dll C:\Users\Ferdinand\AppData\Local\Temp\._msigeplugin61\GoogleEarth.exe C:\Users\Ferdinand\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\earthps.dll C:\Users\Ferdinand\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\geplugin.exe C:\Users\Ferdinand\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\ge_expat.dll C:\Users\Ferdinand\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\googleearth_free.dll C:\Users\Ferdinand\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcp100.dll C:\Users\Ferdinand\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcr100.dll C:\Users\Ferdinand\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\npgeplugin.dll C:\Users\Ferdinand\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\plugin_ax.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-03-11 17:30:04 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3892.55 MB Available physical RAM: 3314.1 MB Total Pagefile: 3890.75 MB Available Pagefile: 3305.84 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:96.07 GB) (Free:65.7 GB) NTFS Drive e: (Ferdi) (Fixed) (Total:136.72 GB) (Free:77.8 GB) NTFS Drive g: (JULIASSTICK) (Removable) (Total:1.9 GB) (Free:1.9 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 558F8212) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=96 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=137 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: 0217934C) Partition 1: (Active) - (Size=2 GB) - (Type=06) LastRegBack: 2012-12-29 15:15 ==================== End Of Log ============================ Es wäre super, wenn ihr mir bei der Behebung des Problems behilflich sein könntet. Vielen Dank  |
|
27.08.2013, 20:30
| #2 |
| /// the machine /// TB-Ausbilder    | Weißer Bildschirm Windows 7 64bit hi,
__________________Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Ferdinand\...\Winlogon: [Shell] explorer.exe,C:\Users\Ferdinand\AppData\Roaming\skype.dat [114688 2011-11-17] () <==== ATTENTION
C:\Users\Ferdinand\AppData\Roaming\skype.dat
C:\Users\Ferdinand\AppData\Roaming\skype.ini
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Rechner normal starten
__________________ |
|
27.08.2013, 20:31
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weißer Bildschirm Windows 7 64bit edit: Schraubi war schneller
__________________ 
__________________ |
|
27.08.2013, 21:12
| #4 |
| | Weißer Bildschirm Windows 7 64bit Wow, das ist ja unglaublich. So eine schnelle Reaktion gibts ganz selten. Herzlichen Dank Und es funktioniert auch noch  Hier noch der neue Log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-08-2013 03 Ran by SYSTEM at 2013-08-27 22:04:10 Run:1 Running from G:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKU\Ferdinand\...\Winlogon: [Shell] explorer.exe,C:\Users\Ferdinand\AppData\Roaming\skype.dat [114688 2011-11-17] () <==== ATTENTION C:\Users\Ferdinand\AppData\Roaming\skype.dat C:\Users\Ferdinand\AppData\Roaming\skype.ini ***************** HKU\Ferdinand\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. ==== End of Fixlog ==== Kannst du mir sagen, ob der Virus nun komplett weg ist und was das überhaupt war? Danke schön. Grüße Juleila |
|
28.08.2013, 08:22
| #5 |
| /// the machine /// TB-Ausbilder | Weißer Bildschirm Windows 7 64bit Kontrollscans im normalen Modus Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.08.2013, 16:38
| #6 |
| | Weißer Bildschirm Windows 7 64bit Hallo, hier der Loh von Malwarebytes: ---------- Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.08.28.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Ferdinand :: FERDINAND-PC [Administrator] 28.08.2013 16:52:42 mbam-log-2013-08-28 (16-52-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 212956 Laufzeit: 2 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (PUP.Optional.SweetIM) -> 3444 -> Löschen bei Neustart. Infizierte Speichermodule: 8 C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart. C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart. C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart. C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart. C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart. C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart. C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart. C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 21 HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SWEETIE.IEToolbar.1 (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SWEETIE.IEToolbar (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Toolbar3.SWEETIE.1 (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Toolbar3.SWEETIE (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SweetIM (PUP.Optional.SweetIM) -> Daten: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {D7D5BA8A-7835-11E1-BA48-E0CA94950C47} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {D7D5BA8A-7835-11E1-BA48-E0CA94950C47} -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Ferdinand\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 16 C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart. C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (PUP.Optional.SweetIM) -> Löschen bei Neustart. C:\Program Files (x86)\SweetIM\Messenger\mgUpdateSupport.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart. C:\Program Files (x86)\SweetIM\Messenger\mgsimcommon.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart. C:\Program Files (x86)\SweetIM\Messenger\mgcommon.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart. C:\Program Files (x86)\SweetIM\Messenger\mgcommunication.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart. C:\Program Files (x86)\SweetIM\Messenger\mghooking.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart. C:\Program Files (x86)\SweetIM\Messenger\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart. C:\Program Files (x86)\SweetIM\Messenger\mgconfig.dll (PUP.Optional.SweetIM) -> Löschen bei Neustart. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (PUP.Optional.SweetPacks) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ferdinand\Downloads\DivxUpdate_uk (1).exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ferdinand\Downloads\DivxUpdate_uk (2).exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ferdinand\Downloads\DivxUpdate_uk.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\131302f.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\1313035.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Ferdinand\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ------------------ HIer der Log von AdwCleaner: -----AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.001 - Report created 28/08/2013 at 17:13:48
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ferdinand - FERDINAND-PC
# Running from : C:\Users\Ferdinand\Desktop\adwcleaner3001.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : APNMCP
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\Program Files (x86)\~BabylonToolbar
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Users\Ferdinand\AppData\Local\Babylon
Folder Deleted : C:\Users\FERDIN~1\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Ferdinand\AppData\LocalLow\BabylonToolbar
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Mozilla Firefox v
*************************
AdwCleaner[R0].txt - [8798 octets] - [28/08/2013 17:13:00]
AdwCleaner[S0].txt - [8624 octets] - [28/08/2013 17:13:48]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8684 octets] ##########
Log von Junkware: --- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.4 (08.22.2013:1) OS: Windows 7 Home Premium x64 Ran by Ferdinand on 28.08.2013 at 17:19:41,25 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 28.08.2013 at 17:27:00,40 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by Ferdinand (administrator) on 28-08-2013 17:30:20
Running from C:\Users\Ferdinand\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Thisisu) C:\Users\Ferdinand\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [PfNet] - C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-23] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM\...\Run: [BthSyncServ] - "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe" [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKCU\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-29] (Google Inc.)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [LoadFUJ02E3] - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-27] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Ferdinand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKCU - {C4ED74EC-4B4D-4BAB-A815-B69BF1E22A08} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE473
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-27] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-23] (FUJITSU LIMITED)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-27] (Avira Operations GmbH & Co. KG)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-28 17:27 - 2013-08-28 17:27 - 00000629 _____ C:\Users\Ferdinand\Desktop\JRT.txt
2013-08-28 17:19 - 2013-08-28 17:19 - 01021434 _____ (Thisisu) C:\Users\Ferdinand\Desktop\JRT.exe
2013-08-28 17:19 - 2013-08-28 17:19 - 00000000 ____D C:\Windows\ERUNT
2013-08-28 17:12 - 2013-08-28 17:12 - 00994642 _____ C:\Users\Ferdinand\Desktop\adwcleaner3001.exe
2013-08-28 17:08 - 2013-08-28 17:13 - 00000000 ____D C:\AdwCleaner
2013-08-28 16:43 - 2013-08-28 16:43 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-28 16:43 - 2013-08-28 16:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-28 16:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-28 06:47 - 2013-08-28 06:47 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-28 06:47 - 2013-08-28 06:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-28 06:47 - 2013-08-28 06:47 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-28 06:47 - 2013-08-28 06:47 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-28 06:47 - 2013-08-28 06:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-08-28 06:47 - 2013-08-28 06:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-28 06:47 - 2013-08-28 06:47 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-28 06:47 - 2013-08-28 06:47 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-08-28 06:47 - 2013-08-28 06:47 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-28 06:47 - 2013-08-28 06:47 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-08-28 06:47 - 2013-08-28 06:47 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-08-28 06:45 - 2013-08-28 06:52 - 00009637 _____ C:\Windows\IE10_main.log
2013-08-28 06:42 - 2013-08-28 17:14 - 00000224 _____ C:\Windows\setupact.log
2013-08-28 06:42 - 2013-08-28 06:42 - 00000000 _____ C:\Windows\setuperr.log
2013-08-27 22:46 - 2013-08-27 22:47 - 00000000 ____D C:\Windows\system32\MRT
2013-08-27 22:28 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-27 22:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-27 22:28 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-27 22:28 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-27 22:28 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-08-27 22:28 - 2013-04-10 08:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-08-27 22:28 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-08-27 22:28 - 2013-03-19 08:04 - 05550424 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-27 22:28 - 2013-03-19 07:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-27 22:28 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-08-27 22:28 - 2013-03-19 07:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-08-27 22:28 - 2013-03-19 07:04 - 03968856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-27 22:28 - 2013-03-19 07:04 - 03913560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-27 22:28 - 2013-03-19 06:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-08-27 22:28 - 2013-03-19 05:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-08-27 22:28 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-08-27 22:28 - 2013-02-27 07:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-08-27 22:28 - 2013-02-27 07:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-08-27 22:28 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-08-27 22:28 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-08-27 22:28 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-08-27 22:28 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-08-27 22:28 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-08-27 22:28 - 2013-02-15 08:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-27 22:28 - 2013-02-15 08:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-27 22:28 - 2013-02-15 08:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-27 22:28 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-08-27 22:28 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-08-27 22:28 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-08-27 22:28 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-08-27 22:27 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-27 22:27 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-27 22:27 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-27 22:27 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-27 22:27 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-27 22:27 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-27 22:27 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-27 22:27 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-27 22:27 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-27 22:27 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-27 22:27 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-27 22:27 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-27 22:27 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-27 22:27 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-27 22:27 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-27 22:27 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-08-27 22:27 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-08-27 22:27 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-08-27 22:27 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-08-27 22:27 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-08-27 22:27 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-08-27 22:27 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-27 22:27 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-08-27 22:27 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-08-27 22:27 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-08-27 22:27 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-08-27 22:24 - 2013-08-27 22:24 - 00000000 ____D C:\Users\Ferdinand\AppData\Roaming\Avira
2013-08-27 22:24 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-27 22:24 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-27 22:23 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-08-27 22:23 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-08-27 22:20 - 2013-08-27 22:20 - 00000000 ____D C:\Users\Ferdinand\AppData\Roaming\Mozilla
2013-08-27 22:19 - 2013-08-27 22:19 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-27 22:18 - 2013-08-27 22:18 - 00000000 ____D C:\ProgramData\Avira
2013-08-27 22:18 - 2013-08-27 22:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-27 22:18 - 2013-08-27 22:14 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-27 22:18 - 2013-08-27 22:14 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-27 22:18 - 2013-08-27 22:14 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-27 22:12 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-08-27 22:07 - 2013-08-27 22:07 - 00000000 ____D C:\FRST
==================== One Month Modified Files and Folders =======
2013-08-28 17:30 - 2013-08-28 17:30 - 01579080 _____ (Farbar) C:\Users\Ferdinand\Desktop\FRST64.exe
2013-08-28 17:27 - 2013-08-28 17:27 - 00000629 _____ C:\Users\Ferdinand\Desktop\JRT.txt
2013-08-28 17:27 - 2012-02-29 18:08 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-28 17:27 - 2012-01-11 12:58 - 01533940 _____ C:\Windows\WindowsUpdate.log
2013-08-28 17:22 - 2009-07-14 06:45 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-28 17:22 - 2009-07-14 06:45 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-28 17:19 - 2013-08-28 17:19 - 01021434 _____ (Thisisu) C:\Users\Ferdinand\Desktop\JRT.exe
2013-08-28 17:19 - 2013-08-28 17:19 - 00000000 ____D C:\Windows\ERUNT
2013-08-28 17:15 - 2012-02-29 18:08 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-28 17:14 - 2013-08-28 06:42 - 00000224 _____ C:\Windows\setupact.log
2013-08-28 17:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-28 17:13 - 2013-08-28 17:08 - 00000000 ____D C:\AdwCleaner
2013-08-28 17:12 - 2013-08-28 17:12 - 00994642 _____ C:\Users\Ferdinand\Desktop\adwcleaner3001.exe
2013-08-28 16:57 - 2010-11-21 05:47 - 00098474 _____ C:\Windows\PFRO.log
2013-08-28 16:43 - 2013-08-28 16:43 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-28 16:43 - 2013-08-28 16:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-28 16:38 - 2012-02-29 17:46 - 00001421 _____ C:\Users\Ferdinand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-28 16:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-28 06:52 - 2013-08-28 06:45 - 00009637 _____ C:\Windows\IE10_main.log
2013-08-28 06:47 - 2013-08-28 06:47 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-28 06:47 - 2013-08-28 06:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-28 06:47 - 2013-08-28 06:47 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-28 06:47 - 2013-08-28 06:47 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-28 06:47 - 2013-08-28 06:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-08-28 06:47 - 2013-08-28 06:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-28 06:47 - 2013-08-28 06:47 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-28 06:47 - 2013-08-28 06:47 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-08-28 06:47 - 2013-08-28 06:47 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-28 06:47 - 2013-08-28 06:47 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-08-28 06:47 - 2013-08-28 06:47 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-08-28 06:43 - 2012-02-29 17:46 - 00000000 ___RD C:\Users\Ferdinand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-28 06:43 - 2012-02-29 17:46 - 00000000 ___RD C:\Users\Ferdinand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-28 06:42 - 2013-08-28 06:42 - 00000000 _____ C:\Windows\setuperr.log
2013-08-28 06:42 - 2009-07-14 06:45 - 00294344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-28 06:40 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-28 06:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-28 06:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-27 22:50 - 2011-04-12 09:43 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-08-27 22:50 - 2011-04-12 09:43 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-08-27 22:50 - 2009-07-14 07:13 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-27 22:47 - 2013-08-27 22:46 - 00000000 ____D C:\Windows\system32\MRT
2013-08-27 22:29 - 2012-02-29 18:08 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-27 22:26 - 2012-03-22 23:38 - 00000000 ____D C:\Windows\Minidump
2013-08-27 22:24 - 2013-08-27 22:24 - 00000000 ____D C:\Users\Ferdinand\AppData\Roaming\Avira
2013-08-27 22:22 - 2012-02-29 18:08 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-27 22:22 - 2012-02-29 18:08 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-27 22:20 - 2013-08-27 22:20 - 00000000 ____D C:\Users\Ferdinand\AppData\Roaming\Mozilla
2013-08-27 22:19 - 2013-08-27 22:19 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-27 22:18 - 2013-08-27 22:18 - 00000000 ____D C:\ProgramData\Avira
2013-08-27 22:18 - 2013-08-27 22:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-27 22:14 - 2013-08-27 22:18 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-27 22:14 - 2013-08-27 22:18 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-27 22:14 - 2013-08-27 22:18 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-27 22:07 - 2013-08-27 22:07 - 00000000 ____D C:\FRST
2013-08-27 21:54 - 2013-03-12 21:12 - 00000004 _____ C:\Users\Ferdinand\AppData\Roaming\skype.ini
2013-08-07 04:22 - 2010-11-21 05:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-08-05 16:14 - 2012-02-29 17:59 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Files to move or delete:
====================
C:\ProgramData\ism_0_llatsni.pad
C:\Users\Ferdinand\AppData\Roaming\skype.ini
C:\Users\FERDIN~1\AppData\Local\Temp\Quarantine.exe
C:\Users\FERDIN~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\CbsProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\CompatProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\DismCore.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\DismCorePS.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\DismHost.exe
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\DismProv.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\DmiProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\FolderProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\IntlProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\LogProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\MsiProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\OSProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\SmiProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\TransmogProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\UnattendProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\wdscore.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\WimProvider.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-12-29 16:15
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013 Ran by Ferdinand at 2013-08-28 17:31:43 Running from C:\Users\Ferdinand\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.63) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) ALDI Bestellsoftware 4.12.1 (x32 Version: 4.12.1) Avira Free Antivirus (x32 Version: 13.0.0.3885) Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663) be Flash Player 11 ActiveX 64-bit (Version: 11.1.102.62) Bluetooth Feature Pack 5.0 (Version: 5.0.14) Fujitsu Display Manager (Version: 7.01.00.210) Fujitsu Display Manager (x32 Version: ) Fujitsu Hotkey Utility (x32 Version: 3.60.1.0) Fujitsu MobilityCenter Extension Utility (Version: 3.01.00.000) Fujitsu MobilityCenter Extension Utility (x32 Version: ) Fujitsu System Extension Utility (Version: 3.1.1.0) Fujitsu System Extension Utility (x32) Google Earth Plug-in (x32 Version: 7.1.1.1888) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4413.1752) Google Update Helper (x32 Version: 1.3.21.153) Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2025) Intel(R) Management Engine Components (x32 Version: 6.0.0.1179) Java Auto Updater (x32 Version: 2.0.7.2) Java(TM) 6 Update 37 (x32 Version: 6.0.370) LifeBook Application Panel (Version: 8.1.0.0) LifeBook Application Panel (x32) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 2.0.672.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) NFS Underground (x32) NVIDIA PhysX (x32 Version: 9.09.0203) OpenOffice.org 3.3 (x32 Version: 3.3.9567) Plugfree NETWORK (Version: 5.3.0.1) Plugfree NETWORK (Version: 5.3.001) Power Saving Utility (Version: 31.01.11.013) Power Saving Utility (x32) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5969) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30087) Synaptics Pointing Device Driver (Version: 14.0.10.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation) Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation) Task: {360442D6-DE33-430D-BF1E-E03C25E30E7E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {4BDA41A4-13BA-4A9A-B364-B8BE14D34097} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-21] (Microsoft Corporation) Task: {559811C9-F125-473E-8952-244AE6E0989B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29] (Google Inc.) Task: {6F04E486-F7C1-43CF-9F5D-10ED03EE6356} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-21] (Microsoft Corporation) Task: {730B1700-2120-4C4D-A045-E61E560ED7CC} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {95D422C1-2130-42E6-AEA7-F461ABFD6B88} - System32\Tasks\WPD\SqmUpload_S-1-5-21-343857982-1485739575-2457239309-1001 => C:\Windows\System32\portabledeviceapi.dll [2010-11-21] (Microsoft Corporation) Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2010-11-21] (Microsoft Corporation) Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-21] (Microsoft Corporation) Task: {AF6BC62A-7BAC-4AD1-977C-C9F1715A46F8} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {B82C7D9E-0285-4B26-86A6-9CF2857FC659} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-14] (Microsoft Corporation) Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-14] (Microsoft Corporation) Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-21] (Microsoft Corporation) Task: {F7A92B1A-2E6E-4E20-A178-3307AB3BE20E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\Users\Ferdinand\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website:favicon ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 37% Total physical RAM: 3892.55 MB Available physical RAM: 2433.68 MB Total Pagefile: 7783.29 MB Available Pagefile: 5987.48 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:96.07 GB) (Free:64.54 GB) NTFS Drive e: (Ferdi) (Fixed) (Total:136.72 GB) (Free:76.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 558F8212) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=96 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=137 GB) - (Type=07 NTFS) ==================== End Of Log ============================ So, alles erledigt WIe geht's weiter?Grüße Julia |
|
29.08.2013, 04:06
| #7 |
| /// the machine /// TB-Ausbilder | Weißer Bildschirm Windows 7 64bitESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.08.2013, 08:05
| #8 |
| | Weißer Bildschirm Windows 7 64bit ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=a18a3a69ebf27748b3e37b8c816e73fd # engine=14959 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-08-30 09:40:51 # local_time=2013-08-30 11:40:51 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 94 180443 123661871 173213 0 # compatibility_mode=5893 16776573 100 94 194547 129528701 0 0 # scanned=158462 # found=11 # cleaned=0 # scan_time=4872 sh=EA6522467447141A68E4ABF4F969FFA8415CB188 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-0507.DS trojan" ac=I fn="C:\Users\Ferdinand\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\31ffc8b-7e14c5c2" sh=811AEA461CE41C5A093F87C5B4C2BC96FD969951 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-0507.BN trojan" ac=I fn="C:\Users\Ferdinand\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\3a7d2b0f-7572222c" sh=2E1AC955B72C606EA191BB029AEE096ACDF1DFE6 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-0507.BV trojan" ac=I fn="C:\Users\Ferdinand\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\14233d91-3419eba8" sh=3D835D89B6DF4CD678EA37849FA2DE92E1975186 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-0507.BS trojan" ac=I fn="C:\Users\Ferdinand\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\585b561b-2647b1a7" sh=ADAB392965B1704CFA7778473E29E54903128D94 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Ferdinand\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\3ef65a44-10801150" sh=16528900FAEB6FF62878DB5CB9967440C480871E ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="E:\FERDINAND-PC\Backup Set 2012-06-26 220634\Backup Files 2012-06-26 220634\Backup files 1.zip" sh=163A3DB57D8EBCB7BB267B45EB04C4CA69E71270 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-0507.DS trojan" ac=I fn="E:\FERDINAND-PC\Backup Set 2012-06-26 220634\Backup Files 2012-08-20 204843\Backup files 1.zip" sh=C62876293D1ED66025B979CAB4FCCC8EDE6BC937 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="E:\FERDINAND-PC\Backup Set 2012-10-15 202813\Backup Files 2012-10-15 202813\Backup files 4.zip" sh=34B2DF46DB00A71307F6DED7E5B3736941AC73D6 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="E:\FERDINAND-PC\Backup Set 2012-10-15 202813\Backup Files 2012-11-20 183807\Backup files 1.zip" sh=504C9551085FB4F27AEE79AE83240270C3F24ABF ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="E:\FERDINAND-PC\Backup Set 2013-02-03 190002\Backup Files 2013-02-03 190002\Backup files 4.zip" sh=21D6EEA5785B0DF0001C694502B5D5108CEB3A2B ft=0 fh=0000000000000000 vn="Win32/LockScreen.APR trojan" ac=I fn="E:\FERDINAND-PC\Backup Set 2013-02-03 190002\Backup Files 2013-08-27 212131\Backup files 1.zip" Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.1.102.63 Flash Player out of Date! Adobe Reader 10.1.7 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-08-2013 01
Ran by Ferdinand (administrator) on FERDINAND-PC on 31-08-2013 08:59:54
Running from C:\Users\Ferdinand\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZRNDLMH
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
(CSR, plc) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.EXE
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
() C:\Users\Ferdinand\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-09] (Synaptics Incorporated)
HKLM\...\Run: [LoadFujitsuQuickTouch] - C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [157544 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] - C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [35176 2009-10-15] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] - C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [188264 2009-07-30] (FUJITSU LIMITED)
HKLM\...\Run: [PfNet] - C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe [6310912 2010-06-23] (FUJITSU LIMITED)
HKLM\...\Run: [FDM7] - C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-26] (FUJITSU LIMITED)
HKLM\...\Run: [ConMgr] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe [535440 2009-12-24] (CSR, plc)
HKLM\...\Run: [CSRSkype] - C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe [431504 2009-12-24] (CSR, plc)
HKLM\...\Run: [BthSyncServ] - "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe" [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
HKCU\...\Run: [RGSC] - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-29] (Google Inc.)
HKLM-x32\...\Run: [IndicatorUtility] - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [47976 2009-10-09] (FUJITSU LIMITED)
HKLM-x32\...\Run: [LoadFUJ02E3] - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe [36712 2009-10-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\Ferdinand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKCU - {C4ED74EC-4B4D-4BAB-A815-B69BF1E22A08} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE473
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-27] (Avira Operations GmbH & Co. KG)
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [330240 2010-06-23] (FUJITSU LIMITED)
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2009-07-30] (FUJITSU LIMITED)
R2 VFPRadioSupportService; C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [145840 2009-12-24] (CSR, plc)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-27] (Avira Operations GmbH & Co. KG)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-30 22:17 - 2013-08-30 22:17 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-30 22:16 - 2013-08-30 22:16 - 02347384 _____ (ESET) C:\Users\Ferdinand\Desktop\esetsmartinstaller_enu.exe
2013-08-28 21:51 - 2013-08-28 21:51 - 00000000 ____D C:\Windows\Sun
2013-08-28 21:45 - 2013-08-28 21:44 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-28 21:44 - 2013-08-28 21:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-28 21:44 - 2013-08-28 21:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-28 21:44 - 2013-08-28 21:44 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-28 21:44 - 2013-08-28 21:44 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-28 21:43 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-08-28 21:43 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-08-28 21:43 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2013-08-28 21:43 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-08-28 21:43 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-08-28 21:43 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-08-28 21:43 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-08-28 21:43 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-08-28 21:43 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-08-28 21:43 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-08-28 21:43 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-08-28 21:43 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-08-28 21:43 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-08-28 21:43 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-28 21:43 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-08-28 21:43 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-08-28 21:43 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-08-28 21:43 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-08-28 21:43 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-28 21:43 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-08-28 21:43 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-08-28 21:43 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-08-28 21:43 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-28 21:43 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-08-28 21:43 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-28 21:38 - 2013-08-28 21:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2013-08-28 21:37 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-28 21:37 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-28 21:37 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-28 21:37 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-28 21:37 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-28 21:37 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-28 21:37 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-28 21:37 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-28 21:37 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-28 21:37 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-28 21:37 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-28 21:37 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-08-28 21:37 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-08-28 21:37 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-08-28 21:37 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-08-28 21:37 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-08-28 21:37 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-08-28 21:37 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-08-28 21:37 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-08-28 21:37 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-08-28 17:31 - 2013-08-28 17:35 - 00048196 _____ C:\Users\Ferdinand\Desktop\FRST.txt
2013-08-28 17:31 - 2013-08-28 17:31 - 00007654 _____ C:\Users\Ferdinand\Desktop\Addition.txt
2013-08-28 17:27 - 2013-08-28 17:27 - 00000629 _____ C:\Users\Ferdinand\Desktop\JRT.txt
2013-08-28 17:19 - 2013-08-28 17:19 - 01021434 _____ (Thisisu) C:\Users\Ferdinand\Desktop\JRT.exe
2013-08-28 17:19 - 2013-08-28 17:19 - 00000000 ____D C:\Windows\ERUNT
2013-08-28 17:12 - 2013-08-28 17:12 - 00994642 _____ C:\Users\Ferdinand\Desktop\adwcleaner3001.exe
2013-08-28 17:08 - 2013-08-28 17:13 - 00000000 ____D C:\AdwCleaner
2013-08-28 16:43 - 2013-08-28 16:43 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-28 16:43 - 2013-08-28 16:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-28 16:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-28 06:47 - 2013-08-28 06:47 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-28 06:47 - 2013-08-28 06:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-28 06:47 - 2013-08-28 06:47 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-28 06:47 - 2013-08-28 06:47 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-28 06:47 - 2013-08-28 06:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-08-28 06:47 - 2013-08-28 06:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-28 06:47 - 2013-08-28 06:47 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-28 06:47 - 2013-08-28 06:47 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-08-28 06:47 - 2013-08-28 06:47 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-28 06:47 - 2013-08-28 06:47 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-08-28 06:47 - 2013-08-28 06:47 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-08-28 06:45 - 2013-08-28 06:52 - 00009637 _____ C:\Windows\IE10_main.log
2013-08-28 06:42 - 2013-08-31 08:47 - 00000746 _____ C:\Windows\setupact.log
2013-08-28 06:42 - 2013-08-28 06:42 - 00000000 _____ C:\Windows\setuperr.log
2013-08-27 22:46 - 2013-08-27 22:47 - 00000000 ____D C:\Windows\system32\MRT
2013-08-27 22:28 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-27 22:28 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-27 22:28 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-27 22:28 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-27 22:28 - 2013-04-12 16:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-08-27 22:28 - 2013-04-10 08:01 - 00983400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-08-27 22:28 - 2013-04-10 08:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-08-27 22:28 - 2013-03-19 07:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-27 22:28 - 2013-03-19 07:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-08-27 22:28 - 2013-03-19 07:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-08-27 22:28 - 2013-03-19 06:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-08-27 22:28 - 2013-03-19 05:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-08-27 22:28 - 2013-02-27 08:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-08-27 22:28 - 2013-02-27 07:52 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-08-27 22:28 - 2013-02-27 07:52 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-08-27 22:28 - 2013-02-27 07:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-08-27 22:28 - 2013-02-27 07:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-08-27 22:28 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-08-27 22:28 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-08-27 22:28 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-08-27 22:28 - 2011-02-03 13:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-08-27 22:27 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-27 22:27 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-27 22:27 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-27 22:27 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-27 22:27 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-27 22:27 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-27 22:27 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-27 22:27 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-27 22:27 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-27 22:27 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-27 22:27 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-27 22:27 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-27 22:27 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-27 22:27 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-27 22:27 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-08-27 22:27 - 2013-05-13 07:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-08-27 22:27 - 2013-05-13 05:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-08-27 22:27 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-08-27 22:27 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-08-27 22:27 - 2013-05-10 07:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-08-27 22:27 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-08-27 22:27 - 2013-04-26 07:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-27 22:27 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-08-27 22:27 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-08-27 22:27 - 2013-04-17 08:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-08-27 22:27 - 2013-01-24 08:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-08-27 22:24 - 2013-08-27 22:24 - 00000000 ____D C:\Users\Ferdinand\AppData\Roaming\Avira
2013-08-27 22:24 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-08-27 22:24 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-27 22:23 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-08-27 22:23 - 2013-04-01 00:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-08-27 22:20 - 2013-08-27 22:20 - 00000000 ____D C:\Users\Ferdinand\AppData\Roaming\Mozilla
2013-08-27 22:19 - 2013-08-27 22:19 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-27 22:18 - 2013-08-27 22:18 - 00000000 ____D C:\ProgramData\Avira
2013-08-27 22:18 - 2013-08-27 22:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-27 22:18 - 2013-08-27 22:14 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-27 22:18 - 2013-08-27 22:14 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-27 22:18 - 2013-08-27 22:14 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-27 22:12 - 2013-02-12 06:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-08-27 22:07 - 2013-08-27 22:07 - 00000000 ____D C:\FRST
==================== One Month Modified Files and Folders =======
2013-08-31 08:55 - 2009-07-14 06:45 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-31 08:55 - 2009-07-14 06:45 - 00022336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-31 08:52 - 2013-08-31 08:52 - 00891115 _____ C:\Users\Ferdinand\Desktop\SecurityCheck.exe
2013-08-31 08:52 - 2012-01-11 12:58 - 01704029 _____ C:\Windows\WindowsUpdate.log
2013-08-31 08:47 - 2013-08-28 06:42 - 00000746 _____ C:\Windows\setupact.log
2013-08-31 08:47 - 2012-02-29 18:08 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-31 08:47 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-30 23:27 - 2012-02-29 18:08 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-30 22:17 - 2013-08-30 22:17 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-30 22:16 - 2013-08-30 22:16 - 02347384 _____ (ESET) C:\Users\Ferdinand\Desktop\esetsmartinstaller_enu.exe
2013-08-28 21:51 - 2013-08-28 21:51 - 00000000 ____D C:\Windows\Sun
2013-08-28 21:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-08-28 21:44 - 2013-08-28 21:45 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-28 21:44 - 2013-08-28 21:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-28 21:44 - 2013-08-28 21:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-28 21:44 - 2013-08-28 21:44 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-28 21:44 - 2013-08-28 21:44 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-28 21:44 - 2012-11-27 18:44 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-08-28 21:44 - 2012-02-29 18:14 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-28 21:40 - 2011-04-12 09:43 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-08-28 21:40 - 2011-04-12 09:43 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-08-28 21:40 - 2009-07-14 07:13 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-28 21:38 - 2013-08-28 21:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01009.Wdf
2013-08-28 17:35 - 2013-08-28 17:31 - 00048196 _____ C:\Users\Ferdinand\Desktop\FRST.txt
2013-08-28 17:31 - 2013-08-28 17:31 - 00007654 _____ C:\Users\Ferdinand\Desktop\Addition.txt
2013-08-28 17:27 - 2013-08-28 17:27 - 00000629 _____ C:\Users\Ferdinand\Desktop\JRT.txt
2013-08-28 17:19 - 2013-08-28 17:19 - 01021434 _____ (Thisisu) C:\Users\Ferdinand\Desktop\JRT.exe
2013-08-28 17:19 - 2013-08-28 17:19 - 00000000 ____D C:\Windows\ERUNT
2013-08-28 17:13 - 2013-08-28 17:08 - 00000000 ____D C:\AdwCleaner
2013-08-28 17:12 - 2013-08-28 17:12 - 00994642 _____ C:\Users\Ferdinand\Desktop\adwcleaner3001.exe
2013-08-28 16:57 - 2010-11-21 05:47 - 00098474 _____ C:\Windows\PFRO.log
2013-08-28 16:43 - 2013-08-28 16:43 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-28 16:43 - 2013-08-28 16:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-28 16:38 - 2012-02-29 17:46 - 00001421 _____ C:\Users\Ferdinand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-08-28 06:52 - 2013-08-28 06:45 - 00009637 _____ C:\Windows\IE10_main.log
2013-08-28 06:47 - 2013-08-28 06:47 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-28 06:47 - 2013-08-28 06:47 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-28 06:47 - 2013-08-28 06:47 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-28 06:47 - 2013-08-28 06:47 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-28 06:47 - 2013-08-28 06:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-08-28 06:47 - 2013-08-28 06:47 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-28 06:47 - 2013-08-28 06:47 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-28 06:47 - 2013-08-28 06:47 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-08-28 06:47 - 2013-08-28 06:47 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-28 06:47 - 2013-08-28 06:47 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-08-28 06:47 - 2013-08-28 06:47 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-08-28 06:47 - 2013-08-28 06:47 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-28 06:47 - 2013-08-28 06:47 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-08-28 06:43 - 2012-02-29 17:46 - 00000000 ___RD C:\Users\Ferdinand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-28 06:43 - 2012-02-29 17:46 - 00000000 ___RD C:\Users\Ferdinand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-28 06:42 - 2013-08-28 06:42 - 00000000 _____ C:\Windows\setuperr.log
2013-08-28 06:42 - 2009-07-14 06:45 - 00294344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-28 06:40 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-28 06:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-28 06:40 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-27 22:47 - 2013-08-27 22:46 - 00000000 ____D C:\Windows\system32\MRT
2013-08-27 22:29 - 2012-02-29 18:08 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-27 22:26 - 2012-03-22 23:38 - 00000000 ____D C:\Windows\Minidump
2013-08-27 22:24 - 2013-08-27 22:24 - 00000000 ____D C:\Users\Ferdinand\AppData\Roaming\Avira
2013-08-27 22:22 - 2012-02-29 18:08 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-27 22:22 - 2012-02-29 18:08 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-08-27 22:20 - 2013-08-27 22:20 - 00000000 ____D C:\Users\Ferdinand\AppData\Roaming\Mozilla
2013-08-27 22:19 - 2013-08-27 22:19 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-27 22:18 - 2013-08-27 22:18 - 00000000 ____D C:\ProgramData\Avira
2013-08-27 22:18 - 2013-08-27 22:18 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-27 22:14 - 2013-08-27 22:18 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-27 22:14 - 2013-08-27 22:18 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-27 22:14 - 2013-08-27 22:18 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-27 22:07 - 2013-08-27 22:07 - 00000000 ____D C:\FRST
2013-08-27 21:54 - 2013-03-12 21:12 - 00000004 _____ C:\Users\Ferdinand\AppData\Roaming\skype.ini
2013-08-07 04:22 - 2010-11-21 05:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-08-05 16:14 - 2012-02-29 17:59 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Files to move or delete:
====================
C:\ProgramData\ism_0_llatsni.pad
C:\Users\Ferdinand\AppData\Roaming\skype.ini
C:\Users\FERDIN~1\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\FERDIN~1\AppData\Local\Temp\Quarantine.exe
C:\Users\FERDIN~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Objlist.exe
C:\Users\FERDIN~1\AppData\Local\Temp\RarSFX0\SecurityCheck\runprocesses.exe
C:\Users\FERDIN~1\AppData\Local\Temp\RarSFX0\SecurityCheck\uninstalllist.exe
C:\Users\FERDIN~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\cmdinfo.exe
C:\Users\FERDIN~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\nircmdc.exe
C:\Users\FERDIN~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\sed.exe
C:\Users\FERDIN~1\AppData\Local\Temp\RarSFX0\SecurityCheck\Other\swreg.exe
C:\Users\FERDIN~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\CbsProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\CompatProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\DismCore.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\DismCorePS.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\DismHost.exe
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\DismProv.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\DmiProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\FolderProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\IntlProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\LogProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\MsiProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\OSProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\SmiProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\TransmogProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\UnattendProvider.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\wdscore.dll
C:\Users\FERDIN~1\AppData\Local\Temp\36559E86-7FB3-4606-BBD8-019F4E77A355\WimProvider.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-12-29 16:15
==================== End Of Log ============================
--- --- --- --- --- --- Vielen Dank Ist der Rechner nun geheilt? Probleme sind so jetzt nicht zu erkennen, aber man weiß ja nie, was sich noch so versteckt... |
|
31.08.2013, 14:08
| #9 |
| /// the machine /// TB-Ausbilder | Weißer Bildschirm Windows 7 64bit Flash Player und Adobe Reader updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.08.2013, 16:48
| #10 |
| | Weißer Bildschirm Windows 7 64bit Hallo Schrauber, konnte TFC leider nicht ausführen, da das kein 32bit System ist?! Hab leider keine andere Datei zum herunterladen gefunden. Hab die Temps nun manuell gelöscht... Ansonsten hab ich den Rest erledigt. Und ich denke, es sollte nun alles gelöscht sein Vielen Dank für deine super Hilfe. Grüße Julia |
|
31.08.2013, 20:30
| #11 |
| /// the machine /// TB-Ausbilder | Weißer Bildschirm Windows 7 64bit Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
