| |
| |||||||
Log-Analyse und Auswertung: Schon wieder pup.optional FundeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.10.2013, 19:54
| #1 |
 |  Schon wieder pup.optional Funde Hallo zusammen, malwarebytes hat schon wieder infizierte Dateien gefunden. Wieder dieses pup.optional. Würdet mal bitte jemand drüber schauen? Wäre toll. Danke schonmal im Voraus. Hier meine Logs: Erst habe ich einen Quick scan gemacht, dann eine Datei aus meinem Downloadordner gelöscht, den Papierkorb gelöscht und die Funde in Malwarebytes entfernt Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.03.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16686 Berthi :: BERTHI-PC [Administrator] 03.10.2013 17:57:55 mbam-log-2013-10-03 (17-57-55).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 196444 Laufzeit: 8 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Berthi\Downloads\VideoDownloadConvert.exe (PUP.Optional.FunWebProducts.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.03.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16686 Berthi :: BERTHI-PC [Administrator] 03.10.2013 18:16:44 mbam-log-2013-10-03 (18-16-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 322568 Laufzeit: 58 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\AdwCleaner\Quarantine\C\Users\Berthi\AppData\Local\FilesFrog Update Checker\uninstall.exe.vir (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\AdwCleaner\Quarantine\C\Users\Berthi\AppData\Local\FilesFrog Update Checker\update_checker.exe.vir (PUP.Optional.FilesFrog.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Berthi\Local Settings\Application Data\Bundled software uninstaller\bi_client.exe (PUP.Optional.Somoto.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:06 on 03/10/2013 (Berthi)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
|
03.10.2013, 21:15
| #2 |
| /// the machine /// TB-Ausbilder    | Schon wieder pup.optional Funde Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
03.10.2013, 21:57
| #3 |
| | Schon wieder pup.optional Funde Hallo Schrauber,
__________________danke für die schnelle Antwort FRST FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Berthi (administrator) on BERTHI-PC on 03-10-2013 20:11:17
Running from C:\Users\Berthi\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\system32\lxdecoms.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(1&1 Internet AG) C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Renier Crause) C:\Program Files\PopTray\PopTray.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Run: [1&1_1&1 Upload-Manager] - C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE [989264 2011-11-21] (1&1 Internet AG)
MountPoints2: {1ded593a-0f5d-11e3-afa1-806e6f6e6963} - E:\zdata\cobi.exe
MountPoints2: {a5b42469-26a0-11e3-adae-00238b9e33ce} - F:\pushinst.exe
Startup: C:\Users\Berthi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PopTray.lnk
ShortcutTarget: PopTray.lnk -> C:\Program Files\PopTray\PopTray.exe (Renier Crause)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {186B55E9-E01B-4F88-8EEC-A6216AA2803D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {186B55E9-E01B-4F88-8EEC-A6216AA2803D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Berthi\AppData\Roaming\Mozilla\Firefox\Profiles\p6zmczs1.Standard-Benutzer
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [364544 2008-02-25] (AVM Berlin)
R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1830768 2013-09-28] (SurfRight B.V.)
S2 lxdeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [99248 2007-05-29] (Lexmark International, Inc.)
R2 lxde_device; C:\Windows\system32\lxdecoms.exe [598960 2007-05-29] ( )
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S2 TVCapSvc; "C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [x]
S2 TVSched; "C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-11-07] (AVM Berlin)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [401920 2007-12-19] (AVM GmbH)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [14376 2013-09-28] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-10-03] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [144896 2011-11-21] (1&1 Internet AG)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.)
U4 eabfiltr;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-03 20:11 - 2013-10-03 20:11 - 00000000 ____D C:\FRST
2013-10-03 20:08 - 2013-10-03 20:08 - 01087213 _____ (Farbar) C:\Users\Berthi\Desktop\FRST.exe
2013-10-03 20:05 - 2013-10-03 20:06 - 00000474 _____ C:\Users\Berthi\Desktop\defogger_disable.log
2013-10-03 20:05 - 2013-10-03 20:05 - 00000000 _____ C:\Users\Berthi\defogger_reenable
2013-10-03 20:04 - 2013-10-03 20:04 - 00050477 _____ C:\Users\Berthi\Desktop\Defogger.exe
2013-10-03 19:51 - 2013-10-03 19:51 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-10-03 18:11 - 2013-10-03 19:50 - 00015072 _____ C:\Windows\setupact.log
2013-10-03 18:11 - 2013-10-03 19:50 - 00001724 _____ C:\Windows\PFRO.log
2013-10-03 18:11 - 2013-10-03 18:11 - 00000000 _____ C:\Windows\setuperr.log
2013-10-02 22:12 - 2013-10-02 22:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner.exe
2013-09-29 20:07 - 2013-09-29 20:07 - 00352732 _____ C:\Users\Berthi\AppData\Local\census.cache
2013-09-29 20:06 - 2013-09-29 20:06 - 00162420 _____ C:\Users\Berthi\AppData\Local\ars.cache
2013-09-29 19:32 - 2013-09-29 19:32 - 00000036 _____ C:\Users\Berthi\AppData\Local\housecall.guid.cache
2013-09-28 14:52 - 2013-09-29 11:05 - 00000000 ____D C:\Program Files\HitmanPro.Alert
2013-09-28 14:52 - 2013-09-28 15:03 - 00564312 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-28 14:52 - 2013-09-28 15:03 - 00014376 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-28 14:52 - 2013-09-28 14:52 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-27 17:20 - 2013-09-27 17:23 - 00000000 ____D C:\Users\Berthi\AppData\Local\Folderico
2013-09-27 17:20 - 2013-09-27 17:22 - 00000000 ____D C:\ProgramData\Folderico
2013-09-27 17:20 - 2013-09-27 17:20 - 00000000 ____D C:\Program Files\Folderico
2013-09-27 17:16 - 2013-09-27 17:16 - 04325545 _____ C:\Users\Berthi\Downloads\Shedko_Folderico_4.0_RC12.zip
2013-09-27 14:19 - 2013-09-27 14:19 - 00000659 _____ C:\Users\Berthi\Desktop\BIBLIOTHEKEN.lnk
2013-09-26 17:36 - 2013-09-26 17:36 - 04369632 _____ (Piriform Ltd) C:\Users\Berthi\Downloads\ccsetup406.exe
2013-09-26 14:52 - 2013-10-03 19:49 - 00000000 ____D C:\Windows\AVM_Driver
2013-09-26 14:52 - 2013-09-26 14:52 - 00000000 ____D C:\Program Files\avmwlanstick
2013-09-26 14:52 - 2007-12-19 01:00 - 00401920 _____ (AVM GmbH) C:\Windows\system32\Drivers\fwlanusbn.sys
2013-09-26 14:52 - 2007-12-19 01:00 - 00077824 _____ (AVM Berlin) C:\Windows\system32\fwusbnci.dll
2013-09-26 14:52 - 2007-12-19 01:00 - 00015573 _____ C:\Windows\system32\Drivers\fwlanusbn.bin
2013-09-26 14:52 - 2007-11-07 02:00 - 00004352 _____ (AVM Berlin) C:\Windows\system32\Drivers\avmeject.sys
2013-09-26 14:51 - 2013-09-26 14:51 - 00000000 ____D C:\Users\Berthi\AVM_Driver
2013-09-24 16:18 - 2013-09-24 16:18 - 00000000 ____D C:\ProgramData\muvee Technologies
2013-09-24 16:17 - 2013-09-24 16:26 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\muvee Technologies
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ___HD C:\Users\Berthi\Documents\ShadowEditFiles
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ____D C:\Users\Berthi\Documents\CyberLink
2013-09-23 17:04 - 2013-09-23 17:06 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Advanced
2013-09-23 17:04 - 2013-09-23 17:04 - 00000000 ____D C:\Program Files\Shark007
2013-09-23 17:04 - 2013-04-05 21:26 - 01679360 _____ C:\Windows\system32\ac3filter.acm.new
2013-09-23 17:01 - 2013-09-23 17:06 - 00000000 ____D C:\ProgramData\Advanced
2013-09-23 16:55 - 2013-09-23 16:55 - 29359276 _____ C:\Users\Berthi\Downloads\32bit_Advanced_v426.exe
2013-09-22 17:57 - 2013-09-22 17:57 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(2).exe
2013-09-20 10:14 - 2013-09-20 10:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-19 17:13 - 2013-09-19 17:13 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(1).exe
2013-09-19 15:46 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-19 15:46 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-19 15:46 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-19 15:33 - 2013-09-19 15:34 - 131918888 _____ C:\Users\Berthi\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-18 15:07 - 2013-09-18 15:07 - 00000622 _____ C:\Users\Berthi\Downloads\Verknuepfungspfeile-aus-und-einblenden.zip
2013-09-18 14:47 - 2013-09-18 14:58 - 00000290 _____ C:\siw_debug.txt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000985 _____ C:\Users\Berthi\Desktop\SIW Home Edition.lnk
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Users\Berthi\AppData\Local\CrashRpt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Program Files\SIW 2013 Home Edition
2013-09-18 14:43 - 2013-09-18 14:44 - 04524952 _____ (Topala Software Solutions ) C:\Users\Berthi\Downloads\siw13-setup.exe
2013-09-18 14:35 - 2013-09-18 14:41 - 00000000 ____D C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run
2013-09-18 14:31 - 2013-09-18 14:31 - 00211231 _____ C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run.zip
2013-09-18 14:03 - 2013-09-18 14:03 - 03211912 _____ (Hewlett-Packard Company ) C:\Users\Berthi\Downloads\sp50677.exe
2013-09-18 13:46 - 2013-09-18 13:46 - 00000000 ____D C:\Program Files\HP
2013-09-17 13:43 - 2013-09-17 13:43 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Berthi\AppData\Local\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\ProgramData\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Program Files\1&1
2013-09-17 13:39 - 2011-11-21 12:52 - 00144896 _____ (1&1 Internet AG) C:\Windows\system32\Drivers\ui11rdr.SYS
2013-09-17 13:39 - 2011-11-21 12:52 - 00007680 _____ (1&1 Internet AG) C:\Windows\system32\ui11np.dll
2013-09-17 13:37 - 2013-09-17 13:37 - 03429160 _____ (1&1 Internet AG) C:\Users\Berthi\Downloads\1und1_smartdrive_uploadmanager.exe
2013-09-15 13:16 - 2013-09-15 13:17 - 05893103 _____ C:\Users\Berthi\Downloads\geoeffnete-ordner-unter-windows-7-anders-kennz.zip
2013-09-11 21:49 - 2013-09-11 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-11 21:49 - 2013-09-11 21:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-11 21:47 - 2013-09-11 21:47 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(2).exe
2013-09-11 21:38 - 2013-09-11 21:44 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(1).exe
2013-09-11 20:41 - 2013-09-11 21:49 - 00000000 ____D C:\ProgramData\Oracle
2013-09-11 20:37 - 2013-09-11 20:38 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw.exe
2013-09-11 14:37 - 2013-09-11 14:37 - 00000000 ____D C:\Users\Berthi\Documents\Sony Ericsson
2013-09-11 14:26 - 2013-09-11 14:26 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony Ericsson
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\ProgramData\BVRP Software
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\Program Files\Avanquest update
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\InstallShield
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-09-11 14:15 - 2008-05-16 06:33 - 00120744 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mdm.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00115752 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016unic.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00114216 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mgmt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00110632 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016obex.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00089256 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016bus.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00025512 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016nd5.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00015016 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mdfl.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016whnt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016wh.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cmnt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cm.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00010792 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cr.sys
2013-09-11 11:05 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 11:05 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 11:05 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 11:04 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 11:04 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 11:04 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 11:04 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 11:04 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 11:00 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 10:59 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 10:59 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 10:59 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 10:59 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 10:59 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 10:59 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 10:59 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 15:06 - 2013-09-10 15:06 - 01380160 _____ (MPC-HC Team) C:\Windows\system32\VSFilter.dll
2013-09-09 22:51 - 2013-09-09 22:51 - 45984520 _____ C:\Users\Berthi\Downloads\sonyericssonpcsuite2.10.46.exe
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Podcasts
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Documents\Media Go
2013-09-09 22:41 - 2013-09-09 22:59 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2013-09-09 22:41 - 2013-09-09 22:43 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Downloaded Installations
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-09-09 22:40 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-09-09 22:39 - 2013-09-09 22:44 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Sony
2013-09-09 22:39 - 2013-09-09 22:41 - 00000000 ____D C:\Program Files\Sony Media Go Install
2013-09-09 22:38 - 2013-09-09 22:38 - 104753864 _____ (Sony Network Entertainment International LLC) C:\Users\Berthi\Downloads\mediago_setup.exe
2013-09-09 22:13 - 2013-09-27 17:28 - 00000000 ___RD C:\Users\Berthi\Documents\E I G E N E D A T E E N
2013-09-09 21:31 - 2013-10-03 19:55 - 00000000 ____D C:\Users\Berthi\Documents\Scribble Papers
2013-09-09 21:31 - 2013-09-09 21:31 - 00000000 ____D C:\Program Files\Scribble Papers
2013-09-09 21:29 - 2013-09-09 21:29 - 01192802 _____ (Jens Hoetger ) C:\Users\Berthi\Downloads\SPSetup.exe
2013-09-08 11:28 - 2013-10-02 17:48 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\TV-Browser
2013-09-08 11:28 - 2013-09-08 11:28 - 00001822 _____ C:\Users\Public\Desktop\TV-Browser.lnk
2013-09-08 11:28 - 2013-09-08 11:28 - 00000000 ____D C:\Program Files\TV-Browser
2013-09-08 11:24 - 2013-09-08 11:24 - 07051757 _____ C:\Users\Berthi\Downloads\tvbrowser_3.3.2_win32.exe
2013-09-08 10:57 - 2013-09-08 10:57 - 00000000 ____D C:\Users\Berthi\AppData\Local\Microsoft Games
2013-09-06 23:30 - 2013-09-24 16:21 - 00004608 _____ C:\Users\Berthi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Users\Berthi\AppData\Local\TomTom
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\MyTomTom 3
2013-09-06 23:16 - 2013-09-06 23:16 - 06701152 _____ (TomTom International B.V.) C:\Users\Berthi\Downloads\InstallMyTomTomSA.exe
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ___RD C:\Program Files\Skype
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-09-06 23:00 - 2013-09-06 23:01 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Berthi\Downloads\SkypeSetup.exe
2013-09-06 22:59 - 2013-09-06 22:59 - 00000056 ____H C:\ProgramData\ezsidmv.dat
2013-09-06 22:59 - 2013-09-06 22:59 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\skypePM
2013-09-06 22:45 - 2013-10-03 19:12 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Skype
2013-09-06 22:44 - 2013-09-06 23:02 - 00000000 ____D C:\ProgramData\Skype
2013-09-06 22:29 - 2013-09-24 16:13 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\CyberLink
2013-09-06 22:29 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-06 22:26 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-09-03 20:11 - 2013-10-03 17:55 - 00000000 ____D C:\AdwCleaner
2013-09-03 20:05 - 2013-09-03 20:05 - 00000000 ____D C:\Program Files\Rainlendar2
2013-09-03 20:04 - 2013-09-03 20:04 - 14871560 _____ C:\Users\Berthi\Downloads\Rainlendar-Lite-2.11.1-32bit.exe
2013-09-03 18:11 - 2013-09-03 18:11 - 00078273 _____ C:\Users\Berthi\Downloads\German.r2lang
2013-09-03 18:04 - 2013-10-03 19:50 - 00000000 ____D C:\Users\Berthi\.rainlendar2
2013-09-03 17:12 - 2013-09-17 13:17 - 00000000 ___RD C:\Users\Berthi\Desktop\KÖ!!!
2013-09-03 17:12 - 2010-02-21 18:50 - 00000000 ____D C:\Users\Berthi\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2013-09-03 16:59 - 2013-08-07 04:22 - 00238872 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-09-03 16:47 - 2013-09-19 15:46 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-03 16:46 - 2013-09-19 15:46 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-03 16:33 - 2013-09-03 16:33 - 00227096 _____ C:\Users\Berthi\Downloads\avira_registry_cleaner_de.exe
2013-09-03 15:59 - 2013-10-02 17:45 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-09-03 15:59 - 2013-09-03 15:59 - 00000000 ____D C:\ProgramData\Licenses
2013-09-03 15:53 - 2013-09-05 22:58 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\WinPatrol
2013-09-03 15:46 - 2013-09-03 15:46 - 00905416 _____ (BillP Studios) C:\Users\Berthi\Downloads\setupde.exe
2013-09-03 15:35 - 2013-09-03 15:52 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-03 15:35 - 2013-09-03 15:35 - 00000000 ____D C:\Program Files\BillP Studios
2013-09-03 15:22 - 2013-09-03 14:53 - 00000987 _____ C:\Users\Berthi\Desktop\Updatechecker Secunia PSI.lnk
2013-09-03 15:17 - 2013-09-03 15:17 - 00000315 _____ C:\updatedatfix.log
2013-09-03 14:53 - 2013-09-03 14:53 - 00000000 ____D C:\Users\Berthi\AppData\Local\Secunia PSI
2013-09-03 14:53 - 2013-09-03 14:53 - 00000000 ____D C:\Program Files\Secunia
2013-09-03 09:16 - 2013-09-03 09:16 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Berthi\Downloads\Shockwave_Installer_Slim.exe
==================== One Month Modified Files and Folders =======
2013-10-03 20:11 - 2013-10-03 20:11 - 00000000 ____D C:\FRST
2013-10-03 20:08 - 2013-10-03 20:08 - 01087213 _____ (Farbar) C:\Users\Berthi\Desktop\FRST.exe
2013-10-03 20:06 - 2013-10-03 20:05 - 00000474 _____ C:\Users\Berthi\Desktop\defogger_disable.log
2013-10-03 20:05 - 2013-10-03 20:05 - 00000000 _____ C:\Users\Berthi\defogger_reenable
2013-10-03 20:05 - 2013-08-27 23:17 - 00000000 ____D C:\Users\Berthi
2013-10-03 20:04 - 2013-10-03 20:04 - 00050477 _____ C:\Users\Berthi\Desktop\Defogger.exe
2013-10-03 19:57 - 2013-08-27 23:13 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-03 19:57 - 2013-08-27 23:13 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-03 19:55 - 2013-09-09 21:31 - 00000000 ____D C:\Users\Berthi\Documents\Scribble Papers
2013-10-03 19:54 - 2013-08-27 23:58 - 01893634 _____ C:\Windows\WindowsUpdate.log
2013-10-03 19:51 - 2013-10-03 19:51 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-10-03 19:50 - 2013-10-03 18:11 - 00015072 _____ C:\Windows\setupact.log
2013-10-03 19:50 - 2013-10-03 18:11 - 00001724 _____ C:\Windows\PFRO.log
2013-10-03 19:50 - 2013-09-03 18:04 - 00000000 ____D C:\Users\Berthi\.rainlendar2
2013-10-03 19:50 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-03 19:49 - 2013-09-26 14:52 - 00000000 ____D C:\Windows\AVM_Driver
2013-10-03 19:47 - 2013-09-01 14:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-03 19:12 - 2013-09-06 22:45 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Skype
2013-10-03 18:11 - 2013-10-03 18:11 - 00000000 _____ C:\Windows\setuperr.log
2013-10-03 18:10 - 2013-08-28 15:34 - 00000000 ____D C:\Windows\pss
2013-10-03 17:55 - 2013-09-03 20:11 - 00000000 ____D C:\AdwCleaner
2013-10-02 22:12 - 2013-10-02 22:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner.exe
2013-10-02 17:48 - 2013-09-08 11:28 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\TV-Browser
2013-10-02 17:45 - 2013-09-03 15:59 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-10-02 15:37 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-10-02 15:10 - 2009-07-14 06:53 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-01 12:24 - 2013-08-28 00:12 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-30 15:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-09-30 13:32 - 2013-08-28 14:26 - 00000000 ___RD C:\Users\Berthi\Desktop\S I C H E R H E I T
2013-09-29 20:21 - 2013-09-01 13:39 - 00000000 ____D C:\Users\Berthi\SecurityScans
2013-09-29 20:07 - 2013-09-29 20:07 - 00352732 _____ C:\Users\Berthi\AppData\Local\census.cache
2013-09-29 20:06 - 2013-09-29 20:06 - 00162420 _____ C:\Users\Berthi\AppData\Local\ars.cache
2013-09-29 19:32 - 2013-09-29 19:32 - 00000036 _____ C:\Users\Berthi\AppData\Local\housecall.guid.cache
2013-09-29 11:05 - 2013-09-28 14:52 - 00000000 ____D C:\Program Files\HitmanPro.Alert
2013-09-28 15:03 - 2013-09-28 14:52 - 00564312 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-28 15:03 - 2013-09-28 14:52 - 00014376 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-28 14:52 - 2013-09-28 14:52 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-27 17:28 - 2013-09-09 22:13 - 00000000 ___RD C:\Users\Berthi\Documents\E I G E N E D A T E E N
2013-09-27 17:23 - 2013-09-27 17:20 - 00000000 ____D C:\Users\Berthi\AppData\Local\Folderico
2013-09-27 17:22 - 2013-09-27 17:20 - 00000000 ____D C:\ProgramData\Folderico
2013-09-27 17:20 - 2013-09-27 17:20 - 00000000 ____D C:\Program Files\Folderico
2013-09-27 17:16 - 2013-09-27 17:16 - 04325545 _____ C:\Users\Berthi\Downloads\Shedko_Folderico_4.0_RC12.zip
2013-09-27 14:19 - 2013-09-27 14:19 - 00000659 _____ C:\Users\Berthi\Desktop\BIBLIOTHEKEN.lnk
2013-09-26 17:38 - 2013-08-28 10:51 - 00000000 ____D C:\Program Files\CCleaner
2013-09-26 17:36 - 2013-09-26 17:36 - 04369632 _____ (Piriform Ltd) C:\Users\Berthi\Downloads\ccsetup406.exe
2013-09-26 14:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-26 14:52 - 2013-09-26 14:52 - 00000000 ____D C:\Program Files\avmwlanstick
2013-09-26 14:51 - 2013-09-26 14:51 - 00000000 ____D C:\Users\Berthi\AVM_Driver
2013-09-24 16:57 - 2009-07-14 09:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-24 16:31 - 2013-09-01 17:13 - 00000000 ___RD C:\Users\Berthi\Desktop\BILDBEARBEITUNG
2013-09-24 16:31 - 2013-08-28 14:25 - 00000000 ___RD C:\Users\Berthi\Desktop\M E D I A
2013-09-24 16:26 - 2013-09-24 16:17 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\muvee Technologies
2013-09-24 16:21 - 2013-09-06 23:30 - 00004608 _____ C:\Users\Berthi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-24 16:18 - 2013-09-24 16:18 - 00000000 ____D C:\ProgramData\muvee Technologies
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ___HD C:\Users\Berthi\Documents\ShadowEditFiles
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ____D C:\Users\Berthi\Documents\CyberLink
2013-09-24 16:13 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\CyberLink
2013-09-23 17:06 - 2013-09-23 17:04 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Advanced
2013-09-23 17:06 - 2013-09-23 17:01 - 00000000 ____D C:\ProgramData\Advanced
2013-09-23 17:04 - 2013-09-23 17:04 - 00000000 ____D C:\Program Files\Shark007
2013-09-23 16:55 - 2013-09-23 16:55 - 29359276 _____ C:\Users\Berthi\Downloads\32bit_Advanced_v426.exe
2013-09-22 17:59 - 2013-09-01 20:59 - 00000000 ____D C:\Program Files\7-Zip
2013-09-22 17:57 - 2013-09-22 17:57 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(2).exe
2013-09-22 17:33 - 2009-08-07 00:05 - 00000000 ____D C:\Windows\system32\it
2013-09-22 17:33 - 2009-08-06 23:58 - 00000000 ____D C:\Windows\system32\de
2013-09-22 17:33 - 2009-08-06 23:51 - 00000000 ____D C:\Windows\system32\fr
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-09-21 14:25 - 2013-08-28 17:30 - 00000000 ____D C:\Users\Berthi\AppData\Local\Windows Live
2013-09-20 18:47 - 2013-09-01 14:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 18:47 - 2013-09-01 14:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 12:15 - 2013-09-01 12:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-20 10:15 - 2013-08-31 23:28 - 00000000 ____D C:\Users\Berthi\AppData\Local\Mozilla
2013-09-20 10:14 - 2013-09-20 10:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-20 10:13 - 2013-08-28 22:33 - 00000000 ____D C:\Users\Berthi\AppData\Local\FRITZ!
2013-09-19 17:13 - 2013-09-19 17:13 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(1).exe
2013-09-19 15:46 - 2013-09-03 16:47 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-19 15:46 - 2013-09-03 16:46 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-19 15:34 - 2013-09-19 15:33 - 131918888 _____ C:\Users\Berthi\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-18 18:15 - 2013-08-27 22:18 - 00000000 ____D C:\Users\Berthi\AppData\Local\VirtualStore
2013-09-18 15:07 - 2013-09-18 15:07 - 00000622 _____ C:\Users\Berthi\Downloads\Verknuepfungspfeile-aus-und-einblenden.zip
2013-09-18 14:58 - 2013-09-18 14:47 - 00000290 _____ C:\siw_debug.txt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000985 _____ C:\Users\Berthi\Desktop\SIW Home Edition.lnk
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Users\Berthi\AppData\Local\CrashRpt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Program Files\SIW 2013 Home Edition
2013-09-18 14:44 - 2013-09-18 14:43 - 04524952 _____ (Topala Software Solutions ) C:\Users\Berthi\Downloads\siw13-setup.exe
2013-09-18 14:41 - 2013-09-18 14:35 - 00000000 ____D C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run
2013-09-18 14:31 - 2013-09-18 14:31 - 00211231 _____ C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run.zip
2013-09-18 14:15 - 2013-08-28 20:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Windows Live Writer
2013-09-18 14:03 - 2013-09-18 14:03 - 03211912 _____ (Hewlett-Packard Company ) C:\Users\Berthi\Downloads\sp50677.exe
2013-09-18 13:46 - 2013-09-18 13:46 - 00000000 ____D C:\Program Files\HP
2013-09-18 11:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-17 15:53 - 2013-09-01 12:43 - 00000000 ___RD C:\Users\Berthi\Desktop\Kalender
2013-09-17 13:43 - 2013-09-17 13:43 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Berthi\AppData\Local\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\ProgramData\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Program Files\1&1
2013-09-17 13:37 - 2013-09-17 13:37 - 03429160 _____ (1&1 Internet AG) C:\Users\Berthi\Downloads\1und1_smartdrive_uploadmanager.exe
2013-09-17 13:17 - 2013-09-03 17:12 - 00000000 ___RD C:\Users\Berthi\Desktop\KÖ!!!
2013-09-15 13:17 - 2013-09-15 13:16 - 05893103 _____ C:\Users\Berthi\Downloads\geoeffnete-ordner-unter-windows-7-anders-kennz.zip
2013-09-11 22:55 - 2009-02-21 07:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 21:49 - 2013-09-11 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-11 21:49 - 2013-09-11 21:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-11 21:49 - 2013-09-11 20:41 - 00000000 ____D C:\ProgramData\Oracle
2013-09-11 21:49 - 2013-08-28 00:20 - 00868264 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-11 21:49 - 2013-08-28 00:20 - 00790440 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-11 21:49 - 2013-08-28 00:20 - 00000000 ____D C:\Program Files\Java
2013-09-11 21:47 - 2013-09-11 21:47 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(2).exe
2013-09-11 21:44 - 2013-09-11 21:38 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(1).exe
2013-09-11 21:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-11 21:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-11 20:38 - 2013-09-11 20:37 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw.exe
2013-09-11 17:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-11 14:37 - 2013-09-11 14:37 - 00000000 ____D C:\Users\Berthi\Documents\Sony Ericsson
2013-09-11 14:26 - 2013-09-11 14:26 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony Ericsson
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\ProgramData\BVRP Software
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\Program Files\Avanquest update
2013-09-11 14:16 - 2009-02-21 06:54 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\InstallShield
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-09-11 11:10 - 2009-07-14 06:33 - 00348704 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 11:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-11 11:03 - 2013-08-28 03:31 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 11:00 - 2013-08-28 03:31 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 15:06 - 2013-09-10 15:06 - 01380160 _____ (MPC-HC Team) C:\Windows\system32\VSFilter.dll
2013-09-09 22:59 - 2013-09-09 22:41 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2013-09-09 22:51 - 2013-09-09 22:51 - 45984520 _____ C:\Users\Berthi\Downloads\sonyericssonpcsuite2.10.46.exe
2013-09-09 22:44 - 2013-09-09 22:39 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Sony
2013-09-09 22:43 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Podcasts
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Documents\Media Go
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Downloaded Installations
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-09-09 22:41 - 2013-09-09 22:39 - 00000000 ____D C:\Program Files\Sony Media Go Install
2013-09-09 22:38 - 2013-09-09 22:38 - 104753864 _____ (Sony Network Entertainment International LLC) C:\Users\Berthi\Downloads\mediago_setup.exe
2013-09-09 21:31 - 2013-09-09 21:31 - 00000000 ____D C:\Program Files\Scribble Papers
2013-09-09 21:29 - 2013-09-09 21:29 - 01192802 _____ (Jens Hoetger ) C:\Users\Berthi\Downloads\SPSetup.exe
2013-09-08 11:28 - 2013-09-08 11:28 - 00001822 _____ C:\Users\Public\Desktop\TV-Browser.lnk
2013-09-08 11:28 - 2013-09-08 11:28 - 00000000 ____D C:\Program Files\TV-Browser
2013-09-08 11:24 - 2013-09-08 11:24 - 07051757 _____ C:\Users\Berthi\Downloads\tvbrowser_3.3.2_win32.exe
2013-09-08 10:57 - 2013-09-08 10:57 - 00000000 ____D C:\Users\Berthi\AppData\Local\Microsoft Games
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Users\Berthi\AppData\Local\TomTom
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\MyTomTom 3
2013-09-06 23:16 - 2013-09-06 23:16 - 06701152 _____ (TomTom International B.V.) C:\Users\Berthi\Downloads\InstallMyTomTomSA.exe
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ___RD C:\Program Files\Skype
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-09-06 23:02 - 2013-09-06 22:44 - 00000000 ____D C:\ProgramData\Skype
2013-09-06 23:01 - 2013-09-06 23:00 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Berthi\Downloads\SkypeSetup.exe
2013-09-06 22:59 - 2013-09-06 22:59 - 00000056 ____H C:\ProgramData\ezsidmv.dat
2013-09-06 22:59 - 2013-09-06 22:59 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\skypePM
2013-09-06 22:29 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-06 22:29 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-06 22:29 - 2009-02-21 08:00 - 00000000 ____D C:\ProgramData\CyberLink
2013-09-06 22:28 - 2013-08-28 02:24 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-09-05 23:11 - 2013-08-28 00:29 - 00000000 ____D C:\Windows\Driver Cache
2013-09-05 22:58 - 2013-09-03 15:53 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\WinPatrol
2013-09-04 23:20 - 2012-08-16 17:01 - 00000000 ____D C:\Users\Berthi\Desktop\Rezepte
2013-09-03 20:05 - 2013-09-03 20:05 - 00000000 ____D C:\Program Files\Rainlendar2
2013-09-03 20:04 - 2013-09-03 20:04 - 14871560 _____ C:\Users\Berthi\Downloads\Rainlendar-Lite-2.11.1-32bit.exe
2013-09-03 18:11 - 2013-09-03 18:11 - 00078273 _____ C:\Users\Berthi\Downloads\German.r2lang
2013-09-03 16:40 - 2013-08-27 21:29 - 00000000 ____D C:\ProgramData\Avira
2013-09-03 16:33 - 2013-09-03 16:33 - 00227096 _____ C:\Users\Berthi\Downloads\avira_registry_cleaner_de.exe
2013-09-03 15:59 - 2013-09-03 15:59 - 00000000 ____D C:\ProgramData\Licenses
2013-09-03 15:52 - 2013-09-03 15:35 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-03 15:46 - 2013-09-03 15:46 - 00905416 _____ (BillP Studios) C:\Users\Berthi\Downloads\setupde.exe
2013-09-03 15:35 - 2013-09-03 15:35 - 00000000 ____D C:\Program Files\BillP Studios
2013-09-03 15:17 - 2013-09-03 15:17 - 00000315 _____ C:\updatedatfix.log
2013-09-03 14:53 - 2013-09-03 15:22 - 00000987 _____ C:\Users\Berthi\Desktop\Updatechecker Secunia PSI.lnk
2013-09-03 14:53 - 2013-09-03 14:53 - 00000000 ____D C:\Users\Berthi\AppData\Local\Secunia PSI
2013-09-03 14:53 - 2013-09-03 14:53 - 00000000 ____D C:\Program Files\Secunia
2013-09-03 11:31 - 2009-08-06 23:51 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-09-03 11:31 - 2009-07-14 09:49 - 00000000 ____D C:\Program Files\Windows Journal
2013-09-03 11:31 - 2009-07-14 06:56 - 00000000 ____D C:\Windows\system32\winrm
2013-09-03 11:31 - 2009-07-14 06:56 - 00000000 ____D C:\Windows\system32\slmgr
2013-09-03 11:31 - 2009-07-14 06:56 - 00000000 ____D C:\Windows\DigitalLocker
2013-09-03 11:31 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-09-03 11:31 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-09-03 11:31 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-03 11:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\IME
2013-09-03 11:31 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-09-03 11:30 - 2009-07-14 06:56 - 00000000 ____D C:\Windows\system32\WCN
2013-09-03 11:30 - 2009-07-14 06:56 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2013-09-03 11:30 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\MUI
2013-09-03 11:30 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\it-IT
2013-09-03 11:30 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\com
2013-09-03 11:29 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\DVD Maker
2013-09-03 11:29 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fr-FR
2013-09-03 11:18 - 2013-09-02 06:25 - 00000000 ____D C:\Windows\ERUNT
2013-09-03 09:16 - 2013-09-03 09:16 - 07876512 _____ (Adobe Systems Inc.) C:\Users\Berthi\Downloads\Shockwave_Installer_Slim.exe
2013-09-03 09:16 - 2009-02-21 07:57 - 00000000 ____D C:\Windows\system32\Adobe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-01 15:36
==================== End Of Log ============================
--- --- --- --- --- --- Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Berthi at 2013-10-03 20:11:54
Running from C:\Users\Berthi\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
1&1 Upload-Manager (Version: 2.0.676)
7-Zip 9.20
ABBYY FineReader 6.0 Sprint (Version: 6.00.1990.41618)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader XI (11.0.04) - Deutsch (Version: 11.0.04)
Adobe Shockwave Player (Version: 11.0)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
Amazon Kindle
AMD USB Filter Driver (Version: 1.0.11.86)
Atheros Driver Installation Program (Version: 5.0)
ATI Catalyst Install Manager (Version: 3.0.708.0)
Avanquest update (Version: 1.12)
avast! Free Antivirus (Version: 8.0.1497.0)
AVM FRITZ!fax für FRITZ!Box
AVM FRITZ!WLAN
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Full Existing (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Full New (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Light (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Previews Common (Version: 2009.0804.2223.38385)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0804.2223.38385)
Catalyst Control Center InstallProxy (Version: 2009.0122.1.43106)
Catalyst Control Center Localization All (Version: 2009.0804.2223.38385)
CCC Help Chinese Standard (Version: 2009.0804.2222.38385)
CCC Help Chinese Traditional (Version: 2009.0804.2222.38385)
CCC Help Czech (Version: 2009.0804.2222.38385)
CCC Help Danish (Version: 2009.0804.2222.38385)
CCC Help Dutch (Version: 2009.0804.2222.38385)
CCC Help English (Version: 2009.0804.2222.38385)
CCC Help Finnish (Version: 2009.0804.2222.38385)
CCC Help French (Version: 2009.0804.2222.38385)
CCC Help German (Version: 2009.0804.2222.38385)
CCC Help Greek (Version: 2009.0804.2222.38385)
CCC Help Hungarian (Version: 2009.0804.2222.38385)
CCC Help Italian (Version: 2009.0804.2222.38385)
CCC Help Japanese (Version: 2009.0804.2222.38385)
CCC Help Korean (Version: 2009.0804.2222.38385)
CCC Help Norwegian (Version: 2009.0804.2222.38385)
CCC Help Polish (Version: 2009.0804.2222.38385)
CCC Help Portuguese (Version: 2009.0804.2222.38385)
CCC Help Russian (Version: 2009.0804.2222.38385)
CCC Help Spanish (Version: 2009.0804.2222.38385)
CCC Help Swedish (Version: 2009.0804.2222.38385)
CCC Help Thai (Version: 2009.0804.2222.38385)
CCC Help Turkish (Version: 2009.0804.2222.38385)
ccc-core-static (Version: 2009.0804.2223.38385)
ccc-utility (Version: 2009.0804.2223.38385)
CCleaner (Version: 4.06)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
CyberLink DVD Suite (Version: 6.0.2326)
D3DX10 (Version: 15.4.2368.0902)
ESU for Microsoft Vista (Version: 1.0.0)
Folderico 4.0 RC12 (Version: 4.0 RC12)
HitmanPro.Alert (Version: 2.0.10.45)
HP 3D DriveGuard (Version: 4.0.3.1)
HP Common Access Service Library (Version: 2.00 E6)
HP Customer Experience Enhancements (Version: 5.7.0.2664)
HP MediaSmart DVD (Version: 2.1.2328)
HP MediaSmart Music/Photo/Video (Version: 2.1.2425)
HP MediaSmart SmartMenu (Version: 2.1.7)
HP MediaSmart Webcam (Version: 2.1.1124)
HP Product Detection (Version: 11.15.0009)
HP Quick Launch Buttons (Version: 6.50.3.1)
HP Total Care Setup (Version: 1.1.2413.2876)
HP User Guides 0134 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.50.7.2)
IDT Audio (Version: 1.0.6225.0)
IrfanView (remove only) (Version: 4.36)
Java 7 Update 40 (Version: 7.0.400)
Java Auto Updater (Version: 2.1.9.8)
JMicron Flash Media Controller Driver (Version: 1.00.22.05)
Junk Mail filter update (Version: 16.4.3508.0205)
LabelPrint (Version: 2.5.1118)
Lexmark 4800 Series
Lexmark Fax-Lösungen
LightScribe System Software 1.14.17.1 (Version: 1.14.17.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Baseline Security Analyzer 2.2 (Version: 2.2.2170)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 24.0 (x86 de) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
muvee Reveal (Version: 7.0.40.10061)
MyTomTom 3.2.0.1220 (Version: 3.2.0.1220)
Photo Common (Version: 16.4.3508.0205)
PopTray 3.20 (Version: 3.20)
Power2Go (Version: 6.0.2325)
PowerDirector (Version: 7.0.2317)
QLBCASL (Version: 6.40.17.2)
Rainlendar2 (remove only)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0001)
Revo Uninstaller 1.95 (Version: 1.95)
Scribble Papers 2.7.1
Secunia PSI (3.0.0.7011) (Version: 3.0.0.7011)
Shark007 Advanced Codecs (Version: 4.2.6)
SIW 2013 Home Edition (Version: 2013.05.14)
Skype™ 6.7 (Version: 6.7.102)
Sony Ericsson PC Suite 4.005.00 (Version: 4.005.00)
SpywareBlaster 5.0 (Version: 5.0.0)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
TV-Browser 3.3.2 (Version: 3.3.2)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Visual Studio C++ 10.0 Runtime (Version: 10.0.0)
Windows Live Communications Platform (Version: 16.4.3508.0205)
Windows Live Essentials (Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3508.0205)
Windows Live Mail (Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (Version: 16.4.3508.0205)
Windows Live PIMT Platform (Version: 16.4.3508.0205)
Windows Live SOXE (Version: 16.4.3508.0205)
Windows Live SOXE Definitions (Version: 16.4.3508.0205)
Windows Live UX Platform (Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)
Windows Live Writer (Version: 16.4.3508.0205)
Windows Live Writer Resources (Version: 16.4.3508.0205)
Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) (Version: 09/04/2008 2.6.0.0)
WinPatrol (Version: 26.1.2013.0)
==================== Restore Points =========================
24-09-2013 08:54:54 Windows Update
27-09-2013 12:01:01 Windows Update
28-09-2013 11:48:44 Removed muvee Reveal
30-09-2013 14:55:27 Windows-Sicherung
30-09-2013 15:15:38 Revo Uninstaller's restore point - WOT for Internet Explorer
30-09-2013 15:16:14 Removed WOT for Internet Explorer
30-09-2013 15:18:06 Installed WOT for Internet Explorer
30-09-2013 17:49:29 Revo Uninstaller's restore point - WOT for Internet Explorer
30-09-2013 17:49:51 Removed WOT for Internet Explorer
30-09-2013 18:22:42 Windows-Sicherung
01-10-2013 10:25:13 Windows-Sicherung
02-10-2013 15:48:49 Die Service Pack-Sicherungsdateien wurden entfernt.
==================== Hosts content: ==========================
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {31D4443B-6B67-4BAE-B12D-CD280F9596D4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {8438C3D1-1FC4-4FE8-A03F-9FEEF5AE8787} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
Task: {90582319-14E3-4917-A38A-7F0CF43B7014} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {A857EAB3-E1B4-4FBC-986F-DFE7B81770CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20] (Adobe Systems Incorporated)
Task: {A8BC0AC1-DA9D-4D54-B046-B8A8AF042158} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {B92B2DD9-F6F5-4EF5-81CF-C4C56C944F7F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-09-03 15:52 - 2012-12-10 03:46 - 00600868 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2012-05-16 21:01 - 2012-05-16 21:01 - 00140800 _____ () C:\Program Files\Rainlendar2\lua52.dll
2013-03-10 19:59 - 2013-03-10 19:59 - 00215648 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2012-06-17 15:22 - 2012-06-17 15:22 - 00012800 _____ () C:\Program Files\Rainlendar2\lfs.dll
2009-07-07 11:56 - 2009-07-07 11:56 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-08-28 00:24 - 2013-08-28 00:24 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-09-20 10:14 - 2013-09-20 10:14 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/03/2013 07:51:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/03/2013 07:15:39 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.1008 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005. Prozess-ID (dezimal): 5692. Meldungs-ID: [0x2509].
Error: (10/03/2013 06:12:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/03/2013 06:12:10 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/03/2013 06:12:10 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/03/2013 06:12:10 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/03/2013 06:12:10 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (10/03/2013 06:12:10 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (10/03/2013 06:12:10 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (10/03/2013 06:12:10 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (10/03/2013 07:50:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TV Task Scheduler (TVTS)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/03/2013 07:50:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TV Background Capture Service (TVBCS)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/03/2013 07:50:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lxdeCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/03/2013 07:50:21 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdeCATSCustConnectService erreicht.
Error: (10/03/2013 07:50:15 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (10/03/2013 06:12:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/03/2013 06:12:37 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (10/03/2013 06:12:37 PM) (Source: DCOM) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (10/03/2013 06:12:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/03/2013 06:12:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-10-03 20:06:14.687
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-03 19:48:47.363
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-03 19:15:26.977
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-03 18:29:20.263
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-03 18:06:33.860
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-03 17:34:23.235
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-03 16:44:08.422
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-03 16:27:08.001
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-03 15:55:41.612
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-03 15:20:07.407
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\hmpalert.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 43%
Total physical RAM: 3069.84 MB
Available physical RAM: 1748.25 MB
Total Pagefile: 6137.96 MB
Available Pagefile: 4507.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.52 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:287.45 GB) (Free:246.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10.64 GB) (Free:1.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 068571AB)
Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
03.10.2013, 21:59
| #4 |
| | Schon wieder pup.optional Funde GMER Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-03 20:35:34
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2320BH_G2 rev.8909 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Berthi\AppData\Local\Temp\fxdiipow.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9483B610]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9510B5FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9483C0E6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x94847F18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x94847F64]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x948480FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x94847E86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x9510B992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x94847ECE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x9483C5E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x9483C800]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x948480B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x9483CE9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9483B676]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x94840596]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9510B6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x95109C12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9483B6DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9484098C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9483D92C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x94847F42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x94847F86]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x94848122]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x94847EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x9483FE78]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x94848036]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x94847EF6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x9484026E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x948480DC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9510B822]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9483D7F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x9483D506]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9483B742]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9483B7A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x9483CD16]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9483B2F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9483B4CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9483B45C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x9483D066]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x9483D1C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9483B556]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x9510B8EA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x9483CCF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x95109C42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9483B80E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x9510B76E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x95124E00]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82E55A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E8F212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82E96460 4 Bytes [10, B6, 83, 94]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82E96488 4 Bytes [FA, B5, 10, 95] {CLI ; MOV CH, 0x10; XCHG EBP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82E964E8 4 Bytes [E6, C0, 83, 94]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82E9653C 8 Bytes [18, 7F, 84, 94, 64, 7F, 84, ...] {SBB [EDI-0x7c], BH; XCHG ESP, EAX; JG 0xffffff8b; XCHG ESP, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82E96548 4 Bytes [FE, 80, 84, 94]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83023D39 5 Bytes JMP 95121C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 8303C370 5 Bytes JMP 951237CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 830514CF 4 Bytes CALL 9483DFEF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8306B323 4 Bytes CALL 9483E005 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 830F526E 7 Bytes JMP 95124E04 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\drivers\ffhrcj.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9520E000, 0x2D556C, 0xE8000020]
.text win32k.sys!EngFntCacheLookUp + 8B1F AACB0A8B 5 Bytes JMP 948414DC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateRectRgn + 3819 AACC4B64 5 Bytes JMP 94841628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateRectRgn + 47FC AACC5B47 5 Bytes JMP 948412F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 310 AACE1593 5 Bytes JMP 948421B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 4CE9 AACE5F6C 5 Bytes JMP 94840D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 6136 AACE73B9 5 Bytes JMP 948423FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + BE9B AACED11E 5 Bytes JMP 948416CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + C0EA AACED36D 5 Bytes JMP 948417E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 650 AAD06ED1 5 Bytes JMP 948409C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 70E AAD06F8F 5 Bytes JMP 948416EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 38FE AAD0A17F 5 Bytes JMP 94840AD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 39BC AAD0A23D 5 Bytes JMP 94840BF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngIsSemaphoreOwnedByCurrentThread + 1EDE AAD0E8B5 5 Bytes JMP 94841508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2B22 AAD18305 5 Bytes JMP 9484122C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + ACE0 AAD204C3 5 Bytes JMP 94840DF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 14FA1 AAD2A784 5 Bytes JMP 94842060 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 507B AAD41F7E 5 Bytes JMP 94842116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 42B4 AAD4F93B 5 Bytes JMP 94842614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnlockSurface + B288 AAD65243 5 Bytes JMP 94842162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnlockSurface + CC47 AAD66C02 5 Bytes JMP 948441FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteClip + 480C AAD77AC2 5 Bytes JMP 94840CDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEqualRgn + 41E2 AAD85AB2 5 Bytes JMP 94841150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEqualRgn + B479 AAD8CD49 5 Bytes JMP 948424BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteRgn + 2198 AADA3B9F 5 Bytes JMP 94841008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 8625 AADC4CA8 5 Bytes JMP 9484256C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 2EC7 AADDCC28 5 Bytes JMP 9484233C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 3458 AADDD1B9 5 Bytes JMP 94840EBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 6547 AADE02A8 5 Bytes JMP 9484170A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + 9687 AADE33E8 5 Bytes JMP 94840F24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + BF6E AADE5CCF 5 Bytes JMP 948417C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text ...
.text win32k.sys!EngCTGetCurrentGamma + 6404 AADF1E94 5 Bytes JMP 948410AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl section is writeable [0x96401000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in ".vmp2" section [0x96424050]
.text kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\avmwlanstick\WlanNetService.exe[108] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[372] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\IDT\WDM\sttray.exe[376] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 002F03FC
.text C:\Program Files\IDT\WDM\sttray.exe[376] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 002F01F8
.text C:\Program Files\IDT\WDM\sttray.exe[376] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\IDT\WDM\sttray.exe[376] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00300A08
.text C:\Program Files\IDT\WDM\sttray.exe[376] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 003003FC
.text C:\Program Files\IDT\WDM\sttray.exe[376] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00300804
.text C:\Program Files\IDT\WDM\sttray.exe[376] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 003001F8
.text C:\Program Files\IDT\WDM\sttray.exe[376] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00300600
.text C:\Windows\system32\csrss.exe[444] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[520] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[532] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\system32\services.exe[572] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\system32\lsass.exe[612] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text ...
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[772] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 001603FC
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[772] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 001601F8
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[772] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[772] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00270A08
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[772] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 002703FC
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[772] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00270804
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[772] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 002701F8
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[772] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00270600
.text C:\Windows\system32\svchost.exe[836] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[884] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[976] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 000803FC
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[976] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 000801F8
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[976] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[976] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00190A08
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[976] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 001903FC
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[976] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00190804
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[976] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 001901F8
.text C:\Program Files\Rainlendar2\Rainlendar2.exe[976] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00190600
.text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe[1112] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text ...
.text C:\Program Files\Skype\Phone\Skype.exe[1516] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 000F03FC
.text C:\Program Files\Skype\Phone\Skype.exe[1516] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 000F01F8
.text C:\Program Files\Skype\Phone\Skype.exe[1516] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[1516] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00240A08
.text C:\Program Files\Skype\Phone\Skype.exe[1516] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 002403FC
.text C:\Program Files\Skype\Phone\Skype.exe[1516] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00240804
.text C:\Program Files\Skype\Phone\Skype.exe[1516] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 002401F8
.text C:\Program Files\Skype\Phone\Skype.exe[1516] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00240600
.text C:\Windows\system32\atieclxx.exe[1536] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1656] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe[1684] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1832] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1900] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text ...
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2176] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 000F03FC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2176] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 000F01F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2176] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2176] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00140A08
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2176] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 001403FC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2176] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00140804
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2176] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 001401F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2176] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00140600
.text C:\Program Files\SMINST\BLService.exe[2204] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2268] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 000F03FC
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2268] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 000F01F8
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2268] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2268] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00380A08
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2268] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 003803FC
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2268] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00380804
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2268] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 003801F8
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2268] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00380600
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2284] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\Secunia\PSI\PSIA.exe[2316] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2568] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\Explorer.EXE[2700] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2820] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2820] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2820] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2820] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2820] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 002003FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2820] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00200804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2820] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 002001F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2820] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00200600
.text C:\Windows\system32\Dwm.exe[2844] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2900] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3248] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 001303FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3248] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 001301F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3248] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3248] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00250A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3248] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 002503FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3248] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00250804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3248] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 002501F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3248] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00250600
.text C:\Windows\system32\svchost.exe[3436] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[3436] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[3436] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3436] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00180A08
.text C:\Windows\system32\svchost.exe[3436] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[3436] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00180804
.text C:\Windows\system32\svchost.exe[3436] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[3436] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00180600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3448] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 000803FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3448] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 5D58DFF0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3448] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 76DB941E 7 Bytes JMP 5DD19773 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3448] KERNEL32.dll!QueryPerformanceCounter + 13 76DBC425 7 Bytes JMP 5DD19796 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3448] KERNEL32.dll!LoadAppInitDlls + 355 76DBF4E6 7 Bytes JMP 5D595F1A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3448] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3448] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[3448] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 000903FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3448] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00090804
.text C:\Program Files\Mozilla Firefox\firefox.exe[3448] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 000901F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3448] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00090600
.text C:\Program Files\Mozilla Firefox\firefox.exe[3448] GDI32.dll!GetViewportOrgEx + 26C 758E884B 7 Bytes JMP 5DD196F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 001F03FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 001F01F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] USER32.dll!UnhookWindowsHookEx 7520ADF9 3 Bytes JMP 00210A08
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] USER32.dll!UnhookWindowsHookEx + 4 7520ADFD 1 Byte [8B]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] USER32.dll!UnhookWinEvent 7520B750 3 Bytes JMP 002103FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] USER32.dll!UnhookWinEvent + 4 7520B754 1 Byte [8B]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00210804
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 002101F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3676] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00210600
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 000F03FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 000F01F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00110A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 001103FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00110804
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 001101F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00110600
.text C:\Windows\system32\svchost.exe[3800] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[3800] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[3800] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3800] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00160A08
.text C:\Windows\system32\svchost.exe[3800] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 001603FC
.text C:\Windows\system32\svchost.exe[3800] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00160804
.text C:\Windows\system32\svchost.exe[3800] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 001601F8
.text C:\Windows\system32\svchost.exe[3800] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00160600
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 000F03FC
.text C:\Windows\system32\svchost.exe[3812] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 000F01F8
.text C:\Windows\system32\svchost.exe[3812] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3812] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00190A08
.text C:\Windows\system32\svchost.exe[3812] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 001903FC
.text C:\Windows\system32\svchost.exe[3812] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00190804
.text C:\Windows\system32\svchost.exe[3812] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 001901F8
.text C:\Windows\system32\svchost.exe[3812] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00190600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3920] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\Secunia\PSI\sua.exe[3952] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 001003FC
.text C:\Program Files\Secunia\PSI\sua.exe[3952] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 001001F8
.text C:\Program Files\Secunia\PSI\sua.exe[3952] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE[4172] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 001F03FC
.text C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE[4172] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 001F01F8
.text C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE[4172] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE[4172] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE[4172] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 002003FC
.text C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE[4172] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00200804
.text C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE[4172] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 002001F8
.text C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE[4172] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00200600
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4252] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 000803FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4252] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 000801F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4252] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4252] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4252] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 000903FC
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4252] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00090804
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4252] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 000901F8
.text C:\Program Files\Secunia\PSI\psi_tray.exe[4252] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00090600
.text C:\Program Files\PopTray\PopTray.exe[4304] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 001F03FC
.text C:\Program Files\PopTray\PopTray.exe[4304] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 001F01F8
.text C:\Program Files\PopTray\PopTray.exe[4304] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\PopTray\PopTray.exe[4304] user32.dll!UnhookWindowsHookEx 7520ADF9 3 Bytes JMP 00210A08
.text C:\Program Files\PopTray\PopTray.exe[4304] user32.dll!UnhookWindowsHookEx + 4 7520ADFD 1 Byte [8B]
.text C:\Program Files\PopTray\PopTray.exe[4304] user32.dll!UnhookWinEvent 7520B750 3 Bytes JMP 002103FC
.text C:\Program Files\PopTray\PopTray.exe[4304] user32.dll!UnhookWinEvent + 4 7520B754 1 Byte [8B]
.text C:\Program Files\PopTray\PopTray.exe[4304] user32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00210804
.text C:\Program Files\PopTray\PopTray.exe[4304] user32.dll!SetWinEventHook 752124DC 5 Bytes JMP 002101F8
.text C:\Program Files\PopTray\PopTray.exe[4304] user32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00210600
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4656] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 000E03FC
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4656] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 000E01F8
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4656] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4656] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00120A08
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4656] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 001203FC
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4656] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00120804
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4656] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 001201F8
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[4656] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00120600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4764] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 001F03FC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4764] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 001F01F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4764] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4764] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00240A08
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4764] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 002403FC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4764] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00240804
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4764] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 002401F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4764] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00240600
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4892] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 001F03FC
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4892] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 001F01F8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4892] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4892] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00200A08
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4892] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 002003FC
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4892] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00200804
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4892] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 002001F8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4892] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00200600
.text C:\Users\Berthi\Desktop\gmer_2.1.19163.exe[5400] kernel32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[5504] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 001303FC
.text C:\Windows\system32\SearchIndexer.exe[5504] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 001301F8
.text C:\Windows\system32\SearchIndexer.exe[5504] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[5504] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00250A08
.text C:\Windows\system32\SearchIndexer.exe[5504] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 002503FC
.text C:\Windows\system32\SearchIndexer.exe[5504] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00250804
.text C:\Windows\system32\SearchIndexer.exe[5504] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 002501F8
.text C:\Windows\system32\SearchIndexer.exe[5504] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00250600
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5684] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 001F03FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5684] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 001F01F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5684] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5684] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5684] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 002003FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5684] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00200804
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5684] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 002001F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5684] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00200600
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5860] ntdll.dll!LdrUnloadDll 76EAC8DE 5 Bytes JMP 002003FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5860] ntdll.dll!LdrLoadDll 76EB22AE 5 Bytes JMP 002001F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5860] KERNEL32.dll!GetBinaryTypeW + 70 76DD69E4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5860] USER32.dll!UnhookWindowsHookEx 7520ADF9 5 Bytes JMP 00220A08
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5860] USER32.dll!UnhookWinEvent 7520B750 5 Bytes JMP 002203FC
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5860] USER32.dll!SetWindowsHookExW 7520E30C 5 Bytes JMP 00220804
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5860] USER32.dll!SetWinEventHook 752124DC 5 Bytes JMP 002201F8
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[5860] USER32.dll!SetWindowsHookExA 75236D0C 5 Bytes JMP 00220600
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
04.10.2013, 02:17
| #5 |
| /// the machine /// TB-Ausbilder | Schon wieder pup.optional Funde Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.10.2013, 07:17
| #6 |
| | Schon wieder pup.optional Funde Guten Morgen Schrauber Hier die Logs FRST mache ich wieder extra. Das Junkware Tool war ruck zuck fertig. War das O.K. oder hat da was nicht funktioniert? Adw: Code:
ATTFilter # AdwCleaner v3.006 - Bericht erstellt am 04/10/2013 um 07:14:33
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Berthi - BERTHI-PC
# Gestartet von : C:\Users\Berthi\Downloads\adwcleaner(1).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\Berthi\AppData\Roaming\Mozilla\Firefox\Profiles\5eet01au.default\prefs.js ]
[ Datei : C:\Users\Berthi\AppData\Roaming\Mozilla\Firefox\Profiles\p6zmczs1.Standard-Benutzer\prefs.js ]
*************************
AdwCleaner[R10].txt - [1575 octets] - [29/09/2013 11:17:15]
AdwCleaner[R11].txt - [1636 octets] - [30/09/2013 19:39:24]
AdwCleaner[R12].txt - [1697 octets] - [02/10/2013 22:13:25]
AdwCleaner[R13].txt - [1758 octets] - [03/10/2013 17:55:04]
AdwCleaner[R14].txt - [1823 octets] - [04/10/2013 07:13:27]
AdwCleaner[R1].txt - [935 octets] - [20/09/2013 17:15:19]
AdwCleaner[R2].txt - [994 octets] - [20/09/2013 18:57:12]
AdwCleaner[R3].txt - [1775 octets] - [23/09/2013 17:24:21]
AdwCleaner[R4].txt - [1213 octets] - [23/09/2013 17:31:53]
AdwCleaner[R5].txt - [1274 octets] - [26/09/2013 17:44:48]
AdwCleaner[R6].txt - [1334 octets] - [26/09/2013 17:51:26]
AdwCleaner[R7].txt - [1394 octets] - [27/09/2013 16:48:35]
AdwCleaner[R8].txt - [1454 octets] - [27/09/2013 17:26:59]
AdwCleaner[R9].txt - [1514 octets] - [28/09/2013 11:41:46]
AdwCleaner[S0].txt - [1054 octets] - [20/09/2013 18:57:56]
AdwCleaner[S1].txt - [1842 octets] - [23/09/2013 17:26:43]
AdwCleaner[S2].txt - [1743 octets] - [04/10/2013 07:14:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1803 octets] ##########
Code:
ATTFilter Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x86
Ran by Berthi on 04.10.2013 at 7:38:29,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Berthi\AppData\Roaming\mozilla\firefox\profiles\5eet01au.default\prefs.js
user_pref("extensions.greasemonkey.scriptvals.hxxp://swdyh.yu.to//AutoPagerize.cacheInfo", "{\"hxxp://wedata.net/databases/AutoPagerize/items.json\":{\"url\":\"hxxp://wedata.n
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.10.2013 at 7:45:00,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Berthi (administrator) on BERTHI-PC on 04-10-2013 08:04:11
Running from C:\Users\Berthi\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\system32\lxdecoms.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(1&1 Internet AG) C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Renier Crause) C:\Program Files\PopTray\PopTray.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Run: [1&1_1&1 Upload-Manager] - C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE [989264 2011-11-21] (1&1 Internet AG)
MountPoints2: {1ded593a-0f5d-11e3-afa1-806e6f6e6963} - E:\zdata\cobi.exe
MountPoints2: {a5b42469-26a0-11e3-adae-00238b9e33ce} - F:\pushinst.exe
Startup: C:\Users\Berthi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PopTray.lnk
ShortcutTarget: PopTray.lnk -> C:\Program Files\PopTray\PopTray.exe (Renier Crause)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {186B55E9-E01B-4F88-8EEC-A6216AA2803D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {186B55E9-E01B-4F88-8EEC-A6216AA2803D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Berthi\AppData\Roaming\Mozilla\Firefox\Profiles\p6zmczs1.Standard-Benutzer
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [364544 2008-02-25] (AVM Berlin)
R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1830768 2013-09-28] (SurfRight B.V.)
S2 lxdeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [99248 2007-05-29] (Lexmark International, Inc.)
R2 lxde_device; C:\Windows\system32\lxdecoms.exe [598960 2007-05-29] ( )
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S2 TVCapSvc; "C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [x]
S2 TVSched; "C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-11-07] (AVM Berlin)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [401920 2007-12-19] (AVM GmbH)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [14376 2013-09-28] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [144896 2011-11-21] (1&1 Internet AG)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.)
U4 eabfiltr;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-04 07:45 - 2013-10-04 07:45 - 00000950 _____ C:\Users\Berthi\Desktop\JRT.txt
2013-10-04 07:22 - 2013-10-04 07:22 - 01030305 _____ (Thisisu) C:\Users\Berthi\Desktop\JRT.exe
2013-10-04 07:19 - 2013-10-04 07:19 - 00001883 _____ C:\Users\Berthi\Desktop\AdwCleaner[S2].txt
2013-10-04 07:12 - 2013-10-04 07:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner(1).exe
2013-10-03 20:48 - 2013-10-03 20:50 - 00000000 ____D C:\Users\Berthi\Desktop\Neuer Ordner
2013-10-03 20:14 - 2013-10-03 20:14 - 00377856 _____ C:\Users\Berthi\Desktop\gmer_2.1.19163.exe
2013-10-03 20:11 - 2013-10-03 20:11 - 00000000 ____D C:\FRST
2013-10-03 20:08 - 2013-10-03 20:08 - 01087213 _____ (Farbar) C:\Users\Berthi\Desktop\FRST.exe
2013-10-03 20:05 - 2013-10-03 20:06 - 00000474 _____ C:\Users\Berthi\Desktop\defogger_disable.log
2013-10-03 20:05 - 2013-10-03 20:05 - 00000000 _____ C:\Users\Berthi\defogger_reenable
2013-10-03 20:04 - 2013-10-03 20:04 - 00050477 _____ C:\Users\Berthi\Desktop\Defogger.exe
2013-10-03 18:11 - 2013-10-04 07:16 - 00034420 _____ C:\Windows\setupact.log
2013-10-03 18:11 - 2013-10-03 19:50 - 00001724 _____ C:\Windows\PFRO.log
2013-10-03 18:11 - 2013-10-03 18:11 - 00000000 _____ C:\Windows\setuperr.log
2013-10-02 22:12 - 2013-10-02 22:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner.exe
2013-09-29 20:07 - 2013-09-29 20:07 - 00352732 _____ C:\Users\Berthi\AppData\Local\census.cache
2013-09-29 20:06 - 2013-09-29 20:06 - 00162420 _____ C:\Users\Berthi\AppData\Local\ars.cache
2013-09-29 19:32 - 2013-09-29 19:32 - 00000036 _____ C:\Users\Berthi\AppData\Local\housecall.guid.cache
2013-09-28 14:52 - 2013-09-29 11:05 - 00000000 ____D C:\Program Files\HitmanPro.Alert
2013-09-28 14:52 - 2013-09-28 15:03 - 00564312 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-28 14:52 - 2013-09-28 15:03 - 00014376 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-28 14:52 - 2013-09-28 14:52 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-27 17:20 - 2013-09-27 17:23 - 00000000 ____D C:\Users\Berthi\AppData\Local\Folderico
2013-09-27 17:20 - 2013-09-27 17:22 - 00000000 ____D C:\ProgramData\Folderico
2013-09-27 17:20 - 2013-09-27 17:20 - 00000000 ____D C:\Program Files\Folderico
2013-09-27 17:16 - 2013-09-27 17:16 - 04325545 _____ C:\Users\Berthi\Downloads\Shedko_Folderico_4.0_RC12.zip
2013-09-27 14:19 - 2013-09-27 14:19 - 00000659 _____ C:\Users\Berthi\Desktop\BIBLIOTHEKEN.lnk
2013-09-26 17:36 - 2013-09-26 17:36 - 04369632 _____ (Piriform Ltd) C:\Users\Berthi\Downloads\ccsetup406.exe
2013-09-26 14:52 - 2013-10-03 19:49 - 00000000 ____D C:\Windows\AVM_Driver
2013-09-26 14:52 - 2013-09-26 14:52 - 00000000 ____D C:\Program Files\avmwlanstick
2013-09-26 14:52 - 2007-12-19 01:00 - 00401920 _____ (AVM GmbH) C:\Windows\system32\Drivers\fwlanusbn.sys
2013-09-26 14:52 - 2007-12-19 01:00 - 00077824 _____ (AVM Berlin) C:\Windows\system32\fwusbnci.dll
2013-09-26 14:52 - 2007-12-19 01:00 - 00015573 _____ C:\Windows\system32\Drivers\fwlanusbn.bin
2013-09-26 14:52 - 2007-11-07 02:00 - 00004352 _____ (AVM Berlin) C:\Windows\system32\Drivers\avmeject.sys
2013-09-26 14:51 - 2013-09-26 14:51 - 00000000 ____D C:\Users\Berthi\AVM_Driver
2013-09-24 16:18 - 2013-09-24 16:18 - 00000000 ____D C:\ProgramData\muvee Technologies
2013-09-24 16:17 - 2013-09-24 16:26 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\muvee Technologies
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ___HD C:\Users\Berthi\Documents\ShadowEditFiles
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ____D C:\Users\Berthi\Documents\CyberLink
2013-09-23 17:04 - 2013-09-23 17:06 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Advanced
2013-09-23 17:04 - 2013-09-23 17:04 - 00000000 ____D C:\Program Files\Shark007
2013-09-23 17:04 - 2013-04-05 21:26 - 01679360 _____ C:\Windows\system32\ac3filter.acm.new
2013-09-23 17:01 - 2013-09-23 17:06 - 00000000 ____D C:\ProgramData\Advanced
2013-09-23 16:55 - 2013-09-23 16:55 - 29359276 _____ C:\Users\Berthi\Downloads\32bit_Advanced_v426.exe
2013-09-22 17:57 - 2013-09-22 17:57 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(2).exe
2013-09-20 10:14 - 2013-09-20 10:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-19 17:13 - 2013-09-19 17:13 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(1).exe
2013-09-19 15:46 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-19 15:46 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-19 15:46 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-19 15:33 - 2013-09-19 15:34 - 131918888 _____ C:\Users\Berthi\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-18 15:07 - 2013-09-18 15:07 - 00000622 _____ C:\Users\Berthi\Downloads\Verknuepfungspfeile-aus-und-einblenden.zip
2013-09-18 14:47 - 2013-09-18 14:58 - 00000290 _____ C:\siw_debug.txt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000985 _____ C:\Users\Berthi\Desktop\SIW Home Edition.lnk
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Users\Berthi\AppData\Local\CrashRpt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Program Files\SIW 2013 Home Edition
2013-09-18 14:43 - 2013-09-18 14:44 - 04524952 _____ (Topala Software Solutions ) C:\Users\Berthi\Downloads\siw13-setup.exe
2013-09-18 14:35 - 2013-09-18 14:41 - 00000000 ____D C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run
2013-09-18 14:31 - 2013-09-18 14:31 - 00211231 _____ C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run.zip
2013-09-18 14:03 - 2013-09-18 14:03 - 03211912 _____ (Hewlett-Packard Company ) C:\Users\Berthi\Downloads\sp50677.exe
2013-09-18 13:46 - 2013-09-18 13:46 - 00000000 ____D C:\Program Files\HP
2013-09-17 13:43 - 2013-09-17 13:43 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Berthi\AppData\Local\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\ProgramData\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Program Files\1&1
2013-09-17 13:39 - 2011-11-21 12:52 - 00144896 _____ (1&1 Internet AG) C:\Windows\system32\Drivers\ui11rdr.SYS
2013-09-17 13:39 - 2011-11-21 12:52 - 00007680 _____ (1&1 Internet AG) C:\Windows\system32\ui11np.dll
2013-09-17 13:37 - 2013-09-17 13:37 - 03429160 _____ (1&1 Internet AG) C:\Users\Berthi\Downloads\1und1_smartdrive_uploadmanager.exe
2013-09-15 13:16 - 2013-09-15 13:17 - 05893103 _____ C:\Users\Berthi\Downloads\geoeffnete-ordner-unter-windows-7-anders-kennz.zip
2013-09-11 21:49 - 2013-09-11 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-11 21:49 - 2013-09-11 21:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-11 21:47 - 2013-09-11 21:47 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(2).exe
2013-09-11 21:38 - 2013-09-11 21:44 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(1).exe
2013-09-11 20:41 - 2013-09-11 21:49 - 00000000 ____D C:\ProgramData\Oracle
2013-09-11 20:37 - 2013-09-11 20:38 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw.exe
2013-09-11 14:37 - 2013-09-11 14:37 - 00000000 ____D C:\Users\Berthi\Documents\Sony Ericsson
2013-09-11 14:26 - 2013-09-11 14:26 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony Ericsson
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\ProgramData\BVRP Software
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\Program Files\Avanquest update
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\InstallShield
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-09-11 14:15 - 2008-05-16 06:33 - 00120744 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mdm.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00115752 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016unic.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00114216 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mgmt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00110632 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016obex.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00089256 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016bus.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00025512 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016nd5.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00015016 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mdfl.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016whnt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016wh.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cmnt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cm.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00010792 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cr.sys
2013-09-11 11:05 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 11:05 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 11:05 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 11:04 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 11:04 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 11:04 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 11:04 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 11:04 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 11:00 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 10:59 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 10:59 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 10:59 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 10:59 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 10:59 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 10:59 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 10:59 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 15:06 - 2013-09-10 15:06 - 01380160 _____ (MPC-HC Team) C:\Windows\system32\VSFilter.dll
2013-09-09 22:51 - 2013-09-09 22:51 - 45984520 _____ C:\Users\Berthi\Downloads\sonyericssonpcsuite2.10.46.exe
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Podcasts
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Documents\Media Go
2013-09-09 22:41 - 2013-09-09 22:59 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2013-09-09 22:41 - 2013-09-09 22:43 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Downloaded Installations
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-09-09 22:40 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-09-09 22:39 - 2013-09-09 22:44 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Sony
2013-09-09 22:39 - 2013-09-09 22:41 - 00000000 ____D C:\Program Files\Sony Media Go Install
2013-09-09 22:38 - 2013-09-09 22:38 - 104753864 _____ (Sony Network Entertainment International LLC) C:\Users\Berthi\Downloads\mediago_setup.exe
2013-09-09 22:13 - 2013-09-27 17:28 - 00000000 ___RD C:\Users\Berthi\Documents\E I G E N E D A T E E N
2013-09-09 21:31 - 2013-10-03 19:55 - 00000000 ____D C:\Users\Berthi\Documents\Scribble Papers
2013-09-09 21:31 - 2013-09-09 21:31 - 00000000 ____D C:\Program Files\Scribble Papers
2013-09-09 21:29 - 2013-09-09 21:29 - 01192802 _____ (Jens Hoetger ) C:\Users\Berthi\Downloads\SPSetup.exe
2013-09-08 11:28 - 2013-10-02 17:48 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\TV-Browser
2013-09-08 11:28 - 2013-09-08 11:28 - 00001822 _____ C:\Users\Public\Desktop\TV-Browser.lnk
2013-09-08 11:28 - 2013-09-08 11:28 - 00000000 ____D C:\Program Files\TV-Browser
2013-09-08 11:24 - 2013-09-08 11:24 - 07051757 _____ C:\Users\Berthi\Downloads\tvbrowser_3.3.2_win32.exe
2013-09-08 10:57 - 2013-09-08 10:57 - 00000000 ____D C:\Users\Berthi\AppData\Local\Microsoft Games
2013-09-06 23:30 - 2013-09-24 16:21 - 00004608 _____ C:\Users\Berthi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Users\Berthi\AppData\Local\TomTom
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\MyTomTom 3
2013-09-06 23:16 - 2013-09-06 23:16 - 06701152 _____ (TomTom International B.V.) C:\Users\Berthi\Downloads\InstallMyTomTomSA.exe
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ___RD C:\Program Files\Skype
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-09-06 23:00 - 2013-09-06 23:01 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Berthi\Downloads\SkypeSetup.exe
2013-09-06 22:59 - 2013-09-06 22:59 - 00000056 ____H C:\ProgramData\ezsidmv.dat
2013-09-06 22:59 - 2013-09-06 22:59 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\skypePM
2013-09-06 22:45 - 2013-10-04 07:02 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Skype
2013-09-06 22:44 - 2013-09-06 23:02 - 00000000 ____D C:\ProgramData\Skype
2013-09-06 22:29 - 2013-09-24 16:13 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\CyberLink
2013-09-06 22:29 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-06 22:26 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
==================== One Month Modified Files and Folders =======
2013-10-04 07:53 - 2013-08-27 23:58 - 01914103 _____ C:\Windows\WindowsUpdate.log
2013-10-04 07:47 - 2013-09-01 14:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 07:45 - 2013-10-04 07:45 - 00000950 _____ C:\Users\Berthi\Desktop\JRT.txt
2013-10-04 07:24 - 2013-08-27 23:13 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 07:24 - 2013-08-27 23:13 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 07:22 - 2013-10-04 07:22 - 01030305 _____ (Thisisu) C:\Users\Berthi\Desktop\JRT.exe
2013-10-04 07:19 - 2013-10-04 07:19 - 00001883 _____ C:\Users\Berthi\Desktop\AdwCleaner[S2].txt
2013-10-04 07:18 - 2013-09-03 18:04 - 00000000 ____D C:\Users\Berthi\.rainlendar2
2013-10-04 07:17 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-04 07:16 - 2013-10-03 18:11 - 00034420 _____ C:\Windows\setupact.log
2013-10-04 07:15 - 2013-09-03 20:11 - 00000000 ____D C:\AdwCleaner
2013-10-04 07:12 - 2013-10-04 07:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner(1).exe
2013-10-04 07:02 - 2013-09-06 22:45 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Skype
2013-10-03 20:50 - 2013-10-03 20:48 - 00000000 ____D C:\Users\Berthi\Desktop\Neuer Ordner
2013-10-03 20:14 - 2013-10-03 20:14 - 00377856 _____ C:\Users\Berthi\Desktop\gmer_2.1.19163.exe
2013-10-03 20:11 - 2013-10-03 20:11 - 00000000 ____D C:\FRST
2013-10-03 20:08 - 2013-10-03 20:08 - 01087213 _____ (Farbar) C:\Users\Berthi\Desktop\FRST.exe
2013-10-03 20:06 - 2013-10-03 20:05 - 00000474 _____ C:\Users\Berthi\Desktop\defogger_disable.log
2013-10-03 20:05 - 2013-10-03 20:05 - 00000000 _____ C:\Users\Berthi\defogger_reenable
2013-10-03 20:05 - 2013-08-27 23:17 - 00000000 ____D C:\Users\Berthi
2013-10-03 20:04 - 2013-10-03 20:04 - 00050477 _____ C:\Users\Berthi\Desktop\Defogger.exe
2013-10-03 19:55 - 2013-09-09 21:31 - 00000000 ____D C:\Users\Berthi\Documents\Scribble Papers
2013-10-03 19:50 - 2013-10-03 18:11 - 00001724 _____ C:\Windows\PFRO.log
2013-10-03 19:49 - 2013-09-26 14:52 - 00000000 ____D C:\Windows\AVM_Driver
2013-10-03 18:11 - 2013-10-03 18:11 - 00000000 _____ C:\Windows\setuperr.log
2013-10-03 18:10 - 2013-08-28 15:34 - 00000000 ____D C:\Windows\pss
2013-10-02 22:12 - 2013-10-02 22:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner.exe
2013-10-02 17:48 - 2013-09-08 11:28 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\TV-Browser
2013-10-02 17:45 - 2013-09-03 15:59 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-10-02 15:37 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-10-02 15:10 - 2009-07-14 06:53 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-01 12:24 - 2013-08-28 00:12 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-30 15:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-09-30 13:32 - 2013-08-28 14:26 - 00000000 ___RD C:\Users\Berthi\Desktop\S I C H E R H E I T
2013-09-29 20:21 - 2013-09-01 13:39 - 00000000 ____D C:\Users\Berthi\SecurityScans
2013-09-29 20:07 - 2013-09-29 20:07 - 00352732 _____ C:\Users\Berthi\AppData\Local\census.cache
2013-09-29 20:06 - 2013-09-29 20:06 - 00162420 _____ C:\Users\Berthi\AppData\Local\ars.cache
2013-09-29 19:32 - 2013-09-29 19:32 - 00000036 _____ C:\Users\Berthi\AppData\Local\housecall.guid.cache
2013-09-29 11:05 - 2013-09-28 14:52 - 00000000 ____D C:\Program Files\HitmanPro.Alert
2013-09-28 15:03 - 2013-09-28 14:52 - 00564312 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-28 15:03 - 2013-09-28 14:52 - 00014376 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-28 14:52 - 2013-09-28 14:52 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-27 17:28 - 2013-09-09 22:13 - 00000000 ___RD C:\Users\Berthi\Documents\E I G E N E D A T E E N
2013-09-27 17:23 - 2013-09-27 17:20 - 00000000 ____D C:\Users\Berthi\AppData\Local\Folderico
2013-09-27 17:22 - 2013-09-27 17:20 - 00000000 ____D C:\ProgramData\Folderico
2013-09-27 17:20 - 2013-09-27 17:20 - 00000000 ____D C:\Program Files\Folderico
2013-09-27 17:16 - 2013-09-27 17:16 - 04325545 _____ C:\Users\Berthi\Downloads\Shedko_Folderico_4.0_RC12.zip
2013-09-27 14:19 - 2013-09-27 14:19 - 00000659 _____ C:\Users\Berthi\Desktop\BIBLIOTHEKEN.lnk
2013-09-26 17:38 - 2013-08-28 10:51 - 00000000 ____D C:\Program Files\CCleaner
2013-09-26 17:36 - 2013-09-26 17:36 - 04369632 _____ (Piriform Ltd) C:\Users\Berthi\Downloads\ccsetup406.exe
2013-09-26 14:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-26 14:52 - 2013-09-26 14:52 - 00000000 ____D C:\Program Files\avmwlanstick
2013-09-26 14:51 - 2013-09-26 14:51 - 00000000 ____D C:\Users\Berthi\AVM_Driver
2013-09-24 16:57 - 2009-07-14 09:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-24 16:31 - 2013-09-01 17:13 - 00000000 ___RD C:\Users\Berthi\Desktop\BILDBEARBEITUNG
2013-09-24 16:31 - 2013-08-28 14:25 - 00000000 ___RD C:\Users\Berthi\Desktop\M E D I A
2013-09-24 16:26 - 2013-09-24 16:17 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\muvee Technologies
2013-09-24 16:21 - 2013-09-06 23:30 - 00004608 _____ C:\Users\Berthi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-24 16:18 - 2013-09-24 16:18 - 00000000 ____D C:\ProgramData\muvee Technologies
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ___HD C:\Users\Berthi\Documents\ShadowEditFiles
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ____D C:\Users\Berthi\Documents\CyberLink
2013-09-24 16:13 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\CyberLink
2013-09-23 17:06 - 2013-09-23 17:04 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Advanced
2013-09-23 17:06 - 2013-09-23 17:01 - 00000000 ____D C:\ProgramData\Advanced
2013-09-23 17:04 - 2013-09-23 17:04 - 00000000 ____D C:\Program Files\Shark007
2013-09-23 16:55 - 2013-09-23 16:55 - 29359276 _____ C:\Users\Berthi\Downloads\32bit_Advanced_v426.exe
2013-09-22 17:59 - 2013-09-01 20:59 - 00000000 ____D C:\Program Files\7-Zip
2013-09-22 17:57 - 2013-09-22 17:57 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(2).exe
2013-09-22 17:33 - 2009-08-07 00:05 - 00000000 ____D C:\Windows\system32\it
2013-09-22 17:33 - 2009-08-06 23:58 - 00000000 ____D C:\Windows\system32\de
2013-09-22 17:33 - 2009-08-06 23:51 - 00000000 ____D C:\Windows\system32\fr
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-09-21 14:25 - 2013-08-28 17:30 - 00000000 ____D C:\Users\Berthi\AppData\Local\Windows Live
2013-09-20 18:47 - 2013-09-01 14:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 18:47 - 2013-09-01 14:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 12:15 - 2013-09-01 12:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-20 10:15 - 2013-08-31 23:28 - 00000000 ____D C:\Users\Berthi\AppData\Local\Mozilla
2013-09-20 10:14 - 2013-09-20 10:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-20 10:13 - 2013-08-28 22:33 - 00000000 ____D C:\Users\Berthi\AppData\Local\FRITZ!
2013-09-19 17:13 - 2013-09-19 17:13 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(1).exe
2013-09-19 15:46 - 2013-09-03 16:47 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-19 15:46 - 2013-09-03 16:46 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-19 15:34 - 2013-09-19 15:33 - 131918888 _____ C:\Users\Berthi\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-18 18:15 - 2013-08-27 22:18 - 00000000 ____D C:\Users\Berthi\AppData\Local\VirtualStore
2013-09-18 15:07 - 2013-09-18 15:07 - 00000622 _____ C:\Users\Berthi\Downloads\Verknuepfungspfeile-aus-und-einblenden.zip
2013-09-18 14:58 - 2013-09-18 14:47 - 00000290 _____ C:\siw_debug.txt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000985 _____ C:\Users\Berthi\Desktop\SIW Home Edition.lnk
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Users\Berthi\AppData\Local\CrashRpt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Program Files\SIW 2013 Home Edition
2013-09-18 14:44 - 2013-09-18 14:43 - 04524952 _____ (Topala Software Solutions ) C:\Users\Berthi\Downloads\siw13-setup.exe
2013-09-18 14:41 - 2013-09-18 14:35 - 00000000 ____D C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run
2013-09-18 14:31 - 2013-09-18 14:31 - 00211231 _____ C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run.zip
2013-09-18 14:15 - 2013-08-28 20:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Windows Live Writer
2013-09-18 14:03 - 2013-09-18 14:03 - 03211912 _____ (Hewlett-Packard Company ) C:\Users\Berthi\Downloads\sp50677.exe
2013-09-18 13:46 - 2013-09-18 13:46 - 00000000 ____D C:\Program Files\HP
2013-09-18 11:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-17 15:53 - 2013-09-01 12:43 - 00000000 ___RD C:\Users\Berthi\Desktop\Kalender
2013-09-17 13:43 - 2013-09-17 13:43 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Berthi\AppData\Local\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\ProgramData\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Program Files\1&1
2013-09-17 13:37 - 2013-09-17 13:37 - 03429160 _____ (1&1 Internet AG) C:\Users\Berthi\Downloads\1und1_smartdrive_uploadmanager.exe
2013-09-17 13:17 - 2013-09-03 17:12 - 00000000 ___RD C:\Users\Berthi\Desktop\KÖ!!!
2013-09-15 13:17 - 2013-09-15 13:16 - 05893103 _____ C:\Users\Berthi\Downloads\geoeffnete-ordner-unter-windows-7-anders-kennz.zip
2013-09-11 22:55 - 2009-02-21 07:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 21:49 - 2013-09-11 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-11 21:49 - 2013-09-11 21:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-11 21:49 - 2013-09-11 20:41 - 00000000 ____D C:\ProgramData\Oracle
2013-09-11 21:49 - 2013-08-28 00:20 - 00868264 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-11 21:49 - 2013-08-28 00:20 - 00790440 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-11 21:49 - 2013-08-28 00:20 - 00000000 ____D C:\Program Files\Java
2013-09-11 21:47 - 2013-09-11 21:47 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(2).exe
2013-09-11 21:44 - 2013-09-11 21:38 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(1).exe
2013-09-11 21:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-11 21:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-11 20:38 - 2013-09-11 20:37 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw.exe
2013-09-11 17:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-11 14:37 - 2013-09-11 14:37 - 00000000 ____D C:\Users\Berthi\Documents\Sony Ericsson
2013-09-11 14:26 - 2013-09-11 14:26 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony Ericsson
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\ProgramData\BVRP Software
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\Program Files\Avanquest update
2013-09-11 14:16 - 2009-02-21 06:54 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\InstallShield
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-09-11 11:10 - 2009-07-14 06:33 - 00348704 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 11:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-11 11:03 - 2013-08-28 03:31 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 11:00 - 2013-08-28 03:31 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 15:06 - 2013-09-10 15:06 - 01380160 _____ (MPC-HC Team) C:\Windows\system32\VSFilter.dll
2013-09-09 22:59 - 2013-09-09 22:41 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2013-09-09 22:51 - 2013-09-09 22:51 - 45984520 _____ C:\Users\Berthi\Downloads\sonyericssonpcsuite2.10.46.exe
2013-09-09 22:44 - 2013-09-09 22:39 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Sony
2013-09-09 22:43 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Podcasts
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Documents\Media Go
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Downloaded Installations
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-09-09 22:41 - 2013-09-09 22:39 - 00000000 ____D C:\Program Files\Sony Media Go Install
2013-09-09 22:38 - 2013-09-09 22:38 - 104753864 _____ (Sony Network Entertainment International LLC) C:\Users\Berthi\Downloads\mediago_setup.exe
2013-09-09 21:31 - 2013-09-09 21:31 - 00000000 ____D C:\Program Files\Scribble Papers
2013-09-09 21:29 - 2013-09-09 21:29 - 01192802 _____ (Jens Hoetger ) C:\Users\Berthi\Downloads\SPSetup.exe
2013-09-08 11:28 - 2013-09-08 11:28 - 00001822 _____ C:\Users\Public\Desktop\TV-Browser.lnk
2013-09-08 11:28 - 2013-09-08 11:28 - 00000000 ____D C:\Program Files\TV-Browser
2013-09-08 11:24 - 2013-09-08 11:24 - 07051757 _____ C:\Users\Berthi\Downloads\tvbrowser_3.3.2_win32.exe
2013-09-08 10:57 - 2013-09-08 10:57 - 00000000 ____D C:\Users\Berthi\AppData\Local\Microsoft Games
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Users\Berthi\AppData\Local\TomTom
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\MyTomTom 3
2013-09-06 23:16 - 2013-09-06 23:16 - 06701152 _____ (TomTom International B.V.) C:\Users\Berthi\Downloads\InstallMyTomTomSA.exe
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ___RD C:\Program Files\Skype
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-09-06 23:02 - 2013-09-06 22:44 - 00000000 ____D C:\ProgramData\Skype
2013-09-06 23:01 - 2013-09-06 23:00 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Berthi\Downloads\SkypeSetup.exe
2013-09-06 22:59 - 2013-09-06 22:59 - 00000056 ____H C:\ProgramData\ezsidmv.dat
2013-09-06 22:59 - 2013-09-06 22:59 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\skypePM
2013-09-06 22:29 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-06 22:29 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-06 22:29 - 2009-02-21 08:00 - 00000000 ____D C:\ProgramData\CyberLink
2013-09-06 22:28 - 2013-08-28 02:24 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-09-05 23:11 - 2013-08-28 00:29 - 00000000 ____D C:\Windows\Driver Cache
2013-09-05 22:58 - 2013-09-03 15:53 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\WinPatrol
2013-09-04 23:20 - 2012-08-16 17:01 - 00000000 ____D C:\Users\Berthi\Desktop\Rezepte
Some content of TEMP:
====================
C:\Users\Berthi\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-01 15:36
==================== End Of Log ============================
--- --- --- |
|
04.10.2013, 14:47
| #7 |
| /// the machine /// TB-Ausbilder | Schon wieder pup.optional FundeESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.10.2013, 21:13
| #8 |
| | Schon wieder pup.optional Funde ESET LOG: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=875f10902d287545904d26100c053a7b
# engine=15359
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-04 07:54:44
# local_time=2013-10-04 09:54:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 88 195457 157626356 0 0
# compatibility_mode=5893 16776574 100 94 534891 132547675 0 0
# scanned=136364
# found=0
# cleaned=0
# scan_time=18224
Code:
ATTFilter Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` WinPatrol SpywareBlaster 5.0 Secunia PSI (3.0.0.7011) Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Java 7 Update 40 Java version out of Date! Adobe Flash Player 11.8.800.168 Adobe Reader XI Mozilla Firefox (24.0) ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Berthi (administrator) on BERTHI-PC on 04-10-2013 22:11:04
Running from C:\Users\Berthi\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro.Alert\hmpalert.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WlanNetService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\system32\lxdecoms.exe
() C:\Program Files\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(1&1 Internet AG) C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Renier Crause) C:\Program Files\PopTray\PopTray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKCU\...\Run: [Rainlendar2] - C:\Program Files\Rainlendar2\Rainlendar2.exe [2598496 2013-03-10] ()
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20684656 2013-07-25] (Skype Technologies S.A.)
HKCU\...\Run: [1&1_1&1 Upload-Manager] - C:\Program Files\1&1\1&1 Upload-Manager\DAVSRV.EXE [989264 2011-11-21] (1&1 Internet AG)
MountPoints2: {1ded593a-0f5d-11e3-afa1-806e6f6e6963} - E:\zdata\cobi.exe
MountPoints2: {a5b42469-26a0-11e3-adae-00238b9e33ce} - F:\pushinst.exe
Startup: C:\Users\Berthi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PopTray.lnk
ShortcutTarget: PopTray.lnk -> C:\Program Files\PopTray\PopTray.exe (Renier Crause)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {186B55E9-E01B-4F88-8EEC-A6216AA2803D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {186B55E9-E01B-4F88-8EEC-A6216AA2803D} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Berthi\AppData\Roaming\Mozilla\Firefox\Profiles\p6zmczs1.Standard-Benutzer
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [364544 2008-02-25] (AVM Berlin)
R2 hmpalertsvc; C:\Program Files\HitmanPro.Alert\hmpalert.exe [1830768 2013-09-28] (SurfRight B.V.)
S2 lxdeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [99248 2007-05-29] (Lexmark International, Inc.)
R2 lxde_device; C:\Windows\system32\lxdecoms.exe [598960 2007-05-29] ( )
R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-17] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
S2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe [229458 2010-03-23] (IDT, Inc.)
S2 TVCapSvc; "C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [x]
S2 TVSched; "C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177864 2013-08-30] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-11-07] (AVM Berlin)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 fwlanusbn; C:\Windows\System32\DRIVERS\fwlanusbn.sys [401920 2007-12-19] (AVM GmbH)
R2 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [14376 2013-09-28] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-07-03] (Secunia)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [144896 2011-11-21] (1&1 Internet AG)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-28] (CyberLink Corp.)
U4 eabfiltr;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-04 16:46 - 2013-10-04 16:46 - 00891144 _____ C:\Users\Berthi\Desktop\SecurityCheck.exe
2013-10-04 16:44 - 2013-10-04 16:44 - 02347384 _____ (ESET) C:\Users\Berthi\Desktop\esetsmartinstaller_enu.exe
2013-10-04 07:45 - 2013-10-04 07:45 - 00000950 _____ C:\Users\Berthi\Desktop\JRT.txt
2013-10-04 07:22 - 2013-10-04 07:22 - 01030305 _____ (Thisisu) C:\Users\Berthi\Desktop\JRT.exe
2013-10-04 07:19 - 2013-10-04 07:19 - 00001883 _____ C:\Users\Berthi\Desktop\AdwCleaner[S2].txt
2013-10-04 07:12 - 2013-10-04 07:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner(1).exe
2013-10-03 20:48 - 2013-10-03 20:50 - 00000000 ____D C:\Users\Berthi\Desktop\Neuer Ordner
2013-10-03 20:14 - 2013-10-03 20:14 - 00377856 _____ C:\Users\Berthi\Desktop\gmer_2.1.19163.exe
2013-10-03 20:11 - 2013-10-03 20:11 - 00000000 ____D C:\FRST
2013-10-03 20:08 - 2013-10-03 20:08 - 01087213 _____ (Farbar) C:\Users\Berthi\Desktop\FRST.exe
2013-10-03 20:05 - 2013-10-03 20:06 - 00000474 _____ C:\Users\Berthi\Desktop\defogger_disable.log
2013-10-03 20:05 - 2013-10-03 20:05 - 00000000 _____ C:\Users\Berthi\defogger_reenable
2013-10-03 20:04 - 2013-10-03 20:04 - 00050477 _____ C:\Users\Berthi\Desktop\Defogger.exe
2013-10-03 18:11 - 2013-10-04 14:20 - 00049492 _____ C:\Windows\setupact.log
2013-10-03 18:11 - 2013-10-03 19:50 - 00001724 _____ C:\Windows\PFRO.log
2013-10-03 18:11 - 2013-10-03 18:11 - 00000000 _____ C:\Windows\setuperr.log
2013-10-02 22:12 - 2013-10-02 22:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner.exe
2013-09-29 20:07 - 2013-09-29 20:07 - 00352732 _____ C:\Users\Berthi\AppData\Local\census.cache
2013-09-29 20:06 - 2013-09-29 20:06 - 00162420 _____ C:\Users\Berthi\AppData\Local\ars.cache
2013-09-29 19:32 - 2013-09-29 19:32 - 00000036 _____ C:\Users\Berthi\AppData\Local\housecall.guid.cache
2013-09-28 14:52 - 2013-09-29 11:05 - 00000000 ____D C:\Program Files\HitmanPro.Alert
2013-09-28 14:52 - 2013-09-28 15:03 - 00564312 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-28 14:52 - 2013-09-28 15:03 - 00014376 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-28 14:52 - 2013-09-28 14:52 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-27 17:20 - 2013-09-27 17:23 - 00000000 ____D C:\Users\Berthi\AppData\Local\Folderico
2013-09-27 17:20 - 2013-09-27 17:22 - 00000000 ____D C:\ProgramData\Folderico
2013-09-27 17:20 - 2013-09-27 17:20 - 00000000 ____D C:\Program Files\Folderico
2013-09-27 17:16 - 2013-09-27 17:16 - 04325545 _____ C:\Users\Berthi\Downloads\Shedko_Folderico_4.0_RC12.zip
2013-09-27 14:19 - 2013-09-27 14:19 - 00000659 _____ C:\Users\Berthi\Desktop\BIBLIOTHEKEN.lnk
2013-09-26 17:36 - 2013-09-26 17:36 - 04369632 _____ (Piriform Ltd) C:\Users\Berthi\Downloads\ccsetup406.exe
2013-09-26 14:52 - 2013-10-03 19:49 - 00000000 ____D C:\Windows\AVM_Driver
2013-09-26 14:52 - 2013-09-26 14:52 - 00000000 ____D C:\Program Files\avmwlanstick
2013-09-26 14:52 - 2007-12-19 01:00 - 00401920 _____ (AVM GmbH) C:\Windows\system32\Drivers\fwlanusbn.sys
2013-09-26 14:52 - 2007-12-19 01:00 - 00077824 _____ (AVM Berlin) C:\Windows\system32\fwusbnci.dll
2013-09-26 14:52 - 2007-12-19 01:00 - 00015573 _____ C:\Windows\system32\Drivers\fwlanusbn.bin
2013-09-26 14:52 - 2007-11-07 02:00 - 00004352 _____ (AVM Berlin) C:\Windows\system32\Drivers\avmeject.sys
2013-09-26 14:51 - 2013-09-26 14:51 - 00000000 ____D C:\Users\Berthi\AVM_Driver
2013-09-24 16:18 - 2013-09-24 16:18 - 00000000 ____D C:\ProgramData\muvee Technologies
2013-09-24 16:17 - 2013-09-24 16:26 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\muvee Technologies
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ___HD C:\Users\Berthi\Documents\ShadowEditFiles
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ____D C:\Users\Berthi\Documents\CyberLink
2013-09-23 17:04 - 2013-09-23 17:06 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Advanced
2013-09-23 17:04 - 2013-09-23 17:04 - 00000000 ____D C:\Program Files\Shark007
2013-09-23 17:04 - 2013-04-05 21:26 - 01679360 _____ C:\Windows\system32\ac3filter.acm.new
2013-09-23 17:01 - 2013-09-23 17:06 - 00000000 ____D C:\ProgramData\Advanced
2013-09-23 16:55 - 2013-09-23 16:55 - 29359276 _____ C:\Users\Berthi\Downloads\32bit_Advanced_v426.exe
2013-09-22 17:57 - 2013-09-22 17:57 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(2).exe
2013-09-20 10:14 - 2013-09-20 10:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-19 17:13 - 2013-09-19 17:13 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(1).exe
2013-09-19 15:46 - 2013-08-30 09:48 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00177864 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-09-19 15:46 - 2013-08-30 09:48 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-09-19 15:46 - 2013-08-30 09:47 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-09-19 15:46 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-09-19 15:33 - 2013-09-19 15:34 - 131918888 _____ C:\Users\Berthi\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-18 15:07 - 2013-09-18 15:07 - 00000622 _____ C:\Users\Berthi\Downloads\Verknuepfungspfeile-aus-und-einblenden.zip
2013-09-18 14:47 - 2013-09-18 14:58 - 00000290 _____ C:\siw_debug.txt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000985 _____ C:\Users\Berthi\Desktop\SIW Home Edition.lnk
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Users\Berthi\AppData\Local\CrashRpt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Program Files\SIW 2013 Home Edition
2013-09-18 14:43 - 2013-09-18 14:44 - 04524952 _____ (Topala Software Solutions ) C:\Users\Berthi\Downloads\siw13-setup.exe
2013-09-18 14:35 - 2013-09-18 14:41 - 00000000 ____D C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run
2013-09-18 14:31 - 2013-09-18 14:31 - 00211231 _____ C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run.zip
2013-09-18 14:03 - 2013-09-18 14:03 - 03211912 _____ (Hewlett-Packard Company ) C:\Users\Berthi\Downloads\sp50677.exe
2013-09-18 13:46 - 2013-09-18 13:46 - 00000000 ____D C:\Program Files\HP
2013-09-17 13:43 - 2013-09-17 13:43 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Berthi\AppData\Local\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\ProgramData\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Program Files\1&1
2013-09-17 13:39 - 2011-11-21 12:52 - 00144896 _____ (1&1 Internet AG) C:\Windows\system32\Drivers\ui11rdr.SYS
2013-09-17 13:39 - 2011-11-21 12:52 - 00007680 _____ (1&1 Internet AG) C:\Windows\system32\ui11np.dll
2013-09-17 13:37 - 2013-09-17 13:37 - 03429160 _____ (1&1 Internet AG) C:\Users\Berthi\Downloads\1und1_smartdrive_uploadmanager.exe
2013-09-15 13:16 - 2013-09-15 13:17 - 05893103 _____ C:\Users\Berthi\Downloads\geoeffnete-ordner-unter-windows-7-anders-kennz.zip
2013-09-11 21:49 - 2013-09-11 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-11 21:49 - 2013-09-11 21:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-11 21:47 - 2013-09-11 21:47 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(2).exe
2013-09-11 21:38 - 2013-09-11 21:44 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(1).exe
2013-09-11 20:41 - 2013-09-11 21:49 - 00000000 ____D C:\ProgramData\Oracle
2013-09-11 20:37 - 2013-09-11 20:38 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw.exe
2013-09-11 14:37 - 2013-09-11 14:37 - 00000000 ____D C:\Users\Berthi\Documents\Sony Ericsson
2013-09-11 14:26 - 2013-09-11 14:26 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony Ericsson
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\ProgramData\BVRP Software
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\Program Files\Avanquest update
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\InstallShield
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-09-11 14:15 - 2008-05-16 06:33 - 00120744 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mdm.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00115752 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016unic.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00114216 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mgmt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00110632 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016obex.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00089256 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016bus.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00025512 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016nd5.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00015016 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016mdfl.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016whnt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016wh.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cmnt.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00012200 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cm.sys
2013-09-11 14:15 - 2008-05-16 06:33 - 00010792 _____ (MCCI Corporation) C:\Windows\system32\Drivers\s0016cr.sys
2013-09-11 11:05 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 11:05 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 11:05 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 11:04 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 11:04 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 11:04 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 11:04 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 11:04 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 11:04 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 11:00 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 10:59 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 10:59 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 10:59 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 10:59 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 10:59 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 10:59 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 10:59 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 10:59 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 15:06 - 2013-09-10 15:06 - 01380160 _____ (MPC-HC Team) C:\Windows\system32\VSFilter.dll
2013-09-09 22:51 - 2013-09-09 22:51 - 45984520 _____ C:\Users\Berthi\Downloads\sonyericssonpcsuite2.10.46.exe
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Podcasts
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Documents\Media Go
2013-09-09 22:41 - 2013-09-09 22:59 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2013-09-09 22:41 - 2013-09-09 22:43 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Downloaded Installations
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-09-09 22:40 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-09-09 22:39 - 2013-09-09 22:44 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Sony
2013-09-09 22:39 - 2013-09-09 22:41 - 00000000 ____D C:\Program Files\Sony Media Go Install
2013-09-09 22:38 - 2013-09-09 22:38 - 104753864 _____ (Sony Network Entertainment International LLC) C:\Users\Berthi\Downloads\mediago_setup.exe
2013-09-09 22:13 - 2013-09-27 17:28 - 00000000 ___RD C:\Users\Berthi\Documents\E I G E N E D A T E E N
2013-09-09 21:31 - 2013-10-03 19:55 - 00000000 ____D C:\Users\Berthi\Documents\Scribble Papers
2013-09-09 21:31 - 2013-09-09 21:31 - 00000000 ____D C:\Program Files\Scribble Papers
2013-09-09 21:29 - 2013-09-09 21:29 - 01192802 _____ (Jens Hoetger ) C:\Users\Berthi\Downloads\SPSetup.exe
2013-09-08 11:28 - 2013-10-02 17:48 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\TV-Browser
2013-09-08 11:28 - 2013-09-08 11:28 - 00001822 _____ C:\Users\Public\Desktop\TV-Browser.lnk
2013-09-08 11:28 - 2013-09-08 11:28 - 00000000 ____D C:\Program Files\TV-Browser
2013-09-08 11:24 - 2013-09-08 11:24 - 07051757 _____ C:\Users\Berthi\Downloads\tvbrowser_3.3.2_win32.exe
2013-09-08 10:57 - 2013-09-08 10:57 - 00000000 ____D C:\Users\Berthi\AppData\Local\Microsoft Games
2013-09-06 23:30 - 2013-09-24 16:21 - 00004608 _____ C:\Users\Berthi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Users\Berthi\AppData\Local\TomTom
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\MyTomTom 3
2013-09-06 23:16 - 2013-09-06 23:16 - 06701152 _____ (TomTom International B.V.) C:\Users\Berthi\Downloads\InstallMyTomTomSA.exe
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ___RD C:\Program Files\Skype
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-09-06 23:00 - 2013-09-06 23:01 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Berthi\Downloads\SkypeSetup.exe
2013-09-06 22:59 - 2013-09-06 22:59 - 00000056 ____H C:\ProgramData\ezsidmv.dat
2013-09-06 22:59 - 2013-09-06 22:59 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\skypePM
2013-09-06 22:45 - 2013-10-04 15:21 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Skype
2013-09-06 22:44 - 2013-09-06 23:02 - 00000000 ____D C:\ProgramData\Skype
2013-09-06 22:29 - 2013-09-24 16:13 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\CyberLink
2013-09-06 22:29 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-06 22:26 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
==================== One Month Modified Files and Folders =======
2013-10-04 21:47 - 2013-09-01 14:05 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 17:07 - 2013-08-27 23:58 - 01922536 _____ C:\Windows\WindowsUpdate.log
2013-10-04 16:46 - 2013-10-04 16:46 - 00891144 _____ C:\Users\Berthi\Desktop\SecurityCheck.exe
2013-10-04 16:44 - 2013-10-04 16:44 - 02347384 _____ (ESET) C:\Users\Berthi\Desktop\esetsmartinstaller_enu.exe
2013-10-04 16:11 - 2013-08-28 00:12 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-04 15:21 - 2013-09-06 22:45 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Skype
2013-10-04 14:29 - 2013-08-27 23:13 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 14:29 - 2013-08-27 23:13 - 00019456 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 14:21 - 2013-09-03 18:04 - 00000000 ____D C:\Users\Berthi\.rainlendar2
2013-10-04 14:20 - 2013-10-03 18:11 - 00049492 _____ C:\Windows\setupact.log
2013-10-04 14:20 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-04 07:45 - 2013-10-04 07:45 - 00000950 _____ C:\Users\Berthi\Desktop\JRT.txt
2013-10-04 07:22 - 2013-10-04 07:22 - 01030305 _____ (Thisisu) C:\Users\Berthi\Desktop\JRT.exe
2013-10-04 07:19 - 2013-10-04 07:19 - 00001883 _____ C:\Users\Berthi\Desktop\AdwCleaner[S2].txt
2013-10-04 07:15 - 2013-09-03 20:11 - 00000000 ____D C:\AdwCleaner
2013-10-04 07:12 - 2013-10-04 07:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner(1).exe
2013-10-03 20:50 - 2013-10-03 20:48 - 00000000 ____D C:\Users\Berthi\Desktop\Neuer Ordner
2013-10-03 20:14 - 2013-10-03 20:14 - 00377856 _____ C:\Users\Berthi\Desktop\gmer_2.1.19163.exe
2013-10-03 20:11 - 2013-10-03 20:11 - 00000000 ____D C:\FRST
2013-10-03 20:08 - 2013-10-03 20:08 - 01087213 _____ (Farbar) C:\Users\Berthi\Desktop\FRST.exe
2013-10-03 20:06 - 2013-10-03 20:05 - 00000474 _____ C:\Users\Berthi\Desktop\defogger_disable.log
2013-10-03 20:05 - 2013-10-03 20:05 - 00000000 _____ C:\Users\Berthi\defogger_reenable
2013-10-03 20:05 - 2013-08-27 23:17 - 00000000 ____D C:\Users\Berthi
2013-10-03 20:04 - 2013-10-03 20:04 - 00050477 _____ C:\Users\Berthi\Desktop\Defogger.exe
2013-10-03 19:55 - 2013-09-09 21:31 - 00000000 ____D C:\Users\Berthi\Documents\Scribble Papers
2013-10-03 19:50 - 2013-10-03 18:11 - 00001724 _____ C:\Windows\PFRO.log
2013-10-03 19:49 - 2013-09-26 14:52 - 00000000 ____D C:\Windows\AVM_Driver
2013-10-03 18:11 - 2013-10-03 18:11 - 00000000 _____ C:\Windows\setuperr.log
2013-10-03 18:10 - 2013-08-28 15:34 - 00000000 ____D C:\Windows\pss
2013-10-02 22:12 - 2013-10-02 22:12 - 01045226 _____ C:\Users\Berthi\Downloads\adwcleaner.exe
2013-10-02 17:48 - 2013-09-08 11:28 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\TV-Browser
2013-10-02 17:45 - 2013-09-03 15:59 - 00000000 ____D C:\Program Files\SpywareBlaster
2013-10-02 15:37 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-10-02 15:10 - 2009-07-14 06:53 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-30 15:46 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-09-30 13:32 - 2013-08-28 14:26 - 00000000 ___RD C:\Users\Berthi\Desktop\S I C H E R H E I T
2013-09-29 20:21 - 2013-09-01 13:39 - 00000000 ____D C:\Users\Berthi\SecurityScans
2013-09-29 20:07 - 2013-09-29 20:07 - 00352732 _____ C:\Users\Berthi\AppData\Local\census.cache
2013-09-29 20:06 - 2013-09-29 20:06 - 00162420 _____ C:\Users\Berthi\AppData\Local\ars.cache
2013-09-29 19:32 - 2013-09-29 19:32 - 00000036 _____ C:\Users\Berthi\AppData\Local\housecall.guid.cache
2013-09-29 11:05 - 2013-09-28 14:52 - 00000000 ____D C:\Program Files\HitmanPro.Alert
2013-09-28 15:03 - 2013-09-28 14:52 - 00564312 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2013-09-28 15:03 - 2013-09-28 14:52 - 00014376 _____ C:\Windows\system32\Drivers\hmpalert.sys
2013-09-28 14:52 - 2013-09-28 14:52 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2013-09-27 17:28 - 2013-09-09 22:13 - 00000000 ___RD C:\Users\Berthi\Documents\E I G E N E D A T E E N
2013-09-27 17:23 - 2013-09-27 17:20 - 00000000 ____D C:\Users\Berthi\AppData\Local\Folderico
2013-09-27 17:22 - 2013-09-27 17:20 - 00000000 ____D C:\ProgramData\Folderico
2013-09-27 17:20 - 2013-09-27 17:20 - 00000000 ____D C:\Program Files\Folderico
2013-09-27 17:16 - 2013-09-27 17:16 - 04325545 _____ C:\Users\Berthi\Downloads\Shedko_Folderico_4.0_RC12.zip
2013-09-27 14:19 - 2013-09-27 14:19 - 00000659 _____ C:\Users\Berthi\Desktop\BIBLIOTHEKEN.lnk
2013-09-26 17:38 - 2013-08-28 10:51 - 00000000 ____D C:\Program Files\CCleaner
2013-09-26 17:36 - 2013-09-26 17:36 - 04369632 _____ (Piriform Ltd) C:\Users\Berthi\Downloads\ccsetup406.exe
2013-09-26 14:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-09-26 14:52 - 2013-09-26 14:52 - 00000000 ____D C:\Program Files\avmwlanstick
2013-09-26 14:51 - 2013-09-26 14:51 - 00000000 ____D C:\Users\Berthi\AVM_Driver
2013-09-24 16:57 - 2009-07-14 09:48 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-24 16:31 - 2013-09-01 17:13 - 00000000 ___RD C:\Users\Berthi\Desktop\BILDBEARBEITUNG
2013-09-24 16:31 - 2013-08-28 14:25 - 00000000 ___RD C:\Users\Berthi\Desktop\M E D I A
2013-09-24 16:26 - 2013-09-24 16:17 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\muvee Technologies
2013-09-24 16:21 - 2013-09-06 23:30 - 00004608 _____ C:\Users\Berthi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-24 16:18 - 2013-09-24 16:18 - 00000000 ____D C:\ProgramData\muvee Technologies
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ___HD C:\Users\Berthi\Documents\ShadowEditFiles
2013-09-24 16:14 - 2013-09-24 16:14 - 00000000 ____D C:\Users\Berthi\Documents\CyberLink
2013-09-24 16:13 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\CyberLink
2013-09-23 17:06 - 2013-09-23 17:04 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Advanced
2013-09-23 17:06 - 2013-09-23 17:01 - 00000000 ____D C:\ProgramData\Advanced
2013-09-23 17:04 - 2013-09-23 17:04 - 00000000 ____D C:\Program Files\Shark007
2013-09-23 16:55 - 2013-09-23 16:55 - 29359276 _____ C:\Users\Berthi\Downloads\32bit_Advanced_v426.exe
2013-09-22 17:59 - 2013-09-01 20:59 - 00000000 ____D C:\Program Files\7-Zip
2013-09-22 17:57 - 2013-09-22 17:57 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(2).exe
2013-09-22 17:33 - 2009-08-07 00:05 - 00000000 ____D C:\Windows\system32\it
2013-09-22 17:33 - 2009-08-06 23:58 - 00000000 ____D C:\Windows\system32\de
2013-09-22 17:33 - 2009-08-06 23:51 - 00000000 ____D C:\Windows\system32\fr
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-09-22 17:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-09-21 14:25 - 2013-08-28 17:30 - 00000000 ____D C:\Users\Berthi\AppData\Local\Windows Live
2013-09-20 18:47 - 2013-09-01 14:05 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 18:47 - 2013-09-01 14:05 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-20 12:15 - 2013-09-01 12:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-20 10:15 - 2013-08-31 23:28 - 00000000 ____D C:\Users\Berthi\AppData\Local\Mozilla
2013-09-20 10:14 - 2013-09-20 10:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-20 10:13 - 2013-08-28 22:33 - 00000000 ____D C:\Users\Berthi\AppData\Local\FRITZ!
2013-09-19 17:13 - 2013-09-19 17:13 - 01110476 _____ C:\Users\Berthi\Downloads\7z920(1).exe
2013-09-19 15:46 - 2013-09-03 16:47 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-19 15:46 - 2013-09-03 16:46 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-19 15:34 - 2013-09-19 15:33 - 131918888 _____ C:\Users\Berthi\Downloads\avast_free_antivirus_setup_8.0.1497.376.exe
2013-09-18 18:15 - 2013-08-27 22:18 - 00000000 ____D C:\Users\Berthi\AppData\Local\VirtualStore
2013-09-18 15:07 - 2013-09-18 15:07 - 00000622 _____ C:\Users\Berthi\Downloads\Verknuepfungspfeile-aus-und-einblenden.zip
2013-09-18 14:58 - 2013-09-18 14:47 - 00000290 _____ C:\siw_debug.txt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000985 _____ C:\Users\Berthi\Desktop\SIW Home Edition.lnk
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Users\Berthi\AppData\Local\CrashRpt
2013-09-18 14:46 - 2013-09-18 14:46 - 00000000 ____D C:\Program Files\SIW 2013 Home Edition
2013-09-18 14:44 - 2013-09-18 14:43 - 04524952 _____ (Topala Software Solutions ) C:\Users\Berthi\Downloads\siw13-setup.exe
2013-09-18 14:41 - 2013-09-18 14:35 - 00000000 ____D C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run
2013-09-18 14:31 - 2013-09-18 14:31 - 00211231 _____ C:\Users\Berthi\Downloads\MicrosoftFixit.malware.Run.zip
2013-09-18 14:15 - 2013-08-28 20:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Windows Live Writer
2013-09-18 14:03 - 2013-09-18 14:03 - 03211912 _____ (Hewlett-Packard Company ) C:\Users\Berthi\Downloads\sp50677.exe
2013-09-18 13:46 - 2013-09-18 13:46 - 00000000 ____D C:\Program Files\HP
2013-09-18 11:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-09-17 15:53 - 2013-09-01 12:43 - 00000000 ___RD C:\Users\Berthi\Desktop\Kalender
2013-09-17 13:43 - 2013-09-17 13:43 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Users\Berthi\AppData\Local\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\ProgramData\1&1
2013-09-17 13:39 - 2013-09-17 13:39 - 00000000 ____D C:\Program Files\1&1
2013-09-17 13:37 - 2013-09-17 13:37 - 03429160 _____ (1&1 Internet AG) C:\Users\Berthi\Downloads\1und1_smartdrive_uploadmanager.exe
2013-09-17 13:17 - 2013-09-03 17:12 - 00000000 ___RD C:\Users\Berthi\Desktop\KÖ!!!
2013-09-15 13:17 - 2013-09-15 13:16 - 05893103 _____ C:\Users\Berthi\Downloads\geoeffnete-ordner-unter-windows-7-anders-kennz.zip
2013-09-11 22:55 - 2009-02-21 07:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-11 21:49 - 2013-09-11 21:49 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-09-11 21:49 - 2013-09-11 21:49 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-09-11 21:49 - 2013-09-11 21:49 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-11 21:49 - 2013-09-11 20:41 - 00000000 ____D C:\ProgramData\Oracle
2013-09-11 21:49 - 2013-08-28 00:20 - 00868264 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-09-11 21:49 - 2013-08-28 00:20 - 00790440 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-09-11 21:49 - 2013-08-28 00:20 - 00000000 ____D C:\Program Files\Java
2013-09-11 21:47 - 2013-09-11 21:47 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(2).exe
2013-09-11 21:44 - 2013-09-11 21:38 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw(1).exe
2013-09-11 21:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-09-11 21:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-09-11 20:38 - 2013-09-11 20:37 - 00913832 _____ (Oracle Corporation) C:\Users\Berthi\Downloads\jre-7u40-windows-i586-iftw.exe
2013-09-11 17:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-11 14:37 - 2013-09-11 14:37 - 00000000 ____D C:\Users\Berthi\Documents\Sony Ericsson
2013-09-11 14:26 - 2013-09-11 14:26 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony Ericsson
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\ProgramData\BVRP Software
2013-09-11 14:16 - 2013-09-11 14:16 - 00000000 ____D C:\Program Files\Avanquest update
2013-09-11 14:16 - 2009-02-21 06:54 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\InstallShield
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\ProgramData\Sony Ericsson
2013-09-11 14:15 - 2013-09-11 14:15 - 00000000 ____D C:\Program Files\Sony Ericsson
2013-09-11 11:10 - 2009-07-14 06:33 - 00348704 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 11:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-09-11 11:03 - 2013-08-28 03:31 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 11:00 - 2013-08-28 03:31 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 15:06 - 2013-09-10 15:06 - 01380160 _____ (MPC-HC Team) C:\Windows\system32\VSFilter.dll
2013-09-09 22:59 - 2013-09-09 22:41 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2013-09-09 22:51 - 2013-09-09 22:51 - 45984520 _____ C:\Users\Berthi\Downloads\sonyericssonpcsuite2.10.46.exe
2013-09-09 22:44 - 2013-09-09 22:39 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\Sony
2013-09-09 22:43 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Sony
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Podcasts
2013-09-09 22:42 - 2013-09-09 22:42 - 00000000 ____D C:\Users\Berthi\Documents\Media Go
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\Users\Berthi\AppData\Local\Downloaded Installations
2013-09-09 22:41 - 2013-09-09 22:41 - 00000000 ____D C:\ProgramData\Sony Corporation
2013-09-09 22:41 - 2013-09-09 22:39 - 00000000 ____D C:\Program Files\Sony Media Go Install
2013-09-09 22:38 - 2013-09-09 22:38 - 104753864 _____ (Sony Network Entertainment International LLC) C:\Users\Berthi\Downloads\mediago_setup.exe
2013-09-09 21:31 - 2013-09-09 21:31 - 00000000 ____D C:\Program Files\Scribble Papers
2013-09-09 21:29 - 2013-09-09 21:29 - 01192802 _____ (Jens Hoetger ) C:\Users\Berthi\Downloads\SPSetup.exe
2013-09-08 11:28 - 2013-09-08 11:28 - 00001822 _____ C:\Users\Public\Desktop\TV-Browser.lnk
2013-09-08 11:28 - 2013-09-08 11:28 - 00000000 ____D C:\Program Files\TV-Browser
2013-09-08 11:24 - 2013-09-08 11:24 - 07051757 _____ C:\Users\Berthi\Downloads\tvbrowser_3.3.2_win32.exe
2013-09-08 10:57 - 2013-09-08 10:57 - 00000000 ____D C:\Users\Berthi\AppData\Local\Microsoft Games
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Users\Berthi\AppData\Local\TomTom
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-09-06 23:17 - 2013-09-06 23:17 - 00000000 ____D C:\Program Files\MyTomTom 3
2013-09-06 23:16 - 2013-09-06 23:16 - 06701152 _____ (TomTom International B.V.) C:\Users\Berthi\Downloads\InstallMyTomTomSA.exe
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ___RD C:\Program Files\Skype
2013-09-06 23:02 - 2013-09-06 23:02 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-09-06 23:02 - 2013-09-06 22:44 - 00000000 ____D C:\ProgramData\Skype
2013-09-06 23:01 - 2013-09-06 23:00 - 01492848 _____ (Skype Technologies S.A.) C:\Users\Berthi\Downloads\SkypeSetup.exe
2013-09-06 22:59 - 2013-09-06 22:59 - 00000056 ____H C:\ProgramData\ezsidmv.dat
2013-09-06 22:59 - 2013-09-06 22:59 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\skypePM
2013-09-06 22:29 - 2013-09-06 22:29 - 00000000 ____D C:\Users\Public\CyberLink
2013-09-06 22:29 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-09-06 22:29 - 2009-02-21 08:00 - 00000000 ____D C:\ProgramData\CyberLink
2013-09-06 22:28 - 2013-08-28 02:24 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-09-05 23:11 - 2013-08-28 00:29 - 00000000 ____D C:\Windows\Driver Cache
2013-09-05 22:58 - 2013-09-03 15:53 - 00000000 ____D C:\Users\Berthi\AppData\Roaming\WinPatrol
2013-09-04 23:20 - 2012-08-16 17:01 - 00000000 ____D C:\Users\Berthi\Desktop\Rezepte
Some content of TEMP:
====================
C:\Users\Berthi\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-01 15:36
==================== End Of Log ============================
--- --- --- --- --- --- Keine Probleme. Hatte ich ja auch nicht. Es waren die Funde die mich beunruhigt hatte. Habe bzw. hatte ich denn infizierte Dateien oder gar Viren? Gruß Nachtmann |
|
05.10.2013, 11:20
| #9 |
| /// the machine /// TB-Ausbilder | Schon wieder pup.optional Funde Da war nur Adware drauf. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.10.2013, 12:36
| #10 |
| | Schon wieder pup.optional Funde Hi, habe alles gemacht und habe noch Fragen: > Du sagst, es war nur Adware. Woher weiß ich denn in Zukunft, was schädliche bzw. gefährliche Adware ist? Ich habe Deine Tipps vom letzten Mal, vor ein paar Wochen, alle befolgt. Habe alle Programme in Gebrauch, die Du empfielst und lasse sie regelmäßig durchlaufen. Ich hatte ja keine Probleme und hatte mal den AdwCleaner laufen lassen und der hatte nichts gefiunden. Dann hatte ich im Anschluß den Malwarebytes durchlaufen lassen und der findet promt 3x Adware. PANIK!!! > Und noch was: Ich hatte Deinen Rat vom letzten Mal befolgt und Programme ausschließlich von FilePony runtergeladen. Benutzerdeff. Die Haken bei den Tools entfernt u.s.w. Aber promt hatte ich wieder zwei AddOns mitinstalliert und wieder Pup.optional auf dem System. (Den Fall hatte Dein Kollege bearbeitet. Waren schnell durch, weil es auch "nur" Adware war.) Wie vorsichtig soll man denn noch sein? Und woher weiß ich in Zukunft, wenn Malwarebytes infizierte Dateien finden, dass es "nur" Adware ist? Gruß Nachtmann Geändert von Nachtmann (05.10.2013 um 12:47 Uhr) |
|
05.10.2013, 19:31
| #11 | |
| /// the machine /// TB-Ausbilder | Schon wieder pup.optional Funde Das ist dein Fund von Malwarebytes: Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.10.2013, 11:38
| #12 |
| | Schon wieder pup.optional Funde Hi, ich habe mir mal den Shark007 runtergeladen. Audio/Video Codecs und so. Evtl. ist dadurch diese Download Datei entstanden!? Könnte das sein? Na ja, wie auch immer. Jedenfalls war ich immer extrem vorsichtig. Dachte ich jedenfalls. Gruß Nachtmann |
|
06.10.2013, 16:46
| #13 |
| /// the machine /// TB-Ausbilder | Schon wieder pup.optional Funde Naja genau der Download enthält halt die Adware. Lösche den Download.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.10.2013, 22:05
| #14 |
| | Schon wieder pup.optional Funde habe den Download im Downloadordner schon gelöscht so, ich denke, das wars dann, oder. Habe jedenfalls keine Pobleme mehr. Ich danke Dir für alles. Tschö, Nachtmann |
|
07.10.2013, 10:56
| #15 |
| /// the machine /// TB-Ausbilder | Schon wieder pup.optional Funde Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Schon wieder pup.optional Funde |
| administrator, anti-malware, appdata, autostart, dateien, erfolgreich, explorer, gelöscht, hallo zusammen, papierkorb, pup.optional.filesfrog.a, pup.optional.funwebproducts.a, pup.optional.somoto.a, registrierung, schonmal, software, update, zusammen |
Linear-Darstellung
