Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren

Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren


Log-Analyse und Auswertung: Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 2 1 2
Alt 29.09.2013, 06:02   #16
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren - Standard

Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren


Also nochmal auf Anfang:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.09.2013, 20:39   #17
dermitdempro
 
Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren - Standard

Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren





Code:
ATTFilter
ComboFix 13-09-28.02 - phil radium 29.09.2013  21:30:45.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.2616 [GMT 2:00]
ausgeführt von:: c:\users\phil radium\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\DSearchLink
c:\programdata\DSearchLink\DSearchLink.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-08-28 bis 2013-09-29  ))))))))))))))))))))))))))))))
.
.
2013-09-29 19:36 . 2013-09-29 19:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-29 19:30 . 2013-09-29 19:30	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{740C03FB-A425-4ADD-84B2-806691C95853}\offreg.dll
2013-09-29 15:22 . 2013-09-29 16:51	4188160	----a-w-	c:\program files (x86)\GUTFEF.tmp
2013-09-29 15:22 . 2013-09-29 15:22	--------	d-----w-	c:\program files (x86)\GUMFEE.tmp
2013-09-29 15:19 . 2013-09-29 15:19	--------	d-----w-	c:\users\phil radium\AppData\Local\Apps
2013-09-29 15:19 . 2013-09-29 15:21	--------	d-----w-	c:\users\phil radium\AppData\Local\Deployment
2013-09-27 10:42 . 2013-09-27 10:55	--------	d-----w-	c:\program files (x86)\MyPC Backup
2013-09-27 10:42 . 2013-09-27 10:42	--------	d-----w-	c:\users\phil radium\AppData\Roaming\UpdaterEX
2013-09-27 10:42 . 2013-09-27 10:42	--------	d-----w-	c:\program files (x86)\Plus-HD-2.3
2013-09-27 10:41 . 2013-09-27 10:41	--------	d-----w-	c:\users\phil radium\AppData\Local\BonanzaDealsLive
2013-09-27 10:41 . 2013-09-27 10:41	--------	d-----w-	c:\programdata\BonanzaDealsLive
2013-09-27 10:41 . 2013-09-27 10:55	--------	d-----w-	c:\program files (x86)\BonanzaDeals
2013-09-27 10:41 . 2013-09-27 10:55	--------	d-----w-	c:\users\phil radium\AppData\Roaming\Systweak
2013-09-27 10:41 . 2013-07-22 14:07	20312	----a-w-	c:\windows\system32\roboot64.exe
2013-09-27 10:41 . 2013-09-27 10:41	--------	d-----w-	c:\users\phil radium\AppData\Roaming\Babylon
2013-09-27 10:41 . 2013-09-27 10:41	--------	d-----w-	c:\programdata\Babylon
2013-09-27 10:37 . 2013-09-05 05:32	9694160	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{740C03FB-A425-4ADD-84B2-806691C95853}\mpengine.dll
2013-09-25 17:48 . 2013-09-25 17:48	9216	----a-w-	c:\windows\system32\drivers\SjtWinIo.sys
2013-09-24 10:16 . 2013-09-24 10:16	--------	d-----w-	c:\users\phil radium\AppData\Roaming\OpenOffice
2013-09-24 09:18 . 2013-09-24 09:18	--------	d-----w-	c:\program files (x86)\OpenOffice 4
2013-09-22 16:37 . 2013-09-22 17:49	--------	d-----w-	c:\users\phil radium\AppData\Local\gtk-2.0
2013-09-22 16:37 . 2013-09-22 16:37	--------	d-----w-	c:\users\phil radium\.thumbnails
2013-09-22 16:36 . 2013-09-22 17:49	--------	d-----w-	c:\users\phil radium\.gimp-2.8
2013-09-22 16:36 . 2013-09-22 16:36	--------	d-----w-	c:\users\phil radium\AppData\Local\gegl-0.2
2013-09-22 16:34 . 2013-09-22 16:35	--------	d-----w-	c:\program files\GIMP 2
2013-09-22 11:37 . 2013-09-29 19:08	--------	d-----w-	c:\programdata\boost_interprocess
2013-09-22 11:07 . 2013-09-22 11:07	--------	d-----w-	c:\windows\ERUNT
2013-09-22 11:00 . 2013-09-22 11:02	--------	d-----w-	C:\AdwCleaner
2013-09-22 10:01 . 2013-09-22 10:01	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-22 10:01 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-09-20 13:17 . 2013-09-20 13:17	--------	d-----w-	c:\program files (x86)\7-Zip
2013-09-20 13:05 . 2013-09-20 13:05	--------	d-----w-	c:\users\phil radium\AppData\Local\Diagnostics
2013-09-20 12:49 . 2013-09-20 12:49	--------	d-----w-	C:\FRST
2013-09-20 10:22 . 2013-09-20 10:24	--------	d-----w-	c:\users\phil radium\AppData\Roaming\Apple Computer
2013-09-20 10:22 . 2013-09-20 10:22	--------	d-----w-	c:\users\phil radium\AppData\Local\Apple Computer
2013-09-20 10:22 . 2012-08-21 11:01	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2013-09-20 10:22 . 2013-09-20 10:22	--------	dc----w-	c:\windows\system32\DRVSTORE
2013-09-20 10:21 . 2013-09-20 10:22	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 10:21 . 2013-09-20 10:21	--------	d-----w-	c:\program files\iPod
2013-09-20 10:21 . 2013-09-20 10:22	--------	d-----w-	c:\program files\iTunes
2013-09-20 10:21 . 2013-09-20 10:22	--------	d-----w-	c:\program files (x86)\iTunes
2013-09-20 10:21 . 2013-09-20 10:21	--------	d-----w-	c:\programdata\Apple Computer
2013-09-20 10:20 . 2013-09-20 10:20	--------	d-----w-	c:\users\phil radium\AppData\Local\Apple
2013-09-20 10:20 . 2013-09-20 10:20	--------	d-----w-	c:\program files (x86)\Apple Software Update
2013-09-20 10:20 . 2013-09-20 10:20	--------	d-----w-	c:\program files\Common Files\Apple
2013-09-20 10:19 . 2013-09-20 10:19	--------	d-----w-	c:\program files (x86)\Bonjour
2013-09-20 10:19 . 2013-09-20 10:19	--------	d-----w-	c:\program files\Bonjour
2013-09-20 10:19 . 2013-09-20 10:21	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2013-09-20 10:19 . 2013-09-20 10:20	--------	d-----w-	c:\programdata\Apple
2013-09-15 16:51 . 2013-09-20 15:03	--------	d-----w-	c:\users\phil radium\AppData\Local\ElevatedDiagnostics
2013-09-15 16:41 . 2013-09-15 16:41	--------	d-----w-	c:\program files (x86)\Benzul
2013-09-12 10:46 . 2013-08-10 05:20	148992	----a-w-	c:\program files\Internet Explorer\jsdebuggeride.dll
2013-09-12 10:37 . 2013-08-02 01:59	3968960	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-09-02 17:01 . 2013-09-22 17:57	--------	d-----w-	c:\users\phil radium\AppData\Roaming\PhotoScape
2013-09-02 17:00 . 2013-09-02 17:01	--------	d-----w-	c:\program files (x86)\PhotoScape
2013-09-02 12:45 . 2013-09-29 10:50	--------	d-----w-	c:\users\phil radium\AppData\Local\Cyberlink
2013-09-02 12:45 . 2013-09-02 12:45	--------	d-----w-	c:\users\Public\CyberLink
2013-09-02 12:45 . 2013-09-02 12:45	--------	d-----w-	c:\users\phil radium\AppData\Roaming\CyberLink
2013-09-02 10:45 . 2013-09-22 20:16	--------	d-----w-	c:\users\phil radium\AppData\Local\Spotify
2013-09-02 10:45 . 2013-09-29 19:08	--------	d-----w-	c:\users\phil radium\AppData\Roaming\Spotify
2013-09-01 21:18 . 2013-09-01 21:18	--------	d-----w-	c:\users\Default\AppData\Local\Adobe
2013-09-01 20:46 . 2013-09-01 20:46	--------	d-----w-	c:\users\phil radium\AppData\Local\Secunia PSI
2013-09-01 20:45 . 2013-09-01 20:45	--------	d-----w-	c:\program files (x86)\Secunia
2013-09-01 20:42 . 2013-09-01 20:42	--------	d-----w-	c:\users\phil radium\AppData\Roaming\Malwarebytes
2013-09-01 20:42 . 2013-09-01 20:42	--------	d-----w-	c:\programdata\Malwarebytes
2013-09-01 20:41 . 2013-09-01 20:41	--------	d-----w-	c:\users\phil radium\AppData\Local\Programs
2013-09-01 20:38 . 2013-09-01 20:39	--------	d-----w-	c:\users\phil radium\AppData\Roaming\WinPatrol
2013-09-01 20:38 . 2013-09-01 20:38	--------	d-----w-	c:\programdata\InstallMate
2013-09-01 20:38 . 2013-09-01 20:38	--------	d-----w-	c:\program files (x86)\BillP Studios
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-19 19:32 . 2013-08-27 17:57	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-19 19:32 . 2013-08-27 17:57	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-12 10:44 . 2013-08-30 09:09	79143768	----a-w-	c:\windows\system32\MRT.exe
2013-09-03 09:19 . 2013-08-27 17:26	81112	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-09-03 09:19 . 2013-08-27 17:23	132088	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-09-03 09:19 . 2013-08-27 17:23	105344	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-08-30 07:30 . 2013-08-30 07:30	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-08-30 07:30 . 2013-08-30 07:30	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-08-30 07:30 . 2013-08-30 07:30	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-08-30 07:30 . 2013-08-30 07:30	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-08-30 07:30 . 2013-08-30 07:30	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-08-30 07:30 . 2013-08-30 07:30	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-08-30 07:30 . 2013-08-30 07:30	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-08-30 07:30 . 2013-08-30 07:30	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-08-30 07:30 . 2013-08-30 07:30	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-08-30 07:30 . 2013-08-30 07:30	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-08-30 07:30 . 2013-08-30 07:30	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-08-30 07:30 . 2013-08-30 07:30	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-08-30 07:30 . 2013-08-30 07:30	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-08-30 07:30 . 2013-08-30 07:30	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-08-30 07:30 . 2013-08-30 07:30	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-08-30 07:30 . 2013-08-30 07:30	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-08-30 07:30 . 2013-08-30 07:30	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-08-30 07:30 . 2013-08-30 07:30	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-08-30 07:30 . 2013-08-30 07:30	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-08-30 07:30 . 2013-08-30 07:30	81408	----a-w-	c:\windows\system32\icardie.dll
2013-08-30 07:30 . 2013-08-30 07:30	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-08-30 07:30 . 2013-08-30 07:30	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-08-30 07:30 . 2013-08-30 07:30	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-08-30 07:30 . 2013-08-30 07:30	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-08-30 07:30 . 2013-08-30 07:30	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-08-30 07:30 . 2013-08-30 07:30	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-08-30 07:30 . 2013-08-30 07:30	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-08-30 07:30 . 2013-08-30 07:30	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-08-30 07:30 . 2013-08-30 07:30	441856	----a-w-	c:\windows\system32\html.iec
2013-08-30 07:30 . 2013-08-30 07:30	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-08-30 07:30 . 2013-08-30 07:30	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-08-30 07:30 . 2013-08-30 07:30	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-08-30 07:30 . 2013-08-30 07:30	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-08-30 07:30 . 2013-08-30 07:30	235008	----a-w-	c:\windows\system32\url.dll
2013-08-30 07:30 . 2013-08-30 07:30	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-08-30 07:30 . 2013-08-30 07:30	216064	----a-w-	c:\windows\system32\msls31.dll
2013-08-30 07:30 . 2013-08-30 07:30	197120	----a-w-	c:\windows\system32\msrating.dll
2013-08-30 07:30 . 2013-08-30 07:30	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-08-30 07:30 . 2013-08-30 07:30	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-08-30 07:30 . 2013-08-30 07:30	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-08-30 07:30 . 2013-08-30 07:30	149504	----a-w-	c:\windows\system32\occache.dll
2013-08-30 07:30 . 2013-08-30 07:30	144896	----a-w-	c:\windows\system32\wextract.exe
2013-08-30 07:30 . 2013-08-30 07:30	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-08-30 07:30 . 2013-08-30 07:30	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-08-30 07:30 . 2013-08-30 07:30	13824	----a-w-	c:\windows\system32\mshta.exe
2013-08-30 07:30 . 2013-08-30 07:30	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-08-30 07:30 . 2013-08-30 07:30	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-08-30 07:30 . 2013-08-30 07:30	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-08-30 07:30 . 2013-08-30 07:30	102912	----a-w-	c:\windows\system32\inseng.dll
2013-08-30 07:29 . 2013-08-30 07:29	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-30 07:29 . 2013-08-30 07:29	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-30 07:29 . 2013-08-30 07:29	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-08-30 07:29 . 2013-08-30 07:29	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-08-30 07:29 . 2013-08-30 07:29	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-30 07:29 . 2013-08-30 07:29	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-30 07:29 . 2013-08-30 07:29	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-30 07:29 . 2013-08-30 07:29	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-30 07:29 . 2013-08-30 07:29	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-08-30 07:29 . 2013-08-30 07:29	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-08-30 07:29 . 2013-08-30 07:29	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-08-30 07:29 . 2013-08-30 07:29	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-30 07:29 . 2013-08-30 07:29	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-30 07:29 . 2013-08-30 07:29	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-08-30 07:29 . 2013-08-30 07:29	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-08-30 07:29 . 2013-08-30 07:29	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-08-30 07:29 . 2013-08-30 07:29	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-30 07:29 . 2013-08-30 07:29	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-30 07:29 . 2013-08-30 07:29	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-08-30 07:29 . 2013-08-30 07:29	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-08-30 07:29 . 2013-08-30 07:29	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-30 07:29 . 2013-08-30 07:29	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-30 07:29 . 2013-08-30 07:29	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-30 07:29 . 2013-08-30 07:29	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-30 07:29 . 2013-08-30 07:29	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-08-30 07:29 . 2013-08-30 07:29	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-08-30 07:29 . 2013-08-30 07:29	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-08-30 07:29 . 2013-08-30 07:29	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-08-30 07:29 . 2013-08-30 07:29	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-30 07:29 . 2013-08-30 07:29	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-30 07:29 . 2013-08-30 07:29	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-08-30 07:29 . 2013-08-30 07:29	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-08-30 07:29 . 2013-08-30 07:29	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-08-30 07:29 . 2013-08-30 07:29	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-08-30 07:29 . 2013-08-30 07:29	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-08-30 07:29 . 2013-08-30 07:29	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-08-30 07:29 . 2013-08-30 07:29	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-08-30 07:29 . 2013-08-30 07:29	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-08-30 07:29 . 2013-08-30 07:29	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-08-30 07:29 . 2013-08-30 07:29	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-08-30 07:29 . 2013-08-30 07:29	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2013-08-30 07:29 . 2013-08-30 07:29	1238528	----a-w-	c:\windows\system32\d3d10.dll
2013-08-30 07:29 . 2013-08-30 07:29	1175552	----a-w-	c:\windows\system32\FntCache.dll
2013-08-30 07:29 . 2013-08-30 07:29	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-08-30 07:29 . 2013-08-30 07:29	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311341126}]
2013-09-27 10:42	752488	----a-w-	c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-06 39408]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-08-13 439360]
"Spotify"="c:\users\phil radium\AppData\Roaming\Spotify\Spotify.exe" [2013-09-02 4640768]
"Spotify Web Helper"="c:\users\phil radium\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-09-02 1104384]
"Benzul Activator"="c:\program files (x86)\Benzul\Activator\ascwx.exe" [2012-12-10 4379648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-03 347192]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-17 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2013/08/27 17:33];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl;c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 SjtWinIo;SJT I/O Driver;c:\windows\system32\DRIVERS\SjtWinIo.sys;c:\windows\SYSNATIVE\DRIVERS\SjtWinIo.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-27 19:32]
.
2013-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-27 17:04]
.
2013-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-27 17:04]
.
2013-09-29 c:\windows\Tasks\Plus-HD-2.3-chromeinstaller.job
- c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe [2013-09-27 10:42]
.
2013-09-29 c:\windows\Tasks\Plus-HD-2.3-codedownloader.job
- c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe [2013-09-27 10:42]
.
2013-09-29 c:\windows\Tasks\Plus-HD-2.3-enabler.job
- c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe [2013-09-27 10:42]
.
2013-09-29 c:\windows\Tasks\Plus-HD-2.3-firefoxinstaller.job
- c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe [2013-09-27 10:42]
.
2013-09-29 c:\windows\Tasks\Plus-HD-2.3-updater.job
- c:\program files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe [2013-09-27 10:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:58	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-07 17412200]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 861216]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=AEF3C44619433406&affID=119357&tt=250913_nocpn&tsp=5018
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
Toolbar-Locked - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-29  21:38:15
ComboFix-quarantined-files.txt  2013-09-29 19:38
ComboFix2.txt  2013-09-20 15:20
.
Vor Suchlauf: 15 Verzeichnis(se), 436.093.493.248 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 436.318.212.096 Bytes frei
.
- - End Of File - - 6810C198586DF796A89569C74D782ED6
__________________
Alt 30.09.2013, 09:02   #18
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren - Standard

Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
__________________
Alt 01.10.2013, 11:52   #19
dermitdempro
 
Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren - Standard

Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren


also dann mal los
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.01.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
phil radium :: PHILRADIUM-PC [Administrator]

01.10.2013 11:27:57
mbam-log-2013-10-01 (11-27-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 342392
Laufzeit: 56 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 16
HKCR\CLSID\{11111111-1111-1111-1111-110311341126} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341126} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311341126} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311341126} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341126} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0033426.BHO (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0033426.Sandbox (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CrossriderApp0033426.Sandbox.1 (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\InstalledBrowserExtensions\Plus HD (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\babylontoolbar (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Plus-HD-2.3 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.3 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0L1N1H2O1S -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage.A) -> Bösartig: (hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=AEF3C44619433406&affID=119357&tt=250913_nocpn&tsp=5018) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 2
C:\Users\phil radium\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-2.3 (PUP.Optional.PlusHD.A) -> Löschen bei Neustart.

Infizierte Dateien: 26
C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll (PUP.Optional.PlusHD.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-bg.exe (PUP.Optional.PlusHD.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-buttonutil.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-buttonutil64.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-firefoxinstaller.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-2.3\utils.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Plus-HD-2.3-enabler.job (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Plus-HD-2.3-firefoxinstaller.job (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Plus-HD-2.3-updater.job (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\phil radium\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-2.3\33426.crx (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-2.3\33426.xpi (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-2.3\background.html (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-2.3\Installer.log (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-buttonutil.dll (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-buttonutil64.dll (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-helper.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3.ico (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-2.3\Uninstall.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
ATTFilter
# AdwCleaner v3.006 - Bericht erstellt am 01/10/2013 um 12:34:25
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : phil radium - PHILRADIUM-PC
# Gestartet von : C:\Users\phil radium\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BonanzaDealsLive
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDealsLive
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup 
Ordner Gelöscht : C:\Users\phil radium\AppData\Local\BonanzaDealsLive
Ordner Gelöscht : C:\Users\PHILRA~1\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\phil radium\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\phil radium\AppData\Roaming\Mozilla\Firefox\Profiles\rhswmh3v.default\Extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
Ordner Gelöscht : C:\Users\phil radium\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\phil radium\AppData\Roaming\Mozilla\Firefox\Profiles\rhswmh3v.default\\invalidprefs.js
Datei Gelöscht : C:\Users\phil radium\AppData\Roaming\Mozilla\Firefox\Profiles\rhswmh3v.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\a5388dab66ae548
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B424109-6F99-4306-8F2B-0B2BB1C8C415}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C0EB0A9-265F-4D9D-AF96-0EF2403A73E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DF046E1-80F7-43E0-80C0-0AD696799C8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0FD0502-5878-441D-A3C0-9A4531C526CB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3E46008-1902-41A7-91C7-26EC6E0B66D2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-2.3
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v

[ Datei : C:\Users\phil radium\AppData\Roaming\Mozilla\Firefox\Profiles\rhswmh3v.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "1415f0e689f3c7f7dabe8ad8570f5dd6");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.bbDpng", "27");
Zeile gelöscht : user_pref("extensions.delta.cntry", "DE");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.hdrMd5", "DD3AF7B43B024BD39FDB8E6BE6EAB61E");
Zeile gelöscht : user_pref("extensions.delta.id", "aef32f99000000000000c44619433406");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15975");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.24.612:42:03");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.sg", "azb");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.612:42:03");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=250913_nocpn&tsp=5018");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");

*************************

AdwCleaner[R0].txt - [3623 octets] - [22/09/2013 13:00:33]
AdwCleaner[R1].txt - [5743 octets] - [01/10/2013 12:28:45]
AdwCleaner[S0].txt - [3425 octets] - [22/09/2013 13:01:59]
AdwCleaner[S1].txt - [5381 octets] - [01/10/2013 12:34:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5441 octets] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by phil radium on 01.10.2013 at 12:41:02,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3430076251-3564822088-1984558500-1001\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322342226}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355345526}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366346626}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322342226}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550355345526}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366346626}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550355345526}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550355345526}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366346626}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.10.2013 at 12:46:44,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02
Ran by phil radium (administrator) on PHILRADIUM-PC on 01-10-2013 12:48:43
Running from C:\Users\phil radium\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Spotify Ltd) C:\Users\phil radium\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Benzul\Activator\ascwx.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-13] (BillP Studios)
HKCU\...\Run: [Spotify] - C:\Users\phil radium\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-09-02] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\phil radium\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-09-02] (Spotify Ltd)
HKCU\...\Run: [Benzul Activator] - C:\Program Files (x86)\Benzul\Activator\ascwx.exe [4379648 2012-12-10] ()
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-10-01] ()
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 -  No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\phil radium\AppData\Roaming\Mozilla\Firefox\Profiles\rhswmh3v.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\phil radium\AppData\Roaming\Mozilla\Firefox\Profiles\rhswmh3v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKCU\...\Firefox\Extensions: [{450ef4aa-3d18-4b12-8d9f-ecc17330b054}] - C:\Program Files (x86)\LyricsSeeker\131.xpi

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [lgoiojnjnacbjngolldkokokgpcjbgjj] - C:\Program Files (x86)\LyricsSeeker\131.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-10-01] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 SjtWinIo; C:\Windows\System32\DRIVERS\SjtWinIo.sys [9216 2013-09-25] (SpeedJet Technology INC.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-01 12:46 - 2013-10-01 12:46 - 00002065 _____ C:\Users\phil radium\Desktop\JRT.txt
2013-10-01 12:41 - 2013-10-01 12:41 - 00001189 _____ C:\Users\phil radium\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2013-10-01 12:40 - 2013-10-01 12:41 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-10-01 12:38 - 2013-10-01 12:38 - 00005529 _____ C:\Users\phil radium\Desktop\AdwCleaner[S1].txt
2013-10-01 10:57 - 2013-10-01 10:57 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-01 10:50 - 2013-10-01 10:52 - 01030305 _____ (Thisisu) C:\Users\phil radium\Desktop\JRT.exe
2013-10-01 10:46 - 2013-10-01 10:50 - 01045226 _____ C:\Users\phil radium\Desktop\adwcleaner.exe
2013-10-01 10:26 - 2013-10-01 10:43 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\phil radium\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-29 21:38 - 2013-09-29 21:38 - 00032833 _____ C:\ComboFix.txt
2013-09-29 21:11 - 2013-09-29 21:29 - 05130789 ____R (Swearware) C:\Users\phil radium\Desktop\ComboFix.exe
2013-09-29 17:22 - 2013-09-29 18:51 - 04188160 _____ C:\Program Files (x86)\GUTFEF.tmp
2013-09-29 17:22 - 2013-09-29 17:22 - 00000000 ____D C:\Program Files (x86)\GUMFEE.tmp
2013-09-29 17:19 - 2013-09-29 17:21 - 00000000 ____D C:\Users\phil radium\AppData\Local\Deployment
2013-09-29 17:19 - 2013-09-29 17:19 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apps\2.0
2013-09-28 17:52 - 2013-09-28 17:56 - 01953880 _____ (Farbar) C:\Users\phil radium\Desktop\FRST64.exe
2013-09-28 17:24 - 2013-09-28 17:24 - 00001097 _____ C:\Users\phil radium\Desktop\Continue Firefox Installation.lnk
2013-09-27 13:08 - 2013-09-28 16:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 12:42 - 2013-09-27 12:42 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\UpdaterEX
2013-09-27 12:41 - 2013-09-27 12:55 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-27 12:41 - 2013-09-27 12:41 - 22404568 _____ (Mozilla) C:\Users\phil radium\Downloads\Firefox_Setup [1].exe
2013-09-25 19:48 - 2013-09-25 19:48 - 00009216 _____ (SpeedJet Technology INC.) C:\Windows\system32\Drivers\SjtWinIo.sys
2013-09-24 18:11 - 2013-09-24 18:11 - 363183653 _____ C:\Windows\MEMORY.DMP
2013-09-24 18:11 - 2013-09-24 18:11 - 00291960 _____ C:\Windows\Minidump\092413-18876-01.dmp
2013-09-24 18:11 - 2013-09-24 18:11 - 00000000 ____D C:\Windows\Minidump
2013-09-24 15:41 - 2013-09-24 15:41 - 97531747 _____ C:\Windows\SysWOW64\�鐛Š
2013-09-24 12:50 - 2013-09-24 12:50 - 00014623 _____ C:\Users\phil radium\Documents\phyik nachhilfe.odt
2013-09-24 12:16 - 2013-09-24 12:16 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\OpenOffice
2013-09-24 11:18 - 2013-09-24 11:18 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-24 11:18 - 2013-09-24 11:18 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-24 11:16 - 2013-09-24 11:16 - 00000000 ____D C:\Users\phil radium\Desktop\OpenOffice 4.0.0 (de) Installation Files
2013-09-24 07:29 - 2013-09-24 07:29 - 98848089 _____ C:\Windows\SysWOW64\ꗑV
2013-09-22 19:49 - 2013-09-22 19:49 - 00004008 _____ C:\Users\phil radium\AppData\Local\recently-used.xbel
2013-09-22 19:05 - 2013-09-26 12:55 - 00000000 ____D C:\Users\phil radium\Desktop\Originals
2013-09-22 19:04 - 2013-09-22 19:04 - 00028672 ____H C:\Users\phil radium\Downloads\photothumb.db
2013-09-22 18:37 - 2013-09-22 19:49 - 00000000 ____D C:\Users\phil radium\AppData\Local\gtk-2.0
2013-09-22 18:37 - 2013-09-22 18:37 - 00000000 ____D C:\Users\phil radium\.thumbnails
2013-09-22 18:36 - 2013-09-22 19:49 - 00000000 ____D C:\Users\phil radium\.gimp-2.8
2013-09-22 18:36 - 2013-09-22 18:36 - 00000000 ____D C:\Users\phil radium\AppData\Local\gegl-0.2
2013-09-22 18:34 - 2013-09-22 18:35 - 00000000 ____D C:\Program Files\GIMP 2
2013-09-22 13:07 - 2013-09-22 13:07 - 00000000 ____D C:\Windows\ERUNT
2013-09-22 13:00 - 2013-10-01 12:34 - 00000000 ____D C:\AdwCleaner
2013-09-22 12:01 - 2013-10-01 10:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-22 12:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-20 17:13 - 2013-09-29 21:38 - 00000000 ____D C:\Qoobox
2013-09-20 17:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-20 17:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-20 17:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-20 17:12 - 2013-09-20 17:19 - 00000000 ____D C:\Windows\erdnt
2013-09-20 15:17 - 2013-09-20 15:17 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-20 14:49 - 2013-09-20 14:49 - 00000000 ____D C:\FRST
2013-09-20 14:48 - 2013-09-20 14:48 - 00000000 _____ C:\Users\phil radium\defogger_reenable
2013-09-20 12:22 - 2013-09-20 12:24 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\Apple Computer
2013-09-20 12:22 - 2013-09-20 12:22 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apple Computer
2013-09-20 12:22 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-09-20 12:21 - 2013-09-20 12:22 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 12:21 - 2013-09-20 12:22 - 00000000 ____D C:\Program Files\iTunes
2013-09-20 12:21 - 2013-09-20 12:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files\iPod
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apple
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-20 12:19 - 2013-09-20 12:20 - 00000000 ____D C:\ProgramData\Apple
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files\Bonjour
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-20 12:18 - 2013-09-20 12:19 - 97176400 _____ (Apple Inc.) C:\Users\phil radium\Downloads\iTunes64Setup.exe
2013-09-20 12:17 - 2013-09-20 12:17 - 95405392 _____ (Apple Inc.) C:\Users\phil radium\Downloads\iTunesSetup.exe
2013-09-17 11:00 - 2013-09-17 11:00 - 97931385 _____ C:\Windows\SysWOW64\㼡
2013-09-15 18:41 - 2013-09-15 18:41 - 01690502 _____ (                                                            ) C:\Users\phil radium\Downloads\ActivatorSetup.exe
2013-09-15 18:41 - 2013-09-15 18:41 - 00000000 ____D C:\Users\phil radium\Documents\AndroidSC
2013-09-15 18:41 - 2013-09-15 18:41 - 00000000 ____D C:\Program Files (x86)\Benzul
2013-09-15 18:37 - 2013-09-15 18:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-09-13 10:37 - 2013-09-13 10:37 - 97446370 _____ C:\Windows\SysWOW64\鐙峭Œ
2013-09-12 12:47 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 12:47 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 12:47 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 12:47 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 12:47 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 12:47 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 12:46 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 12:46 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 12:46 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 12:46 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 12:46 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 12:46 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 12:46 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 12:37 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 12:37 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 12:37 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 12:37 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 12:37 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 12:37 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 12:37 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 12:37 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 12:37 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 12:37 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 12:37 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 12:37 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 12:37 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 12:37 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 12:37 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 12:37 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 12:37 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 12:37 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 12:37 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 12:37 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 12:37 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 12:37 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:37 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 12:37 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 12:37 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 12:37 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-07 14:38 - 2013-09-07 14:38 - 96511910 _____ C:\Windows\SysWOW64\痻븛u
2013-09-05 14:13 - 2013-09-05 14:13 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-09-02 19:01 - 2013-09-29 18:47 - 00025600 ____H C:\Users\phil radium\Desktop\photothumb.db
2013-09-02 19:01 - 2013-09-22 19:57 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\PhotoScape
2013-09-02 19:00 - 2013-09-02 19:01 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-09-02 14:45 - 2013-09-29 12:50 - 00000000 ____D C:\Users\phil radium\AppData\Local\Cyberlink
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\phil radium\Documents\CyberLink
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\CyberLink
2013-09-02 12:45 - 2013-10-01 12:38 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\Spotify
2013-09-02 12:45 - 2013-09-22 22:16 - 00000000 ____D C:\Users\phil radium\AppData\Local\Spotify
2013-09-02 12:45 - 2013-09-02 12:45 - 00001801 _____ C:\Users\phil radium\Desktop\Spotify.lnk
2013-09-02 12:45 - 2013-09-02 12:45 - 00001787 _____ C:\Users\phil radium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-09-02 12:44 - 2013-09-02 12:44 - 00092776 _____ (Spotify Ltd) C:\Users\phil radium\Downloads\SpotifySetup.exe
2013-09-01 23:18 - 2013-09-01 23:18 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2013-09-01 23:18 - 2013-09-01 23:18 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2013-09-01 23:16 - 2013-09-01 23:16 - 02434048 _____ C:\Users\phil radium\Downloads\msxml.msi
2013-09-01 22:53 - 2013-09-01 22:53 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-09-01 22:53 - 2013-09-01 22:53 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-09-01 22:46 - 2013-09-01 22:46 - 00000000 ____D C:\Users\phil radium\AppData\Local\Secunia PSI
2013-09-01 22:45 - 2013-09-01 22:45 - 03272136 _____ (Secunia) C:\Users\phil radium\Downloads\PSISetup711.exe
2013-09-01 22:45 - 2013-09-01 22:45 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-09-01 22:42 - 2013-09-01 22:42 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\Malwarebytes
2013-09-01 22:42 - 2013-09-01 22:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-01 22:41 - 2013-09-01 22:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\phil radium\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-01 22:38 - 2013-09-01 22:39 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\WinPatrol
2013-09-01 22:38 - 2013-09-01 22:38 - 00922152 _____ (BillP Studios) C:\Users\phil radium\Downloads\wpsetup.exe
2013-09-01 22:38 - 2013-09-01 22:38 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-01 22:38 - 2013-09-01 22:38 - 00000000 ____D C:\Program Files (x86)\BillP Studios

==================== One Month Modified Files and Folders =======

2013-10-01 12:46 - 2013-10-01 12:46 - 00002065 _____ C:\Users\phil radium\Desktop\JRT.txt
2013-10-01 12:44 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-01 12:44 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-01 12:41 - 2013-10-01 12:41 - 00001189 _____ C:\Users\phil radium\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2013-10-01 12:41 - 2013-10-01 12:40 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-10-01 12:38 - 2013-10-01 12:38 - 00005529 _____ C:\Users\phil radium\Desktop\AdwCleaner[S1].txt
2013-10-01 12:38 - 2013-09-02 12:45 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\Spotify
2013-10-01 12:38 - 2013-08-27 19:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-01 12:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-01 12:36 - 2009-07-14 06:51 - 00038247 _____ C:\Windows\setupact.log
2013-10-01 12:35 - 2013-08-27 17:04 - 01249876 _____ C:\Windows\WindowsUpdate.log
2013-10-01 12:34 - 2013-09-22 13:00 - 00000000 ____D C:\AdwCleaner
2013-10-01 12:32 - 2013-08-27 19:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-01 12:25 - 2013-08-27 17:01 - 00137632 _____ C:\Windows\PFRO.log
2013-10-01 12:14 - 2013-08-27 19:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-01 11:41 - 2013-08-27 19:26 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-01 11:41 - 2013-08-27 19:23 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-01 11:41 - 2013-08-27 19:23 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-01 11:41 - 2013-08-27 19:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-01 10:57 - 2013-10-01 10:57 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-01 10:57 - 2013-09-22 12:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-01 10:52 - 2013-10-01 10:50 - 01030305 _____ (Thisisu) C:\Users\phil radium\Desktop\JRT.exe
2013-10-01 10:50 - 2013-10-01 10:46 - 01045226 _____ C:\Users\phil radium\Desktop\adwcleaner.exe
2013-10-01 10:43 - 2013-10-01 10:26 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\phil radium\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-29 21:38 - 2013-09-29 21:38 - 00032833 _____ C:\ComboFix.txt
2013-09-29 21:38 - 2013-09-20 17:13 - 00000000 ____D C:\Qoobox
2013-09-29 21:36 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-29 21:29 - 2013-09-29 21:11 - 05130789 ____R (Swearware) C:\Users\phil radium\Desktop\ComboFix.exe
2013-09-29 18:51 - 2013-09-29 17:22 - 04188160 _____ C:\Program Files (x86)\GUTFEF.tmp
2013-09-29 18:47 - 2013-09-02 19:01 - 00025600 ____H C:\Users\phil radium\Desktop\photothumb.db
2013-09-29 17:22 - 2013-09-29 17:22 - 00000000 ____D C:\Program Files (x86)\GUMFEE.tmp
2013-09-29 17:21 - 2013-09-29 17:19 - 00000000 ____D C:\Users\phil radium\AppData\Local\Deployment
2013-09-29 17:19 - 2013-09-29 17:19 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apps\2.0
2013-09-29 12:50 - 2013-09-02 14:45 - 00000000 ____D C:\Users\phil radium\AppData\Local\Cyberlink
2013-09-28 17:56 - 2013-09-28 17:52 - 01953880 _____ (Farbar) C:\Users\phil radium\Desktop\FRST64.exe
2013-09-28 17:24 - 2013-09-28 17:24 - 00001097 _____ C:\Users\phil radium\Desktop\Continue Firefox Installation.lnk
2013-09-28 16:33 - 2013-09-27 13:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 13:09 - 2013-08-27 19:04 - 00000000 ____D C:\Users\phil radium\AppData\Local\Mozilla
2013-09-27 12:55 - 2013-09-27 12:41 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-27 12:55 - 2013-08-27 17:15 - 00000000 ___RD C:\Users\phil radium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-27 12:42 - 2013-09-27 12:42 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\UpdaterEX
2013-09-27 12:41 - 2013-09-27 12:41 - 22404568 _____ (Mozilla) C:\Users\phil radium\Downloads\Firefox_Setup [1].exe
2013-09-27 12:41 - 2013-08-27 19:02 - 00000000 ____D C:\Users\phil radium\AppData\Local\Google
2013-09-26 12:55 - 2013-09-22 19:05 - 00000000 ____D C:\Users\phil radium\Desktop\Originals
2013-09-26 12:55 - 2013-08-29 19:04 - 00000000 ____D C:\Users\phil radium\Desktop\tattoo
2013-09-25 20:13 - 2013-08-28 02:57 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-09-25 20:13 - 2013-08-28 02:57 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-09-25 20:13 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-25 19:48 - 2013-09-25 19:48 - 00009216 _____ (SpeedJet Technology INC.) C:\Windows\system32\Drivers\SjtWinIo.sys
2013-09-24 18:11 - 2013-09-24 18:11 - 363183653 _____ C:\Windows\MEMORY.DMP
2013-09-24 18:11 - 2013-09-24 18:11 - 00291960 _____ C:\Windows\Minidump\092413-18876-01.dmp
2013-09-24 18:11 - 2013-09-24 18:11 - 00000000 ____D C:\Windows\Minidump
2013-09-24 15:41 - 2013-09-24 15:41 - 97531747 _____ C:\Windows\SysWOW64\�鐛Š
2013-09-24 15:40 - 2013-08-27 17:13 - 00064024 _____ C:\Users\phil radium\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-24 15:39 - 2009-07-14 06:45 - 00294712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-24 12:50 - 2013-09-24 12:50 - 00014623 _____ C:\Users\phil radium\Documents\phyik nachhilfe.odt
2013-09-24 12:16 - 2013-09-24 12:16 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\OpenOffice
2013-09-24 11:18 - 2013-09-24 11:18 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-24 11:18 - 2013-09-24 11:18 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-24 11:17 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-24 11:16 - 2013-09-24 11:16 - 00000000 ____D C:\Users\phil radium\Desktop\OpenOffice 4.0.0 (de) Installation Files
2013-09-24 07:29 - 2013-09-24 07:29 - 98848089 _____ C:\Windows\SysWOW64\ꗑV
2013-09-22 22:16 - 2013-09-02 12:45 - 00000000 ____D C:\Users\phil radium\AppData\Local\Spotify
2013-09-22 19:57 - 2013-09-02 19:01 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\PhotoScape
2013-09-22 19:49 - 2013-09-22 19:49 - 00004008 _____ C:\Users\phil radium\AppData\Local\recently-used.xbel
2013-09-22 19:49 - 2013-09-22 18:37 - 00000000 ____D C:\Users\phil radium\AppData\Local\gtk-2.0
2013-09-22 19:49 - 2013-09-22 18:36 - 00000000 ____D C:\Users\phil radium\.gimp-2.8
2013-09-22 19:04 - 2013-09-22 19:04 - 00028672 ____H C:\Users\phil radium\Downloads\photothumb.db
2013-09-22 18:37 - 2013-09-22 18:37 - 00000000 ____D C:\Users\phil radium\.thumbnails
2013-09-22 18:37 - 2013-08-27 17:13 - 00000000 ____D C:\Users\phil radium
2013-09-22 18:36 - 2013-09-22 18:36 - 00000000 ____D C:\Users\phil radium\AppData\Local\gegl-0.2
2013-09-22 18:35 - 2013-09-22 18:34 - 00000000 ____D C:\Program Files\GIMP 2
2013-09-22 13:07 - 2013-09-22 13:07 - 00000000 ____D C:\Windows\ERUNT
2013-09-22 12:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-09-20 17:20 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-20 17:19 - 2013-09-20 17:12 - 00000000 ____D C:\Windows\erdnt
2013-09-20 17:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-20 15:17 - 2013-09-20 15:17 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-20 14:49 - 2013-09-20 14:49 - 00000000 ____D C:\FRST
2013-09-20 14:48 - 2013-09-20 14:48 - 00000000 _____ C:\Users\phil radium\defogger_reenable
2013-09-20 12:24 - 2013-09-20 12:22 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\Apple Computer
2013-09-20 12:22 - 2013-09-20 12:22 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apple Computer
2013-09-20 12:22 - 2013-09-20 12:21 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 12:22 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files\iTunes
2013-09-20 12:22 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files\iPod
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apple
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-20 12:20 - 2013-09-20 12:19 - 00000000 ____D C:\ProgramData\Apple
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files\Bonjour
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-20 12:19 - 2013-09-20 12:18 - 97176400 _____ (Apple Inc.) C:\Users\phil radium\Downloads\iTunes64Setup.exe
2013-09-20 12:17 - 2013-09-20 12:17 - 95405392 _____ (Apple Inc.) C:\Users\phil radium\Downloads\iTunesSetup.exe
2013-09-19 21:32 - 2013-08-27 19:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 21:32 - 2013-08-27 19:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 21:32 - 2013-08-27 19:57 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-17 11:00 - 2013-09-17 11:00 - 97931385 _____ C:\Windows\SysWOW64\㼡
2013-09-15 18:41 - 2013-09-15 18:41 - 01690502 _____ (                                                            ) C:\Users\phil radium\Downloads\ActivatorSetup.exe
2013-09-15 18:41 - 2013-09-15 18:41 - 00000000 ____D C:\Users\phil radium\Documents\AndroidSC
2013-09-15 18:41 - 2013-09-15 18:41 - 00000000 ____D C:\Program Files (x86)\Benzul
2013-09-15 18:37 - 2013-09-15 18:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-09-13 17:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 10:37 - 2013-09-13 10:37 - 97446370 _____ C:\Windows\SysWOW64\鐙峭Œ
2013-09-12 13:46 - 2013-08-27 17:15 - 00000000 ___RD C:\Users\phil radium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 12:46 - 2013-08-30 11:09 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 12:44 - 2013-08-30 11:09 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-07 14:38 - 2013-09-07 14:38 - 96511910 _____ C:\Windows\SysWOW64\痻븛u
2013-09-05 14:13 - 2013-09-05 14:13 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-09-03 14:05 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-09-02 19:01 - 2013-09-02 19:00 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-09-02 18:35 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\phil radium\Documents\CyberLink
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\CyberLink
2013-09-02 14:45 - 2013-08-27 17:33 - 00000000 ____D C:\ProgramData\CyberLink
2013-09-02 12:45 - 2013-09-02 12:45 - 00001801 _____ C:\Users\phil radium\Desktop\Spotify.lnk
2013-09-02 12:45 - 2013-09-02 12:45 - 00001787 _____ C:\Users\phil radium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-09-02 12:44 - 2013-09-02 12:44 - 00092776 _____ (Spotify Ltd) C:\Users\phil radium\Downloads\SpotifySetup.exe
2013-09-01 23:18 - 2013-09-01 23:18 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2013-09-01 23:18 - 2013-09-01 23:18 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2013-09-01 23:18 - 2010-05-06 13:42 - 00000000 ____D C:\ProgramData\Adobe
2013-09-01 23:18 - 2010-05-06 13:42 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-01 23:16 - 2013-09-01 23:16 - 02434048 _____ C:\Users\phil radium\Downloads\msxml.msi
2013-09-01 22:53 - 2013-09-01 22:53 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-09-01 22:53 - 2013-09-01 22:53 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-09-01 22:46 - 2013-09-01 22:46 - 00000000 ____D C:\Users\phil radium\AppData\Local\Secunia PSI
2013-09-01 22:45 - 2013-09-01 22:45 - 03272136 _____ (Secunia) C:\Users\phil radium\Downloads\PSISetup711.exe
2013-09-01 22:45 - 2013-09-01 22:45 - 00000000 ____D C:\Program Files (x86)\Secunia
2013-09-01 22:42 - 2013-09-01 22:42 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\Malwarebytes
2013-09-01 22:42 - 2013-09-01 22:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-01 22:41 - 2013-09-01 22:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\phil radium\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-01 22:39 - 2013-09-01 22:38 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\WinPatrol
2013-09-01 22:38 - 2013-09-01 22:38 - 00922152 _____ (BillP Studios) C:\Users\phil radium\Downloads\wpsetup.exe
2013-09-01 22:38 - 2013-09-01 22:38 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-01 22:38 - 2013-09-01 22:38 - 00000000 ____D C:\Program Files (x86)\BillP Studios

Some content of TEMP:
====================
C:\Users\phil radium\AppData\Local\Temp\avgnt.exe
C:\Users\phil radium\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 11:15

==================== End Of Log ============================
--- --- ---

--- --- ---

Alt 01.10.2013, 19:03   #20
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren - Standard

Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 02.10.2013, 17:42   #21
dermitdempro
 
Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren - Standard

Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren


einmal
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fabfff74d055e44a9abdd05ef28fc3f4
# engine=15332
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-02 02:48:20
# local_time=2013-10-02 04:48:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 13471 246148590 6254 0
# compatibility_mode=5893 16776573 100 94 60670 132355150 0 0
# scanned=150860
# found=0
# cleaned=0
# scan_time=3926

zweitemal
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Secunia PSI (3.0.0.7011)   
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 11.8.800.168  
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
und frisch

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by phil radium (administrator) on PHILRADIUM-PC on 02-10-2013 18:35:29
Running from C:\Users\phil radium\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Spotify Ltd) C:\Users\phil radium\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Benzul\Activator\ascwx.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-13] (BillP Studios)
HKCU\...\Run: [Spotify] - C:\Users\phil radium\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-09-02] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\phil radium\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-09-02] (Spotify Ltd)
HKCU\...\Run: [Benzul Activator] - C:\Program Files (x86)\Benzul\Activator\ascwx.exe [4379648 2012-12-10] ()
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 -  No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\phil radium\AppData\Roaming\Mozilla\Firefox\Profiles\rhswmh3v.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\phil radium\AppData\Roaming\Mozilla\Firefox\Profiles\rhswmh3v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKCU\...\Firefox\Extensions: [{450ef4aa-3d18-4b12-8d9f-ecc17330b054}] - C:\Program Files (x86)\LyricsSeeker\131.xpi

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [lgoiojnjnacbjngolldkokokgpcjbgjj] - C:\Program Files (x86)\LyricsSeeker\131.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 SjtWinIo; C:\Windows\System32\DRIVERS\SjtWinIo.sys [9216 2013-09-25] (SpeedJet Technology INC.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-02 18:32 - 2013-10-02 18:35 - 01954124 _____ (Farbar) C:\Users\phil radium\Desktop\FRST64.exe
2013-10-02 18:08 - 2013-10-02 18:27 - 00891144 _____ C:\Users\phil radium\Desktop\SecurityCheck.exe
2013-10-02 13:20 - 2013-10-02 13:20 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-02 13:15 - 2013-10-02 13:20 - 02347384 _____ (ESET) C:\Users\phil radium\Desktop\esetsmartinstaller_enu.exe
2013-10-02 13:04 - 2013-10-02 13:04 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-01 12:46 - 2013-10-01 12:46 - 00002065 _____ C:\Users\phil radium\Desktop\JRT.txt
2013-10-01 12:40 - 2013-10-01 12:41 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-10-01 12:38 - 2013-10-01 12:38 - 00005529 _____ C:\Users\phil radium\Desktop\AdwCleaner[S1].txt
2013-10-01 10:57 - 2013-10-01 10:57 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-01 10:50 - 2013-10-01 10:52 - 01030305 _____ (Thisisu) C:\Users\phil radium\Desktop\JRT.exe
2013-10-01 10:46 - 2013-10-01 10:50 - 01045226 _____ C:\Users\phil radium\Desktop\adwcleaner.exe
2013-10-01 10:26 - 2013-10-01 10:43 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\phil radium\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-29 21:38 - 2013-09-29 21:38 - 00032833 _____ C:\ComboFix.txt
2013-09-29 21:11 - 2013-09-29 21:29 - 05130789 ____R (Swearware) C:\Users\phil radium\Desktop\ComboFix.exe
2013-09-29 17:22 - 2013-09-29 18:51 - 04188160 _____ C:\Program Files (x86)\GUTFEF.tmp
2013-09-29 17:22 - 2013-09-29 17:22 - 00000000 ____D C:\Program Files (x86)\GUMFEE.tmp
2013-09-29 17:19 - 2013-09-29 17:21 - 00000000 ____D C:\Users\phil radium\AppData\Local\Deployment
2013-09-29 17:19 - 2013-09-29 17:19 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apps\2.0
2013-09-28 17:24 - 2013-09-28 17:24 - 00001097 _____ C:\Users\phil radium\Desktop\Continue Firefox Installation.lnk
2013-09-27 13:08 - 2013-09-28 16:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 12:42 - 2013-09-27 12:42 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\UpdaterEX
2013-09-27 12:41 - 2013-09-27 12:55 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-27 12:41 - 2013-09-27 12:41 - 22404568 _____ (Mozilla) C:\Users\phil radium\Downloads\Firefox_Setup [1].exe
2013-09-25 19:48 - 2013-09-25 19:48 - 00009216 _____ (SpeedJet Technology INC.) C:\Windows\system32\Drivers\SjtWinIo.sys
2013-09-24 18:11 - 2013-09-24 18:11 - 363183653 _____ C:\Windows\MEMORY.DMP
2013-09-24 18:11 - 2013-09-24 18:11 - 00291960 _____ C:\Windows\Minidump\092413-18876-01.dmp
2013-09-24 18:11 - 2013-09-24 18:11 - 00000000 ____D C:\Windows\Minidump
2013-09-24 15:41 - 2013-09-24 15:41 - 97531747 _____ C:\Windows\SysWOW64\�鐛Š
2013-09-24 12:50 - 2013-09-24 12:50 - 00014623 _____ C:\Users\phil radium\Documents\phyik nachhilfe.odt
2013-09-24 12:16 - 2013-09-24 12:16 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\OpenOffice
2013-09-24 11:18 - 2013-09-24 11:18 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-24 11:18 - 2013-09-24 11:18 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-24 11:16 - 2013-09-24 11:16 - 00000000 ____D C:\Users\phil radium\Desktop\OpenOffice 4.0.0 (de) Installation Files
2013-09-24 07:29 - 2013-09-24 07:29 - 98848089 _____ C:\Windows\SysWOW64\ꗑV
2013-09-22 19:49 - 2013-09-22 19:49 - 00004008 _____ C:\Users\phil radium\AppData\Local\recently-used.xbel
2013-09-22 19:05 - 2013-09-26 12:55 - 00000000 ____D C:\Users\phil radium\Desktop\Originals
2013-09-22 19:04 - 2013-09-22 19:04 - 00028672 ____H C:\Users\phil radium\Downloads\photothumb.db
2013-09-22 18:37 - 2013-09-22 19:49 - 00000000 ____D C:\Users\phil radium\AppData\Local\gtk-2.0
2013-09-22 18:37 - 2013-09-22 18:37 - 00000000 ____D C:\Users\phil radium\.thumbnails
2013-09-22 18:36 - 2013-09-22 19:49 - 00000000 ____D C:\Users\phil radium\.gimp-2.8
2013-09-22 18:36 - 2013-09-22 18:36 - 00000000 ____D C:\Users\phil radium\AppData\Local\gegl-0.2
2013-09-22 18:34 - 2013-09-22 18:35 - 00000000 ____D C:\Program Files\GIMP 2
2013-09-22 13:07 - 2013-09-22 13:07 - 00000000 ____D C:\Windows\ERUNT
2013-09-22 13:00 - 2013-10-01 12:34 - 00000000 ____D C:\AdwCleaner
2013-09-22 12:01 - 2013-10-01 10:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-22 12:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-20 17:13 - 2013-09-29 21:38 - 00000000 ____D C:\Qoobox
2013-09-20 17:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-20 17:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-20 17:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-20 17:12 - 2013-09-20 17:19 - 00000000 ____D C:\Windows\erdnt
2013-09-20 15:17 - 2013-09-20 15:17 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-20 14:49 - 2013-09-20 14:49 - 00000000 ____D C:\FRST
2013-09-20 14:48 - 2013-09-20 14:48 - 00000000 _____ C:\Users\phil radium\defogger_reenable
2013-09-20 12:22 - 2013-09-20 12:24 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\Apple Computer
2013-09-20 12:22 - 2013-09-20 12:22 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apple Computer
2013-09-20 12:22 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-09-20 12:21 - 2013-09-20 12:22 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 12:21 - 2013-09-20 12:22 - 00000000 ____D C:\Program Files\iTunes
2013-09-20 12:21 - 2013-09-20 12:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files\iPod
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apple
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-20 12:19 - 2013-09-20 12:20 - 00000000 ____D C:\ProgramData\Apple
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files\Bonjour
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-20 12:18 - 2013-09-20 12:19 - 97176400 _____ (Apple Inc.) C:\Users\phil radium\Downloads\iTunes64Setup.exe
2013-09-20 12:17 - 2013-09-20 12:17 - 95405392 _____ (Apple Inc.) C:\Users\phil radium\Downloads\iTunesSetup.exe
2013-09-17 11:00 - 2013-09-17 11:00 - 97931385 _____ C:\Windows\SysWOW64\㼡
2013-09-15 18:41 - 2013-09-15 18:41 - 01690502 _____ (                                                            ) C:\Users\phil radium\Downloads\ActivatorSetup.exe
2013-09-15 18:41 - 2013-09-15 18:41 - 00000000 ____D C:\Users\phil radium\Documents\AndroidSC
2013-09-15 18:41 - 2013-09-15 18:41 - 00000000 ____D C:\Program Files (x86)\Benzul
2013-09-15 18:37 - 2013-09-15 18:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-09-13 10:37 - 2013-09-13 10:37 - 97446370 _____ C:\Windows\SysWOW64\鐙峭Œ
2013-09-12 12:47 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 12:47 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 12:47 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 12:47 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 12:47 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 12:47 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 12:46 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 12:46 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 12:46 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 12:46 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 12:46 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 12:46 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 12:46 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 12:37 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 12:37 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 12:37 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 12:37 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 12:37 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 12:37 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 12:37 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 12:37 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 12:37 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 12:37 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 12:37 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 12:37 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 12:37 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 12:37 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 12:37 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 12:37 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 12:37 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 12:37 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 12:37 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 12:37 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 12:37 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 12:37 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:37 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 12:37 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 12:37 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 12:37 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-07 14:38 - 2013-09-07 14:38 - 96511910 _____ C:\Windows\SysWOW64\痻븛u
2013-09-05 14:13 - 2013-09-05 14:13 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-09-02 19:01 - 2013-10-02 16:33 - 00025600 ____H C:\Users\phil radium\Desktop\photothumb.db
2013-09-02 19:01 - 2013-09-22 19:57 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\PhotoScape
2013-09-02 19:00 - 2013-09-02 19:01 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-09-02 14:45 - 2013-09-29 12:50 - 00000000 ____D C:\Users\phil radium\AppData\Local\Cyberlink
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\phil radium\Documents\CyberLink
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\CyberLink
2013-09-02 12:45 - 2013-10-02 13:04 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\Spotify
2013-09-02 12:45 - 2013-09-22 22:16 - 00000000 ____D C:\Users\phil radium\AppData\Local\Spotify
2013-09-02 12:45 - 2013-09-02 12:45 - 00001801 _____ C:\Users\phil radium\Desktop\Spotify.lnk
2013-09-02 12:45 - 2013-09-02 12:45 - 00001787 _____ C:\Users\phil radium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-09-02 12:44 - 2013-09-02 12:44 - 00092776 _____ (Spotify Ltd) C:\Users\phil radium\Downloads\SpotifySetup.exe

==================== One Month Modified Files and Folders =======

2013-10-02 18:35 - 2013-10-02 18:32 - 01954124 _____ (Farbar) C:\Users\phil radium\Desktop\FRST64.exe
2013-10-02 18:32 - 2013-08-27 19:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-02 18:27 - 2013-10-02 18:08 - 00891144 _____ C:\Users\phil radium\Desktop\SecurityCheck.exe
2013-10-02 18:27 - 2013-08-27 17:04 - 01268526 _____ C:\Windows\WindowsUpdate.log
2013-10-02 18:14 - 2013-08-27 19:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-02 16:33 - 2013-09-02 19:01 - 00025600 ____H C:\Users\phil radium\Desktop\photothumb.db
2013-10-02 13:20 - 2013-10-02 13:20 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-02 13:20 - 2013-10-02 13:15 - 02347384 _____ (ESET) C:\Users\phil radium\Desktop\esetsmartinstaller_enu.exe
2013-10-02 13:10 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-02 13:10 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-02 13:04 - 2013-10-02 13:04 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-02 13:04 - 2013-09-02 12:45 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\Spotify
2013-10-02 13:04 - 2013-08-27 19:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-02 13:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-02 13:02 - 2009-07-14 06:51 - 00038303 _____ C:\Windows\setupact.log
2013-10-01 18:29 - 2013-08-27 20:37 - 00000000 ____D C:\Users\phil radium\AppData\Local\Adobe
2013-10-01 12:46 - 2013-10-01 12:46 - 00002065 _____ C:\Users\phil radium\Desktop\JRT.txt
2013-10-01 12:41 - 2013-10-01 12:40 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-10-01 12:38 - 2013-10-01 12:38 - 00005529 _____ C:\Users\phil radium\Desktop\AdwCleaner[S1].txt
2013-10-01 12:34 - 2013-09-22 13:00 - 00000000 ____D C:\AdwCleaner
2013-10-01 12:25 - 2013-08-27 17:01 - 00137632 _____ C:\Windows\PFRO.log
2013-10-01 11:41 - 2013-08-27 19:26 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-01 11:41 - 2013-08-27 19:23 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-01 11:41 - 2013-08-27 19:23 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-01 11:41 - 2013-08-27 19:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-01 10:57 - 2013-10-01 10:57 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-01 10:57 - 2013-09-22 12:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-01 10:52 - 2013-10-01 10:50 - 01030305 _____ (Thisisu) C:\Users\phil radium\Desktop\JRT.exe
2013-10-01 10:50 - 2013-10-01 10:46 - 01045226 _____ C:\Users\phil radium\Desktop\adwcleaner.exe
2013-10-01 10:43 - 2013-10-01 10:26 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\phil radium\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-29 21:38 - 2013-09-29 21:38 - 00032833 _____ C:\ComboFix.txt
2013-09-29 21:38 - 2013-09-20 17:13 - 00000000 ____D C:\Qoobox
2013-09-29 21:36 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-29 21:29 - 2013-09-29 21:11 - 05130789 ____R (Swearware) C:\Users\phil radium\Desktop\ComboFix.exe
2013-09-29 18:51 - 2013-09-29 17:22 - 04188160 _____ C:\Program Files (x86)\GUTFEF.tmp
2013-09-29 17:22 - 2013-09-29 17:22 - 00000000 ____D C:\Program Files (x86)\GUMFEE.tmp
2013-09-29 17:21 - 2013-09-29 17:19 - 00000000 ____D C:\Users\phil radium\AppData\Local\Deployment
2013-09-29 17:19 - 2013-09-29 17:19 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apps\2.0
2013-09-29 12:50 - 2013-09-02 14:45 - 00000000 ____D C:\Users\phil radium\AppData\Local\Cyberlink
2013-09-28 17:24 - 2013-09-28 17:24 - 00001097 _____ C:\Users\phil radium\Desktop\Continue Firefox Installation.lnk
2013-09-28 16:33 - 2013-09-27 13:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 13:09 - 2013-08-27 19:04 - 00000000 ____D C:\Users\phil radium\AppData\Local\Mozilla
2013-09-27 12:55 - 2013-09-27 12:41 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-27 12:55 - 2013-08-27 17:15 - 00000000 ___RD C:\Users\phil radium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-27 12:42 - 2013-09-27 12:42 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\UpdaterEX
2013-09-27 12:41 - 2013-09-27 12:41 - 22404568 _____ (Mozilla) C:\Users\phil radium\Downloads\Firefox_Setup [1].exe
2013-09-27 12:41 - 2013-08-27 19:02 - 00000000 ____D C:\Users\phil radium\AppData\Local\Google
2013-09-26 12:55 - 2013-09-22 19:05 - 00000000 ____D C:\Users\phil radium\Desktop\Originals
2013-09-26 12:55 - 2013-08-29 19:04 - 00000000 ____D C:\Users\phil radium\Desktop\tattoo
2013-09-25 20:13 - 2013-08-28 02:57 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-09-25 20:13 - 2013-08-28 02:57 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-09-25 20:13 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-25 19:48 - 2013-09-25 19:48 - 00009216 _____ (SpeedJet Technology INC.) C:\Windows\system32\Drivers\SjtWinIo.sys
2013-09-24 18:11 - 2013-09-24 18:11 - 363183653 _____ C:\Windows\MEMORY.DMP
2013-09-24 18:11 - 2013-09-24 18:11 - 00291960 _____ C:\Windows\Minidump\092413-18876-01.dmp
2013-09-24 18:11 - 2013-09-24 18:11 - 00000000 ____D C:\Windows\Minidump
2013-09-24 15:41 - 2013-09-24 15:41 - 97531747 _____ C:\Windows\SysWOW64\�鐛Š
2013-09-24 15:40 - 2013-08-27 17:13 - 00064024 _____ C:\Users\phil radium\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-24 15:39 - 2009-07-14 06:45 - 00294712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-24 12:50 - 2013-09-24 12:50 - 00014623 _____ C:\Users\phil radium\Documents\phyik nachhilfe.odt
2013-09-24 12:16 - 2013-09-24 12:16 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\OpenOffice
2013-09-24 11:18 - 2013-09-24 11:18 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-24 11:18 - 2013-09-24 11:18 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-24 11:17 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-24 11:16 - 2013-09-24 11:16 - 00000000 ____D C:\Users\phil radium\Desktop\OpenOffice 4.0.0 (de) Installation Files
2013-09-24 07:29 - 2013-09-24 07:29 - 98848089 _____ C:\Windows\SysWOW64\ꗑV
2013-09-22 22:16 - 2013-09-02 12:45 - 00000000 ____D C:\Users\phil radium\AppData\Local\Spotify
2013-09-22 19:57 - 2013-09-02 19:01 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\PhotoScape
2013-09-22 19:49 - 2013-09-22 19:49 - 00004008 _____ C:\Users\phil radium\AppData\Local\recently-used.xbel
2013-09-22 19:49 - 2013-09-22 18:37 - 00000000 ____D C:\Users\phil radium\AppData\Local\gtk-2.0
2013-09-22 19:49 - 2013-09-22 18:36 - 00000000 ____D C:\Users\phil radium\.gimp-2.8
2013-09-22 19:04 - 2013-09-22 19:04 - 00028672 ____H C:\Users\phil radium\Downloads\photothumb.db
2013-09-22 18:37 - 2013-09-22 18:37 - 00000000 ____D C:\Users\phil radium\.thumbnails
2013-09-22 18:37 - 2013-08-27 17:13 - 00000000 ____D C:\Users\phil radium
2013-09-22 18:36 - 2013-09-22 18:36 - 00000000 ____D C:\Users\phil radium\AppData\Local\gegl-0.2
2013-09-22 18:35 - 2013-09-22 18:34 - 00000000 ____D C:\Program Files\GIMP 2
2013-09-22 13:07 - 2013-09-22 13:07 - 00000000 ____D C:\Windows\ERUNT
2013-09-22 12:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-09-20 17:20 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-20 17:19 - 2013-09-20 17:12 - 00000000 ____D C:\Windows\erdnt
2013-09-20 17:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-20 15:17 - 2013-09-20 15:17 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-20 14:49 - 2013-09-20 14:49 - 00000000 ____D C:\FRST
2013-09-20 14:48 - 2013-09-20 14:48 - 00000000 _____ C:\Users\phil radium\defogger_reenable
2013-09-20 12:24 - 2013-09-20 12:22 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\Apple Computer
2013-09-20 12:22 - 2013-09-20 12:22 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apple Computer
2013-09-20 12:22 - 2013-09-20 12:21 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 12:22 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files\iTunes
2013-09-20 12:22 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files\iPod
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apple
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-20 12:20 - 2013-09-20 12:19 - 00000000 ____D C:\ProgramData\Apple
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files\Bonjour
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-20 12:19 - 2013-09-20 12:18 - 97176400 _____ (Apple Inc.) C:\Users\phil radium\Downloads\iTunes64Setup.exe
2013-09-20 12:17 - 2013-09-20 12:17 - 95405392 _____ (Apple Inc.) C:\Users\phil radium\Downloads\iTunesSetup.exe
2013-09-19 21:32 - 2013-08-27 19:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 21:32 - 2013-08-27 19:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 21:32 - 2013-08-27 19:57 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-17 11:00 - 2013-09-17 11:00 - 97931385 _____ C:\Windows\SysWOW64\㼡
2013-09-15 18:41 - 2013-09-15 18:41 - 01690502 _____ (                                                            ) C:\Users\phil radium\Downloads\ActivatorSetup.exe
2013-09-15 18:41 - 2013-09-15 18:41 - 00000000 ____D C:\Users\phil radium\Documents\AndroidSC
2013-09-15 18:41 - 2013-09-15 18:41 - 00000000 ____D C:\Program Files (x86)\Benzul
2013-09-15 18:37 - 2013-09-15 18:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-09-13 17:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 10:37 - 2013-09-13 10:37 - 97446370 _____ C:\Windows\SysWOW64\鐙峭Œ
2013-09-12 13:46 - 2013-08-27 17:15 - 00000000 ___RD C:\Users\phil radium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 12:46 - 2013-08-30 11:09 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 12:44 - 2013-08-30 11:09 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-07 14:38 - 2013-09-07 14:38 - 96511910 _____ C:\Windows\SysWOW64\痻븛u
2013-09-05 14:13 - 2013-09-05 14:13 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-09-03 14:05 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-09-02 19:01 - 2013-09-02 19:00 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-09-02 18:35 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\phil radium\Documents\CyberLink
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\CyberLink
2013-09-02 14:45 - 2013-08-27 17:33 - 00000000 ____D C:\ProgramData\CyberLink
2013-09-02 12:45 - 2013-09-02 12:45 - 00001801 _____ C:\Users\phil radium\Desktop\Spotify.lnk
2013-09-02 12:45 - 2013-09-02 12:45 - 00001787 _____ C:\Users\phil radium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-09-02 12:44 - 2013-09-02 12:44 - 00092776 _____ (Spotify Ltd) C:\Users\phil radium\Downloads\SpotifySetup.exe

Some content of TEMP:
====================
C:\Users\phil radium\AppData\Local\Temp\avgnt.exe
C:\Users\phil radium\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 11:15

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

und frisch

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by phil radium (administrator) on PHILRADIUM-PC on 02-10-2013 18:35:29
Running from C:\Users\phil radium\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Spotify Ltd) C:\Users\phil radium\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Benzul\Activator\ascwx.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-06] (Google Inc.)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-13] (BillP Studios)
HKCU\...\Run: [Spotify] - C:\Users\phil radium\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-09-02] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\phil radium\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-09-02] (Spotify Ltd)
HKCU\...\Run: [Benzul Activator] - C:\Program Files (x86)\Benzul\Activator\ascwx.exe [4379648 2012-12-10] ()
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 -  No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\phil radium\AppData\Roaming\Mozilla\Firefox\Profiles\rhswmh3v.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\phil radium\AppData\Roaming\Mozilla\Firefox\Profiles\rhswmh3v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKCU\...\Firefox\Extensions: [{450ef4aa-3d18-4b12-8d9f-ecc17330b054}] - C:\Program Files (x86)\LyricsSeeker\131.xpi

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [lgoiojnjnacbjngolldkokokgpcjbgjj] - C:\Program Files (x86)\LyricsSeeker\131.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 SjtWinIo; C:\Windows\System32\DRIVERS\SjtWinIo.sys [9216 2013-09-25] (SpeedJet Technology INC.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-02 18:32 - 2013-10-02 18:35 - 01954124 _____ (Farbar) C:\Users\phil radium\Desktop\FRST64.exe
2013-10-02 18:08 - 2013-10-02 18:27 - 00891144 _____ C:\Users\phil radium\Desktop\SecurityCheck.exe
2013-10-02 13:20 - 2013-10-02 13:20 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-02 13:15 - 2013-10-02 13:20 - 02347384 _____ (ESET) C:\Users\phil radium\Desktop\esetsmartinstaller_enu.exe
2013-10-02 13:04 - 2013-10-02 13:04 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-01 12:46 - 2013-10-01 12:46 - 00002065 _____ C:\Users\phil radium\Desktop\JRT.txt
2013-10-01 12:40 - 2013-10-01 12:41 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-10-01 12:38 - 2013-10-01 12:38 - 00005529 _____ C:\Users\phil radium\Desktop\AdwCleaner[S1].txt
2013-10-01 10:57 - 2013-10-01 10:57 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-01 10:50 - 2013-10-01 10:52 - 01030305 _____ (Thisisu) C:\Users\phil radium\Desktop\JRT.exe
2013-10-01 10:46 - 2013-10-01 10:50 - 01045226 _____ C:\Users\phil radium\Desktop\adwcleaner.exe
2013-10-01 10:26 - 2013-10-01 10:43 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\phil radium\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-29 21:38 - 2013-09-29 21:38 - 00032833 _____ C:\ComboFix.txt
2013-09-29 21:11 - 2013-09-29 21:29 - 05130789 ____R (Swearware) C:\Users\phil radium\Desktop\ComboFix.exe
2013-09-29 17:22 - 2013-09-29 18:51 - 04188160 _____ C:\Program Files (x86)\GUTFEF.tmp
2013-09-29 17:22 - 2013-09-29 17:22 - 00000000 ____D C:\Program Files (x86)\GUMFEE.tmp
2013-09-29 17:19 - 2013-09-29 17:21 - 00000000 ____D C:\Users\phil radium\AppData\Local\Deployment
2013-09-29 17:19 - 2013-09-29 17:19 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apps\2.0
2013-09-28 17:24 - 2013-09-28 17:24 - 00001097 _____ C:\Users\phil radium\Desktop\Continue Firefox Installation.lnk
2013-09-27 13:08 - 2013-09-28 16:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 12:42 - 2013-09-27 12:42 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\UpdaterEX
2013-09-27 12:41 - 2013-09-27 12:55 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-27 12:41 - 2013-09-27 12:41 - 22404568 _____ (Mozilla) C:\Users\phil radium\Downloads\Firefox_Setup [1].exe
2013-09-25 19:48 - 2013-09-25 19:48 - 00009216 _____ (SpeedJet Technology INC.) C:\Windows\system32\Drivers\SjtWinIo.sys
2013-09-24 18:11 - 2013-09-24 18:11 - 363183653 _____ C:\Windows\MEMORY.DMP
2013-09-24 18:11 - 2013-09-24 18:11 - 00291960 _____ C:\Windows\Minidump\092413-18876-01.dmp
2013-09-24 18:11 - 2013-09-24 18:11 - 00000000 ____D C:\Windows\Minidump
2013-09-24 15:41 - 2013-09-24 15:41 - 97531747 _____ C:\Windows\SysWOW64\�鐛Š
2013-09-24 12:50 - 2013-09-24 12:50 - 00014623 _____ C:\Users\phil radium\Documents\phyik nachhilfe.odt
2013-09-24 12:16 - 2013-09-24 12:16 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\OpenOffice
2013-09-24 11:18 - 2013-09-24 11:18 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-24 11:18 - 2013-09-24 11:18 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-24 11:16 - 2013-09-24 11:16 - 00000000 ____D C:\Users\phil radium\Desktop\OpenOffice 4.0.0 (de) Installation Files
2013-09-24 07:29 - 2013-09-24 07:29 - 98848089 _____ C:\Windows\SysWOW64\ꗑV
2013-09-22 19:49 - 2013-09-22 19:49 - 00004008 _____ C:\Users\phil radium\AppData\Local\recently-used.xbel
2013-09-22 19:05 - 2013-09-26 12:55 - 00000000 ____D C:\Users\phil radium\Desktop\Originals
2013-09-22 19:04 - 2013-09-22 19:04 - 00028672 ____H C:\Users\phil radium\Downloads\photothumb.db
2013-09-22 18:37 - 2013-09-22 19:49 - 00000000 ____D C:\Users\phil radium\AppData\Local\gtk-2.0
2013-09-22 18:37 - 2013-09-22 18:37 - 00000000 ____D C:\Users\phil radium\.thumbnails
2013-09-22 18:36 - 2013-09-22 19:49 - 00000000 ____D C:\Users\phil radium\.gimp-2.8
2013-09-22 18:36 - 2013-09-22 18:36 - 00000000 ____D C:\Users\phil radium\AppData\Local\gegl-0.2
2013-09-22 18:34 - 2013-09-22 18:35 - 00000000 ____D C:\Program Files\GIMP 2
2013-09-22 13:07 - 2013-09-22 13:07 - 00000000 ____D C:\Windows\ERUNT
2013-09-22 13:00 - 2013-10-01 12:34 - 00000000 ____D C:\AdwCleaner
2013-09-22 12:01 - 2013-10-01 10:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-22 12:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-20 17:13 - 2013-09-29 21:38 - 00000000 ____D C:\Qoobox
2013-09-20 17:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-20 17:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-20 17:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-20 17:12 - 2013-09-20 17:19 - 00000000 ____D C:\Windows\erdnt
2013-09-20 15:17 - 2013-09-20 15:17 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-20 14:49 - 2013-09-20 14:49 - 00000000 ____D C:\FRST
2013-09-20 14:48 - 2013-09-20 14:48 - 00000000 _____ C:\Users\phil radium\defogger_reenable
2013-09-20 12:22 - 2013-09-20 12:24 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\Apple Computer
2013-09-20 12:22 - 2013-09-20 12:22 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apple Computer
2013-09-20 12:22 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-09-20 12:21 - 2013-09-20 12:22 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 12:21 - 2013-09-20 12:22 - 00000000 ____D C:\Program Files\iTunes
2013-09-20 12:21 - 2013-09-20 12:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files\iPod
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apple
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-20 12:19 - 2013-09-20 12:20 - 00000000 ____D C:\ProgramData\Apple
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files\Bonjour
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-20 12:18 - 2013-09-20 12:19 - 97176400 _____ (Apple Inc.) C:\Users\phil radium\Downloads\iTunes64Setup.exe
2013-09-20 12:17 - 2013-09-20 12:17 - 95405392 _____ (Apple Inc.) C:\Users\phil radium\Downloads\iTunesSetup.exe
2013-09-17 11:00 - 2013-09-17 11:00 - 97931385 _____ C:\Windows\SysWOW64\㼡
2013-09-15 18:41 - 2013-09-15 18:41 - 01690502 _____ (                                                            ) C:\Users\phil radium\Downloads\ActivatorSetup.exe
2013-09-15 18:41 - 2013-09-15 18:41 - 00000000 ____D C:\Users\phil radium\Documents\AndroidSC
2013-09-15 18:41 - 2013-09-15 18:41 - 00000000 ____D C:\Program Files (x86)\Benzul
2013-09-15 18:37 - 2013-09-15 18:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-09-13 10:37 - 2013-09-13 10:37 - 97446370 _____ C:\Windows\SysWOW64\鐙峭Œ
2013-09-12 12:47 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 12:47 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 12:47 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 12:47 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 12:47 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 12:47 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 12:46 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 12:46 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 12:46 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 12:46 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 12:46 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 12:46 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 12:46 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 12:37 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 12:37 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 12:37 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 12:37 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 12:37 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 12:37 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 12:37 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 12:37 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 12:37 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 12:37 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 12:37 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 12:37 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 12:37 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 12:37 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 12:37 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 12:37 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 12:37 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 12:37 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 12:37 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 12:37 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 12:37 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 12:37 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:37 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 12:37 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 12:37 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 12:37 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-07 14:38 - 2013-09-07 14:38 - 96511910 _____ C:\Windows\SysWOW64\痻븛u
2013-09-05 14:13 - 2013-09-05 14:13 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-09-02 19:01 - 2013-10-02 16:33 - 00025600 ____H C:\Users\phil radium\Desktop\photothumb.db
2013-09-02 19:01 - 2013-09-22 19:57 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\PhotoScape
2013-09-02 19:00 - 2013-09-02 19:01 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-09-02 14:45 - 2013-09-29 12:50 - 00000000 ____D C:\Users\phil radium\AppData\Local\Cyberlink
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\phil radium\Documents\CyberLink
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\CyberLink
2013-09-02 12:45 - 2013-10-02 13:04 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\Spotify
2013-09-02 12:45 - 2013-09-22 22:16 - 00000000 ____D C:\Users\phil radium\AppData\Local\Spotify
2013-09-02 12:45 - 2013-09-02 12:45 - 00001801 _____ C:\Users\phil radium\Desktop\Spotify.lnk
2013-09-02 12:45 - 2013-09-02 12:45 - 00001787 _____ C:\Users\phil radium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-09-02 12:44 - 2013-09-02 12:44 - 00092776 _____ (Spotify Ltd) C:\Users\phil radium\Downloads\SpotifySetup.exe

==================== One Month Modified Files and Folders =======

2013-10-02 18:35 - 2013-10-02 18:32 - 01954124 _____ (Farbar) C:\Users\phil radium\Desktop\FRST64.exe
2013-10-02 18:32 - 2013-08-27 19:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-02 18:27 - 2013-10-02 18:08 - 00891144 _____ C:\Users\phil radium\Desktop\SecurityCheck.exe
2013-10-02 18:27 - 2013-08-27 17:04 - 01268526 _____ C:\Windows\WindowsUpdate.log
2013-10-02 18:14 - 2013-08-27 19:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-02 16:33 - 2013-09-02 19:01 - 00025600 ____H C:\Users\phil radium\Desktop\photothumb.db
2013-10-02 13:20 - 2013-10-02 13:20 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-02 13:20 - 2013-10-02 13:15 - 02347384 _____ (ESET) C:\Users\phil radium\Desktop\esetsmartinstaller_enu.exe
2013-10-02 13:10 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-02 13:10 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-02 13:04 - 2013-10-02 13:04 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-02 13:04 - 2013-09-02 12:45 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\Spotify
2013-10-02 13:04 - 2013-08-27 19:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-02 13:02 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-02 13:02 - 2009-07-14 06:51 - 00038303 _____ C:\Windows\setupact.log
2013-10-01 18:29 - 2013-08-27 20:37 - 00000000 ____D C:\Users\phil radium\AppData\Local\Adobe
2013-10-01 12:46 - 2013-10-01 12:46 - 00002065 _____ C:\Users\phil radium\Desktop\JRT.txt
2013-10-01 12:41 - 2013-10-01 12:40 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-10-01 12:38 - 2013-10-01 12:38 - 00005529 _____ C:\Users\phil radium\Desktop\AdwCleaner[S1].txt
2013-10-01 12:34 - 2013-09-22 13:00 - 00000000 ____D C:\AdwCleaner
2013-10-01 12:25 - 2013-08-27 17:01 - 00137632 _____ C:\Windows\PFRO.log
2013-10-01 11:41 - 2013-08-27 19:26 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-01 11:41 - 2013-08-27 19:23 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-01 11:41 - 2013-08-27 19:23 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-01 11:41 - 2013-08-27 19:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-01 10:57 - 2013-10-01 10:57 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-01 10:57 - 2013-09-22 12:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-01 10:52 - 2013-10-01 10:50 - 01030305 _____ (Thisisu) C:\Users\phil radium\Desktop\JRT.exe
2013-10-01 10:50 - 2013-10-01 10:46 - 01045226 _____ C:\Users\phil radium\Desktop\adwcleaner.exe
2013-10-01 10:43 - 2013-10-01 10:26 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\phil radium\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-29 21:38 - 2013-09-29 21:38 - 00032833 _____ C:\ComboFix.txt
2013-09-29 21:38 - 2013-09-20 17:13 - 00000000 ____D C:\Qoobox
2013-09-29 21:36 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-29 21:29 - 2013-09-29 21:11 - 05130789 ____R (Swearware) C:\Users\phil radium\Desktop\ComboFix.exe
2013-09-29 18:51 - 2013-09-29 17:22 - 04188160 _____ C:\Program Files (x86)\GUTFEF.tmp
2013-09-29 17:22 - 2013-09-29 17:22 - 00000000 ____D C:\Program Files (x86)\GUMFEE.tmp
2013-09-29 17:21 - 2013-09-29 17:19 - 00000000 ____D C:\Users\phil radium\AppData\Local\Deployment
2013-09-29 17:19 - 2013-09-29 17:19 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apps\2.0
2013-09-29 12:50 - 2013-09-02 14:45 - 00000000 ____D C:\Users\phil radium\AppData\Local\Cyberlink
2013-09-28 17:24 - 2013-09-28 17:24 - 00001097 _____ C:\Users\phil radium\Desktop\Continue Firefox Installation.lnk
2013-09-28 16:33 - 2013-09-27 13:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 13:09 - 2013-08-27 19:04 - 00000000 ____D C:\Users\phil radium\AppData\Local\Mozilla
2013-09-27 12:55 - 2013-09-27 12:41 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-27 12:55 - 2013-08-27 17:15 - 00000000 ___RD C:\Users\phil radium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-27 12:42 - 2013-09-27 12:42 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\UpdaterEX
2013-09-27 12:41 - 2013-09-27 12:41 - 22404568 _____ (Mozilla) C:\Users\phil radium\Downloads\Firefox_Setup [1].exe
2013-09-27 12:41 - 2013-08-27 19:02 - 00000000 ____D C:\Users\phil radium\AppData\Local\Google
2013-09-26 12:55 - 2013-09-22 19:05 - 00000000 ____D C:\Users\phil radium\Desktop\Originals
2013-09-26 12:55 - 2013-08-29 19:04 - 00000000 ____D C:\Users\phil radium\Desktop\tattoo
2013-09-25 20:13 - 2013-08-28 02:57 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-09-25 20:13 - 2013-08-28 02:57 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-09-25 20:13 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-25 19:48 - 2013-09-25 19:48 - 00009216 _____ (SpeedJet Technology INC.) C:\Windows\system32\Drivers\SjtWinIo.sys
2013-09-24 18:11 - 2013-09-24 18:11 - 363183653 _____ C:\Windows\MEMORY.DMP
2013-09-24 18:11 - 2013-09-24 18:11 - 00291960 _____ C:\Windows\Minidump\092413-18876-01.dmp
2013-09-24 18:11 - 2013-09-24 18:11 - 00000000 ____D C:\Windows\Minidump
2013-09-24 15:41 - 2013-09-24 15:41 - 97531747 _____ C:\Windows\SysWOW64\�鐛Š
2013-09-24 15:40 - 2013-08-27 17:13 - 00064024 _____ C:\Users\phil radium\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-24 15:39 - 2009-07-14 06:45 - 00294712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-24 12:50 - 2013-09-24 12:50 - 00014623 _____ C:\Users\phil radium\Documents\phyik nachhilfe.odt
2013-09-24 12:16 - 2013-09-24 12:16 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\OpenOffice
2013-09-24 11:18 - 2013-09-24 11:18 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-24 11:18 - 2013-09-24 11:18 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-24 11:17 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-24 11:16 - 2013-09-24 11:16 - 00000000 ____D C:\Users\phil radium\Desktop\OpenOffice 4.0.0 (de) Installation Files
2013-09-24 07:29 - 2013-09-24 07:29 - 98848089 _____ C:\Windows\SysWOW64\ꗑV
2013-09-22 22:16 - 2013-09-02 12:45 - 00000000 ____D C:\Users\phil radium\AppData\Local\Spotify
2013-09-22 19:57 - 2013-09-02 19:01 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\PhotoScape
2013-09-22 19:49 - 2013-09-22 19:49 - 00004008 _____ C:\Users\phil radium\AppData\Local\recently-used.xbel
2013-09-22 19:49 - 2013-09-22 18:37 - 00000000 ____D C:\Users\phil radium\AppData\Local\gtk-2.0
2013-09-22 19:49 - 2013-09-22 18:36 - 00000000 ____D C:\Users\phil radium\.gimp-2.8
2013-09-22 19:04 - 2013-09-22 19:04 - 00028672 ____H C:\Users\phil radium\Downloads\photothumb.db
2013-09-22 18:37 - 2013-09-22 18:37 - 00000000 ____D C:\Users\phil radium\.thumbnails
2013-09-22 18:37 - 2013-08-27 17:13 - 00000000 ____D C:\Users\phil radium
2013-09-22 18:36 - 2013-09-22 18:36 - 00000000 ____D C:\Users\phil radium\AppData\Local\gegl-0.2
2013-09-22 18:35 - 2013-09-22 18:34 - 00000000 ____D C:\Program Files\GIMP 2
2013-09-22 13:07 - 2013-09-22 13:07 - 00000000 ____D C:\Windows\ERUNT
2013-09-22 12:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-09-20 17:20 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-20 17:19 - 2013-09-20 17:12 - 00000000 ____D C:\Windows\erdnt
2013-09-20 17:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-20 15:17 - 2013-09-20 15:17 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-20 14:49 - 2013-09-20 14:49 - 00000000 ____D C:\FRST
2013-09-20 14:48 - 2013-09-20 14:48 - 00000000 _____ C:\Users\phil radium\defogger_reenable
2013-09-20 12:24 - 2013-09-20 12:22 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\Apple Computer
2013-09-20 12:22 - 2013-09-20 12:22 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apple Computer
2013-09-20 12:22 - 2013-09-20 12:21 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 12:22 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files\iTunes
2013-09-20 12:22 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files\iPod
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Users\phil radium\AppData\Local\Apple
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-20 12:20 - 2013-09-20 12:19 - 00000000 ____D C:\ProgramData\Apple
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files\Bonjour
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-20 12:19 - 2013-09-20 12:18 - 97176400 _____ (Apple Inc.) C:\Users\phil radium\Downloads\iTunes64Setup.exe
2013-09-20 12:17 - 2013-09-20 12:17 - 95405392 _____ (Apple Inc.) C:\Users\phil radium\Downloads\iTunesSetup.exe
2013-09-19 21:32 - 2013-08-27 19:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 21:32 - 2013-08-27 19:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 21:32 - 2013-08-27 19:57 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-17 11:00 - 2013-09-17 11:00 - 97931385 _____ C:\Windows\SysWOW64\㼡
2013-09-15 18:41 - 2013-09-15 18:41 - 01690502 _____ (                                                            ) C:\Users\phil radium\Downloads\ActivatorSetup.exe
2013-09-15 18:41 - 2013-09-15 18:41 - 00000000 ____D C:\Users\phil radium\Documents\AndroidSC
2013-09-15 18:41 - 2013-09-15 18:41 - 00000000 ____D C:\Program Files (x86)\Benzul
2013-09-15 18:37 - 2013-09-15 18:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-09-13 17:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 10:37 - 2013-09-13 10:37 - 97446370 _____ C:\Windows\SysWOW64\鐙峭Œ
2013-09-12 13:46 - 2013-08-27 17:15 - 00000000 ___RD C:\Users\phil radium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 12:46 - 2013-08-30 11:09 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 12:44 - 2013-08-30 11:09 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-07 14:38 - 2013-09-07 14:38 - 96511910 _____ C:\Windows\SysWOW64\痻븛u
2013-09-05 14:13 - 2013-09-05 14:13 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2013-09-03 14:05 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-09-02 19:01 - 2013-09-02 19:00 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-09-02 18:35 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\phil radium\Documents\CyberLink
2013-09-02 14:45 - 2013-09-02 14:45 - 00000000 ____D C:\Users\phil radium\AppData\Roaming\CyberLink
2013-09-02 14:45 - 2013-08-27 17:33 - 00000000 ____D C:\ProgramData\CyberLink
2013-09-02 12:45 - 2013-09-02 12:45 - 00001801 _____ C:\Users\phil radium\Desktop\Spotify.lnk
2013-09-02 12:45 - 2013-09-02 12:45 - 00001787 _____ C:\Users\phil radium\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-09-02 12:44 - 2013-09-02 12:44 - 00092776 _____ (Spotify Ltd) C:\Users\phil radium\Downloads\SpotifySetup.exe

Some content of TEMP:
====================
C:\Users\phil radium\AppData\Local\Temp\avgnt.exe
C:\Users\phil radium\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 11:15

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

hab ich noch Probleme,
mein Internet ist eindeutig langsamer geworden
das äußert sich am meisten durch lange Ladezeiten beim Internetseiten laden
und das sehr lange gebuffert wird
mit Serien und Filmen im Netz schauen ist so nicht mehr.

und Danke für die Reinigung !

Alt 03.10.2013, 07:37   #22
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren - Standard

Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren


Zitat:
mit Serien und Filmen im Netz schauen ist so nicht mehr.
Das ist doch meist illegal

In welchem Browser oder in allen?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 03.10.2013, 12:34   #23
dermitdempro
 
Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren - Standard

Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren


in allen ich habs mit FireFox probiert grade teste ich Google Chrome
ich hab sogar Internet Explorer probiert
der Laptop sagt aber trotzdem das die signalstärke Hervorragend ist

jaaaa najaa legal illegal ......
trotzdem isses ne super ablenkung vom lernen
und ich versuch jetz schon seid 3 tagen die letzte Breaking bad und How i met your mother zu gucken und es klappt nicht,
zum verzweifeln

Alt 04.10.2013, 01:54   #24
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren - Standard

Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren


Router vom strom nehmen für 30 Minuten.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.10.2013, 16:00   #25
dermitdempro
 
Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren - Standard

Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren


hab ich versucht
hat sich leider nichts verbessert
ich hab mich gerade wieder mit dem Internet verbunden da erschien die Warnung das jemand anders die selbe IP Addresse verwendet und ich soll mich an den Netzbetreiber wenden
zapft jemand aus dem Haus unser Internet? wir haben aber ein Passwort
oder wurde mein Laptop gehackt
Fragen über fragen

Alt 08.10.2013, 08:08   #26
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren - Standard

Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren


Haste dich schonmal an den Betreiber gewendet? Die IP nach draussen bekommste von dem.

Mach das mal und poste bitte noch ein frisches FRST log.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.10.2013, 14:35   #27
dermitdempro
 
Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren - Standard

Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by normal (ATTENTION: The logged in user is not administrator) on PHILRADIUM-PC on 09-10-2013 15:30:18
Running from C:\Users\normal\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCC86085DFEC1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 -  No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\normal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263_0
CHR Extension: (Google Docs) - C:\Users\normal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\normal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\normal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\normal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\normal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\normal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [lgoiojnjnacbjngolldkokokgpcjbgjj] - C:\Program Files (x86)\LyricsSeeker\131.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 SjtWinIo; C:\Windows\System32\DRIVERS\SjtWinIo.sys [9216 2013-09-25] (SpeedJet Technology INC.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-08 12:09 - 2013-10-08 12:17 - 01954124 _____ (Farbar) C:\Users\normal\Desktop\FRST64.exe
2013-10-06 12:26 - 2013-10-06 12:27 - 00017793 _____ C:\Users\normal\Desktop\OpenDocument Text (neu).odt
2013-10-06 12:26 - 2013-10-06 12:26 - 00000000 ____D C:\Users\normal\AppData\Roaming\OpenOffice
2013-10-05 21:13 - 2013-10-05 21:13 - 00000000 ____D C:\Users\normal\AppData\Roaming\Avira
2013-10-05 21:09 - 2013-10-05 21:09 - 00000000 ____D C:\Users\normal\AppData\Roaming\Google
2013-10-05 21:08 - 2013-10-05 21:09 - 00000000 ____D C:\Users\normal\AppData\Local\Google
2013-10-05 21:08 - 2013-10-05 21:08 - 00064024 _____ C:\Users\normal\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-05 21:08 - 2013-10-05 21:08 - 00000000 ____D C:\Users\normal\AppData\Roaming\Intel Corporation
2013-10-05 21:08 - 2013-10-05 21:08 - 00000000 ____D C:\Users\normal\AppData\Roaming\Apple Computer
2013-10-05 21:08 - 2013-10-05 21:08 - 00000000 ____D C:\Users\normal\AppData\Local\EgisTec IPS
2013-10-05 21:07 - 2013-10-05 21:09 - 00002263 _____ C:\Users\normal\Desktop\Google Chrome.lnk
2013-10-05 21:07 - 2013-10-05 21:08 - 00000000 ___RD C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-05 21:07 - 2013-10-05 21:08 - 00000000 ___RD C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-05 21:07 - 2013-10-05 21:08 - 00000000 ____D C:\Users\normal\AppData\Local\VirtualStore
2013-10-05 21:07 - 2013-10-05 21:07 - 00001429 _____ C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-05 21:07 - 2013-10-05 21:07 - 00000020 ___SH C:\Users\normal\ntuser.ini
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Vorlagen
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Startmenü
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Netzwerkumgebung
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Lokale Einstellungen
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Eigene Dateien
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Druckumgebung
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Documents\Eigene Musik
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Documents\Eigene Bilder
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\AppData\Local\Verlauf
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\AppData\Local\Anwendungsdaten
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Anwendungsdaten
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 ____D C:\Users\normal\AppData\Roaming\Adobe
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 ____D C:\Users\normal
2013-10-05 21:07 - 2013-09-01 23:18 - 00000000 ____D C:\Users\normal\AppData\Local\Adobe
2013-10-05 21:07 - 2013-09-01 22:53 - 00000000 ____D C:\Users\normal\AppData\Roaming\Macromedia
2013-10-05 21:07 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-05 21:07 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-02 13:04 - 2013-10-05 21:06 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-01 12:40 - 2013-10-01 12:41 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-09-29 21:38 - 2013-09-29 21:38 - 00032833 _____ C:\ComboFix.txt
2013-09-29 17:22 - 2013-09-29 18:51 - 04188160 _____ C:\Program Files (x86)\GUTFEF.tmp
2013-09-29 17:22 - 2013-09-29 17:22 - 00000000 ____D C:\Program Files (x86)\GUMFEE.tmp
2013-09-27 13:08 - 2013-09-28 16:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 12:41 - 2013-09-27 12:55 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-25 19:48 - 2013-09-25 19:48 - 00009216 _____ (SpeedJet Technology INC.) C:\Windows\system32\Drivers\SjtWinIo.sys
2013-09-24 18:11 - 2013-09-24 18:11 - 363183653 _____ C:\Windows\MEMORY.DMP
2013-09-24 18:11 - 2013-09-24 18:11 - 00000000 ____D C:\Windows\Minidump
2013-09-24 15:41 - 2013-09-24 15:41 - 97531747 _____ C:\Windows\SysWOW64\�鐛Š
2013-09-24 11:18 - 2013-09-24 11:18 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-24 11:18 - 2013-09-24 11:18 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-24 07:29 - 2013-09-24 07:29 - 98848089 _____ C:\Windows\SysWOW64\ꗑV
2013-09-22 18:34 - 2013-09-22 18:35 - 00000000 ____D C:\Program Files\GIMP 2
2013-09-22 13:07 - 2013-09-22 13:07 - 00000000 ____D C:\Windows\ERUNT
2013-09-22 13:00 - 2013-10-01 12:34 - 00000000 ____D C:\AdwCleaner
2013-09-22 12:01 - 2013-10-01 10:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-22 12:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-20 17:13 - 2013-09-29 21:38 - 00000000 ____D C:\Qoobox
2013-09-20 17:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-20 17:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-20 17:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-20 17:12 - 2013-09-20 17:19 - 00000000 ____D C:\Windows\erdnt
2013-09-20 15:17 - 2013-09-20 15:17 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-20 14:49 - 2013-09-20 14:49 - 00000000 ____D C:\FRST
2013-09-20 12:22 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-09-20 12:21 - 2013-09-20 12:22 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 12:21 - 2013-09-20 12:22 - 00000000 ____D C:\Program Files\iTunes
2013-09-20 12:21 - 2013-09-20 12:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files\iPod
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-20 12:19 - 2013-09-20 12:20 - 00000000 ____D C:\ProgramData\Apple
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files\Bonjour
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-17 11:00 - 2013-09-17 11:00 - 97931385 _____ C:\Windows\SysWOW64\㼡
2013-09-15 18:41 - 2013-09-15 18:41 - 00000000 ____D C:\Program Files (x86)\Benzul
2013-09-15 18:37 - 2013-09-15 18:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-09-13 10:37 - 2013-09-13 10:37 - 97446370 _____ C:\Windows\SysWOW64\鐙峭Œ
2013-09-12 12:47 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 12:47 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 12:47 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 12:47 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 12:47 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 12:47 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 12:46 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 12:46 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 12:46 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 12:46 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 12:46 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 12:46 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 12:46 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 12:37 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 12:37 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 12:37 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 12:37 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 12:37 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 12:37 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 12:37 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 12:37 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 12:37 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 12:37 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 12:37 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 12:37 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 12:37 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 12:37 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 12:37 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 12:37 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 12:37 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 12:37 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 12:37 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 12:37 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 12:37 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 12:37 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:37 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 12:37 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 12:37 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 12:37 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

==================== One Month Modified Files and Folders =======

2013-10-09 15:28 - 2013-08-27 19:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-09 15:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 15:27 - 2009-07-14 06:51 - 00038527 _____ C:\Windows\setupact.log
2013-10-09 15:26 - 2013-08-27 17:01 - 00138602 _____ C:\Windows\PFRO.log
2013-10-09 00:04 - 2013-08-27 17:04 - 01363283 _____ C:\Windows\WindowsUpdate.log
2013-10-08 23:32 - 2013-08-27 19:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-08 23:14 - 2013-08-27 19:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-08 18:56 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-10-08 12:17 - 2013-10-08 12:09 - 01954124 _____ (Farbar) C:\Users\normal\Desktop\FRST64.exe
2013-10-06 12:27 - 2013-10-06 12:26 - 00017793 _____ C:\Users\normal\Desktop\OpenDocument Text (neu).odt
2013-10-06 12:26 - 2013-10-06 12:26 - 00000000 ____D C:\Users\normal\AppData\Roaming\OpenOffice
2013-10-06 12:17 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-06 12:17 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 21:13 - 2013-10-05 21:13 - 00000000 ____D C:\Users\normal\AppData\Roaming\Avira
2013-10-05 21:09 - 2013-10-05 21:09 - 00000000 ____D C:\Users\normal\AppData\Roaming\Google
2013-10-05 21:09 - 2013-10-05 21:08 - 00000000 ____D C:\Users\normal\AppData\Local\Google
2013-10-05 21:09 - 2013-10-05 21:07 - 00002263 _____ C:\Users\normal\Desktop\Google Chrome.lnk
2013-10-05 21:08 - 2013-10-05 21:08 - 00064024 _____ C:\Users\normal\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-05 21:08 - 2013-10-05 21:08 - 00000000 ____D C:\Users\normal\AppData\Roaming\Intel Corporation
2013-10-05 21:08 - 2013-10-05 21:08 - 00000000 ____D C:\Users\normal\AppData\Roaming\Apple Computer
2013-10-05 21:08 - 2013-10-05 21:08 - 00000000 ____D C:\Users\normal\AppData\Local\EgisTec IPS
2013-10-05 21:08 - 2013-10-05 21:07 - 00000000 ___RD C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-05 21:08 - 2013-10-05 21:07 - 00000000 ___RD C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-05 21:08 - 2013-10-05 21:07 - 00000000 ____D C:\Users\normal\AppData\Local\VirtualStore
2013-10-05 21:07 - 2013-10-05 21:07 - 00001429 _____ C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-05 21:07 - 2013-10-05 21:07 - 00000020 ___SH C:\Users\normal\ntuser.ini
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Vorlagen
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Startmenü
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Netzwerkumgebung
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Lokale Einstellungen
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Eigene Dateien
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Druckumgebung
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Documents\Eigene Musik
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Documents\Eigene Bilder
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\AppData\Local\Verlauf
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\AppData\Local\Anwendungsdaten
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Anwendungsdaten
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 ____D C:\Users\normal\AppData\Roaming\Adobe
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 ____D C:\Users\normal
2013-10-05 21:06 - 2013-10-02 13:04 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-04 23:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-02 21:12 - 2010-05-06 13:37 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-01 12:41 - 2013-10-01 12:40 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-10-01 12:34 - 2013-09-22 13:00 - 00000000 ____D C:\AdwCleaner
2013-10-01 11:41 - 2013-08-27 19:26 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-01 11:41 - 2013-08-27 19:23 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-01 11:41 - 2013-08-27 19:23 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-01 11:41 - 2013-08-27 19:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-01 10:57 - 2013-09-22 12:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-29 21:38 - 2013-09-29 21:38 - 00032833 _____ C:\ComboFix.txt
2013-09-29 21:38 - 2013-09-20 17:13 - 00000000 ____D C:\Qoobox
2013-09-29 21:36 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-29 18:51 - 2013-09-29 17:22 - 04188160 _____ C:\Program Files (x86)\GUTFEF.tmp
2013-09-29 17:22 - 2013-09-29 17:22 - 00000000 ____D C:\Program Files (x86)\GUMFEE.tmp
2013-09-28 16:33 - 2013-09-27 13:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 12:55 - 2013-09-27 12:41 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-25 20:13 - 2013-08-28 02:57 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-09-25 20:13 - 2013-08-28 02:57 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-09-25 20:13 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-25 19:48 - 2013-09-25 19:48 - 00009216 _____ (SpeedJet Technology INC.) C:\Windows\system32\Drivers\SjtWinIo.sys
2013-09-24 18:11 - 2013-09-24 18:11 - 363183653 _____ C:\Windows\MEMORY.DMP
2013-09-24 18:11 - 2013-09-24 18:11 - 00000000 ____D C:\Windows\Minidump
2013-09-24 15:41 - 2013-09-24 15:41 - 97531747 _____ C:\Windows\SysWOW64\�鐛Š
2013-09-24 15:39 - 2009-07-14 06:45 - 00294712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-24 11:18 - 2013-09-24 11:18 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-24 11:18 - 2013-09-24 11:18 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-24 11:17 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-24 07:29 - 2013-09-24 07:29 - 98848089 _____ C:\Windows\SysWOW64\ꗑV
2013-09-22 18:37 - 2013-08-27 17:13 - 00000000 ____D C:\Users\phil radium
2013-09-22 18:35 - 2013-09-22 18:34 - 00000000 ____D C:\Program Files\GIMP 2
2013-09-22 13:07 - 2013-09-22 13:07 - 00000000 ____D C:\Windows\ERUNT
2013-09-22 12:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-09-20 17:20 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-20 17:19 - 2013-09-20 17:12 - 00000000 ____D C:\Windows\erdnt
2013-09-20 15:17 - 2013-09-20 15:17 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-20 14:49 - 2013-09-20 14:49 - 00000000 ____D C:\FRST
2013-09-20 12:22 - 2013-09-20 12:21 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 12:22 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files\iTunes
2013-09-20 12:22 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files\iPod
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-20 12:20 - 2013-09-20 12:19 - 00000000 ____D C:\ProgramData\Apple
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files\Bonjour
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-19 21:32 - 2013-08-27 19:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 21:32 - 2013-08-27 19:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-17 11:00 - 2013-09-17 11:00 - 97931385 _____ C:\Windows\SysWOW64\㼡
2013-09-15 18:41 - 2013-09-15 18:41 - 00000000 ____D C:\Program Files (x86)\Benzul
2013-09-15 18:37 - 2013-09-15 18:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-09-13 17:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 10:37 - 2013-09-13 10:37 - 97446370 _____ C:\Windows\SysWOW64\鐙峭Œ
2013-09-12 12:46 - 2013-08-30 11:09 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 12:44 - 2013-08-30 11:09 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\normal\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---


es hat trage gedauert FRST zu downloaden
ich weiß nicht wer unser Anbieter ist das regelt alles meine mitbewohnerin die grad nich zu gegen ist :/


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by normal (ATTENTION: The logged in user is not administrator) on PHILRADIUM-PC on 09-10-2013 15:30:18
Running from C:\Users\normal\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-04-23] (Acer Incorporated)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCC86085DFEC1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 -  No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome: 
=======
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\normal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263_0
CHR Extension: (Google Docs) - C:\Users\normal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\normal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\normal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\normal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\normal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\normal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [lgoiojnjnacbjngolldkokokgpcjbgjj] - C:\Program Files (x86)\LyricsSeeker\131.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-01] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 SjtWinIo; C:\Windows\System32\DRIVERS\SjtWinIo.sys [9216 2013-09-25] (SpeedJet Technology INC.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-04-28] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-08 12:09 - 2013-10-08 12:17 - 01954124 _____ (Farbar) C:\Users\normal\Desktop\FRST64.exe
2013-10-06 12:26 - 2013-10-06 12:27 - 00017793 _____ C:\Users\normal\Desktop\OpenDocument Text (neu).odt
2013-10-06 12:26 - 2013-10-06 12:26 - 00000000 ____D C:\Users\normal\AppData\Roaming\OpenOffice
2013-10-05 21:13 - 2013-10-05 21:13 - 00000000 ____D C:\Users\normal\AppData\Roaming\Avira
2013-10-05 21:09 - 2013-10-05 21:09 - 00000000 ____D C:\Users\normal\AppData\Roaming\Google
2013-10-05 21:08 - 2013-10-05 21:09 - 00000000 ____D C:\Users\normal\AppData\Local\Google
2013-10-05 21:08 - 2013-10-05 21:08 - 00064024 _____ C:\Users\normal\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-05 21:08 - 2013-10-05 21:08 - 00000000 ____D C:\Users\normal\AppData\Roaming\Intel Corporation
2013-10-05 21:08 - 2013-10-05 21:08 - 00000000 ____D C:\Users\normal\AppData\Roaming\Apple Computer
2013-10-05 21:08 - 2013-10-05 21:08 - 00000000 ____D C:\Users\normal\AppData\Local\EgisTec IPS
2013-10-05 21:07 - 2013-10-05 21:09 - 00002263 _____ C:\Users\normal\Desktop\Google Chrome.lnk
2013-10-05 21:07 - 2013-10-05 21:08 - 00000000 ___RD C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-05 21:07 - 2013-10-05 21:08 - 00000000 ___RD C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-05 21:07 - 2013-10-05 21:08 - 00000000 ____D C:\Users\normal\AppData\Local\VirtualStore
2013-10-05 21:07 - 2013-10-05 21:07 - 00001429 _____ C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-05 21:07 - 2013-10-05 21:07 - 00000020 ___SH C:\Users\normal\ntuser.ini
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Vorlagen
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Startmenü
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Netzwerkumgebung
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Lokale Einstellungen
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Eigene Dateien
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Druckumgebung
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Documents\Eigene Musik
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Documents\Eigene Bilder
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\AppData\Local\Verlauf
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\AppData\Local\Anwendungsdaten
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Anwendungsdaten
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 ____D C:\Users\normal\AppData\Roaming\Adobe
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 ____D C:\Users\normal
2013-10-05 21:07 - 2013-09-01 23:18 - 00000000 ____D C:\Users\normal\AppData\Local\Adobe
2013-10-05 21:07 - 2013-09-01 22:53 - 00000000 ____D C:\Users\normal\AppData\Roaming\Macromedia
2013-10-05 21:07 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-05 21:07 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-02 13:04 - 2013-10-05 21:06 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-01 12:40 - 2013-10-01 12:41 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-09-29 21:38 - 2013-09-29 21:38 - 00032833 _____ C:\ComboFix.txt
2013-09-29 17:22 - 2013-09-29 18:51 - 04188160 _____ C:\Program Files (x86)\GUTFEF.tmp
2013-09-29 17:22 - 2013-09-29 17:22 - 00000000 ____D C:\Program Files (x86)\GUMFEE.tmp
2013-09-27 13:08 - 2013-09-28 16:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 12:41 - 2013-09-27 12:55 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-25 19:48 - 2013-09-25 19:48 - 00009216 _____ (SpeedJet Technology INC.) C:\Windows\system32\Drivers\SjtWinIo.sys
2013-09-24 18:11 - 2013-09-24 18:11 - 363183653 _____ C:\Windows\MEMORY.DMP
2013-09-24 18:11 - 2013-09-24 18:11 - 00000000 ____D C:\Windows\Minidump
2013-09-24 15:41 - 2013-09-24 15:41 - 97531747 _____ C:\Windows\SysWOW64\�鐛Š
2013-09-24 11:18 - 2013-09-24 11:18 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-24 11:18 - 2013-09-24 11:18 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-24 07:29 - 2013-09-24 07:29 - 98848089 _____ C:\Windows\SysWOW64\ꗑV
2013-09-22 18:34 - 2013-09-22 18:35 - 00000000 ____D C:\Program Files\GIMP 2
2013-09-22 13:07 - 2013-09-22 13:07 - 00000000 ____D C:\Windows\ERUNT
2013-09-22 13:00 - 2013-10-01 12:34 - 00000000 ____D C:\AdwCleaner
2013-09-22 12:01 - 2013-10-01 10:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-22 12:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-20 17:13 - 2013-09-29 21:38 - 00000000 ____D C:\Qoobox
2013-09-20 17:13 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-20 17:13 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-20 17:13 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-20 17:13 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-20 17:12 - 2013-09-20 17:19 - 00000000 ____D C:\Windows\erdnt
2013-09-20 15:17 - 2013-09-20 15:17 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-20 14:49 - 2013-09-20 14:49 - 00000000 ____D C:\FRST
2013-09-20 12:22 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-09-20 12:21 - 2013-09-20 12:22 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 12:21 - 2013-09-20 12:22 - 00000000 ____D C:\Program Files\iTunes
2013-09-20 12:21 - 2013-09-20 12:22 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files\iPod
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-20 12:19 - 2013-09-20 12:20 - 00000000 ____D C:\ProgramData\Apple
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files\Bonjour
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-17 11:00 - 2013-09-17 11:00 - 97931385 _____ C:\Windows\SysWOW64\㼡
2013-09-15 18:41 - 2013-09-15 18:41 - 00000000 ____D C:\Program Files (x86)\Benzul
2013-09-15 18:37 - 2013-09-15 18:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-09-13 10:37 - 2013-09-13 10:37 - 97446370 _____ C:\Windows\SysWOW64\鐙峭Œ
2013-09-12 12:47 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 12:47 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 12:47 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 12:47 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 12:47 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 12:47 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 12:47 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 12:47 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 12:46 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 12:46 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 12:46 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 12:46 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 12:46 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 12:46 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 12:46 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 12:46 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 12:37 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 12:37 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 12:37 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 12:37 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 12:37 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 12:37 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 12:37 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 12:37 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 12:37 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 12:37 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 12:37 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 12:37 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 12:37 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 12:37 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 12:37 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 12:37 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 12:37 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 12:37 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 12:37 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 12:37 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 12:37 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 12:37 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 12:37 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 12:37 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 12:37 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 12:37 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 12:37 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

==================== One Month Modified Files and Folders =======

2013-10-09 15:28 - 2013-08-27 19:04 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-09 15:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 15:27 - 2009-07-14 06:51 - 00038527 _____ C:\Windows\setupact.log
2013-10-09 15:26 - 2013-08-27 17:01 - 00138602 _____ C:\Windows\PFRO.log
2013-10-09 00:04 - 2013-08-27 17:04 - 01363283 _____ C:\Windows\WindowsUpdate.log
2013-10-08 23:32 - 2013-08-27 19:57 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-08 23:14 - 2013-08-27 19:04 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-08 18:56 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-10-08 12:17 - 2013-10-08 12:09 - 01954124 _____ (Farbar) C:\Users\normal\Desktop\FRST64.exe
2013-10-06 12:27 - 2013-10-06 12:26 - 00017793 _____ C:\Users\normal\Desktop\OpenDocument Text (neu).odt
2013-10-06 12:26 - 2013-10-06 12:26 - 00000000 ____D C:\Users\normal\AppData\Roaming\OpenOffice
2013-10-06 12:17 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-06 12:17 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 21:13 - 2013-10-05 21:13 - 00000000 ____D C:\Users\normal\AppData\Roaming\Avira
2013-10-05 21:09 - 2013-10-05 21:09 - 00000000 ____D C:\Users\normal\AppData\Roaming\Google
2013-10-05 21:09 - 2013-10-05 21:08 - 00000000 ____D C:\Users\normal\AppData\Local\Google
2013-10-05 21:09 - 2013-10-05 21:07 - 00002263 _____ C:\Users\normal\Desktop\Google Chrome.lnk
2013-10-05 21:08 - 2013-10-05 21:08 - 00064024 _____ C:\Users\normal\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-05 21:08 - 2013-10-05 21:08 - 00000000 ____D C:\Users\normal\AppData\Roaming\Intel Corporation
2013-10-05 21:08 - 2013-10-05 21:08 - 00000000 ____D C:\Users\normal\AppData\Roaming\Apple Computer
2013-10-05 21:08 - 2013-10-05 21:08 - 00000000 ____D C:\Users\normal\AppData\Local\EgisTec IPS
2013-10-05 21:08 - 2013-10-05 21:07 - 00000000 ___RD C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-05 21:08 - 2013-10-05 21:07 - 00000000 ___RD C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-05 21:08 - 2013-10-05 21:07 - 00000000 ____D C:\Users\normal\AppData\Local\VirtualStore
2013-10-05 21:07 - 2013-10-05 21:07 - 00001429 _____ C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-05 21:07 - 2013-10-05 21:07 - 00000020 ___SH C:\Users\normal\ntuser.ini
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Vorlagen
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Startmenü
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Netzwerkumgebung
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Lokale Einstellungen
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Eigene Dateien
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Druckumgebung
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Documents\Eigene Musik
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Documents\Eigene Bilder
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\AppData\Local\Verlauf
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\AppData\Local\Anwendungsdaten
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 _SHDL C:\Users\normal\Anwendungsdaten
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 ____D C:\Users\normal\AppData\Roaming\Adobe
2013-10-05 21:07 - 2013-10-05 21:07 - 00000000 ____D C:\Users\normal
2013-10-05 21:06 - 2013-10-02 13:04 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-10-04 23:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-02 21:12 - 2010-05-06 13:37 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-01 12:41 - 2013-10-01 12:40 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-10-01 12:34 - 2013-09-22 13:00 - 00000000 ____D C:\AdwCleaner
2013-10-01 11:41 - 2013-08-27 19:26 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-01 11:41 - 2013-08-27 19:23 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-01 11:41 - 2013-08-27 19:23 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-01 11:41 - 2013-08-27 19:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-01 10:57 - 2013-09-22 12:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-29 21:38 - 2013-09-29 21:38 - 00032833 _____ C:\ComboFix.txt
2013-09-29 21:38 - 2013-09-20 17:13 - 00000000 ____D C:\Qoobox
2013-09-29 21:36 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-29 18:51 - 2013-09-29 17:22 - 04188160 _____ C:\Program Files (x86)\GUTFEF.tmp
2013-09-29 17:22 - 2013-09-29 17:22 - 00000000 ____D C:\Program Files (x86)\GUMFEE.tmp
2013-09-28 16:33 - 2013-09-27 13:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 12:55 - 2013-09-27 12:41 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals
2013-09-25 20:13 - 2013-08-28 02:57 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-09-25 20:13 - 2013-08-28 02:57 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-09-25 20:13 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-25 19:48 - 2013-09-25 19:48 - 00009216 _____ (SpeedJet Technology INC.) C:\Windows\system32\Drivers\SjtWinIo.sys
2013-09-24 18:11 - 2013-09-24 18:11 - 363183653 _____ C:\Windows\MEMORY.DMP
2013-09-24 18:11 - 2013-09-24 18:11 - 00000000 ____D C:\Windows\Minidump
2013-09-24 15:41 - 2013-09-24 15:41 - 97531747 _____ C:\Windows\SysWOW64\�鐛Š
2013-09-24 15:39 - 2009-07-14 06:45 - 00294712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-24 11:18 - 2013-09-24 11:18 - 00001116 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-09-24 11:18 - 2013-09-24 11:18 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-09-24 11:17 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-09-24 07:29 - 2013-09-24 07:29 - 98848089 _____ C:\Windows\SysWOW64\ꗑV
2013-09-22 18:37 - 2013-08-27 17:13 - 00000000 ____D C:\Users\phil radium
2013-09-22 18:35 - 2013-09-22 18:34 - 00000000 ____D C:\Program Files\GIMP 2
2013-09-22 13:07 - 2013-09-22 13:07 - 00000000 ____D C:\Windows\ERUNT
2013-09-22 12:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-09-20 17:20 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-20 17:19 - 2013-09-20 17:12 - 00000000 ____D C:\Windows\erdnt
2013-09-20 15:17 - 2013-09-20 15:17 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-09-20 14:49 - 2013-09-20 14:49 - 00000000 ____D C:\FRST
2013-09-20 12:22 - 2013-09-20 12:21 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-20 12:22 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files\iTunes
2013-09-20 12:22 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\ProgramData\Apple Computer
2013-09-20 12:21 - 2013-09-20 12:21 - 00000000 ____D C:\Program Files\iPod
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-09-20 12:20 - 2013-09-20 12:20 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-09-20 12:20 - 2013-09-20 12:19 - 00000000 ____D C:\ProgramData\Apple
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files\Bonjour
2013-09-20 12:19 - 2013-09-20 12:19 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-09-19 21:32 - 2013-08-27 19:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 21:32 - 2013-08-27 19:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-17 11:00 - 2013-09-17 11:00 - 97931385 _____ C:\Windows\SysWOW64\㼡
2013-09-15 18:41 - 2013-09-15 18:41 - 00000000 ____D C:\Program Files (x86)\Benzul
2013-09-15 18:37 - 2013-09-15 18:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-09-13 17:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 10:37 - 2013-09-13 10:37 - 97446370 _____ C:\Windows\SysWOW64\鐙峭Œ
2013-09-12 12:46 - 2013-08-30 11:09 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 12:44 - 2013-08-30 11:09 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\normal\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---


es hat trage gedauert FRST zu downloaden
ich weiß nicht wer unser Anbieter ist das regelt alles meine mitbewohnerin die grad nich zu gegen ist :/

Alt 10.10.2013, 08:38   #28
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren - Standard

Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren


FRST bitte mit ADminrechten laufen lassen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort
Seite 2 von 2 1 2

Themen zu Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren
.com, adware/installco.hb, adware/installco.he, adware/installcore.gen, antivir, antivirus, device driver, download, explorer, farbar, farbar recovery scan tool, flash player, internet, internet explorer, neustart, programm, pup.optional.elex.a, richtlinie, software, system, tr/urausy.65545215, trojan, windows


« TDSSKiller: MEM:Backdoor.Win32.Sinowal.d | GVA-Trojaner mit Webcambild, abgesicherter Modus mit Eingabeaufforderung nicht möglich »


Ähnliche Themen: Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren


  1. Antivir Echtzeitscanner lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 13.01.2015 (19)
  2. Windows Sicherheitscenterdienst lässt sich nicht aktivieren
    Plagegeister aller Art und deren Bekämpfung - 13.11.2014 (1)
  3. Avira antivir guard lässt sich nicht aktivieren, Sicherheitscenter: Firewall, Virenschutz und automatische Updates inaktiv
    Log-Analyse und Auswertung - 21.10.2014 (34)
  4. Avira antivir guard lässt sich nicht aktivieren / keine Systemwiederherstellung möglich
    Antiviren-, Firewall- und andere Schutzprogramme - 24.09.2014 (25)
  5. Antivir Echtzeitscanner lässt sich nicht aktivieren + Trojaner 'TR/Rootkit.Gen'
    Log-Analyse und Auswertung - 04.06.2014 (15)
  6. win7 firewall lässt sich nichtmehr aktivieren/onlinebanking gesperrt-vermutlich Trojaner
    Log-Analyse und Auswertung - 13.05.2014 (27)
  7. Win XP Malware Funde, Antivir lässt sich nicht mehr aktivieren
    Log-Analyse und Auswertung - 03.04.2014 (15)
  8. Antivir lässt sich nicht mehr aktivieren - wprotectmanager.exe auf dem Rechner
    Log-Analyse und Auswertung - 01.04.2014 (9)
  9. Windows 8.1: PlusHD Werbung+PopUps, Avira AntiVir lässt sich nicht wieder aktivieren
    Log-Analyse und Auswertung - 05.03.2014 (10)
  10. Windows XP SP3 Firewall lässt sich nicht aktivieren
    Antiviren-, Firewall- und andere Schutzprogramme - 17.11.2013 (6)
  11. HomeTab - TBUpdater.dll - Fehlermeldung / Antivir lässt sich nicht mehr aktivieren
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (22)
  12. Windows 7: 'EXP/CVE-2011-3402' [exploit] in 'C:\Windows\Fonts\gulim.ttc' + AntiVir lässt sich nicht mehr aktivieren
    Log-Analyse und Auswertung - 28.08.2013 (13)
  13. Musik im Hintergrund/antivir lässt sich nicht updaten, aktivieren
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (9)
  14. Windows-Sicherheitscenter lässt sich nicht aktivieren
    Antiviren-, Firewall- und andere Schutzprogramme - 27.03.2011 (5)
  15. Antivir guard lässt sich nicht aktivieren!
    Antiviren-, Firewall- und andere Schutzprogramme - 19.03.2010 (11)
  16. AntiVir Guard lässt sich nicht aktivieren!
    Antiviren-, Firewall- und andere Schutzprogramme - 24.07.2009 (29)
  17. Antivir lässt sich nicht aktivieren, und der Rechner fährt immer wieder runter!
    Antiviren-, Firewall- und andere Schutzprogramme - 10.12.2008 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren - Also nochmal auf Anfang: Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf - Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren...
Archiv
Du betrachtest: Windows 7 : 6 Viren; Antivir lässt sich nichtmehr Aktivieren auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131