| |
| |||||||
Log-Analyse und Auswertung: Verschiedene Yontoo-Dateien gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.08.2013, 22:06
| #1 |
| |  Verschiedene Yontoo-Dateien gefunden Guten Abend, Vor ein paar Tagen habe ich gemerkt, dass mein Computer Probleme beim Ausschalten und Standbymodus aufweist und durch eine Totaluntersuchung von Kaspersky die Datei AdWare.JS.Yontoo.a gefunden, welche ich sofort gelöscht habe. (Wahrscheinlich habe ich mit den Dragon Age Gamemods mir war reingeholt...) Da die genannten Computerprobleme immer noch anhielten, habe ich im Internet nach Lösungen gesucht. Die Situation sieht nun so aus:
Bin ich nun Yontoo los? Wie kann ich das sicherstellen? Ich bin sehr dankbar für eure Hilfe!!  Ich hoffe, ich habe nicht zu viele Logfiles gepostet...Die Logs folgen hier. Ersten Scan habe ich sofort nach dem Entdecken von Yontoo gemacht, den letzten nach dem Löschen (wie ich es in anderen Threads gelesen habe). Was Kaspersky gefunden hat: Code:
ATTFilter Typ: Unbekannt (2)
pdfdownload (1).exe Gelöscht 27.08.2013 22:45:17 c:\documents and settings\lada brunner\downloads\ pdfdownload (1).exe
pdfdownload.exe Gelöscht 27.08.2013 22:45:07 c:\documents and settings\lada brunner\downloads\ pdfdownload.exe
Typ: legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen (2)
not-a-virus:HEUR:Downloader.Win32.AdLoad.u Gelöscht 27.08.2013 22:45:17 c:\documents and settings\lada brunner\downloads\pdfdownload (1).exe// data0005
not-a-virus:HEUR:Downloader.Win32.AdLoad.u Gelöscht 27.08.2013 22:45:07 c:\documents and settings\lada brunner\downloads\pdfdownload.exe// data0005
Typ: Adware (1)
not-a-virus:AdWare.JS.Yontoo.a Gelöscht 27.08.2013 22:42:53 c:\documents and settings\all users\kaspersky lab\safebrowser\s-1-5-21-138995088-2144927477-1329361507-1000\chrome\default\extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\ background.html
Code:
ATTFilter # AdwCleaner v3.001 - Report created 29/08/2013 at 16:14:57
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lada Brunner - LADABRUNNER-HP
# Running from : C:\Users\Lada Brunner\Downloads\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\END
File Found : C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Found : C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Found : C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\LADABR~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\LADABR~1\AppData\Local\Temp\Uninstall.exe
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\ProgramData\Ask
Folder Found C:\Users\Lada Brunner\AppData\Local\Conduit
Folder Found C:\Users\Lada Brunner\AppData\Local\cre
Folder Found C:\Users\Lada Brunner\AppData\LocalLow\Conduit
Folder Found C:\Users\Lada Brunner\AppData\LocalLow\PriceGong
Folder Found C:\Users\Lada Brunner\AppData\LocalLow\Softonic
Folder Found C:\Users\LADABR~1\AppData\Local\Temp\Softonic
Folder Found C:\Users\LADABR~1\AppData\Local\Temp\Softonic
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=15&cc=
-\\ Google Chrome v
[ File : C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [6272 octets] - [29/08/2013 16:14:57]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6332 octets] ##########
Code:
ATTFilter # AdwCleaner v3.001 - Report created 30/08/2013 at 22:18:55
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Lada Brunner - LADABRUNNER-HP
# Running from : C:\Users\Lada Brunner\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\SpeedUpMyPC
Folder Deleted : C:\Program Files (x86)\Uniblue\SpeedUpMyPC
Folder Deleted : C:\Users\Lada Brunner\AppData\Roaming\Uniblue\SpeedUpMyPC
File Deleted : C:\Windows\Tasks\SpeedUpMyPC.job
File Deleted : C:\Windows\System32\Tasks\SpeedUpMyPC
File Deleted : C:\Windows\Tasks\spmonitor.job
File Deleted : C:\Windows\System32\Tasks\spmonitor
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\Software\Uniblue\SpeedUpMyPC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Mozilla Firefox v
-\\ Google Chrome v
[ File : C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [6444 octets] - [29/08/2013 16:14:57]
AdwCleaner[R1].txt - [6202 octets] - [29/08/2013 23:59:53]
AdwCleaner[R2].txt - [986 octets] - [30/08/2013 00:06:28]
AdwCleaner[R3].txt - [1714 octets] - [30/08/2013 21:44:15]
AdwCleaner[R4].txt - [1720 octets] - [30/08/2013 22:17:58]
AdwCleaner[S0].txt - [5762 octets] - [30/08/2013 00:01:11]
AdwCleaner[S1].txt - [1667 octets] - [30/08/2013 22:18:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1727 octets] ##########
Code:
ATTFilter HitmanPro 3.7.7.205
www.hitmanpro.com
Computer name . . . . : LADABRUNNER-HP
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : LadaBrunner-HP\Lada Brunner
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-08-29 16:16:09
Scan mode . . . . . . : Normal
Scan duration . . . . : 4m 31s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 15
Traces . . . . . . . : 1713
Objects scanned . . . : 1'596'096
Files scanned . . . . : 53'418
Remnants scanned . . : 505'407 files / 1'037'271 keys
Malware _____________________________________________________________________
C:\Users\Lada Brunner\AppData\Local\Temp\Quarantine.exe
Size . . . . . . . : 328'019 bytes
Age . . . . . . . : 0.0 days (2013-08-29 16:14:53)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 03AAF43021ED01168E76F9CAA6B7E0342A91B4767A0061B2CF5C9353411CDC8D
Version . . . . . : 3.0.0.1
> Ikarus . . . . . . : Gen.Trojan.Heur!IK
Fuzzy . . . . . . : 113.0
Forensic Cluster
-18.8s C:\Users\Lada Brunner\Downloads\adwcleaner.exe
-18.8s C:\Users\Lada Brunner\AppData\Roaming\Dropbox\shellext\l\521f574a
-1.9s C:\Users\Lada Brunner\AppData\Local\Temp\etilqs_4a19oQM0Fp4POOf
-0.0s C:\Users\Lada Brunner\AppData\Local\Temp\AdwCleaner.jpg
-0.0s C:\Users\Lada Brunner\AppData\Local\Temp\Cleaning.ico
-0.0s C:\Users\Lada Brunner\AppData\Local\Temp\Donate.ico
-0.0s C:\Users\Lada Brunner\AppData\Local\Temp\Uninstall.ico
-0.0s C:\Users\Lada Brunner\AppData\Local\Temp\Scan.ico
-0.0s C:\Users\Lada Brunner\AppData\Local\Temp\Report.ico
0.0s C:\Users\Lada Brunner\AppData\Local\Temp\Quarantine.exe
0.1s C:\Users\Lada Brunner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4WLUT13\Version[1].txt
0.1s C:\AdwCleaner\
0.1s C:\AdwCleaner\Quarantine\
0.2s C:\Users\Lada Brunner\AppData\Local\Temp\~DFC04AA4C90D85ABCD.TMP
4.2s C:\AdwCleaner\AdwCleaner[R0].txt
9.9s C:\Windows\Prefetch\ADWCLEANER.EXE-3A8CC228.pf
12.2s C:\Users\Lada Brunner\Downloads\hitmanpro_x64.exe
15.5s C:\Users\Lada Brunner\AppData\Local\Temp\preferences
31.3s C:\Windows\Prefetch\JAVA.EXE-07FE5A9A.pf
C:\Users\Lada Brunner\AppData\Local\Temp\YontooSetup-S.exe
Size . . . . . . . : 1'055'696 bytes
Age . . . . . . . : 330.8 days (2012-10-02 21:46:45)
Entropy . . . . . : 8.0
SHA-256 . . . . . : AD0D1998EE4D81DFF0DBF93DDE6318BDC04784929704AD122EFBD7D02BA2A464
Product . . . . . : Yontoo
Publisher . . . . : Yontoo LLC
Description . . . : Installer
Version . . . . . : 2012.8.10.1555
Copyright . . . . : Copyright (c) 2012 Yontoo LLC. All rights reserved.
RSA Key Size . . . : 1024
Authenticode . . . : Valid
> Ikarus . . . . . . : AdWare.Yontoo!IK
Fuzzy . . . . . . : 101.0
Suspicious files ____________________________________________________________
C:\Users\Lada Brunner\AppData\Local\Temp\nsf57F0.tmp\nsisos.dll
Size . . . . . . . : 5'632 bytes
Age . . . . . . . : 330.8 days (2012-10-02 21:46:59)
Entropy . . . . . : 3.1
SHA-256 . . . . . : BA79AB7F63F02ED5D5D46B82B11D97DAC5B7EF7E9B9A4DF926B43CEAC18483B6
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
Potential Unwanted Programs _________________________________________________
C:\Program Files (x86)\Conduit\ (Conduit)
C:\Program Files (x86)\Conduit\Community Alerts\ (Conduit)
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (Conduit)
Size . . . . . . . : 638'560 bytes
Age . . . . . . . : 798.0 days (2011-06-23 16:20:46)
Entropy . . . . . : 6.4
SHA-256 . . . . . : F22E58CDFE94D4A5FBBF2795A743B167ED9923E289E14654631E0077DD306C1D
Product . . . . . : Alert
Publisher . . . . : Conduit Ltd.
Description . . . : Alert
Version . . . . . : 1.1.4.1
Copyright . . . . : Copyright © Conduit Ltd. 2011.
RSA Key Size . . . : 1024
Authenticode . . . : Valid
Fuzzy . . . . . . : -15.0
C:\Users\Lada Brunner\AppData\Local\Conduit\ (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\ (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.1000034.Settings.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.129351532245275780.search.history.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.129351532245275780.search.selectedEngineId.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.129351532245275780.search.settings.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.129351532245275780.search.user-settings.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.2532783744689806690.feed_2429156812186649977.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.2532783744689806690.feed_2429156813040823546.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.2532783744689806690.feed_2429156813130095866.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.2532783744689806690.feed_2429156813224203613.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.2532783744689806690.feed_2429156813230837251.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.2532783744689806690.feed_2429156813454291735.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.2532783744689806690.feed_2429156813729834876.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.2532783744689806690.feed_2429156813860870021.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.2532783744689806690.feed_2429156814264681793.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.2532783744689806690.feed_2429156814863075366.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.2532783744689806690.feed_2429156815257761081.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.appOptions.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.NOTIFICATION_ID.notifications-repository.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.NOTIFICATION_ID.notifications-service_1243681.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.NOTIFICATION_ID.notifications-servicemap.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.NotificationSettings.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.savedPositions.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647.searchProtectorData.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.29.serviceLayer_services_appsMetadata.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.29.serviceLayer_services_appTrackingFirstTime.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.29.serviceLayer_services_gottenAppsContextMenu.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.29.serviceLayer_services_login.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.29.serviceLayer_services_otherAppsContextMenu.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.29.serviceLayer_services_searchAPI.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.29.serviceLayer_services_serviceMap.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.29.serviceLayer_services_toolbarContextMenu.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.29.serviceLayer_services_toolbarSettings.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.29.serviceLayer_services_translation.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.300.serviceLayer_services_appsMetadata.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.300.serviceLayer_services_appTrackingFirstTime.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.300.serviceLayer_services_gottenAppsContextMenu.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.300.serviceLayer_services_login.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.300.serviceLayer_services_otherAppsContextMenu.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.300.serviceLayer_services_searchAPI.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.300.serviceLayer_services_serviceMap.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.300.serviceLayer_services_toolbarContextMenu.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.300.serviceLayer_services_toolbarSettings.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_10.13.20.300.serviceLayer_services_translation.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_RAW.serviceLayer_services_appsMetadata.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_RAW.serviceLayer_services_appTrackingFirstTime.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_RAW.serviceLayer_services_gottenAppsContextMenu.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_RAW.serviceLayer_services_login.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_RAW.serviceLayer_services_otherAppsContextMenu.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_RAW.serviceLayer_services_searchAPI.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_RAW.serviceLayer_services_serviceMap.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_RAW.serviceLayer_services_toolbarContextMenu.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_RAW.serviceLayer_services_toolbarSettings.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\CT2851647_RAW.serviceLayer_services_translation.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\toolbar_initializing_logger.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\uninstallData.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\ChromeExtData\leocdeigfnkaojcapikdjcdbedcjmffc\Repository\uninstallUrl.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\ (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\ (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\ (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\ (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\close.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Next_hover.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\powered-by.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\Prev_hover.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark\settings.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\ (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\close.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Next_hover.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\powered-by.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Prev_hover.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\settings.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light\Thumbs.db (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\DialogsAPI.js (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\PIE.htc (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\settings.js (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Dialogs\version.txt (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Feeds\ (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1243681_1239354_CH.xml (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1699007_1690443_CH.xml (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\ (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml (Conduit)
C:\Users\Lada Brunner\AppData\LocalLow\Softonic\ (Softonic)
C:\Users\Lada Brunner\AppData\LocalLow\Softonic\Softonic\us\20101003\ (Softonic)
C:\Users\Lada Brunner\AppData\LocalLow\Softonic\Softonic\us\20101003\kywrds.tat (Softonic)
C:\Users\Lada Brunner\AppData\LocalLow\Softonic\Softonic\us\20101003\kywrds.ttr (Softonic)
HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}\ (Softonic)
HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1\ (AskBar)
HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd\ (AskBar)
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}\ (Softonic)
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} (AskBar)
HKU\S-1-5-21-138995088-2144927477-1329361507-1000\Software\AppDataLow\Software\Smartbar\ (Conduit)
HKU\S-1-5-21-138995088-2144927477-1329361507-1000\Software\Conduit\ (Conduit)
HKU\S-1-5-21-138995088-2144927477-1329361507-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
Cookies _____________________________________________________________________
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:112.2o7.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:a.tribalfusion.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.12mnkys.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.ad-srv.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adc-serv.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adnet.de
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.de.doubleclick.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.games.ch
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.soicos.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:adinterax.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.e-planning.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.escinteractive.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.eurogamer.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediafactor.ch
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.travelaudience.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:clicksor.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:eaeacom.112.2o7.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:fr.sitestat.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:getclicky.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnportal.112.2o7.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:pmu3.solution.weborama.fr
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool-eu-ie.creative-serving.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.complex.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.manor.ch
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:www6.smartadserver.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
C:\Users\Lada Brunner\AppData\Roaming\Microsoft\Windows\Cookies\5J108HE8.txt
C:\Users\Lada Brunner\AppData\Roaming\Microsoft\Windows\Cookies\9XIAEM4R.txt
C:\Users\Lada Brunner\AppData\Roaming\Microsoft\Windows\Cookies\C12TADG2.txt
C:\Users\Lada Brunner\AppData\Roaming\Microsoft\Windows\Cookies\DNN8FOGW.txt
C:\Users\Lada Brunner\AppData\Roaming\Microsoft\Windows\Cookies\DSG1TPRX.txt
C:\Users\Lada Brunner\AppData\Roaming\Microsoft\Windows\Cookies\ETR94OPD.txt
C:\Users\Lada Brunner\AppData\Roaming\Microsoft\Windows\Cookies\NF7VNECP.txt
C:\Users\Lada Brunner\AppData\Roaming\Microsoft\Windows\Cookies\SI3AHH7N.txt
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.29.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Lada Brunner :: LADABRUNNER-HP [Administrator] 29.08.2013 03:12:46 mbam-log-2013-08-29 (03-12-46).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 246537 Laufzeit: 3 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bösartig: (hxxp://search.conduit.com?SearchSource=10&ctid=CT3244149) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 5 C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lada Brunner\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lada Brunner\AppData\Roaming\OpenCandy\4A6E40BE364F4CB8A93C55C91EF7C8D8 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 8 C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lada Brunner\AppData\Roaming\OpenCandy\4A6E40BE364F4CB8A93C55C91EF7C8D8\3982.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lada Brunner\AppData\Roaming\OpenCandy\4A6E40BE364F4CB8A93C55C91EF7C8D8\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lada Brunner\AppData\Roaming\OpenCandy\4A6E40BE364F4CB8A93C55C91EF7C8D8\OCBrowserHelper_1.0.3.85.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Lada Brunner\AppData\Roaming\OpenCandy\4A6E40BE364F4CB8A93C55C91EF7C8D8\setup__759.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.29.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Lada Brunner :: LADABRUNNER-HP [Administrator] 30.08.2013 20:54:17 MBAM-log-2013-08-30 (22-16-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 540595 Laufzeit: 1 Stunde(n), 21 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Lada Brunner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y596G1TU\SpeedUpMyPC-standalone-setup[1].exe (PUP.Optional.SpeedUpMyPC.A) -> Keine Aktion durchgeführt. C:\Users\Lada Brunner\Downloads\speedupmypc.exe (PUP.Optional.SpeedUpMyPC.A) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter
Avira Internet Security
Erstellungsdatum der Reportdatei: Freitag, 30. August 2013 00:17
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Vlada Brunner
Seriennummer : 2227206679-ISECE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : LADABRUNNER-HP
Versionsinformationen:
BUILD.DAT : 13.0.0.3885 64553 Bytes 01.08.2013 08:54:00
AVSCAN.EXE : 13.6.0.1722 634936 Bytes 29.08.2013 18:05:22
AVSCANRC.DLL : 13.6.0.1550 62520 Bytes 29.08.2013 18:05:22
LUKE.DLL : 13.6.0.1550 65080 Bytes 29.08.2013 18:05:53
AVSCPLR.DLL : 13.6.0.1712 92216 Bytes 29.08.2013 18:05:22
AVREG.DLL : 13.6.0.1550 247864 Bytes 29.08.2013 18:05:21
avlode.dll : 13.6.2.1704 449592 Bytes 29.08.2013 18:05:17
avlode.rdf : 13.0.1.42 26846 Bytes 29.08.2013 18:06:25
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 18:04:15
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 18:04:18
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 18:04:22
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 18:04:26
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 18:04:32
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 18:04:42
VBASE006.VDF : 7.11.98.187 2048 Bytes 29.08.2013 18:04:42
VBASE007.VDF : 7.11.98.188 2048 Bytes 29.08.2013 18:04:42
VBASE008.VDF : 7.11.98.189 2048 Bytes 29.08.2013 18:04:42
VBASE009.VDF : 7.11.98.190 2048 Bytes 29.08.2013 18:04:42
VBASE010.VDF : 7.11.98.191 2048 Bytes 29.08.2013 18:04:42
VBASE011.VDF : 7.11.98.192 2048 Bytes 29.08.2013 18:04:42
VBASE012.VDF : 7.11.98.193 2048 Bytes 29.08.2013 18:04:42
VBASE013.VDF : 7.11.98.194 2048 Bytes 29.08.2013 18:04:42
VBASE014.VDF : 7.11.98.195 2048 Bytes 29.08.2013 18:04:43
VBASE015.VDF : 7.11.98.196 2048 Bytes 29.08.2013 18:04:43
VBASE016.VDF : 7.11.98.197 2048 Bytes 29.08.2013 18:04:43
VBASE017.VDF : 7.11.98.198 2048 Bytes 29.08.2013 18:04:43
VBASE018.VDF : 7.11.98.199 2048 Bytes 29.08.2013 18:04:43
VBASE019.VDF : 7.11.98.200 2048 Bytes 29.08.2013 18:04:43
VBASE020.VDF : 7.11.98.201 2048 Bytes 29.08.2013 18:04:43
VBASE021.VDF : 7.11.98.202 2048 Bytes 29.08.2013 18:04:43
VBASE022.VDF : 7.11.98.203 2048 Bytes 29.08.2013 18:04:43
VBASE023.VDF : 7.11.98.204 2048 Bytes 29.08.2013 18:04:43
VBASE024.VDF : 7.11.98.205 2048 Bytes 29.08.2013 18:04:43
VBASE025.VDF : 7.11.98.206 2048 Bytes 29.08.2013 18:04:43
VBASE026.VDF : 7.11.98.207 2048 Bytes 29.08.2013 18:04:43
VBASE027.VDF : 7.11.98.208 2048 Bytes 29.08.2013 18:04:43
VBASE028.VDF : 7.11.98.209 2048 Bytes 29.08.2013 18:04:43
VBASE029.VDF : 7.11.98.210 2048 Bytes 29.08.2013 18:04:43
VBASE030.VDF : 7.11.98.211 2048 Bytes 29.08.2013 18:04:43
VBASE031.VDF : 7.11.99.26 135680 Bytes 29.08.2013 18:04:44
Engineversion : 8.2.12.112
AEVDF.DLL : 8.1.3.4 102774 Bytes 29.08.2013 18:04:52
AESCRIPT.DLL : 8.1.4.144 512382 Bytes 29.08.2013 18:04:52
AESCN.DLL : 8.1.10.4 131446 Bytes 29.08.2013 18:04:52
AESBX.DLL : 8.2.16.26 1245560 Bytes 29.08.2013 18:04:53
AERDL.DLL : 8.2.0.128 688504 Bytes 29.08.2013 18:04:52
AEPACK.DLL : 8.3.2.24 749945 Bytes 29.08.2013 18:04:51
AEOFFICE.DLL : 8.1.2.76 205181 Bytes 29.08.2013 18:04:50
AEHEUR.DLL : 8.1.4.572 6115706 Bytes 29.08.2013 18:04:50
AEHELP.DLL : 8.1.27.6 266617 Bytes 29.08.2013 18:04:46
AEGEN.DLL : 8.1.7.12 442743 Bytes 29.08.2013 18:04:46
AEEXP.DLL : 8.4.1.52 299383 Bytes 29.08.2013 18:04:54
AEEMU.DLL : 8.1.3.2 393587 Bytes 29.08.2013 18:04:45
AECORE.DLL : 8.1.32.0 201081 Bytes 29.08.2013 18:04:45
AEBB.DLL : 8.1.1.4 53619 Bytes 29.08.2013 18:04:44
AVWINLL.DLL : 13.6.0.1550 23608 Bytes 29.08.2013 18:02:14
AVPREF.DLL : 13.6.0.1550 48184 Bytes 29.08.2013 18:05:20
AVREP.DLL : 13.6.0.1550 175672 Bytes 29.08.2013 18:05:21
AVARKT.DLL : 13.6.0.1626 258104 Bytes 29.08.2013 18:05:06
AVEVTLOG.DLL : 13.6.0.1550 164920 Bytes 29.08.2013 18:05:09
SQLITE3.DLL : 3.7.0.1 394824 Bytes 29.08.2013 18:06:08
AVSMTP.DLL : 13.6.0.1550 60472 Bytes 29.08.2013 18:05:23
NETNT.DLL : 13.6.0.1550 13368 Bytes 29.08.2013 18:05:58
RCIMAGE.DLL : 13.4.0.360 5154080 Bytes 29.08.2013 18:02:17
RCTEXT.DLL : 13.6.0.1624 67128 Bytes 29.08.2013 18:02:17
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_521fc505\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Beginn des Suchlaufs: Freitag, 30. August 2013 00:17
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avfwsvc.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'ezSharedSvcHost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPClientServices.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '172' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'IntelMeFWService.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'NOBuAgent.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdfsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPAuto.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpsysdrv.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'BJMYPRT.EXE' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'Steam.exe' - '139' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '156' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNSEMAIN.EXE' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnui.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'splwow64.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '187' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'GCalService.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPTouchSmartSyncCalReminderApp.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpsa_service.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'VIPAppService.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskmgr.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'IELowutil.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'sump.exe' - '157' Modul(e) wurden durchsucht
Durchsuche Prozess 'spmonitor.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Lada Brunner\AppData\Local\Temp\yontoo-c3.exe'
C:\Users\Lada Brunner\AppData\Local\Temp\yontoo-c3.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/Yontoo.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55095f0a.qua' verschoben!
Ende des Suchlaufs: Freitag, 30. August 2013 00:17
Benötigte Zeit: 00:07 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
1962 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1961 Dateien ohne Befall
2 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16660
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.093000 GHz
Memory total: 8569835520, free: 5279801344
Downloaded database version: v2013.08.30.07
Downloaded database version: v2013.08.06.01
=======================================
Initializing...
------------ Kernel report ------------
08/30/2013 21:54:21
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kltdi.sys
\SystemRoot\system32\DRIVERS\avfwot.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\nusb3xhc.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\avfwim.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\system32\drivers\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800c152060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000093\
Lower Device Object: 0xfffffa800c313b60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800a09a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007b33050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800a09a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a09ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a09a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007b33050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 31B9FECE
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1911179264
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1911386112 Numsec = 42135552
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800c152060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800c152a70, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800c152060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800c313b60, DeviceName: \Device\00000093\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan Interrupted
Scan Interrupted
Scan was aborted.
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16660
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.093000 GHz
Memory total: 8569835520, free: 6549692416
=======================================
Initializing...
------------ Kernel report ------------
08/30/2013 22:24:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\kl1.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\klif.sys
\SystemRoot\system32\DRIVERS\klflt.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\kltdi.sys
\SystemRoot\system32\DRIVERS\avfwot.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\klim6.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\kneps.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\nusb3xhc.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\avfwim.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\system32\drivers\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\klkbdflt.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\klmouflt.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800bb9a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000091\
Lower Device Object: 0xfffffa800bb6bb60
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800a099060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800790b050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800a099060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a099ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800a099060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800790b050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 31B9FECE
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1911179264
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1911386112 Numsec = 42135552
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800bb9a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800bb9ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800bb9a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800bb6bb60, DeviceName: \Device\00000091\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
|
|
31.08.2013, 08:28
| #2 |
| /// the machine /// TB-Ausbilder    | Verschiedene Yontoo-Dateien gefunden hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
01.09.2013, 23:05
| #3 |
| | Verschiedene Yontoo-Dateien gefunden Vielen Dank für die schnelle Antwort!
__________________Hier die Ergebnisse. FRST.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-09-2013 03
Ran by Lada Brunner (administrator) on LADABRUNNER-HP on 02-09-2013 00:01:15
Running from C:\Users\Lada Brunner\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Dropbox, Inc.) C:\Users\Lada Brunner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\usrreq.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (CANON INC.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [Google Update] - C:\Users\Lada Brunner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-31] (Google Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1811880 2013-08-28] (Valve Corporation)
HKCU\...\Run: [GoogleChromeAutoLaunch_3DE19B8316D902C0C07C77769899021D] - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-08-24] (Google Inc.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-27] (EasyBits Software AS)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-13] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\Lada Brunner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lada Brunner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lada Brunner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/35
URLSearchHook: (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
SearchScopes: HKLM - {7ECFE9A5-943D-456C-BB65-6950C58B620D} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-2/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {7ECFE9A5-943D-456C-BB65-6950C58B620D} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-2/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {386693A0-D154-46CB-A730-3D64C83A0258} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
SearchScopes: HKCU - {7ECFE9A5-943D-456C-BB65-6950C58B620D} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {C1402028-03E3-4AE0-8229-5E5AE1706709} URL = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=974
SearchScopes: HKCU - {CD2419D8-7A80-4D65-AA88-38035B8782A0} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCH&apn_uid=B62BEB54-E2A7-48F7-A257-2F59549E9CB7&apn_sauid=A46E7A53-3D66-4510-9470-022F3C411A52
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-2/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2012-04-18] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lada Brunner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lada Brunner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "https://www.google.ch/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0
CHR Extension: (Gmail Offline) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0
CHR Extension: (Safe Money) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0
CHR Extension: (Content Blocker) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0
CHR Extension: (Classic) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0
CHR Extension: (Bing wallpaper for Google homepage.) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignkobhlkpgjcpkfgfohhdgdaldfaoni\7.6_0
CHR Extension: (Virtual Keyboard) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Hover Zoom) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.19_0
CHR Extension: (Chrome to Phone) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.2_0
CHR Extension: (LEO W\u00F6rterbuchsuche) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp\1.4_0
CHR Extension: (Google Quick Scroll) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2.1.2_0
CHR Extension: (Gmail) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Anti-Banner) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [654392 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [371768 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-13] (Kaspersky Lab ZAO)
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-08-29] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-08-29] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-29] (Avira Operations GmbH & Co. KG)
S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [177920 2011-09-06] (HID Global Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-11-13] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-11-13] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-17] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-04-18] ()
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-04-18] ()
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-22] (Kaspersky Lab ZAO)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-02 00:01 - 2013-09-02 00:01 - 00000000 ____D C:\FRST
2013-09-02 00:00 - 2013-09-02 00:00 - 01950972 _____ (Farbar) C:\Users\Lada Brunner\Downloads\FRST64.exe
2013-08-31 14:22 - 2013-08-31 14:22 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\{55FD3D91-851E-4E25-A725-0A4CC9970750}
2013-08-30 22:05 - 2013-08-30 22:05 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\{C087F594-CB40-48DB-AF7B-69D3C699475F}
2013-08-30 22:00 - 2013-08-30 22:00 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-30 22:00 - 2013-08-30 22:00 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-30 21:54 - 2013-08-30 22:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-30 21:53 - 2013-08-30 21:53 - 00448512 _____ (OldTimer Tools) C:\Users\Lada Brunner\Downloads\TFC.exe
2013-08-30 21:52 - 2013-08-30 22:40 - 00000000 ____D C:\Users\Lada Brunner\Desktop\mbar
2013-08-30 21:38 - 2013-08-30 21:39 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Lada Brunner\Downloads\mbar-1.07.0.1005.exe
2013-08-30 20:59 - 2013-08-30 20:59 - 00602112 _____ (OldTimer Tools) C:\Users\Lada Brunner\Downloads\OTL.exe
2013-08-30 08:47 - 2013-08-30 08:47 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-30 00:15 - 2013-08-30 22:18 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Uniblue
2013-08-30 00:15 - 2013-08-30 22:18 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-08-29 23:59 - 2013-08-29 23:59 - 00994642 _____ C:\Users\Lada Brunner\Downloads\adwcleaner (1).exe
2013-08-29 23:54 - 2013-08-29 23:54 - 00002068 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-29 23:54 - 2013-08-29 23:54 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Avira
2013-08-29 23:53 - 2013-08-29 23:53 - 00000000 ____D C:\ProgramData\Avira
2013-08-29 23:53 - 2013-08-29 23:53 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-29 23:53 - 2013-08-29 20:06 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys
2013-08-29 23:53 - 2013-08-29 20:06 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-29 23:53 - 2013-08-29 20:06 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys
2013-08-29 23:53 - 2013-08-29 20:06 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-29 23:53 - 2013-08-29 20:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-29 18:22 - 2013-08-29 18:22 - 00038112 _____ C:\Windows\system32\.crusader
2013-08-29 16:15 - 2013-08-29 20:36 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 16:15 - 2013-08-29 16:15 - 09879648 _____ (SurfRight B.V.) C:\Users\Lada Brunner\Downloads\hitmanpro_x64.exe
2013-08-29 16:14 - 2013-08-30 22:19 - 00000000 ____D C:\AdwCleaner
2013-08-29 16:14 - 2013-08-29 16:14 - 00994642 _____ C:\Users\Lada Brunner\Downloads\adwcleaner.exe
2013-08-29 03:12 - 2013-08-29 03:12 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Malwarebytes
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 03:12 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-29 03:11 - 2013-08-29 03:11 - 10284808 _____ (Malwarebytes Corporation ) C:\Users\Lada Brunner\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-29 02:51 - 2013-08-29 02:51 - 00000902 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-27 21:59 - 2013-08-27 21:59 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\{7D014C91-0853-4F43-B196-C426AE7A0C94}
2013-08-25 22:42 - 2013-08-25 22:42 - 00001092 _____ C:\Users\Lada Brunner\Desktop\Corel PaintShop Pro X4.lnk
2013-08-22 23:11 - 2013-08-22 23:11 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\{81147135-D212-4A86-9BDC-B71C60FA18C5}
2013-08-20 17:31 - 2012-02-24 05:07 - 00016904 _____ C:\Users\Lada Brunner\chargenmorphcfg.xml
2013-08-20 17:31 - 2012-01-16 06:50 - 00000000 ____D C:\Users\Lada Brunner\Triss hair
2013-08-20 14:43 - 2013-08-20 14:43 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\{66401535-EA95-4FE3-8773-CE3F333A1D8F}
2013-08-15 20:00 - 2013-08-15 20:00 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\{93FF9FEC-FD6E-4925-9681-C1AC553957DE}
2013-08-15 01:31 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 01:31 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 01:31 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 01:31 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 01:31 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 01:31 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 01:31 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 01:31 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 01:31 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 01:31 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 01:31 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 01:31 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 01:28 - 2013-08-15 01:29 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 21:05 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 21:05 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 21:05 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 21:05 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 21:05 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 21:05 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 21:05 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 21:05 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 21:05 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 21:05 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 21:05 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 21:05 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 21:05 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 21:05 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 21:05 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 21:05 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 21:05 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 21:05 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 21:05 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 21:05 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 21:05 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 21:05 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 21:05 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 21:05 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 21:05 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 21:05 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 21:05 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-08 22:36 - 2013-08-08 22:36 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\{FFB49ABE-492C-4CB1-8EB2-D7D0F63AF24D}
2013-08-07 18:48 - 2013-08-07 18:48 - 00000000 ____D C:\Users\Lada Brunner\Desktop\diffgeo serien
==================== One Month Modified Files and Folders =======
2013-09-02 00:01 - 2013-09-02 00:01 - 00000000 ____D C:\FRST
2013-09-02 00:00 - 2013-09-02 00:00 - 01950972 _____ (Farbar) C:\Users\Lada Brunner\Downloads\FRST64.exe
2013-09-01 23:59 - 2012-08-28 21:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-01 23:59 - 2012-04-18 11:29 - 00000000 ____D C:\ProgramData\PDFC
2013-09-01 23:58 - 2013-07-27 13:45 - 00000000 ___RD C:\Users\Lada Brunner\Dropbox
2013-09-01 23:58 - 2013-07-27 13:41 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Dropbox
2013-09-01 23:58 - 2012-12-22 21:23 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-01 23:58 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 23:58 - 2009-07-14 06:51 - 00092407 _____ C:\Windows\setupact.log
2013-09-01 23:32 - 2012-05-31 23:19 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-09-01 23:32 - 2012-05-31 22:49 - 01369366 _____ C:\Windows\WindowsUpdate.log
2013-09-01 22:44 - 2012-06-13 22:53 - 00001148 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000UA.job
2013-09-01 21:02 - 2012-05-31 22:56 - 00000360 _____ C:\Windows\Tasks\HPCeeScheduleForLada Brunner.job
2013-09-01 20:35 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-01 20:35 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-01 20:30 - 2012-05-31 22:56 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E77BAFA2-6CDF-439D-BAAA-034214DF688C}
2013-08-31 15:44 - 2012-06-13 22:53 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000Core.job
2013-08-31 14:22 - 2013-08-31 14:22 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\{55FD3D91-851E-4E25-A725-0A4CC9970750}
2013-08-30 23:00 - 2013-01-29 18:18 - 00000000 ____D C:\Users\Lada Brunner\Desktop\Dokumente
2013-08-30 22:40 - 2013-08-30 21:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-30 22:40 - 2013-08-30 21:52 - 00000000 ____D C:\Users\Lada Brunner\Desktop\mbar
2013-08-30 22:30 - 2013-01-29 18:17 - 00000000 ____D C:\Users\Lada Brunner\Desktop\Nastja
2013-08-30 22:19 - 2013-08-29 16:14 - 00000000 ____D C:\AdwCleaner
2013-08-30 22:19 - 2012-05-31 23:36 - 00000000 ____D C:\Program Files\Google
2013-08-30 22:19 - 2012-05-31 23:36 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-30 22:19 - 2010-11-21 05:47 - 00539042 _____ C:\Windows\PFRO.log
2013-08-30 22:18 - 2013-08-30 00:15 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Uniblue
2013-08-30 22:18 - 2013-08-30 00:15 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-08-30 22:07 - 2012-05-31 23:36 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\Google
2013-08-30 22:05 - 2013-08-30 22:05 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\{C087F594-CB40-48DB-AF7B-69D3C699475F}
2013-08-30 22:00 - 2013-08-30 22:00 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-30 22:00 - 2013-08-30 22:00 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-30 22:00 - 2013-02-23 01:07 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-30 22:00 - 2013-02-23 01:07 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-30 21:53 - 2013-08-30 21:53 - 00448512 _____ (OldTimer Tools) C:\Users\Lada Brunner\Downloads\TFC.exe
2013-08-30 21:39 - 2013-08-30 21:38 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Lada Brunner\Downloads\mbar-1.07.0.1005.exe
2013-08-30 21:09 - 2012-06-06 23:35 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-08-30 21:09 - 2012-06-01 20:30 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-30 21:08 - 2012-06-01 20:28 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\HpUpdate
2013-08-30 21:08 - 2012-06-01 20:28 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\HP Support Assistant
2013-08-30 20:59 - 2013-08-30 20:59 - 00602112 _____ (OldTimer Tools) C:\Users\Lada Brunner\Downloads\OTL.exe
2013-08-30 08:47 - 2013-08-30 08:47 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-29 23:59 - 2013-08-29 23:59 - 00994642 _____ C:\Users\Lada Brunner\Downloads\adwcleaner (1).exe
2013-08-29 23:54 - 2013-08-29 23:54 - 00002068 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-29 23:54 - 2013-08-29 23:54 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Avira
2013-08-29 23:53 - 2013-08-29 23:53 - 00000000 ____D C:\ProgramData\Avira
2013-08-29 23:53 - 2013-08-29 23:53 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-29 20:36 - 2013-08-29 16:15 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 20:06 - 2013-08-29 23:53 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys
2013-08-29 20:06 - 2013-08-29 23:53 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-29 20:06 - 2013-08-29 23:53 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys
2013-08-29 20:06 - 2013-08-29 23:53 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-29 20:06 - 2013-08-29 23:53 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-29 18:32 - 2013-05-17 00:47 - 00000000 ____D C:\Windows\Minidump
2013-08-29 18:32 - 2012-04-18 12:13 - 00318046 ____N C:\Windows\Minidump\082913-15537-01.dmp
2013-08-29 18:22 - 2013-08-29 18:22 - 00038112 _____ C:\Windows\system32\.crusader
2013-08-29 16:15 - 2013-08-29 16:15 - 09879648 _____ (SurfRight B.V.) C:\Users\Lada Brunner\Downloads\hitmanpro_x64.exe
2013-08-29 16:14 - 2013-08-29 16:14 - 00994642 _____ C:\Users\Lada Brunner\Downloads\adwcleaner.exe
2013-08-29 03:48 - 2012-06-29 16:26 - 00000000 ____D C:\ProgramData\Recovery
2013-08-29 03:12 - 2013-08-29 03:12 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Malwarebytes
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 03:11 - 2013-08-29 03:11 - 10284808 _____ (Malwarebytes Corporation ) C:\Users\Lada Brunner\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-29 02:51 - 2013-08-29 02:51 - 00000902 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-27 21:59 - 2013-08-27 21:59 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\{7D014C91-0853-4F43-B196-C426AE7A0C94}
2013-08-27 17:05 - 2012-05-31 23:33 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\CrashDumps
2013-08-25 22:42 - 2013-08-25 22:42 - 00001092 _____ C:\Users\Lada Brunner\Desktop\Corel PaintShop Pro X4.lnk
2013-08-24 15:02 - 2012-05-31 22:56 - 00003228 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLada Brunner
2013-08-22 23:11 - 2013-08-22 23:11 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\{81147135-D212-4A86-9BDC-B71C60FA18C5}
2013-08-20 17:45 - 2012-05-31 22:50 - 00000000 ____D C:\Users\Lada Brunner
2013-08-20 14:43 - 2013-08-20 14:43 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\{66401535-EA95-4FE3-8773-CE3F333A1D8F}
2013-08-15 20:00 - 2013-08-15 20:00 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\{93FF9FEC-FD6E-4925-9681-C1AC553957DE}
2013-08-15 16:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 01:30 - 2012-04-18 10:47 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-08-15 01:30 - 2012-04-18 10:47 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-08-15 01:30 - 2009-07-14 07:13 - 01633540 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-15 01:29 - 2013-08-15 01:28 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 01:28 - 2012-06-06 11:08 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-08 22:36 - 2013-08-08 22:36 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\{FFB49ABE-492C-4CB1-8EB2-D7D0F63AF24D}
2013-08-07 18:48 - 2013-08-07 18:48 - 00000000 ____D C:\Users\Lada Brunner\Desktop\diffgeo serien
2013-08-06 13:16 - 2012-07-12 10:41 - 00000000 ____D C:\Users\Lada Brunner\Documents\Kopien von Dokumenten
2013-08-05 17:42 - 2012-06-07 22:56 - 00003230 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLADABRUNNER-HP$
2013-08-05 17:42 - 2012-06-07 22:56 - 00000354 _____ C:\Windows\Tasks\HPCeeScheduleForLADABRUNNER-HP$.job
Files to move or delete:
====================
C:\Users\LADABR~1\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-01 22:18
==================== End Of Log ============================
--- --- --- Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-09-2013 03 Ran by Lada Brunner at 2013-09-02 00:02:14 Running from C:\Users\Lada Brunner\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x32) 802.11n Wireless LAN Card (x32 Version: 3.02.03.0) Ãåðîè Ìå÷à è Ìàãèè III: Ïîëíîå ñîáðàíèå (x32) Adobe AIR (x32 Version: 2.6.0.19120) Adobe Flash Player 11 ActiveX (x64) (Version: 11.1.102.55) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) Apple Application Support (x32 Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) Assassin's Creed (x32 Version: 1.02) Avira Internet Security (x32 Version: 13.0.0.3885) Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663) Banana Buchhaltung 7.0 (x32 Version: 7.0.1.0) Bejeweled 3 (x32 Version: 2.2.0.98) Bonjour (Version: 3.0.0.10) Cake Mania (x32 Version: 2.2.0.98) Canon Easy-PhotoPrint EX (x32) Canon Easy-WebPrint EX (x32) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32) Canon Kurzwahlprogramm (x32) Canon MP Navigator EX 4.1 (x32) Canon MX360 series Benutzerregistrierung (x32) Canon MX360 series MP Drivers Canon My Printer (x32) Canon Solution Menu EX (x32) Chuzzle Deluxe (x32 Version: 2.2.0.95) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103) CLX.ClubMaker (x32 Version: 2.1.28.0) Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2) Corel PaintShop Pro X4 (x32 Version: 14.0.0.332) Cradle of Rome 2 (x32 Version: 2.2.0.98) D3DX10 (x32 Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904) Divinity II - Ego Draconis (x32) Dragon Age II (x32 Version: 1.04) Dragon Age Redesigned© (HKCU) Dragon Age: Origins (x32 Version: 1.05) Dropbox (HKCU Version: 2.0.26) Fable III (x32 Version: 1.0.0000.131) Fable III (x32 Version: 1.0.0002.131) Farm Frenzy (x32 Version: 2.2.0.98) Farmscapes (x32 Version: 2.2.0.98) FATE (x32 Version: 2.2.0.97) FileZilla Client 3.7.0.2 (x32 Version: 3.7.0.2) Final Drive Fury (x32 Version: 2.2.0.95) Fishdom (TM) 2 (x32 Version: 2.2.0.98) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922) Google Chrome (HKCU Version: 29.0.1547.62) Heroes of Might and Magic® IV (x32) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000) HP Auto (Version: 1.0.12935.3667) HP Calendar (x32 Version: 5.1.4245.23508) HP Client Services (Version: 1.1.12938.3539) HP Clock (x32 Version: 5.1.4244.16367) HP Customer Experience Enhancements (x32 Version: 6.0.1.8) HP Games (x32 Version: 1.0.2.5) HP LinkUp (x32 Version: 2.01.029) HP Magic Canvas (x32 Version: 5.1.15.0) HP Magic Canvas Tutorials (x32 Version: 5.0.0.3) HP Notes (x32 Version: 5.1.4274.30382) HP Odometer (x32 Version: 2.10.0000) HP RSS (x32 Version: 5.1.4301.21494) HP Setup (x32 Version: 9.0.15130.3904) HP Setup Manager (x32 Version: 1.2.15145.3905) HP Support Assistant (x32 Version: 7.0.39.15) HP Support Information (x32 Version: 11.00.0001) HP TouchSmart RecipeBox (x32 Version: 3.0.3830.27730) HP Update (x32 Version: 5.003.001.001) HP Vision Hardware Diagnostics (Version: 2.12.1.0) iaCoder x64 0.8.17 (Version: 0.8.17) ICA (x32 Version: 14.0.0.332) Insaniquarium Deluxe (x32 Version: 2.2.0.97) Intel(R) Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0) Intel(R) Management Engine Components (x32 Version: 8.0.0.1351) Intel® Trusted Connect Service Client (Version: 1.23.216.0) Interaktive Sprachreise - English Sprachkurs 1 (x32) IPM_PSP_COM (x32 Version: 14.0.0.332) iTunes (Version: 11.0.2.26) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Jewel Match 3 (x32 Version: 2.2.0.98) Jewel Quest II (x32 Version: 2.2.0.97) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98) Junk Mail filter update (x32 Version: 15.4.3502.0922) Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190) Kingdoms of Amalur: Reckoning (x32 Version: 1.0.0.0) LabelPrint (x32 Version: 2.5.4507) Linthbanking (x32 Version: 1.0.3) Magic Desktop (x32 Version: 3.0) Mahjongg Artifacts (x32 Version: 2.2.0.95) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Games for Windows - LIVE (x32 Version: 3.3.24.0) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0) Microsoft Mathematics (x32 Version: 4.0) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook Connector (x32 Version: 14.0.6123.5001) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Might & Magic Heroes VI (x32 Version: 1.8) MiKTeX 2.9 (Version: 2.9) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Mystery of Mortlake Mansion (x32 Version: 2.2.0.98) Norton Online Backup (x32 Version: 2.1.17869) NVIDIA Grafiktreiber 296.28 (Version: 296.28) NVIDIA HD Audio Driver 1.2.23.3 (Version: 1.2.23.3) NVIDIA Install Application (Version: 2.1002.62.312) NVIDIA PhysX (x32 Version: 9.10.0514) NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514) NVIDIA Systemsteuerung 296.28 (Version: 296.28) NVIDIA Update 1.7.12 (Version: 1.7.12) NVIDIA Update Components (Version: 1.7.12) Oblivion (x32 Version: 1.2.0416) opensource (x32 Version: 1.0.14960.3876) Origin (x32 Version: 9.1.15.109) PDF Complete Special Edition (x32 Version: 4.0.65) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98) PlayReady PC Runtime amd64 (Version: 1.3.0) Polar Bowler (x32 Version: 2.2.0.97) PSPPContent (x32 Version: 14.0.0.332) PSPPHelp (x32 Version: 14.0.0.332) PSPPro64 (Version: 14.0.0.332) Q-Verein (x32) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922) Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6463) Recovery Manager (x32 Version: 5.5.0.4424) Remote Graphics Receiver (x32 Version: 5.4.5) Setup (x32 Version: 14.0.0.332) Skype™ 5.10 (x32 Version: 5.10.116) Steam (x32 Version: 1.0.0.0) TeXstudio 2.3 (x32 Version: 2.3.0) The Elder Scrolls V: Skyrim (x32) Torchlight (x32 Version: 2.2.0.98) TSHostedAppLauncher (x32 Version: 5.1.15.0) Ubisoft Game Launcher (x32 Version: 1.0.0.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Update Installer for WildTangent Games App (x32) VIP Access (x32 Version: 2.0.5.13) Virtual Families (x32 Version: 2.2.0.98) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98) Wedding Dash (x32 Version: 2.2.0.95) WildTangent Games App (HP Games) (x32 Version: 4.0.5.32) Windows Live (x32 Version: 15.4.3502.0922) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0) Zuma's Revenge (x32 Version: 2.2.0.98) ==================== Restore Points ========================= 29-08-2013 22:15:20 Uniblue SpeedUpMyPC installation 30-08-2013 19:59:20 Installed Java 7 Update 25 ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started Task: {230EB66F-F4D5-443E-8DE6-A02AD0D286C3} - System32\Tasks\HPCeeScheduleForLada Brunner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {4DE029CB-082F-4271-8DC1-AE789199C335} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {5DE0E762-0990-4378-9B5A-A4BB3150FC3E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {6D5A173B-44C9-45AD-B91F-40D59ACE343A} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {72A212A5-8A61-4D31-AE5D-1A472B8F2255} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {7C080769-C389-4EE4-924E-A2160918ADC5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company) Task: {7F4B9269-DFF3-4CB4-BF46-52D007808FC6} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {8C9B7AC6-8274-47F9-AFB3-67ED6505348B} - \SpeedUpMyPC No Task File Task: {A60713CD-9B36-42B1-BBCD-D7B2A45E17F9} - \spmonitor No Task File Task: {A7D1DEBB-1512-4D53-9E1D-59CA2CDD3A85} - System32\Tasks\User_Feed_Synchronization-{E107EF92-CB58-4D2E-9879-BFB84098A587} => C:\Windows\system32\msfeedssync.exe [2013-03-29] (Microsoft Corporation) Task: {AD874BA9-15AD-4D46-801F-5927F9EA9E25} - System32\Tasks\HPCeeScheduleForLADABRUNNER-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {B3C26D6C-5944-4973-A300-7A823CD2CB4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {B64FC647-F4E4-4E74-8886-EA54C6CDB0A3} - System32\Tasks\User_Feed_Synchronization-{E77BAFA2-6CDF-439D-BAAA-034214DF688C} => C:\Windows\system32\msfeedssync.exe [2013-03-29] (Microsoft Corporation) Task: {B732BE25-C0E7-4A5D-BCC9-36233E9B31EC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => start osppsvc Task: {C877423B-92DB-48CE-AE3E-B0DCEA242A07} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000Core => C:\Users\Lada Brunner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31] (Google Inc.) Task: {E4DF806D-3263-404F-B314-113E49E80DCA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000UA => C:\Users\Lada Brunner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000Core.job => C:\Users\Lada Brunner\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000UA.job => C:\Users\Lada Brunner\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForLada Brunner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForLADABRUNNER-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/31/2013 02:33:42 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (08/30/2013 09:51:24 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (08/30/2013 09:01:09 PM) (Source: Application Hang) (User: ) Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 14d4 Startzeit: 01cea5b317a219d9 Endzeit: 4 Anwendungspfad: C:\Users\Lada Brunner\Downloads\OTL.exe Berichts-ID: Error: (08/29/2013 05:50:20 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (08/29/2013 04:22:36 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (08/29/2013 02:58:53 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer" nicht initialisiert werden. Details: Could not query the status of the EventSystem service. System Error: Der RPC-Server ist nicht verfügbar. . Error: (08/29/2013 02:58:45 AM) (Source: Wininit) (User: ) Description: Ein kritischer Systemprozess C:\Windows\system32\lsass.exe ist fehlgeschlagen mit den Statuscode 1. Der Computer muss neu gestartet werden. Error: (08/29/2013 02:53:20 AM) (Source: Winlogon) (User: ) Description: Der Windows-Anmeldeprozess wurde unerwartet beendet. Error: (08/29/2013 02:53:20 AM) (Source: Winlogon) (User: ) Description: Der Windows-Anmeldeprozess wurde unerwartet beendet. Error: (08/29/2013 02:53:20 AM) (Source: Winlogon) (User: ) Description: Der Windows-Anmeldeprozess wurde unerwartet beendet. System errors: ============= Error: (09/01/2013 11:58:06 PM) (Source: SCardSvr) (User: ) Description: Das System kann den angegebenen Pfad nicht finden. Error: (09/01/2013 11:58:06 PM) (Source: SCardSvr) (User: ) Description: Das System kann den angegebenen Pfad nicht finden. Error: (09/01/2013 10:25:42 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus. Error: (09/01/2013 10:25:30 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus. Error: (09/01/2013 10:25:29 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus. Error: (09/01/2013 10:25:27 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus. Error: (09/01/2013 10:25:26 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus. Error: (09/01/2013 10:25:25 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus. Error: (09/01/2013 08:27:18 PM) (Source: SCardSvr) (User: ) Description: Das System kann den angegebenen Pfad nicht finden. Error: (09/01/2013 08:27:18 PM) (Source: SCardSvr) (User: ) Description: Das System kann den angegebenen Pfad nicht finden. Microsoft Office Sessions: ========================= Error: (08/31/2013 02:33:42 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (08/30/2013 09:51:24 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (08/30/2013 09:01:09 PM) (Source: Application Hang)(User: ) Description: OTL.exe3.2.69.014d401cea5b317a219d94C:\Users\Lada Brunner\Downloads\OTL.exe Error: (08/29/2013 05:50:20 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (08/29/2013 04:22:36 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (08/29/2013 02:58:53 AM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: Could not query the status of the EventSystem service. System Error: Der RPC-Server ist nicht verfügbar. Error: (08/29/2013 02:58:45 AM) (Source: Wininit)(User: ) Description: C:\Windows\system32\lsass.exe1 Error: (08/29/2013 02:53:20 AM) (Source: Winlogon)(User: ) Description: Error: (08/29/2013 02:53:20 AM) (Source: Winlogon)(User: ) Description: Error: (08/29/2013 02:53:20 AM) (Source: Winlogon)(User: ) Description: CodeIntegrity Errors: =================================== Date: 2013-09-01 22:19:54.770 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-01 22:19:54.769 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-01 22:19:54.766 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-01 22:19:54.750 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-01 22:19:54.748 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-01 22:19:54.746 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-30 21:43:46.934 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-30 21:43:46.933 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-30 21:43:46.931 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-30 21:22:23.597 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 33% Total physical RAM: 8172.83 MB Available physical RAM: 5441.55 MB Total Pagefile: 16343.85 MB Available Pagefile: 13121.67 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:911.32 GB) (Free:748.77 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:20.09 GB) (Free:2.53 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (AVIRA) (CDROM) (Total:0.24 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 31B9FECE) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=911 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Anastasia |
|
02.09.2013, 08:28
| #4 |
| /// the machine /// TB-Ausbilder | Verschiedene Yontoo-Dateien gefundenBeende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.09.2013, 13:53
| #5 |
| | Verschiedene Yontoo-Dateien gefunden JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.7 (09.01.2013:1)
OS: Windows 7 Home Premium x64
Ran by Lada Brunner on 02.09.2013 at 14:41:46.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2851647
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3244149
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{386693A0-D154-46CB-A730-3D64C83A0258}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7ECFE9A5-943D-456C-BB65-6950C58B620D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C1402028-03E3-4AE0-8229-5E5AE1706709}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CD2419D8-7A80-4D65-AA88-38035B8782A0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7ECFE9A5-943D-456C-BB65-6950C58B620D}
~~~ Files
Successfully deleted: [File] "C:\Users\Lada Brunner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{0053F985-77EA-4545-9891-3D34DB2D6E3B}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{0092E3DB-6FE1-4E13-A165-95ACFEED3B04}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{031A6956-C1A4-47DA-8010-1DC9FEA1B31C}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{059480DF-8482-454B-A87E-997EED1D5E04}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{05CC6B6E-FF28-478D-8CBE-C942B0417ADE}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{08147022-9357-49C1-BD1A-5744C0A39CBB}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{085A7CD0-19D5-4489-9718-A95B943B3C33}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{091F5B6D-54AD-44D6-801A-146470865C4E}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{09D44934-90A0-4B78-85BD-B4ABDC20C454}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{0B3BA3DF-07A4-4C06-9B69-FDCF5DA0165A}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{0BBBD263-586F-4796-92C0-5020D386A528}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{0D8661EE-C1C5-4CC0-831C-7B4FFF643B6C}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{0EDFA08C-35EA-47EE-B32B-E0269AAEB4C4}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{0F994D64-4DE9-4234-8F61-31587B664E74}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{0FCD4EBF-FE60-4C73-A34F-10BE8B4E1B38}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{10D54CC6-95F5-413A-B835-48CA708A06CF}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{117911F1-2610-4B09-8CA5-13B01837E2C2}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{126A328D-E823-40AF-872D-CC1F76698A18}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{156CB196-58C7-436F-8DA8-8A16FD429B7E}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{15EE4825-03C8-4D9A-B7FA-F9F5CB001A14}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{18374102-2902-4F96-B11C-6FAC3A0AC363}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{194503C6-262B-46F7-B132-7E2605EBA9D6}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{19A3ADA7-C14B-4844-B622-F81F8C4D44F6}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{1C430114-D796-4E3C-9247-7985E1024221}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{1DEB644E-7341-499F-ADC1-BAFCE0187C9A}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{1EBEFE79-0473-4BF2-9D08-A82B04767A94}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{2157D00E-AA0B-44F3-BB1A-210D5F861962}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{215EF1DB-976C-4C6F-978D-E00126D36708}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{23E36513-40BA-48E0-BD02-51358AF9C733}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{24E438A7-30FE-4900-AF40-486E1F43072F}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{25431D89-7077-43E4-9A3F-06ED932A933F}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{25F6A05F-DA93-4112-9A5A-D2BB113A53D6}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{267C5D76-BC52-404E-BE9A-A43136002D7C}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{2A073C60-F989-42E9-8339-59AA9519B387}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{2A0D3D5F-9EE5-4B51-B1A7-470C3E421E08}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{2A6C4E57-E0B7-4C01-AF8A-D0F9CFDCA7D0}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{2E5AD8F7-91FE-4603-A77D-D32D48DF343B}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{2E8AF642-5A6C-40B9-AC07-3A4CC105999A}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{32ADE124-DA7D-41E4-B096-27F28FC6F194}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{32D6BC02-C9D5-4CE7-BBA9-734ACE648BC5}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{3406ED7E-3C98-4C9E-9968-C2EDC6457E7B}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{3470D41B-12A4-4645-B503-60318D0E1DBC}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{359DF6F0-1935-48EE-B771-1248E7709E69}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{378DF583-D481-43C0-9946-76B4D4593C91}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{3993B929-D3A4-4A08-B8F6-61BF79EEADFD}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{3A4E869F-694D-49E5-B7AC-DBE88665D4F9}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{3A92469B-2F23-451D-942D-E74F5655841B}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{3B1CC3A8-1921-4CC3-BD4F-EAE81F5C3FAC}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{3C85F02C-809D-4A76-8C82-A9505EF6F703}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{3D2A0205-FDEB-4F82-9C82-0836D7C2082A}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{3F125260-194B-4E85-90BB-FA52EDFD00E4}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{417A3BDA-8483-48D0-816B-B591F402D767}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{41D1CB87-5630-468F-B63F-B397546DD461}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{427DCAD1-3E04-4876-8E3B-31B25FC45264}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{449EEACF-458D-45ED-92E8-8538E501632A}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{44D32BA5-2A9A-4E1E-9A2E-806C7015CF51}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{456943D2-4E68-4506-B2D7-C1F17694E3E0}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{467447AF-B311-41AE-97E9-D52C11DC37DF}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{4734102C-DFD3-42FE-9D56-FD74F407F34F}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{48CFFA44-0DA9-48DE-AEA6-B928B8933CEB}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{4A12F140-3ECC-41A6-B392-A4CEA7696E47}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{4C7AD8D1-CC01-4CAF-96B2-D1E130697667}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{4CBE0AC9-9F2F-4D0C-92C1-5A3D14ACE16B}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{4E88EBEB-FF28-4183-80E9-F46FB2A2331E}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{4F58CEDA-D469-464D-92B4-EA0EC13BB825}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{505A42F3-53AE-40E7-89F1-45032C5EDDEC}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{51AE5C32-8811-4176-98DE-B037A3A8B446}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{52CD3211-F5F0-4CB0-A696-AE933A5BC32A}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{534965DF-1C01-4EC2-89F8-34326110AAA5}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{53BA4C2A-4B19-4E71-B331-147F58825C30}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{540972B4-C9EE-4493-B51F-8D5208C69FC1}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{545AD1A8-514A-4AF9-A00B-8F4A3CFB0B9D}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{54A509D3-C173-4B20-943B-6F4B0DE916D4}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{54C704C2-65D5-4BF5-81C4-341E01EBB42F}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{5596AF9D-1419-44C6-A8E3-09B07E27DA00}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{55FD3D91-851E-4E25-A725-0A4CC9970750}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{5724DD2E-9B54-46DE-8934-09A9BEF120A8}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{575D901F-9098-4EDF-8EBC-D926FFF97856}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{57C95446-B532-4106-B605-724E3B49BFEC}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{582F16C6-A834-489E-AAB0-535A622B4255}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{595E175C-3C02-4715-8DB9-78FF574C0DD8}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{5B3AE819-B8EB-431A-A90A-38CDB3509941}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{5C3A9207-02E1-4C5C-A2E6-40B66095E95C}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{5C4DBD12-A730-4F65-A4A2-FA861EA8395B}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{5D13B89F-840E-489F-A510-62A6ECE4E9D6}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{5D8C601F-FEED-4583-A768-08B1E566867A}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{5EB5A6DA-B562-4A1F-BD41-33A13F0DC23B}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{5FD866CC-7410-4202-ACB5-70C3553F70EA}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{63510E8A-381B-4A18-BD1E-03A55CD1326C}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{64104802-B242-4379-9DB5-7BA6D59B3603}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{64E24BA6-46DC-47D6-8BFC-43F68A5569A2}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{653CE406-9D99-4B13-87A5-7B746795ABD6}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{65609A18-0195-476C-8EA2-66ACBC1BC294}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{66401535-EA95-4FE3-8773-CE3F333A1D8F}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{66E38B81-C9A5-4FD9-AD14-9679F1BCA8A7}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{66F1A94D-E62F-4E90-AC98-CF33887AA7A3}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{6BDD00E0-673E-40D3-B63E-6C7ECB6A3265}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{6DE72A97-FA33-49C2-BEDF-E41BD30CE551}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{6FEDD68C-4A65-4029-93D8-BBE515874448}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{7096C703-050B-4B2F-A158-6237F4385347}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{70FA71AE-F1C6-42BE-8CFE-BA0F7F60C3DD}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{710E1183-ECBA-4AFC-9298-9AA5989EC170}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{7124C03F-9D04-4B39-8665-7F4657ED9BD3}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{718D251C-B0C5-40D1-BB5C-9E504C1E8108}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{7228E046-3DEB-4143-B690-07A76B4D8D8E}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{724CEFF7-8214-464D-B9B0-438E0946189A}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{7250EBC3-3111-453B-89B6-8AA2381EF48A}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{72B1AFBE-1718-463F-978B-921B5EDFE02A}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{72B9DEA7-F897-45A5-979D-79AB1EBF7605}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{774A2901-E43A-499A-AF9B-48A981CD9EBD}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{784B01A7-06B8-480B-A415-702BB077B366}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{796BA7F1-D7E9-44ED-8FB4-17C96CDD5D0D}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{7A382384-0950-4360-9505-C9F814C999FC}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{7A7BE05B-3AC5-430A-865C-5BF966721500}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{7A7F9274-D081-4122-A26F-B81F293EDB2F}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{7D014C91-0853-4F43-B196-C426AE7A0C94}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{7D7F9AC2-778F-4060-A47E-4C781CCA4240}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{7EA334F3-988E-4444-BF83-9628CA31EE72}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{81147135-D212-4A86-9BDC-B71C60FA18C5}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{827DD576-E66B-46E7-B798-8B62A156E96C}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{86894EA8-A6E2-40D6-8D8F-59CFCDEB37AA}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{87AA6A13-2EAB-4DAE-AB9B-FA70CBE96E9D}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{8931B4BC-9218-47C6-ABC6-4F6E19365272}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{89509EF7-084F-48A0-98A4-46051870C338}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{8998B90B-127D-4A0D-909C-09917773EA74}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{8A6A6A31-8216-4986-8F58-DBFA510EEBFE}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{8AF10876-0436-4E11-A9A9-56B862BE967F}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{8BBEAB73-827F-4BE0-8D1F-763FBEAC6994}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{8C795FF6-1DC2-4699-9AE1-EFC38BAB3275}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{8C7CF62B-8E6E-4F53-B737-263CE8E9D6C0}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{8D2DD936-9FA6-42FA-A42D-E6373BB06081}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{903947AC-6D89-4A5C-95CF-BE944EB7776E}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{91802D2F-57A7-4F8F-A508-56C0D5F5B76D}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{920CF1C4-C435-4650-A5BE-1C4DB205CB59}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{9222394B-E81C-44C0-A48E-07FBA94B020A}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{9386E82F-9E2D-4A72-9C9A-DE4B40DEBFB2}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{93FF9FEC-FD6E-4925-9681-C1AC553957DE}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{9451958A-CADA-4F1C-B70E-D8D7BE606A4B}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{96B6C7DA-1B26-46AF-B9D9-CB25EED90BE1}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{98DFE719-2216-4D79-99DF-4B236759BE09}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{A0E01898-4CF6-4CAD-92DE-599B51D152C9}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{A1BD521A-81D7-4D97-A3E3-9C08E1D38F95}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{A314CD76-23A0-4CDA-8CE4-8D30F6DE91A5}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{A4538A95-6A00-45B8-AB99-8E9D85FDCB06}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{A46951E7-0396-4C74-BC2D-E461A9FDF111}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{A4DDC529-9B51-4D82-A6D8-DBCCC03DADE2}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{A5357F1C-74D8-4321-A9BF-09260E867EA4}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{A6C6C9C3-8712-46EC-A907-66248205E20C}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{A7A62199-4D3D-48C0-9A7A-5B3A3471385E}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{AA3632FD-DABC-4572-A65D-BC8A5DBF0853}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{AA40A952-687D-4302-BE34-AF62513A98AA}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{AA9584A8-3988-4D4A-9B5C-28A3D85E9220}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{ABD55848-56D0-4B4F-918C-A5C26F577C63}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{ACD50D7F-03BB-454C-A676-FC90B3651650}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{AE09EC54-0402-4481-B0A8-3D9AEFBC4AD2}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{AE6A5B9E-EB74-4B88-B60B-08480B1BAB2C}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{AF8E569F-C65F-41C9-8B12-AA908BB97876}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{AFFDD5B0-C94A-43B8-A934-59AA2926D7C3}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{B5917539-A57A-461F-8EB5-41AA1BBBB490}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{B6AFEDC8-950C-4121-AF17-8991CC7DB0B6}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{B8021F9D-BEC3-4A96-BA05-85D3C6269E61}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{B88966DC-6734-40E5-B329-6D7611F31243}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{B9459A2B-A9F4-4471-B6E4-3DAD7A2883FF}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{BB40DC2D-55D0-4B2F-90CA-2EC7EC1F204F}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{BD53D077-4AF6-4B54-BE4C-E3FCDE0F0460}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{BDC1738B-7422-42F1-A556-89B01D1F96DC}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{C087F594-CB40-48DB-AF7B-69D3C699475F}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{C904527A-722C-4430-BE8E-4C8CA4032654}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{C91B2170-1CE4-4BCB-8F84-694B7005CB7B}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{C9DB32B7-DBA3-435E-85C9-9FB0FD1E1FA6}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{C9DD0E89-10FD-49AC-9E95-3955FB1A331A}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{CD17C4F2-BE01-4281-96A3-D8EECE35315D}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{CD76196A-BF4F-4D16-A2FB-E499B27B42E0}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{CE2B94AF-A926-4FD7-8527-92EF56E19546}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{CEB65978-EC29-4B55-AEAD-BA33C0FF41CF}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{D1BE0031-CB24-49B5-B4D4-D647010C0778}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{D2A23891-28E9-45ED-A41D-649D2D7A8AC3}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{D789E263-8362-4C80-88C4-30E708F6603A}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{D8FB75D8-2536-422C-8E1E-F6C2666AC26C}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{D952C1EC-17E3-48F4-9254-4CFFF3A7B960}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{DB1A0176-9B1E-444B-B45D-8B84F3098C44}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{DC138083-6AF2-4F55-B40C-1FED4C9E24FF}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{DDEBECDB-8439-48B7-8AC9-5C21171BE62A}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{DE1B684F-A4E4-4710-A03F-A850BF7B2CD0}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{DEC6AE8B-14D9-4607-81DF-2CCD90FCFF6C}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{E33B77B2-515A-4749-B5BB-FA65B99B8076}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{E35E12A6-C3B1-4398-9A66-4F1C7384EF77}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{E3FCFE98-D5C0-45B8-9188-D6978880B4C2}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{E63208DB-72E4-49D3-8BDE-2B2E26BA7B89}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{E86D8ED2-3768-4155-A3F7-4FD568452FE8}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{E87FC6A0-AB7A-49A7-B88C-D4C55BD44F34}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{EBB2D984-DE86-4410-9E5B-A554D6889585}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{EDC125CE-A22E-4086-AD44-F13457E5995F}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{EF7E4506-E307-46AD-8E02-961543EAADB6}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{F0958D94-2B27-4EF5-942A-5662924B7804}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{F0B00692-0A08-472B-A0EA-332BADB2E6F2}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{F308FFA2-85CE-482B-B13F-F6C897733F50}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{F4CE3725-B8E5-40DE-8F3E-9D370392244C}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{F4D6CECE-888C-44EC-A230-0A0D58917B9E}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{F646D840-12DD-4960-8DB1-3A1DE5187FE7}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{F6A8540E-70BD-4D81-8695-E4A6E90DF356}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{F7010FEC-7FB5-4CE4-AACB-EC9C5ABB813C}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{F76F2E1A-B901-4EC6-8203-0D8EE864B7BE}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{F7FD47E2-F9D0-4A1B-B361-9B7756D8B0D2}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{F853DE99-593D-446A-B227-34C873391DC4}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{F9F16CA8-4D9C-4749-9178-FE6BCEB270C3}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{FAE06979-BAEA-47AE-B7F3-A0D4F0FE95EA}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{FBB7DECB-1044-475F-9A47-353C18B66A19}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{FC8B309E-4ABB-415F-940B-81B1B6706BA0}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{FCE28E66-C81F-4BE3-8320-913B767FA110}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{FD94D5DF-C6C9-481E-9CF0-C13B50E6FB2E}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{FDD5ED0C-31F6-47AA-876B-95DF141D911E}
Successfully deleted: [Empty Folder] C:\Users\Lada Brunner\appdata\local\{FFB49ABE-492C-4CB1-8EB2-D7D0F63AF24D}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.09.2013 at 14:45:52.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-09-2013 03
Ran by Lada Brunner (administrator) on LADABRUNNER-HP on 02-09-2013 14:46:56
Running from C:\Users\Lada Brunner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Dropbox, Inc.) C:\Users\Lada Brunner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (CANON INC.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [Google Update] - C:\Users\Lada Brunner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-31] (Google Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1811880 2013-08-28] (Valve Corporation)
HKCU\...\Run: [GoogleChromeAutoLaunch_3DE19B8316D902C0C07C77769899021D] - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-08-24] (Google Inc.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-27] (EasyBits Software AS)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-13] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\Lada Brunner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lada Brunner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lada Brunner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/35
URLSearchHook: (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
SearchScopes: HKLM - {7ECFE9A5-943D-456C-BB65-6950C58B620D} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-2/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-2/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-2/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2012-04-18] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lada Brunner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lada Brunner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "https://www.google.ch/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0
CHR Extension: (Gmail Offline) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0
CHR Extension: (Safe Money) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0
CHR Extension: (Content Blocker) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0
CHR Extension: (Classic) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0
CHR Extension: (Bing wallpaper for Google homepage.) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignkobhlkpgjcpkfgfohhdgdaldfaoni\7.6_0
CHR Extension: (Virtual Keyboard) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Hover Zoom) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.19_0
CHR Extension: (Chrome to Phone) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.2_0
CHR Extension: (LEO W\u00F6rterbuchsuche) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp\1.4_0
CHR Extension: (Google Quick Scroll) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2.1.2_0
CHR Extension: (Gmail) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Anti-Banner) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [654392 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [371768 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-29] (Avira Operations GmbH & Co. KG)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-13] (Kaspersky Lab ZAO)
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-08-29] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-08-29] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-29] (Avira Operations GmbH & Co. KG)
S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [177920 2011-09-06] (HID Global Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-11-13] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-11-13] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-17] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-04-18] ()
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-04-18] ()
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-22] (Kaspersky Lab ZAO)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-02 14:41 - 2013-09-02 14:41 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 14:39 - 2013-09-02 14:39 - 01028757 _____ (Thisisu) C:\Users\Lada Brunner\Desktop\JRT.exe
2013-09-02 00:02 - 2013-09-02 00:02 - 00050727 _____ C:\Users\Lada Brunner\Downloads\FRST.txt
2013-09-02 00:02 - 2013-09-02 00:02 - 00026654 _____ C:\Users\Lada Brunner\Downloads\Addition.txt
2013-09-02 00:02 - 2013-09-02 00:02 - 00026654 _____ C:\Users\Lada Brunner\Desktop\Addition.txt
2013-09-02 00:01 - 2013-09-02 00:01 - 00000000 ____D C:\FRST
2013-09-02 00:00 - 2013-09-02 00:00 - 01950972 _____ (Farbar) C:\Users\Lada Brunner\Desktop\FRST64.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-30 22:00 - 2013-08-30 22:00 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-30 21:54 - 2013-08-30 22:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-30 21:53 - 2013-08-30 21:53 - 00448512 _____ (OldTimer Tools) C:\Users\Lada Brunner\Downloads\TFC.exe
2013-08-30 21:52 - 2013-08-30 22:40 - 00000000 ____D C:\Users\Lada Brunner\Desktop\mbar
2013-08-30 21:38 - 2013-08-30 21:39 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Lada Brunner\Downloads\mbar-1.07.0.1005.exe
2013-08-30 20:59 - 2013-08-30 20:59 - 00602112 _____ (OldTimer Tools) C:\Users\Lada Brunner\Downloads\OTL.exe
2013-08-30 08:47 - 2013-08-30 08:47 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-30 00:15 - 2013-08-30 22:18 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Uniblue
2013-08-30 00:15 - 2013-08-30 22:18 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-08-29 23:59 - 2013-08-29 23:59 - 00994642 _____ C:\Users\Lada Brunner\Downloads\adwcleaner (1).exe
2013-08-29 23:54 - 2013-08-29 23:54 - 00002068 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-29 23:54 - 2013-08-29 23:54 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Avira
2013-08-29 23:53 - 2013-08-29 23:53 - 00000000 ____D C:\ProgramData\Avira
2013-08-29 23:53 - 2013-08-29 23:53 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-29 23:53 - 2013-08-29 20:06 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys
2013-08-29 23:53 - 2013-08-29 20:06 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-29 23:53 - 2013-08-29 20:06 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys
2013-08-29 23:53 - 2013-08-29 20:06 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-29 23:53 - 2013-08-29 20:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-29 18:22 - 2013-08-29 18:22 - 00038112 _____ C:\Windows\system32\.crusader
2013-08-29 16:15 - 2013-08-29 20:36 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 16:15 - 2013-08-29 16:15 - 09879648 _____ (SurfRight B.V.) C:\Users\Lada Brunner\Downloads\hitmanpro_x64.exe
2013-08-29 16:14 - 2013-08-30 22:19 - 00000000 ____D C:\AdwCleaner
2013-08-29 16:14 - 2013-08-29 16:14 - 00994642 _____ C:\Users\Lada Brunner\Downloads\adwcleaner.exe
2013-08-29 03:12 - 2013-08-29 03:12 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Malwarebytes
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 03:12 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-29 03:11 - 2013-08-29 03:11 - 10284808 _____ (Malwarebytes Corporation ) C:\Users\Lada Brunner\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-29 02:51 - 2013-08-29 02:51 - 00000902 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-25 22:42 - 2013-08-25 22:42 - 00001092 _____ C:\Users\Lada Brunner\Desktop\Corel PaintShop Pro X4.lnk
2013-08-20 17:31 - 2012-02-24 05:07 - 00016904 _____ C:\Users\Lada Brunner\chargenmorphcfg.xml
2013-08-20 17:31 - 2012-01-16 06:50 - 00000000 ____D C:\Users\Lada Brunner\Triss hair
2013-08-15 01:31 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 01:31 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 01:31 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 01:31 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 01:31 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 01:31 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 01:31 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 01:31 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 01:31 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 01:31 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 01:31 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 01:31 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 01:28 - 2013-08-15 01:29 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 21:05 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 21:05 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 21:05 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 21:05 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 21:05 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 21:05 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 21:05 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 21:05 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 21:05 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 21:05 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 21:05 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 21:05 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 21:05 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 21:05 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 21:05 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 21:05 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 21:05 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 21:05 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 21:05 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 21:05 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 21:05 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 21:05 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 21:05 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 21:05 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 21:05 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 21:05 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 21:05 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-07 18:48 - 2013-08-07 18:48 - 00000000 ____D C:\Users\Lada Brunner\Desktop\diffgeo serien
==================== One Month Modified Files and Folders =======
2013-09-02 14:45 - 2013-09-02 14:45 - 00026485 _____ C:\Users\Lada Brunner\Desktop\JRT.txt
2013-09-02 14:45 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 14:45 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 14:44 - 2012-06-13 22:53 - 00001148 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000UA.job
2013-09-02 14:42 - 2012-05-31 22:49 - 01468669 _____ C:\Windows\WindowsUpdate.log
2013-09-02 14:41 - 2013-09-02 14:41 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 14:39 - 2013-09-02 14:39 - 01028757 _____ (Thisisu) C:\Users\Lada Brunner\Desktop\JRT.exe
2013-09-02 14:38 - 2013-07-27 13:45 - 00000000 ___RD C:\Users\Lada Brunner\Dropbox
2013-09-02 14:38 - 2013-07-27 13:41 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Dropbox
2013-09-02 14:38 - 2012-12-22 21:23 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-02 14:38 - 2012-08-28 21:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-02 14:37 - 2012-04-18 11:29 - 00000000 ____D C:\ProgramData\PDFC
2013-09-02 14:37 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 14:37 - 2009-07-14 06:51 - 00092519 _____ C:\Windows\setupact.log
2013-09-02 09:02 - 2012-05-31 22:56 - 00000360 _____ C:\Windows\Tasks\HPCeeScheduleForLada Brunner.job
2013-09-02 08:58 - 2012-05-31 23:19 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-09-02 08:54 - 2012-05-31 22:56 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E77BAFA2-6CDF-439D-BAAA-034214DF688C}
2013-09-02 00:02 - 2013-09-02 00:02 - 00050727 _____ C:\Users\Lada Brunner\Downloads\FRST.txt
2013-09-02 00:02 - 2013-09-02 00:02 - 00026654 _____ C:\Users\Lada Brunner\Downloads\Addition.txt
2013-09-02 00:02 - 2013-09-02 00:02 - 00026654 _____ C:\Users\Lada Brunner\Desktop\Addition.txt
2013-09-02 00:01 - 2013-09-02 00:01 - 00000000 ____D C:\FRST
2013-09-02 00:00 - 2013-09-02 00:00 - 01950972 _____ (Farbar) C:\Users\Lada Brunner\Desktop\FRST64.exe
2013-08-31 15:44 - 2012-06-13 22:53 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000Core.job
2013-08-30 23:00 - 2013-01-29 18:18 - 00000000 ____D C:\Users\Lada Brunner\Desktop\Dokumente
2013-08-30 22:40 - 2013-08-30 21:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-30 22:40 - 2013-08-30 21:52 - 00000000 ____D C:\Users\Lada Brunner\Desktop\mbar
2013-08-30 22:30 - 2013-01-29 18:17 - 00000000 ____D C:\Users\Lada Brunner\Desktop\Nastja
2013-08-30 22:19 - 2013-08-29 16:14 - 00000000 ____D C:\AdwCleaner
2013-08-30 22:19 - 2012-05-31 23:36 - 00000000 ____D C:\Program Files\Google
2013-08-30 22:19 - 2012-05-31 23:36 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-30 22:19 - 2010-11-21 05:47 - 00539042 _____ C:\Windows\PFRO.log
2013-08-30 22:18 - 2013-08-30 00:15 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Uniblue
2013-08-30 22:18 - 2013-08-30 00:15 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-08-30 22:07 - 2012-05-31 23:36 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\Google
2013-08-30 22:00 - 2013-08-30 22:00 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-30 22:00 - 2013-08-30 22:00 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-30 22:00 - 2013-02-23 01:07 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-30 22:00 - 2013-02-23 01:07 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-30 21:53 - 2013-08-30 21:53 - 00448512 _____ (OldTimer Tools) C:\Users\Lada Brunner\Downloads\TFC.exe
2013-08-30 21:39 - 2013-08-30 21:38 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Lada Brunner\Downloads\mbar-1.07.0.1005.exe
2013-08-30 21:09 - 2012-06-06 23:35 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-08-30 21:09 - 2012-06-01 20:30 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-30 21:08 - 2012-06-01 20:28 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\HpUpdate
2013-08-30 21:08 - 2012-06-01 20:28 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\HP Support Assistant
2013-08-30 20:59 - 2013-08-30 20:59 - 00602112 _____ (OldTimer Tools) C:\Users\Lada Brunner\Downloads\OTL.exe
2013-08-30 08:47 - 2013-08-30 08:47 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-29 23:59 - 2013-08-29 23:59 - 00994642 _____ C:\Users\Lada Brunner\Downloads\adwcleaner (1).exe
2013-08-29 23:54 - 2013-08-29 23:54 - 00002068 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-29 23:54 - 2013-08-29 23:54 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Avira
2013-08-29 23:53 - 2013-08-29 23:53 - 00000000 ____D C:\ProgramData\Avira
2013-08-29 23:53 - 2013-08-29 23:53 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-29 20:36 - 2013-08-29 16:15 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 20:06 - 2013-08-29 23:53 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys
2013-08-29 20:06 - 2013-08-29 23:53 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-29 20:06 - 2013-08-29 23:53 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys
2013-08-29 20:06 - 2013-08-29 23:53 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-29 20:06 - 2013-08-29 23:53 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-29 18:32 - 2013-05-17 00:47 - 00000000 ____D C:\Windows\Minidump
2013-08-29 18:32 - 2012-04-18 12:13 - 00318046 ____N C:\Windows\Minidump\082913-15537-01.dmp
2013-08-29 18:22 - 2013-08-29 18:22 - 00038112 _____ C:\Windows\system32\.crusader
2013-08-29 16:15 - 2013-08-29 16:15 - 09879648 _____ (SurfRight B.V.) C:\Users\Lada Brunner\Downloads\hitmanpro_x64.exe
2013-08-29 16:14 - 2013-08-29 16:14 - 00994642 _____ C:\Users\Lada Brunner\Downloads\adwcleaner.exe
2013-08-29 03:48 - 2012-06-29 16:26 - 00000000 ____D C:\ProgramData\Recovery
2013-08-29 03:12 - 2013-08-29 03:12 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Malwarebytes
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 03:11 - 2013-08-29 03:11 - 10284808 _____ (Malwarebytes Corporation ) C:\Users\Lada Brunner\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-29 02:51 - 2013-08-29 02:51 - 00000902 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-27 17:05 - 2012-05-31 23:33 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\CrashDumps
2013-08-25 22:42 - 2013-08-25 22:42 - 00001092 _____ C:\Users\Lada Brunner\Desktop\Corel PaintShop Pro X4.lnk
2013-08-24 15:02 - 2012-05-31 22:56 - 00003228 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLada Brunner
2013-08-20 17:45 - 2012-05-31 22:50 - 00000000 ____D C:\Users\Lada Brunner
2013-08-15 16:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 01:30 - 2012-04-18 10:47 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-08-15 01:30 - 2012-04-18 10:47 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-08-15 01:30 - 2009-07-14 07:13 - 01633540 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-15 01:29 - 2013-08-15 01:28 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 01:28 - 2012-06-06 11:08 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-07 18:48 - 2013-08-07 18:48 - 00000000 ____D C:\Users\Lada Brunner\Desktop\diffgeo serien
2013-08-06 13:16 - 2012-07-12 10:41 - 00000000 ____D C:\Users\Lada Brunner\Documents\Kopien von Dokumenten
2013-08-05 17:42 - 2012-06-07 22:56 - 00003230 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLADABRUNNER-HP$
2013-08-05 17:42 - 2012-06-07 22:56 - 00000354 _____ C:\Windows\Tasks\HPCeeScheduleForLADABRUNNER-HP$.job
Files to move or delete:
====================
C:\Users\LADABR~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\LADABR~1\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-01 22:18
==================== End Of Log ============================
--- --- --- und frisches Additionlog: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-09-2013 03 Ran by Lada Brunner at 2013-09-02 14:47:33 Running from C:\Users\Lada Brunner\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x32) 802.11n Wireless LAN Card (x32 Version: 3.02.03.0) Ãåðîè Ìå÷à è Ìàãèè III: Ïîëíîå ñîáðàíèå (x32) Adobe AIR (x32 Version: 2.6.0.19120) Adobe Flash Player 11 ActiveX (x64) (Version: 11.1.102.55) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) Apple Application Support (x32 Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) Assassin's Creed (x32 Version: 1.02) Avira Internet Security (x32 Version: 13.0.0.3885) Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663) Banana Buchhaltung 7.0 (x32 Version: 7.0.1.0) Bejeweled 3 (x32 Version: 2.2.0.98) Bonjour (Version: 3.0.0.10) Cake Mania (x32 Version: 2.2.0.98) Canon Easy-PhotoPrint EX (x32) Canon Easy-WebPrint EX (x32) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32) Canon Kurzwahlprogramm (x32) Canon MP Navigator EX 4.1 (x32) Canon MX360 series Benutzerregistrierung (x32) Canon MX360 series MP Drivers Canon My Printer (x32) Canon Solution Menu EX (x32) Chuzzle Deluxe (x32 Version: 2.2.0.95) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103) CLX.ClubMaker (x32 Version: 2.1.28.0) Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2) Corel PaintShop Pro X4 (x32 Version: 14.0.0.332) Cradle of Rome 2 (x32 Version: 2.2.0.98) D3DX10 (x32 Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904) Divinity II - Ego Draconis (x32) Dragon Age II (x32 Version: 1.04) Dragon Age Redesigned© (HKCU) Dragon Age: Origins (x32 Version: 1.05) Dropbox (HKCU Version: 2.0.26) Fable III (x32 Version: 1.0.0000.131) Fable III (x32 Version: 1.0.0002.131) Farm Frenzy (x32 Version: 2.2.0.98) Farmscapes (x32 Version: 2.2.0.98) FATE (x32 Version: 2.2.0.97) FileZilla Client 3.7.0.2 (x32 Version: 3.7.0.2) Final Drive Fury (x32 Version: 2.2.0.95) Fishdom (TM) 2 (x32 Version: 2.2.0.98) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922) Google Chrome (HKCU Version: 29.0.1547.62) Heroes of Might and Magic® IV (x32) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000) HP Auto (Version: 1.0.12935.3667) HP Calendar (x32 Version: 5.1.4245.23508) HP Client Services (Version: 1.1.12938.3539) HP Clock (x32 Version: 5.1.4244.16367) HP Customer Experience Enhancements (x32 Version: 6.0.1.8) HP Games (x32 Version: 1.0.2.5) HP LinkUp (x32 Version: 2.01.029) HP Magic Canvas (x32 Version: 5.1.15.0) HP Magic Canvas Tutorials (x32 Version: 5.0.0.3) HP Notes (x32 Version: 5.1.4274.30382) HP Odometer (x32 Version: 2.10.0000) HP RSS (x32 Version: 5.1.4301.21494) HP Setup (x32 Version: 9.0.15130.3904) HP Setup Manager (x32 Version: 1.2.15145.3905) HP Support Assistant (x32 Version: 7.0.39.15) HP Support Information (x32 Version: 11.00.0001) HP TouchSmart RecipeBox (x32 Version: 3.0.3830.27730) HP Update (x32 Version: 5.003.001.001) HP Vision Hardware Diagnostics (Version: 2.12.1.0) iaCoder x64 0.8.17 (Version: 0.8.17) ICA (x32 Version: 14.0.0.332) Insaniquarium Deluxe (x32 Version: 2.2.0.97) Intel(R) Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0) Intel(R) Management Engine Components (x32 Version: 8.0.0.1351) Intel® Trusted Connect Service Client (Version: 1.23.216.0) Interaktive Sprachreise - English Sprachkurs 1 (x32) IPM_PSP_COM (x32 Version: 14.0.0.332) iTunes (Version: 11.0.2.26) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Jewel Match 3 (x32 Version: 2.2.0.98) Jewel Quest II (x32 Version: 2.2.0.97) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98) Junk Mail filter update (x32 Version: 15.4.3502.0922) Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190) Kingdoms of Amalur: Reckoning (x32 Version: 1.0.0.0) LabelPrint (x32 Version: 2.5.4507) Linthbanking (x32 Version: 1.0.3) Magic Desktop (x32 Version: 3.0) Mahjongg Artifacts (x32 Version: 2.2.0.95) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Games for Windows - LIVE (x32 Version: 3.3.24.0) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0) Microsoft Mathematics (x32 Version: 4.0) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook Connector (x32 Version: 14.0.6123.5001) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Might & Magic Heroes VI (x32 Version: 1.8) MiKTeX 2.9 (Version: 2.9) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Mystery of Mortlake Mansion (x32 Version: 2.2.0.98) Norton Online Backup (x32 Version: 2.1.17869) NVIDIA Grafiktreiber 296.28 (Version: 296.28) NVIDIA HD Audio Driver 1.2.23.3 (Version: 1.2.23.3) NVIDIA Install Application (Version: 2.1002.62.312) NVIDIA PhysX (x32 Version: 9.10.0514) NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514) NVIDIA Systemsteuerung 296.28 (Version: 296.28) NVIDIA Update 1.7.12 (Version: 1.7.12) NVIDIA Update Components (Version: 1.7.12) Oblivion (x32 Version: 1.2.0416) opensource (x32 Version: 1.0.14960.3876) Origin (x32 Version: 9.1.15.109) PDF Complete Special Edition (x32 Version: 4.0.65) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98) PlayReady PC Runtime amd64 (Version: 1.3.0) Polar Bowler (x32 Version: 2.2.0.97) PSPPContent (x32 Version: 14.0.0.332) PSPPHelp (x32 Version: 14.0.0.332) PSPPro64 (Version: 14.0.0.332) Q-Verein (x32) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922) Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6463) Recovery Manager (x32 Version: 5.5.0.4424) Remote Graphics Receiver (x32 Version: 5.4.5) Setup (x32 Version: 14.0.0.332) Skype™ 5.10 (x32 Version: 5.10.116) Steam (x32 Version: 1.0.0.0) TeXstudio 2.3 (x32 Version: 2.3.0) The Elder Scrolls V: Skyrim (x32) Torchlight (x32 Version: 2.2.0.98) TSHostedAppLauncher (x32 Version: 5.1.15.0) Ubisoft Game Launcher (x32 Version: 1.0.0.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Update Installer for WildTangent Games App (x32) VIP Access (x32 Version: 2.0.5.13) Virtual Families (x32 Version: 2.2.0.98) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98) Wedding Dash (x32 Version: 2.2.0.95) WildTangent Games App (HP Games) (x32 Version: 4.0.5.32) Windows Live (x32 Version: 15.4.3502.0922) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0) Zuma's Revenge (x32 Version: 2.2.0.98) ==================== Restore Points ========================= 29-08-2013 22:15:20 Uniblue SpeedUpMyPC installation 30-08-2013 19:59:20 Installed Java 7 Update 25 ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started Task: {230EB66F-F4D5-443E-8DE6-A02AD0D286C3} - System32\Tasks\HPCeeScheduleForLada Brunner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {4DE029CB-082F-4271-8DC1-AE789199C335} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {5DE0E762-0990-4378-9B5A-A4BB3150FC3E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {6D5A173B-44C9-45AD-B91F-40D59ACE343A} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {72A212A5-8A61-4D31-AE5D-1A472B8F2255} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {7C080769-C389-4EE4-924E-A2160918ADC5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company) Task: {7F4B9269-DFF3-4CB4-BF46-52D007808FC6} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {8C9B7AC6-8274-47F9-AFB3-67ED6505348B} - \SpeedUpMyPC No Task File Task: {A60713CD-9B36-42B1-BBCD-D7B2A45E17F9} - \spmonitor No Task File Task: {A7D1DEBB-1512-4D53-9E1D-59CA2CDD3A85} - System32\Tasks\User_Feed_Synchronization-{E107EF92-CB58-4D2E-9879-BFB84098A587} => C:\Windows\system32\msfeedssync.exe [2013-03-29] (Microsoft Corporation) Task: {AD874BA9-15AD-4D46-801F-5927F9EA9E25} - System32\Tasks\HPCeeScheduleForLADABRUNNER-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {B3C26D6C-5944-4973-A300-7A823CD2CB4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {B64FC647-F4E4-4E74-8886-EA54C6CDB0A3} - System32\Tasks\User_Feed_Synchronization-{E77BAFA2-6CDF-439D-BAAA-034214DF688C} => C:\Windows\system32\msfeedssync.exe [2013-03-29] (Microsoft Corporation) Task: {B732BE25-C0E7-4A5D-BCC9-36233E9B31EC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => start osppsvc Task: {C877423B-92DB-48CE-AE3E-B0DCEA242A07} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000Core => C:\Users\Lada Brunner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31] (Google Inc.) Task: {E4DF806D-3263-404F-B314-113E49E80DCA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000UA => C:\Users\Lada Brunner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000Core.job => C:\Users\Lada Brunner\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000UA.job => C:\Users\Lada Brunner\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForLada Brunner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForLADABRUNNER-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-09-01 22:19:54.770 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-01 22:19:54.769 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-01 22:19:54.766 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-01 22:19:54.750 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-01 22:19:54.748 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-01 22:19:54.746 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-30 21:43:46.934 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-30 21:43:46.933 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-30 21:43:46.931 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-08-30 21:22:23.597 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 30% Total physical RAM: 8172.83 MB Available physical RAM: 5701.73 MB Total Pagefile: 16343.85 MB Available Pagefile: 13666.8 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:911.32 GB) (Free:748.66 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:20.09 GB) (Free:2.53 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (AVIRA) (CDROM) (Total:0.24 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 31B9FECE) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=911 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
02.09.2013, 18:37
| #6 |
| /// the machine /// TB-Ausbilder | Verschiedene Yontoo-Dateien gefundenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Verschiedene Yontoo-Dateien gefunden |
|
06.09.2013, 22:57
| #7 |
| | Verschiedene Yontoo-Dateien gefunden Danke für die schnelle Antwort, ich war leider abwesend und konnte die Scans erst heute machen. ESET hat scheinbar etwas gefunden - die von Kaspersky "gelöschte" Datei Yontoo.A. Logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=66c16f7985a00a4fa1c85f08b6d8a7a7
# engine=15037
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-06 09:28:06
# local_time=2013-09-06 11:28:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777213 100 99 7169 33272808 0 0
# compatibility_mode=5893 16776574 100 94 0 130132736 0 0
# scanned=303500
# found=2
# cleaned=0
# scan_time=6691
sh=4ECE91CFB50F17586CAF270E8AA500D5743485C0 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.A application" ac=I fn="C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-138995088-2144927477-1329361507-1000\Chrome\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\yl.js"
sh=4ECE91CFB50F17586CAF270E8AA500D5743485C0 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.A application" ac=I fn="C:\Users\All Users\Kaspersky Lab\SafeBrowser\S-1-5-21-138995088-2144927477-1329361507-1000\Chrome\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\yl.js"
Code:
ATTFilter Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Reader 10.1.7 Adobe Reader out of Date! Google Chrome 28.0.1500.95 Google Chrome 29.0.1547.62 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe Symantec Norton Online Backup NOBuAgent.exe Kaspersky Lab Kaspersky Internet Security 2013 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2013
Ran by Lada Brunner (administrator) on LADABRUNNER-HP on 06-09-2013 23:52:54
Running from C:\Users\Lada Brunner\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Lada Brunner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
(Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\usrreq.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (CANON INC.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [Google Update] - C:\Users\Lada Brunner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-31] (Google Inc.)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1811880 2013-08-28] (Valve Corporation)
HKCU\...\Run: [GoogleChromeAutoLaunch_3DE19B8316D902C0C07C77769899021D] - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe [829392 2013-08-24] (Google Inc.)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-27] (EasyBits Software AS)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-13] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-06] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\Lada Brunner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lada Brunner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lada Brunner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/35
URLSearchHook: (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
SearchScopes: HKLM - {7ECFE9A5-943D-456C-BB65-6950C58B620D} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-2/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-2/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-2/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2012-04-18] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lada Brunner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lada Brunner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] C:\Program Files (x86)\Symantec\VIP Access Client\
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client\
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "https://www.google.ch/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0
CHR Extension: (Gmail Offline) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0
CHR Extension: (Safe Money) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0
CHR Extension: (Content Blocker) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0
CHR Extension: (Classic) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0
CHR Extension: (Bing wallpaper for Google homepage.) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ignkobhlkpgjcpkfgfohhdgdaldfaoni\7.6_0
CHR Extension: (Virtual Keyboard) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Hover Zoom) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.19_0
CHR Extension: (Chrome to Phone) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.2_0
CHR Extension: (LEO W\u00F6rterbuchsuche) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojniiiidjmoaiehegaedmfdclmgmmpdp\1.4_0
CHR Extension: (Google Quick Scroll) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2.1.2_0
CHR Extension: (Gmail) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Anti-Banner) - C:\Users\LADABR~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [655928 2013-09-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-06] (Avira Operations GmbH & Co. KG)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-13] (Kaspersky Lab ZAO)
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-08-29] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-08-29] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-29] (Avira Operations GmbH & Co. KG)
S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [177920 2011-09-06] (HID Global Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-11-13] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-11-13] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-17] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-04-18] ()
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-04-18] ()
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-22] (Kaspersky Lab ZAO)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-06 23:44 - 2013-09-06 23:44 - 00891115 _____ C:\Users\Lada Brunner\Downloads\SecurityCheck.exe
2013-09-06 23:29 - 2013-09-06 23:29 - 96470395 _____ C:\Windows\SysWOW64\銴š
2013-09-06 21:32 - 2013-09-06 21:32 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-06 21:31 - 2013-09-06 21:32 - 02347384 _____ (ESET) C:\Users\Lada Brunner\Downloads\esetsmartinstaller_enu.exe
2013-09-02 19:38 - 2013-09-02 19:38 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\{C6A074B8-8179-47EC-AF59-B33112B7FE6F}
2013-09-02 14:41 - 2013-09-02 14:41 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 00:02 - 2013-09-02 00:02 - 00026654 _____ C:\Users\Lada Brunner\Downloads\Addition.txt
2013-09-02 00:01 - 2013-09-02 00:01 - 00000000 ____D C:\FRST
2013-08-30 22:00 - 2013-08-30 22:00 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-30 22:00 - 2013-08-30 22:00 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-30 21:54 - 2013-08-30 22:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-30 21:53 - 2013-08-30 21:53 - 00448512 _____ (OldTimer Tools) C:\Users\Lada Brunner\Downloads\TFC.exe
2013-08-30 21:52 - 2013-08-30 22:40 - 00000000 ____D C:\Users\Lada Brunner\Desktop\mbar
2013-08-30 21:38 - 2013-08-30 21:39 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Lada Brunner\Downloads\mbar-1.07.0.1005.exe
2013-08-30 20:59 - 2013-08-30 20:59 - 00602112 _____ (OldTimer Tools) C:\Users\Lada Brunner\Downloads\OTL.exe
2013-08-30 08:47 - 2013-09-06 21:30 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-30 00:15 - 2013-08-30 22:18 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Uniblue
2013-08-30 00:15 - 2013-08-30 22:18 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-08-29 23:59 - 2013-08-29 23:59 - 00994642 _____ C:\Users\Lada Brunner\Downloads\adwcleaner (1).exe
2013-08-29 23:54 - 2013-08-29 23:54 - 00002068 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-29 23:54 - 2013-08-29 23:54 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Avira
2013-08-29 23:53 - 2013-09-06 21:30 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-29 23:53 - 2013-09-06 21:30 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-29 23:53 - 2013-08-29 23:53 - 00000000 ____D C:\ProgramData\Avira
2013-08-29 23:53 - 2013-08-29 23:53 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-29 23:53 - 2013-08-29 20:06 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys
2013-08-29 23:53 - 2013-08-29 20:06 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys
2013-08-29 23:53 - 2013-08-29 20:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-29 18:22 - 2013-08-29 18:22 - 00038112 _____ C:\Windows\system32\.crusader
2013-08-29 16:15 - 2013-08-29 20:36 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 16:15 - 2013-08-29 16:15 - 09879648 _____ (SurfRight B.V.) C:\Users\Lada Brunner\Downloads\hitmanpro_x64.exe
2013-08-29 16:14 - 2013-08-30 22:19 - 00000000 ____D C:\AdwCleaner
2013-08-29 16:14 - 2013-08-29 16:14 - 00994642 _____ C:\Users\Lada Brunner\Downloads\adwcleaner.exe
2013-08-29 03:12 - 2013-08-29 03:12 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Malwarebytes
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 03:12 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-29 03:11 - 2013-08-29 03:11 - 10284808 _____ (Malwarebytes Corporation ) C:\Users\Lada Brunner\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-29 02:51 - 2013-08-29 02:51 - 00000902 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-25 22:42 - 2013-08-25 22:42 - 00001092 _____ C:\Users\Lada Brunner\Desktop\Corel PaintShop Pro X4.lnk
2013-08-20 17:31 - 2012-02-24 05:07 - 00016904 _____ C:\Users\Lada Brunner\chargenmorphcfg.xml
2013-08-20 17:31 - 2012-01-16 06:50 - 00000000 ____D C:\Users\Lada Brunner\Triss hair
2013-08-15 01:31 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 01:31 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 01:31 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 01:31 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 01:31 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 01:31 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 01:31 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 01:31 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 01:31 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 01:31 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 01:31 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 01:31 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 01:31 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 01:31 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 01:28 - 2013-08-15 01:29 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 21:05 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 21:05 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 21:05 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 21:05 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 21:05 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 21:05 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 21:05 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 21:05 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 21:05 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 21:05 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 21:05 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 21:05 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 21:05 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 21:05 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 21:05 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 21:05 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 21:05 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 21:05 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 21:05 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 21:05 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 21:05 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 21:05 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 21:05 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 21:05 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 21:05 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 21:05 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 21:05 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-07 18:48 - 2013-08-07 18:48 - 00000000 ____D C:\Users\Lada Brunner\Desktop\diffgeo serien
==================== One Month Modified Files and Folders =======
2013-09-06 23:52 - 2013-09-06 23:52 - 01948360 _____ (Farbar) C:\Users\Lada Brunner\Downloads\FRST64.exe
2013-09-06 23:51 - 2012-05-31 22:56 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E77BAFA2-6CDF-439D-BAAA-034214DF688C}
2013-09-06 23:48 - 2012-08-28 21:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-06 23:44 - 2013-09-06 23:44 - 00891115 _____ C:\Users\Lada Brunner\Downloads\SecurityCheck.exe
2013-09-06 23:44 - 2012-06-13 22:53 - 00001148 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000UA.job
2013-09-06 23:42 - 2012-06-07 22:56 - 00003230 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLADABRUNNER-HP$
2013-09-06 23:42 - 2012-06-07 22:56 - 00000354 _____ C:\Windows\Tasks\HPCeeScheduleForLADABRUNNER-HP$.job
2013-09-06 23:29 - 2013-09-06 23:29 - 96470395 _____ C:\Windows\SysWOW64\銴š
2013-09-06 23:20 - 2012-05-31 22:49 - 01786327 _____ C:\Windows\WindowsUpdate.log
2013-09-06 21:42 - 2012-06-06 23:35 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-09-06 21:42 - 2012-06-01 20:30 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-06 21:41 - 2012-06-01 20:28 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\HpUpdate
2013-09-06 21:41 - 2012-06-01 20:28 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\HP Support Assistant
2013-09-06 21:37 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-06 21:37 - 2009-07-14 06:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-06 21:32 - 2013-09-06 21:32 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-06 21:32 - 2013-09-06 21:31 - 02347384 _____ (ESET) C:\Users\Lada Brunner\Downloads\esetsmartinstaller_enu.exe
2013-09-06 21:30 - 2013-08-30 08:47 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-06 21:30 - 2013-08-29 23:53 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-06 21:30 - 2013-08-29 23:53 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-06 21:29 - 2013-07-27 13:45 - 00000000 ___RD C:\Users\Lada Brunner\Dropbox
2013-09-06 21:29 - 2013-07-27 13:41 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Dropbox
2013-09-06 21:29 - 2012-12-22 21:23 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-06 21:28 - 2012-04-18 11:29 - 00000000 ____D C:\ProgramData\PDFC
2013-09-06 21:28 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-06 21:28 - 2009-07-14 06:51 - 00092687 _____ C:\Windows\setupact.log
2013-09-02 19:38 - 2013-09-02 19:38 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\{C6A074B8-8179-47EC-AF59-B33112B7FE6F}
2013-09-02 15:33 - 2012-04-18 10:47 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-09-02 15:33 - 2012-04-18 10:47 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-09-02 15:33 - 2011-02-11 19:15 - 01589442 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-02 15:33 - 2009-07-14 07:13 - 01589442 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-02 15:02 - 2012-05-31 22:56 - 00000360 _____ C:\Windows\Tasks\HPCeeScheduleForLada Brunner.job
2013-09-02 14:41 - 2013-09-02 14:41 - 00000000 ____D C:\Windows\ERUNT
2013-09-02 08:58 - 2012-05-31 23:19 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-09-02 00:02 - 2013-09-02 00:02 - 00026654 _____ C:\Users\Lada Brunner\Downloads\Addition.txt
2013-09-02 00:01 - 2013-09-02 00:01 - 00000000 ____D C:\FRST
2013-08-31 15:44 - 2012-06-13 22:53 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000Core.job
2013-08-30 23:00 - 2013-01-29 18:18 - 00000000 ____D C:\Users\Lada Brunner\Desktop\Dokumente
2013-08-30 22:40 - 2013-08-30 21:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-30 22:40 - 2013-08-30 21:52 - 00000000 ____D C:\Users\Lada Brunner\Desktop\mbar
2013-08-30 22:30 - 2013-01-29 18:17 - 00000000 ____D C:\Users\Lada Brunner\Desktop\Nastja
2013-08-30 22:19 - 2013-08-29 16:14 - 00000000 ____D C:\AdwCleaner
2013-08-30 22:19 - 2012-05-31 23:36 - 00000000 ____D C:\Program Files\Google
2013-08-30 22:19 - 2012-05-31 23:36 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-30 22:19 - 2010-11-21 05:47 - 00539042 _____ C:\Windows\PFRO.log
2013-08-30 22:18 - 2013-08-30 00:15 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Uniblue
2013-08-30 22:18 - 2013-08-30 00:15 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-08-30 22:07 - 2012-05-31 23:36 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\Google
2013-08-30 22:00 - 2013-08-30 22:00 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-08-30 22:00 - 2013-08-30 22:00 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-08-30 22:00 - 2013-08-30 22:00 - 00000000 ____D C:\Program Files (x86)\Java
2013-08-30 22:00 - 2013-02-23 01:07 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-08-30 22:00 - 2013-02-23 01:07 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-08-30 21:53 - 2013-08-30 21:53 - 00448512 _____ (OldTimer Tools) C:\Users\Lada Brunner\Downloads\TFC.exe
2013-08-30 21:39 - 2013-08-30 21:38 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Lada Brunner\Downloads\mbar-1.07.0.1005.exe
2013-08-30 20:59 - 2013-08-30 20:59 - 00602112 _____ (OldTimer Tools) C:\Users\Lada Brunner\Downloads\OTL.exe
2013-08-29 23:59 - 2013-08-29 23:59 - 00994642 _____ C:\Users\Lada Brunner\Downloads\adwcleaner (1).exe
2013-08-29 23:54 - 2013-08-29 23:54 - 00002068 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-29 23:54 - 2013-08-29 23:54 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Avira
2013-08-29 23:53 - 2013-08-29 23:53 - 00000000 ____D C:\ProgramData\Avira
2013-08-29 23:53 - 2013-08-29 23:53 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-29 20:36 - 2013-08-29 16:15 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-29 20:06 - 2013-08-29 23:53 - 00141376 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwot.sys
2013-08-29 20:06 - 2013-08-29 23:53 - 00114608 _____ (Avira GmbH) C:\Windows\system32\Drivers\avfwim.sys
2013-08-29 20:06 - 2013-08-29 23:53 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-29 18:32 - 2013-05-17 00:47 - 00000000 ____D C:\Windows\Minidump
2013-08-29 18:32 - 2012-04-18 12:13 - 00318046 ____N C:\Windows\Minidump\082913-15537-01.dmp
2013-08-29 18:22 - 2013-08-29 18:22 - 00038112 _____ C:\Windows\system32\.crusader
2013-08-29 16:15 - 2013-08-29 16:15 - 09879648 _____ (SurfRight B.V.) C:\Users\Lada Brunner\Downloads\hitmanpro_x64.exe
2013-08-29 16:14 - 2013-08-29 16:14 - 00994642 _____ C:\Users\Lada Brunner\Downloads\adwcleaner.exe
2013-08-29 03:48 - 2012-06-29 16:26 - 00000000 ____D C:\ProgramData\Recovery
2013-08-29 03:12 - 2013-08-29 03:12 - 00001111 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\Users\Lada Brunner\AppData\Roaming\Malwarebytes
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-29 03:12 - 2013-08-29 03:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 03:11 - 2013-08-29 03:11 - 10284808 _____ (Malwarebytes Corporation ) C:\Users\Lada Brunner\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-29 02:51 - 2013-08-29 02:51 - 00000902 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-27 17:05 - 2012-05-31 23:33 - 00000000 ____D C:\Users\LADABR~1\AppData\Local\CrashDumps
2013-08-25 22:42 - 2013-08-25 22:42 - 00001092 _____ C:\Users\Lada Brunner\Desktop\Corel PaintShop Pro X4.lnk
2013-08-24 15:02 - 2012-05-31 22:56 - 00003228 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLada Brunner
2013-08-20 17:45 - 2012-05-31 22:50 - 00000000 ____D C:\Users\Lada Brunner
2013-08-15 16:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 01:29 - 2013-08-15 01:28 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 01:28 - 2012-06-06 11:08 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-07 18:48 - 2013-08-07 18:48 - 00000000 ____D C:\Users\Lada Brunner\Desktop\diffgeo serien
Files to move or delete:
====================
C:\Users\LADABR~1\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\LADABR~1\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-01 22:18
==================== End Of Log ============================
--- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2013 Ran by Lada Brunner at 2013-09-06 23:53:27 Running from C:\Users\Lada Brunner\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x32) 802.11n Wireless LAN Card (x32 Version: 3.02.03.0) Ãåðîè Ìå÷à è Ìàãèè III: Ïîëíîå ñîáðàíèå (x32) Adobe AIR (x32 Version: 2.6.0.19120) Adobe Flash Player 11 ActiveX (x64) (Version: 11.1.102.55) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) Apple Application Support (x32 Version: 2.3.3) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) Assassin's Creed (x32 Version: 1.02) Avira Internet Security (x32 Version: 13.0.0.4052) Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663) Banana Buchhaltung 7.0 (x32 Version: 7.0.1.0) Bejeweled 3 (x32 Version: 2.2.0.98) Bonjour (Version: 3.0.0.10) Cake Mania (x32 Version: 2.2.0.98) Canon Easy-PhotoPrint EX (x32) Canon Easy-WebPrint EX (x32) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32) Canon Kurzwahlprogramm (x32) Canon MP Navigator EX 4.1 (x32) Canon MX360 series Benutzerregistrierung (x32) Canon MX360 series MP Drivers Canon My Printer (x32) Canon Solution Menu EX (x32) Chuzzle Deluxe (x32 Version: 2.2.0.95) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103) CLX.ClubMaker (x32 Version: 2.1.28.0) Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2) Corel PaintShop Pro X4 (x32 Version: 14.0.0.332) Cradle of Rome 2 (x32 Version: 2.2.0.98) D3DX10 (x32 Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904) Divinity II - Ego Draconis (x32) Dragon Age II (x32 Version: 1.04) Dragon Age Redesigned© (HKCU) Dragon Age: Origins (x32 Version: 1.05) Dropbox (HKCU Version: 2.0.26) ESET Online Scanner v3 (x32) Fable III (x32 Version: 1.0.0000.131) Fable III (x32 Version: 1.0.0002.131) Farm Frenzy (x32 Version: 2.2.0.98) Farmscapes (x32 Version: 2.2.0.98) FATE (x32 Version: 2.2.0.97) FileZilla Client 3.7.0.2 (x32 Version: 3.7.0.2) Final Drive Fury (x32 Version: 2.2.0.95) Fishdom (TM) 2 (x32 Version: 2.2.0.98) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922) Google Chrome (HKCU Version: 29.0.1547.62) Heroes of Might and Magic® IV (x32) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000) HP Auto (Version: 1.0.12935.3667) HP Calendar (x32 Version: 5.1.4245.23508) HP Client Services (Version: 1.1.12938.3539) HP Clock (x32 Version: 5.1.4244.16367) HP Customer Experience Enhancements (x32 Version: 6.0.1.8) HP Games (x32 Version: 1.0.2.5) HP LinkUp (x32 Version: 2.01.029) HP Magic Canvas (x32 Version: 5.1.15.0) HP Magic Canvas Tutorials (x32 Version: 5.0.0.3) HP Notes (x32 Version: 5.1.4274.30382) HP Odometer (x32 Version: 2.10.0000) HP RSS (x32 Version: 5.1.4301.21494) HP Setup (x32 Version: 9.0.15130.3904) HP Setup Manager (x32 Version: 1.2.15145.3905) HP Support Assistant (x32 Version: 7.0.39.15) HP Support Information (x32 Version: 11.00.0001) HP TouchSmart RecipeBox (x32 Version: 3.0.3830.27730) HP Update (x32 Version: 5.003.001.001) HP Vision Hardware Diagnostics (Version: 2.12.1.0) iaCoder x64 0.8.17 (Version: 0.8.17) ICA (x32 Version: 14.0.0.332) Insaniquarium Deluxe (x32 Version: 2.2.0.97) Intel(R) Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0) Intel(R) Management Engine Components (x32 Version: 8.0.0.1351) Intel® Trusted Connect Service Client (Version: 1.23.216.0) Interaktive Sprachreise - English Sprachkurs 1 (x32) IPM_PSP_COM (x32 Version: 14.0.0.332) iTunes (Version: 11.0.2.26) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Jewel Match 3 (x32 Version: 2.2.0.98) Jewel Quest II (x32 Version: 2.2.0.97) Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98) Junk Mail filter update (x32 Version: 15.4.3502.0922) Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190) Kingdoms of Amalur: Reckoning (x32 Version: 1.0.0.0) LabelPrint (x32 Version: 2.5.4507) Linthbanking (x32 Version: 1.0.3) Magic Desktop (x32 Version: 3.0) Mahjongg Artifacts (x32 Version: 2.2.0.95) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Games for Windows - LIVE (x32 Version: 3.3.24.0) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0) Microsoft Mathematics (x32 Version: 4.0) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook Connector (x32 Version: 14.0.6123.5001) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Might & Magic Heroes VI (x32 Version: 1.8) MiKTeX 2.9 (Version: 2.9) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Mystery of Mortlake Mansion (x32 Version: 2.2.0.98) Norton Online Backup (x32 Version: 2.1.17869) NVIDIA Grafiktreiber 296.28 (Version: 296.28) NVIDIA HD Audio Driver 1.2.23.3 (Version: 1.2.23.3) NVIDIA Install Application (Version: 2.1002.62.312) NVIDIA PhysX (x32 Version: 9.10.0514) NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514) NVIDIA Systemsteuerung 296.28 (Version: 296.28) NVIDIA Update 1.7.12 (Version: 1.7.12) NVIDIA Update Components (Version: 1.7.12) Oblivion (x32 Version: 1.2.0416) opensource (x32 Version: 1.0.14960.3876) Origin (x32 Version: 9.1.15.109) PDF Complete Special Edition (x32 Version: 4.0.65) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98) PlayReady PC Runtime amd64 (Version: 1.3.0) Polar Bowler (x32 Version: 2.2.0.97) PSPPContent (x32 Version: 14.0.0.332) PSPPHelp (x32 Version: 14.0.0.332) PSPPro64 (Version: 14.0.0.332) Q-Verein (x32) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922) Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6463) Recovery Manager (x32 Version: 5.5.0.4424) Remote Graphics Receiver (x32 Version: 5.4.5) Setup (x32 Version: 14.0.0.332) Skype™ 5.10 (x32 Version: 5.10.116) Steam (x32 Version: 1.0.0.0) TeXstudio 2.3 (x32 Version: 2.3.0) The Elder Scrolls V: Skyrim (x32) Torchlight (x32 Version: 2.2.0.98) TSHostedAppLauncher (x32 Version: 5.1.15.0) Ubisoft Game Launcher (x32 Version: 1.0.0.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Update Installer for WildTangent Games App (x32) VIP Access (x32 Version: 2.0.5.13) Virtual Families (x32 Version: 2.2.0.98) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98) Wedding Dash (x32 Version: 2.2.0.95) WildTangent Games App (HP Games) (x32 Version: 4.0.5.32) Windows Live (x32 Version: 15.4.3502.0922) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3555.0308) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0) Zuma's Revenge (x32 Version: 2.2.0.98) ==================== Restore Points ========================= 29-08-2013 22:15:20 Uniblue SpeedUpMyPC installation 30-08-2013 19:59:20 Installed Java 7 Update 25 02-09-2013 13:31:11 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {230EB66F-F4D5-443E-8DE6-A02AD0D286C3} - System32\Tasks\HPCeeScheduleForLada Brunner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {4DE029CB-082F-4271-8DC1-AE789199C335} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {5DE0E762-0990-4378-9B5A-A4BB3150FC3E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {6D5A173B-44C9-45AD-B91F-40D59ACE343A} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {72A212A5-8A61-4D31-AE5D-1A472B8F2255} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {7C080769-C389-4EE4-924E-A2160918ADC5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company) Task: {7F4B9269-DFF3-4CB4-BF46-52D007808FC6} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {8C9B7AC6-8274-47F9-AFB3-67ED6505348B} - \SpeedUpMyPC No Task File Task: {950E823F-8677-4CB9-8232-201EC613B258} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {A60713CD-9B36-42B1-BBCD-D7B2A45E17F9} - \spmonitor No Task File Task: {A7D1DEBB-1512-4D53-9E1D-59CA2CDD3A85} - System32\Tasks\User_Feed_Synchronization-{E107EF92-CB58-4D2E-9879-BFB84098A587} => C:\Windows\system32\msfeedssync.exe [2013-03-29] (Microsoft Corporation) Task: {AD874BA9-15AD-4D46-801F-5927F9EA9E25} - System32\Tasks\HPCeeScheduleForLADABRUNNER-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {B3C26D6C-5944-4973-A300-7A823CD2CB4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {B64FC647-F4E4-4E74-8886-EA54C6CDB0A3} - System32\Tasks\User_Feed_Synchronization-{E77BAFA2-6CDF-439D-BAAA-034214DF688C} => C:\Windows\system32\msfeedssync.exe [2013-03-29] (Microsoft Corporation) Task: {B732BE25-C0E7-4A5D-BCC9-36233E9B31EC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {C877423B-92DB-48CE-AE3E-B0DCEA242A07} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000Core => C:\Users\Lada Brunner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31] (Google Inc.) Task: {E4DF806D-3263-404F-B314-113E49E80DCA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000UA => C:\Users\Lada Brunner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31] (Google Inc.) Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000Core.job => C:\Users\Lada Brunner\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-138995088-2144927477-1329361507-1000UA.job => C:\Users\Lada Brunner\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForLada Brunner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForLADABRUNNER-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2012-04-18 11:04 - 2012-03-15 03:59 - 09732416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2013-06-05 19:17 - 2013-06-05 19:17 - 00164016 _____ (Dropbox, Inc.) C:\Users\Lada Brunner\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll 2011-09-10 02:03 - 2012-09-27 12:56 - 00360864 _____ (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll 2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2012-05-31 23:03 - 2010-07-25 19:08 - 00136704 _____ (CANON INC.) C:\Program Files\Canon\MyPrinter\cnmpu.dll 2012-05-31 23:03 - 2010-08-02 19:08 - 00069632 _____ (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyRes.dll 2012-08-17 21:41 - 2012-08-17 21:41 - 00188344 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\prremote.dll 2012-08-17 21:43 - 2012-08-17 21:43 - 00507320 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\prloader.dll 2012-04-18 11:11 - 2012-03-15 02:00 - 04118848 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvUI.dll 2012-06-12 12:56 - 2012-03-15 03:59 - 03443520 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll 2012-06-12 12:56 - 2012-03-15 03:59 - 00782656 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Common\easyDaemonAPIU64.DLL 2012-06-12 12:56 - 2012-03-15 03:59 - 00981824 _____ (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Common\NVUPDTR.DLL 2012-05-31 23:00 - 2010-09-20 05:00 - 00733184 _____ (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNMDRAK.DLL 2012-05-31 23:00 - 2010-09-20 05:00 - 03475968 _____ (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNMUIAK.DLL 2012-12-22 21:26 - 2013-08-28 23:47 - 00288680 _____ (Valve Corporation) C:\Program Files (x86)\Steam\crashhandler.dll 2012-12-22 21:26 - 2013-07-16 00:32 - 02895272 _____ (Valve Corporation) C:\Program Files (x86)\Steam\steam.dll 2012-12-22 21:26 - 2013-08-28 23:47 - 10654632 _____ (Valve Corporation) C:\Program Files (x86)\Steam\steamui.dll 2013-03-12 18:10 - 2013-08-22 00:18 - 00687104 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2012-12-22 21:26 - 2013-08-28 23:47 - 00263080 _____ (Valve Corporation) C:\Program Files (x86)\Steam\tier0_s.dll 2012-12-22 21:26 - 2013-08-28 23:47 - 00236456 _____ (Valve Corporation) C:\Program Files (x86)\Steam\vstdlib_s.dll 2012-12-22 21:26 - 2013-06-15 01:49 - 00122864 _____ (Valve) C:\Program Files (x86)\Steam\CSERHelper.dll 2013-05-07 10:06 - 2013-08-28 23:47 - 00169384 _____ (Valve Corporation) C:\Program Files (x86)\Steam\bin\filesystem_stdio.DLL 2012-12-22 21:26 - 2013-08-28 23:47 - 00694696 _____ (Valve Corporation) C:\Program Files (x86)\Steam\bin\vgui2_s.DLL 2012-12-22 21:26 - 2013-08-28 23:47 - 01120680 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2012-12-22 21:26 - 2013-08-07 21:31 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2012-12-22 21:26 - 2013-06-15 01:49 - 09955112 _____ (The ICU Project) C:\Program Files (x86)\Steam\bin\icudt.dll 2012-12-22 21:26 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll 2012-12-22 21:26 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll 2012-12-22 21:26 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll 2012-12-22 21:26 - 2013-08-28 23:47 - 07745960 _____ (Valve Corporation) C:\Program Files (x86)\Steam\steamclient.dll 2012-12-22 21:26 - 2013-08-28 23:47 - 02449832 _____ (Valve Corporation) c:\program files (x86)\steam\bin\friendsui.DLL 2012-12-22 21:26 - 2013-08-28 23:47 - 01804712 _____ (Valve Corporation) c:\program files (x86)\steam\bin\serverbrowser.DLL 2013-08-29 21:45 - 2013-08-24 19:48 - 47099856 _____ (Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\chrome.dll 2013-08-29 21:45 - 2013-08-24 19:48 - 09962960 _____ (The ICU Project) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\icudt.dll 2013-05-26 17:53 - 2013-05-26 17:53 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2013-06-05 19:17 - 2013-06-05 19:17 - 00130736 _____ (Dropbox, Inc.) C:\Users\Lada Brunner\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll 2012-08-17 21:39 - 2012-08-17 21:39 - 00351160 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\office_antivirus.dll 2012-08-17 21:39 - 2012-08-17 21:39 - 00159672 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\prremote.dll 2012-08-17 21:39 - 2012-08-17 21:39 - 00369080 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\prloader.dll 2012-04-18 11:23 - 2012-04-18 11:23 - 00052920 _____ (EasyBits Software Corp.) C:\Windows\SysWow64\EZUPBH~1.DLL 2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\Lada Brunner\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll 2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Lada Brunner\AppData\Roaming\Dropbox\bin\libcef.dll 2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\Lada Brunner\AppData\Roaming\Dropbox\bin\icudt.dll 2012-05-31 23:05 - 2010-09-22 14:19 - 00026112 _____ (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\LangInfo\DE\CNSELANG.dll 2012-08-17 21:40 - 2013-06-17 10:45 - 00083648 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dll 2012-08-17 21:38 - 2012-08-17 21:38 - 00013240 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpinit.dll 2012-08-17 21:38 - 2013-04-22 16:39 - 00828096 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpmain.dll 2012-08-17 21:39 - 2012-08-17 21:39 - 00097720 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\fssync.DLL 2012-08-17 21:39 - 2012-08-17 21:39 - 00147896 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\DumpWriter.dll 2012-08-17 21:39 - 2012-08-17 21:39 - 00611768 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\service.dll 2012-08-17 21:39 - 2012-08-17 21:39 - 00159672 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\prremote.DLL 2012-08-17 21:41 - 2012-08-17 21:41 - 00110008 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\nfio.ppl 2012-08-17 21:41 - 2012-08-17 21:41 - 00021432 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\fsdrvplg.ppl 2012-08-17 21:41 - 2012-08-17 21:41 - 00038840 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\winreg.ppl 2012-08-17 21:41 - 2012-12-21 12:55 - 00045576 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\pxstub.ppl 2012-08-17 21:41 - 2013-02-22 18:37 - 01329008 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\params.ppl 2012-08-17 21:38 - 2012-08-17 21:38 - 01108408 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\app_core_legacy.dll 2012-08-17 21:39 - 2012-12-21 12:55 - 00609288 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\key_value_storage.DLL 2012-08-17 21:39 - 2012-08-17 21:39 - 00254392 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\eka_meta.dll 2012-08-17 21:40 - 2012-08-17 21:40 - 00253368 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\updater_meta.dll 2012-08-17 21:38 - 2012-08-17 21:38 - 00126904 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\content_filtering_meta.dll 2012-08-17 21:38 - 2012-08-17 21:38 - 00256440 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\am_meta.dll 2012-08-17 21:38 - 2012-08-17 21:38 - 00434616 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ac_meta.dll 2012-08-17 21:38 - 2012-08-17 21:38 - 00362936 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\app_core_meta.dll 2012-08-17 21:39 - 2012-12-03 20:39 - 00825784 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\product_metainfo.dll 2012-08-17 21:39 - 2012-08-17 21:39 - 00208824 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\plugins_meta.dll 2012-08-17 21:39 - 2012-08-17 21:39 - 00297400 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ksn_meta.dll 2012-08-17 21:40 - 2013-04-22 16:39 - 00238272 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ucp_meta.dll 2012-08-17 21:39 - 2012-08-17 21:39 - 00183224 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klifpp_meta.dll 2012-08-17 21:39 - 2012-08-17 21:39 - 00097720 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\instrumental_meta.dll 2012-08-17 21:40 - 2012-08-17 21:40 - 00395192 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\storage.dll 2012-08-17 21:38 - 2012-08-17 21:38 - 00036280 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpservice.dll 2012-08-17 21:41 - 2013-02-22 18:37 - 04885872 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpgui.ppl 2012-08-17 21:39 - 2012-08-17 21:39 - 02321336 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtCore4.dll 2012-08-17 21:39 - 2012-08-17 21:39 - 02289080 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtDeclarative4.dll 2012-08-17 21:40 - 2012-08-17 21:40 - 01296824 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtScript4.dll 2012-08-17 21:39 - 2012-08-17 21:39 - 00182200 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtSql4.dll 2012-08-17 21:40 - 2012-08-17 21:40 - 07269816 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtGui4.dll 2012-08-17 21:40 - 2012-08-17 21:40 - 02051512 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtNetwork4.dll 2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll 2012-08-17 21:39 - 2012-08-17 21:39 - 00963000 _____ (IBM Corporation and others) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\icuuc40.dll 2012-08-17 21:39 - 2012-08-17 21:39 - 02962360 _____ (IBM Corporation and others) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\icudt40.dll 2012-08-17 21:41 - 2012-11-13 17:58 - 02162616 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\basegui.ppl 2012-08-17 21:41 - 2013-02-22 18:37 - 00041328 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\thpimpl.ppl 2012-08-17 21:39 - 2012-08-17 21:39 - 00085944 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\memmon.dll 2012-08-17 21:39 - 2012-08-17 21:39 - 00657336 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\localization_manager.dll 2012-08-17 21:39 - 2012-11-13 17:58 - 00288696 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\parental_control_gui.dll 2012-08-17 21:41 - 2012-08-17 21:41 - 00018360 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\hashmd5.ppl 2012-08-17 21:40 - 2012-08-17 21:40 - 00034232 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\imageformats\qgif4.dll 2012-08-17 21:40 - 2012-08-17 21:40 - 00036792 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\imageformats\qico4.dll 2012-08-17 21:40 - 2012-08-17 21:40 - 00189368 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\imageformats\qjpeg4.dll 2012-08-17 21:41 - 2012-08-17 21:41 - 00088504 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\propmap.ppl 2013-01-28 14:08 - 2013-01-28 14:08 - 00053648 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll 2013-01-28 14:08 - 2013-01-28 14:08 - 01292136 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll 2013-01-28 14:08 - 2013-01-28 14:08 - 00923496 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll 2013-01-28 14:08 - 2013-01-28 14:08 - 16303976 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll 2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-08-31 00:05 - 2011-08-31 00:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll 2013-03-26 17:43 - 2013-03-26 17:43 - 00400784 _____ (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpncommoncrypt.dll 2013-03-26 17:43 - 2013-03-26 17:43 - 01127824 _____ (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpncommon.dll 2013-03-26 17:43 - 2013-03-26 17:43 - 01057680 _____ (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnapi.dll 2013-03-26 17:44 - 2013-03-26 17:44 - 00105360 _____ (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\Plugins\acfeedback.dll 2013-03-26 17:44 - 2013-03-26 17:44 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2013-08-29 21:45 - 2013-08-24 18:07 - 03231688 _____ (Microsoft Corporation) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\D3DCompiler_46.dll 2013-08-29 21:45 - 2013-08-24 19:49 - 00709584 _____ () C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\libglesv2.dll 2013-08-29 21:45 - 2013-08-24 19:49 - 00099792 _____ () C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\libegl.dll 2013-08-29 21:45 - 2013-08-24 19:49 - 04053456 _____ () C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll 2013-08-29 21:45 - 2013-08-24 19:49 - 00410576 _____ () C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll 2013-08-29 21:45 - 2013-08-24 19:49 - 02110928 _____ (Google Inc.) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\libpeerconnection.dll 2013-08-29 21:45 - 2013-08-24 19:48 - 01604560 _____ () C:\Users\Lada Brunner\AppData\Local\Google\Chrome\Application\29.0.1547.62\ffmpegsumo.dll 2012-08-29 12:49 - 2012-08-29 12:49 - 00331704 _____ (Kaspersky Lab ZAO) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin\online_banking_npapi.dll 2012-08-17 21:39 - 2012-08-17 21:39 - 00207800 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\remote_eka_prague_loader.dll 2013-05-21 10:06 - 2013-05-21 10:06 - 00404920 _____ (Kaspersky Lab ZAO) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin\content_blocker_npapi.dll 2012-08-29 12:49 - 2012-08-29 12:49 - 00170936 _____ (Kaspersky Lab ZAO) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin\npABPlugin.dll 2012-08-29 12:49 - 2012-08-29 12:49 - 00258488 _____ (Kaspersky Lab ZAO) C:\Users\Lada Brunner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin\npUrlAdvisor.dll 2012-08-17 21:39 - 2012-08-17 21:39 - 00191928 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblc.dll 2012-08-17 21:39 - 2012-11-13 17:58 - 00468408 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kltbar.dll 2013-08-29 23:53 - 2013-09-06 21:29 - 00055352 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cfglib.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00349752 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccguard.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00029240 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdrc.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00229432 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgrdw.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00218168 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\gpipc.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00407608 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmguard.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00032824 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmgrdrc.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00419384 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccwgrd.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00027192 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccwgrdrc.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00127544 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccwgrdw.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00235576 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccfwmgt.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00037944 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccfwmgtrc.dll 2013-08-29 23:53 - 2013-09-06 21:29 - 05159992 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\rcimage.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00048184 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\firewall.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00118840 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccfwgnt.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00308280 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccfwitf.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00091192 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccfwrc.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00807992 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgen.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00049720 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccgenrc.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00220216 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdate.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00028728 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccupdrc.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00083000 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclic.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00009784 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\cclicrc.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00237624 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsg.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00010296 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmsgrc.dll 2013-08-29 23:53 - 2013-09-06 21:30 - 00014392 _____ (Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\ccmainrc.dll 2012-04-19 00:15 - 2012-04-19 00:15 - 00427632 _____ (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManagerDEU.dll ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/06/2013 11:52:08 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/06/2013 11:44:09 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/06/2013 10:14:27 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (09/06/2013 09:32:44 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/06/2013 09:32:37 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/06/2013 09:32:37 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (09/02/2013 07:51:25 PM) (Source: Application Hang) (User: ) Description: Programm mbam.exe, Version 1.75.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 664 Startzeit: 01cea804da794daa Endzeit: 4 Anwendungspfad: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Berichts-ID: 432f8917-13f8-11e3-8da4-e83935566849 System errors: ============= Error: (09/06/2013 09:28:34 PM) (Source: SCardSvr) (User: ) Description: Das System kann den angegebenen Pfad nicht finden. Error: (09/06/2013 09:28:34 PM) (Source: SCardSvr) (User: ) Description: Das System kann den angegebenen Pfad nicht finden. Error: (09/02/2013 07:32:33 PM) (Source: SCardSvr) (User: ) Description: Das System kann den angegebenen Pfad nicht finden. Error: (09/02/2013 07:32:33 PM) (Source: SCardSvr) (User: ) Description: Das System kann den angegebenen Pfad nicht finden. Error: (09/02/2013 05:07:39 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus. Error: (09/02/2013 05:07:29 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus. Error: (09/02/2013 05:07:28 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus. Error: (09/02/2013 05:07:26 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus. Error: (09/02/2013 05:07:25 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus. Error: (09/02/2013 05:07:23 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus. Microsoft Office Sessions: ========================= Error: (09/06/2013 11:52:08 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lada Brunner\Downloads\esetsmartinstaller_enu.exe Error: (09/06/2013 11:44:09 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (09/06/2013 10:14:27 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80004005 Error: (09/06/2013 09:32:44 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lada Brunner\Downloads\esetsmartinstaller_enu.exe Error: (09/06/2013 09:32:37 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lada Brunner\Downloads\esetsmartinstaller_enu.exe Error: (09/06/2013 09:32:37 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lada Brunner\Downloads\esetsmartinstaller_enu.exe Error: (09/02/2013 07:51:25 PM) (Source: Application Hang)(User: ) Description: mbam.exe1.75.0.166401cea804da794daa4C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe432f8917-13f8-11e3-8da4-e83935566849 CodeIntegrity Errors: =================================== Date: 2013-09-02 17:01:06.964 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-02 17:01:06.962 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-02 17:01:06.961 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-02 17:01:06.943 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-02 17:01:06.942 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-02 17:01:06.940 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-01 22:19:54.770 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-01 22:19:54.769 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-01 22:19:54.766 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-09-01 22:19:54.750 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 36% Total physical RAM: 8172.83 MB Available physical RAM: 5156.73 MB Total Pagefile: 16343.85 MB Available Pagefile: 12395.71 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:911.32 GB) (Free:746.93 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:20.09 GB) (Free:2.53 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (AVIRA) (CDROM) (Total:0.24 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 31B9FECE) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=911 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
07.09.2013, 12:31
| #8 |
| /// the machine /// TB-Ausbilder | Verschiedene Yontoo-Dateien gefunden Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Chrome komplett deinstallieren, keine Daten behalten, neu installieren. Noch PRobleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.09.2013, 19:51
| #9 |
| | Verschiedene Yontoo-Dateien gefunden Danke, alles wie beschrieben gemacht. Ich hoffe, dass nun wirklich alles weg ist. Noch kleine Fragen zum Schluss: Wie kann ich mir sicher sein, dass die Adware endgültig gelöscht wurde? ESET oder irgendwas anderes erneut laufen lassen? Und muss ich jetzt die Passwörter vorsichtshalber ändern? Wie kann ich mir sicher sein, dass während Yontoo auf dem PC war, keine sensiblen Daten von mir gelesen wurden? Kann man wieder das eBanking benutzen? (Yontoo soll ja nicht so harmvoll sein, aber man kann nie wissen, was es im Hintergrund noch runtergeladen hat) Herzlichen Dank für die gemachte Arbeit und die Geduld, lg |
|
09.09.2013, 04:56
| #10 |
| /// the machine /// TB-Ausbilder | Verschiedene Yontoo-Dateien gefunden Passwörter ändern ist nach Befall immer Pflicht, aber das hier war wirklich nur Adware. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.09.2013, 14:30
| #11 |
| | Verschiedene Yontoo-Dateien gefunden Herzlichen Dank für deine Hilfe und die vielen Tipps!! Die Probleme beim Ausschalten und Standbymodus (hängt sich auf) tauchen ab und zu noch auf, ich zweifle nun fast ob es von Yontoo kommt. (Zeitlich hat es aber ziemlich genau dann begonnen, als ich Yontoo entdeckt habe) Auch nachdem ich Chrome ganz deinstalliert habe, ist das Problem noch da. Letze Frage: Was soll ich mit den beiden Yontoo.a im KasperskyLab\safebrowser machen? Löschen oder sein lassen? ESET sagt, es sei noch da... (das neuste Logfile hab ich noch) Es tut mir leid, dass ich dich wieder störe! Ich möchte einfach, dass meine Mutter sich garantiert keine Sorgen wegen ihrem Computer macht wenn sie plötzlich Probleme beim Ausschalten / Standby merkt |
|
09.09.2013, 17:31
| #12 | |
| /// the machine /// TB-Ausbilder | Verschiedene Yontoo-Dateien gefunden Die kannste einfach löschen. Das ist nur Adware, die kann für deine noch bestehenden Probleme nicht verantwortlich sein. Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Verschiedene Yontoo-Dateien gefunden |
| adware/yontoo.gen2, appdatalow, askbar, benutzerdaten, computer, conduitinstaller, device driver, dllhost.exe, explorer, forensic, internet explorer, js/adware.yontoo.a, kaspersky, legales programm, mozilla, preferences, prefetch, pup.optional.conduit, pup.optional.opencandy, pup.optional.speedupmypc.a, pup.optional.tarma.a, registry, services.exe, software, svchost.exe, system, tarma, taskhost.exe, traces, version., windows, winlogon.exe, yontoo |
Linear-Darstellung
