| |
| |||||||
Log-Analyse und Auswertung: Windows8 OfferMosquito bleibt, trotz Forum gelesen.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.10.2013, 12:25
| #1 |
| |  Windows8 OfferMosquito bleibt, trotz Forum gelesen. Hallo. Ich habe mehrere Lösungsansätze probiert um den OfferMosquito weg zu bekommen, leider bisher erfolglos. Hier meine Logs, vielleicht entdeckt jemand was ich noch versuchen oder löschen könnte. Danke. Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2013 Ran by Thunderbird (administrator) on THUNDERBIRD-PC on 20-10-2013 12:39:16 Running from C:\Users\Thunderbird\Desktop Windows 8 Pro with Media Center (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\WINDOWS\system32\atiesrxx.exe (AMD) C:\WINDOWS\system32\atieclxx.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe (Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Mobile Stream) C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe () C:\Windows\Samsung\PanelMgr\caller64.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-07] (Realtek Semiconductor) HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [362952 2010-03-27] () HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] () HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [VIAxHCUtl] - C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKCU\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation) HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-15] (Samsung) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-15] (Samsung) HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-15] (Samsung Electronics Co., Ltd.) HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKCU\...\Run: [Remote Control Editor] - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1710664 2011-06-24] (Elgato Systems) HKCU\...\Run: [Steam] - C:\Program Files (x86)\Valve\Steam\\Steam.exe [1353080 2012-09-16] (Valve Corporation) HKCU\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [196608 2004-04-17] (InstallShield Software Corporation) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-15] (Samsung) HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia) HKCU\...\Run: [EasyTether] - C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [57128 2013-03-11] (Mobile Stream) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKCU\...\Run: [OMESupervisor] - C:\Users\Thunderbird\AppData\Local\omesuperv.exe [2220366 2013-10-10] () HKCU\...\Run: [Snoozer] - C:\Users\Thunderbird\AppData\Roaming\Snz\Snz.exe [1226843 2013-10-10] () HKCU\...\Policies\system: [LogonHoursAction] 2 HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 MountPoints2: {9cd6247a-03f3-11df-892f-002564ece8e7} - "P:\LaunchU3.exe" -a MountPoints2: {9e048832-1934-11e1-86bc-726526594b04} - "N:\pushinst.exe" HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [ATICustomerCare] - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-07] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-02-26] (cyberlink) HKLM-x32\...\Run: [DellSupportCenter] - "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation) HKLM-x32\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.) HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-07-16] (CyberLink Corp.) HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [520192 2009-09-29] () HKLM-x32\...\Run: [ShwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5141512 2010-03-27] () HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-10-20] () HKU\Conny\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation) HKU\Conny\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2012-07-26] (Microsoft Corporation) HKU\Conny\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Conny\...\Policies\system: [LogonHoursAction] 2 HKU\Pascal\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Pascal\...\Policies\system: [LogonHoursAction] 2 Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Thunderbird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios) ==================== Internet (Whitelisted) ==================== ProxyServer: 192.168.178.21:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x23AFED583049CC01 SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {A2937363-6ACC-4F4B-9BD9-3F8F6CA1ACF4} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms} SearchScopes: HKCU - {D285D91B-6B0E-42DF-A48E-D0F765A9098A} URL = hxxp://www.google.de/search?q={searchTerms} BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\30.0.1599.101\npchrome_frame.dll (Google Inc.) Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {72376E32-8AF2-473F-BE32-E5D0F39C865D} hxxp://de.cyberlink.com/prog/win7/js/UpdateAdvisor.cab Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\30.0.1599.101\npchrome_frame.dll (Google Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: Google FF Homepage: about:newtab FF Keyword.URL: hxxp://www.google.com/search?sourceid=navclient&hl=de&q= FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.0-rc1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\searchplugins\mycsharpde.xml FF SearchPlugin: C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Виявлення пристроїв Logitech - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\DeviceDetection@logitech.com FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\foxmarks@kei.com FF Extension: All-in-One Gestures - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} FF Extension: DownloadHelper - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: adblockpopups - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\adblockpopups@jessehakanen.net.xpi FF Extension: elemhidehelper - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\elemhidehelper@adblockplus.org.xpi FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox\ FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox\ FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 ==================== Services (Whitelisted) ================= R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1055288 2010-03-27] () R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-07] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-07] (Avira Operations GmbH & Co. KG) R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin) R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin) R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.) R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin) S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-10-20] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-26] (Microsoft Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation) R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin) R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-06] (Microsoft Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [271760 2009-04-16] () R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-26] (Microsoft Corporation) S3 wampapache; c:\wamp\bin\apache\apache2.4.2\bin\httpd.exe [24576 2012-05-13] (Apache Software Foundation) S3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [9693696 2012-04-19] () R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-05-04] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-07] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132088 2013-09-07] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-03-21] (Avira Operations GmbH & Co. KG) R3 avmaudio; C:\Windows\System32\drivers\avmaudio.sys [116480 2013-07-22] (AVM Berlin) R3 avmaura; C:\Windows\System32\drivers\avmaura.sys [116480 2013-07-22] (AVM Berlin) R3 easytether; C:\Windows\system32\DRIVERS\easytthr.sys [21704 2013-03-11] (Mobile Stream) S3 FsUsbExDisk; C:\WINDOWS\SysWOW64\FsUsbExDisk.SYS [37344 2013-06-14] () S3 FsUsbExDisk; C:\WINDOWS\SysWOW64\FsUsbExDisk.SYS [37344 2013-06-14] () R3 fwlanusbn; C:\Windows\system32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-05-04] () R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-26] (Microsoft Corporation) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [38536 2010-09-18] () S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [38536 2010-09-18] () R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2010-09-19] (Acronis) R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.) R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.) R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-08-28] (CyberLink Corp.) R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-08-28] (CyberLink Corp.) U3 idsvc; S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-20 12:39 - 2013-10-20 12:39 - 00000000 ____D C:\FRST 2013-10-20 12:37 - 2013-10-20 12:37 - 00000484 _____ C:\Users\Thunderbird\Desktop\defogger_disable.log 2013-10-20 12:37 - 2013-10-20 12:37 - 00000000 _____ C:\Users\Thunderbird\defogger_reenable 2013-10-20 12:35 - 2013-10-20 12:35 - 01954548 _____ (Farbar) C:\Users\Thunderbird\Downloads\FRST64.exe 2013-10-20 12:35 - 2013-10-20 12:35 - 01954548 _____ (Farbar) C:\Users\Thunderbird\Desktop\FRST64.exe 2013-10-20 12:35 - 2013-10-20 12:35 - 00377856 _____ C:\Users\Thunderbird\Desktop\gmer_2.1.19163.exe 2013-10-20 12:35 - 2013-10-20 12:34 - 00050477 _____ C:\Users\Thunderbird\Desktop\Defogger.exe 2013-10-20 12:34 - 2013-10-20 12:34 - 00050477 _____ C:\Users\Thunderbird\Downloads\Defogger.exe 2013-10-20 12:28 - 2013-10-20 12:28 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-20 12:28 - 2013-10-20 12:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-20 12:27 - 2013-10-20 12:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Thunderbird\Desktop\mbam-setup-1.75.0.1300.exe 2013-10-20 12:23 - 2013-10-20 12:23 - 00000000 ___RD C:\Users\Thunderbird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 2013-10-20 12:14 - 2013-10-20 12:14 - 00001187 _____ C:\Users\Thunderbird\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk 2013-10-20 12:14 - 2013-10-20 12:14 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs 2013-10-20 12:13 - 2013-10-20 12:13 - 01056666 _____ C:\Users\Thunderbird\Downloads\adwcleaner.exe 2013-10-20 12:11 - 2013-10-20 12:11 - 00003436 _____ C:\Users\Thunderbird\Desktop\JRT.txt 2013-10-20 12:05 - 2013-10-20 12:05 - 01033335 _____ (Thisisu) C:\Users\Thunderbird\Desktop\JRT_6.0.7.exe 2013-10-20 12:05 - 2013-10-20 12:05 - 00000000 ____D C:\WINDOWS\ERUNT 2013-10-19 18:12 - 2013-10-19 18:12 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files\iTunes 2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files\iPod 2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-10-18 15:48 - 2013-10-18 15:48 - 00000000 ___RD C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 2013-10-15 23:30 - 2013-10-18 17:30 - 101792164 _____ C:\WINDOWS\SysWOW64\᯾眇拐ĥ߿ 2013-10-15 17:45 - 2013-10-20 12:16 - 00000000 ____D C:\AdwCleaner 2013-10-14 19:23 - 2013-10-19 21:17 - 00000000 ____D C:\Users\Pascal\AppData\Local\TSVNCache 2013-10-14 19:23 - 2013-10-14 19:23 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Subversion 2013-10-14 19:17 - 2013-10-14 19:17 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Avira 2013-10-13 19:47 - 2013-10-13 19:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-10-13 12:08 - 2013-08-03 08:40 - 01374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll 2013-10-13 12:08 - 2013-08-03 08:40 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll 2013-10-13 12:08 - 2013-08-03 08:40 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmon.ocx 2013-10-13 12:08 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx 2013-10-13 12:08 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll 2013-10-13 12:08 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll 2013-10-13 12:07 - 2013-08-10 07:21 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2013-10-13 12:07 - 2013-08-10 07:21 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncInfo.dll 2013-10-13 12:07 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2013-10-13 12:07 - 2013-08-02 08:28 - 19758080 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2013-10-13 12:07 - 2013-08-02 08:28 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2013-10-13 12:07 - 2013-08-02 08:28 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll 2013-10-13 12:07 - 2013-08-02 08:26 - 02304512 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2013-10-13 12:07 - 2013-08-02 07:08 - 17561088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2013-10-13 12:07 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2013-10-13 12:07 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll 2013-10-13 12:07 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2013-10-13 12:07 - 2013-08-01 12:41 - 02233688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2013-10-13 12:07 - 2013-07-31 01:30 - 00386923 _____ C:\WINDOWS\system32\ApnDatabase.xml 2013-10-13 12:07 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll 2013-10-13 12:07 - 2013-07-25 01:06 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll 2013-10-13 12:07 - 2013-07-13 08:15 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll 2013-10-13 12:07 - 2013-07-13 06:23 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll 2013-10-13 12:07 - 2013-04-10 01:17 - 01125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2013-10-13 12:07 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2013-10-13 11:55 - 2013-10-13 11:55 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\Snz 2013-10-13 11:53 - 2013-10-14 19:12 - 100910526 _____ C:\WINDOWS\SysWOW64\外熴ƌ 2013-10-13 11:51 - 2013-10-13 11:51 - 00501832 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-10-12 20:30 - 2013-10-12 20:30 - 00000000 ____D C:\Users\Thunderbird\Downloads\Afudos_238 2013-10-12 20:29 - 2013-10-12 20:30 - 00024609 _____ C:\Users\Thunderbird\Downloads\Afudos_238.zip 2013-10-12 20:01 - 2013-10-12 20:01 - 00000000 ____D C:\Users\Thunderbird\Desktop\ubbe 2013-10-12 20:00 - 2009-05-22 14:14 - 00638976 _____ () C:\Users\Thunderbird\Desktop\1008HA.exe 2013-10-12 19:48 - 2009-09-08 09:51 - 00524288 _____ C:\Users\Thunderbird\Desktop\1008HA.ROM 2013-10-12 19:47 - 2013-10-12 19:47 - 06213553 _____ C:\Users\Thunderbird\Desktop\ubbe.zip 2013-10-12 19:47 - 2013-10-12 19:45 - 00155102 _____ C:\Users\Thunderbird\Desktop\usbdos.zip 2013-10-12 19:31 - 2013-10-12 19:49 - 00000000 ____D C:\Users\Thunderbird\Desktop\Neuer Ordner 2013-10-12 19:13 - 2013-10-12 19:56 - 00000000 ____D C:\Users\Thunderbird\Desktop\1008HA-ASUS-1103 2013-10-12 19:13 - 2013-10-12 19:13 - 00000000 ____D C:\Users\Thunderbird\Desktop\download 2013-10-12 19:12 - 2013-10-12 19:12 - 00414215 _____ C:\Users\Thunderbird\Desktop\1008HA-ASUS-1103.zip 2013-10-10 14:07 - 2013-10-10 14:07 - 02220366 _____ C:\Users\Thunderbird\AppData\Local\omesuperv.exe 2013-10-09 00:50 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-10-09 00:50 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-10-09 00:50 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-10-09 00:50 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2013-10-09 00:50 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-10-09 00:50 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-10-09 00:50 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-10-09 00:50 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-10-09 00:50 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-10-09 00:50 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2013-10-09 00:50 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-10-09 00:50 - 2013-08-29 05:11 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2013-10-09 00:50 - 2013-07-06 02:15 - 00652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll 2013-10-09 00:50 - 2013-07-04 04:13 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll 2013-10-09 00:50 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2013-10-09 00:50 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2013-10-09 00:50 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2013-10-09 00:50 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2013-10-09 00:50 - 2013-04-29 00:28 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2013-10-09 00:50 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2013-10-09 00:50 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2013-10-09 00:50 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2013-10-09 00:50 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2013-10-09 00:50 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2013-10-09 00:50 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2013-10-09 00:50 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2013-10-09 00:50 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2013-10-09 00:50 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2013-10-09 00:49 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-10-09 00:49 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-10-09 00:49 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-10-09 00:49 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2013-10-09 00:49 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-10-09 00:49 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-10-09 00:49 - 2013-08-23 07:11 - 04040192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2013-10-09 00:49 - 2013-07-20 00:13 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 00:49 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 00:49 - 2013-07-06 00:02 - 00121984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys 2013-10-09 00:49 - 2013-07-06 00:02 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys 2013-10-09 00:49 - 2013-07-02 03:41 - 00447320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2013-10-09 00:49 - 2013-07-02 03:41 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2013-10-09 00:49 - 2013-07-02 03:41 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS 2013-10-09 00:49 - 2013-07-02 00:14 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys 2013-10-09 00:49 - 2013-07-01 03:42 - 00623448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2013-10-09 00:49 - 2013-07-01 03:42 - 00498008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2013-10-09 00:49 - 2013-07-01 03:42 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2013-10-09 00:49 - 2013-07-01 03:42 - 00021848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2013-10-09 00:49 - 2013-06-29 05:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2013-10-09 00:49 - 2013-06-29 05:07 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2013-10-09 00:49 - 2013-06-29 05:07 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2013-10-09 00:49 - 2013-06-29 05:06 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys 2013-10-09 00:49 - 2013-06-22 07:45 - 00785624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys 2013-10-09 00:49 - 2013-06-22 07:45 - 00054488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys 2013-10-09 00:49 - 2013-05-27 01:17 - 00035328 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2013-10-09 00:49 - 2013-05-27 00:59 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2013-10-09 00:49 - 2013-05-25 05:15 - 00362496 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2013-10-09 00:49 - 2013-05-25 04:32 - 00300032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2013-10-06 21:03 - 2013-10-06 21:03 - 04516404 _____ C:\Users\Thunderbird\Desktop\SweetHome3DExample4.sh3d 2013-10-06 16:31 - 2013-10-06 16:31 - 12389406 _____ C:\Users\Thunderbird\Desktop\3DModels-BlendSwap-CC-BY-1.3.zip 2013-10-06 16:30 - 2013-10-06 16:31 - 24803963 _____ C:\Users\Thunderbird\Downloads\3DModels-Contributions-1.3.zip 2013-10-06 16:30 - 2013-10-06 16:30 - 08270736 _____ C:\Users\Thunderbird\Downloads\3DModels-Trees-1.3.zip 2013-10-06 16:30 - 2013-10-06 16:30 - 07649661 _____ C:\Users\Thunderbird\Downloads\3DModels-Reallusion-1.3.zip 2013-10-06 16:30 - 2013-10-06 16:30 - 04307165 _____ C:\Users\Thunderbird\Downloads\3DModels-LucaPresidente-1.3.zip 2013-10-06 14:01 - 2013-10-13 20:07 - 00330083 _____ C:\Users\Thunderbird\Documents\Hoschstr5.sh3d 2013-10-06 13:03 - 2013-10-06 13:03 - 00001135 _____ C:\Users\Thunderbird\Desktop\Sweet Home 3D.lnk 2013-10-06 13:03 - 2013-10-06 13:03 - 00000000 ____D C:\Program Files (x86)\Sweet Home 3D 2013-10-06 12:57 - 2013-10-06 12:58 - 15247272 _____ C:\Users\Thunderbird\Desktop\3DModels-BlendSwap-CC-0-1.3.zip 2013-10-06 12:57 - 2013-10-06 12:58 - 12389406 _____ C:\Users\Thunderbird\Downloads\3DModels-BlendSwap-CC-BY-1.3.zip 2013-10-06 12:57 - 2013-10-06 12:58 - 00000820 _____ C:\Users\Thunderbird\Desktop\README.TXT 2013-10-06 12:56 - 2013-10-06 13:00 - 24803963 _____ C:\Users\Thunderbird\Desktop\3DModels-Contributions-1.3.zip 2013-10-06 12:53 - 2013-10-06 12:53 - 23038249 _____ C:\Users\Thunderbird\Desktop\3DModels-Scopia-1.3.zip 2013-10-06 12:53 - 2013-10-06 12:53 - 08834339 _____ C:\Users\Thunderbird\Downloads\3DModels-KatorLegaz-1.3.zip 2013-10-06 12:49 - 2013-10-06 12:53 - 33703888 _____ (eTeks ) C:\Users\Thunderbird\Desktop\SweetHome3D-4.1-windows-oc.exe 2013-10-06 10:49 - 2013-10-06 10:49 - 00000000 ____D C:\Users\Thunderbird\AppData\Local\Brice_Lambson 2013-10-06 10:40 - 2013-10-06 10:40 - 00000000 ____D C:\Program Files\Image Resizer for Windows 2013-10-06 10:40 - 2013-10-06 10:40 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows 2013-10-06 10:38 - 2013-10-06 10:37 - 00922057 _____ (Brice Lambson) C:\Users\Thunderbird\Downloads\ImageResizerSetup_3.0.4802.exe 2013-10-06 10:07 - 2013-10-06 10:07 - 00002006 _____ C:\Users\Public\Desktop\FileZilla Client.lnk 2013-10-06 10:06 - 2013-10-06 10:06 - 04812567 _____ (Tim Kosse) C:\Users\Thunderbird\Downloads\FileZilla_3.7.3_win32-setup.exe 2013-10-05 18:35 - 2013-10-05 18:35 - 00000000 ____D C:\VIA_XHCI 2013-10-05 18:34 - 2012-01-20 06:39 - 00254464 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\xhcdrv.sys 2013-10-05 18:34 - 2012-01-20 06:39 - 00205312 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\ViaHub3.sys 2013-10-05 18:33 - 2013-10-05 18:33 - 00000000 ____D C:\Program Files (x86)\VIA 2013-10-05 18:31 - 2013-10-07 10:25 - 99582406 _____ C:\WINDOWS\SysWOW64\짴熴Ë 2013-10-05 12:16 - 2013-10-05 12:16 - 00000000 ____D C:\Users\Thunderbird\Downloads\V1.90A_WHQL 2013-10-05 12:11 - 2013-10-05 12:11 - 00000000 ____D C:\Users\Thunderbird\Downloads\Usb3HubFWUpgrade_Setup_V0.41_VL810_VL811_formal 2013-10-05 12:10 - 2013-10-05 12:14 - 12368599 _____ C:\Users\Thunderbird\Downloads\V1.90A_WHQL.zip 2013-10-05 12:10 - 2013-10-05 12:10 - 00728785 _____ C:\Users\Thunderbird\Downloads\Usb3HubFWUpgrade_Setup_V0.41_VL810_VL811_formal.zip 2013-10-04 10:29 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll 2013-10-03 18:38 - 2013-10-03 18:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-20 18:15 - 2013-10-02 03:38 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2013-09-20 18:15 - 2013-10-02 03:38 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-20 18:14 - 2013-09-20 18:14 - 98481651 _____ C:\WINDOWS\SysWOW64\⬱콰熴Ï ==================== One Month Modified Files and Folders ======= 2013-10-20 12:39 - 2013-10-20 12:39 - 00000000 ____D C:\FRST 2013-10-20 12:39 - 2010-02-05 14:42 - 00001110 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-20 12:37 - 2013-10-20 12:37 - 00000484 _____ C:\Users\Thunderbird\Desktop\defogger_disable.log 2013-10-20 12:37 - 2013-10-20 12:37 - 00000000 _____ C:\Users\Thunderbird\defogger_reenable 2013-10-20 12:37 - 2013-01-26 09:53 - 00000000 ____D C:\Users\Thunderbird 2013-10-20 12:35 - 2013-10-20 12:35 - 01954548 _____ (Farbar) C:\Users\Thunderbird\Downloads\FRST64.exe 2013-10-20 12:35 - 2013-10-20 12:35 - 01954548 _____ (Farbar) C:\Users\Thunderbird\Desktop\FRST64.exe 2013-10-20 12:35 - 2013-10-20 12:35 - 00377856 _____ C:\Users\Thunderbird\Desktop\gmer_2.1.19163.exe 2013-10-20 12:34 - 2013-10-20 12:35 - 00050477 _____ C:\Users\Thunderbird\Desktop\Defogger.exe 2013-10-20 12:34 - 2013-10-20 12:34 - 00050477 _____ C:\Users\Thunderbird\Downloads\Defogger.exe 2013-10-20 12:28 - 2013-10-20 12:28 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-10-20 12:28 - 2013-10-20 12:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-20 12:28 - 2013-10-20 12:27 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Thunderbird\Desktop\mbam-setup-1.75.0.1300.exe 2013-10-20 12:27 - 2013-01-26 10:57 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2365974122-1341937529-2636111329-1001 2013-10-20 12:23 - 2013-10-20 12:23 - 00000000 ___RD C:\Users\Thunderbird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 2013-10-20 12:23 - 2010-01-18 09:52 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\Skype 2013-10-20 12:22 - 2010-02-05 14:42 - 00001106 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-20 12:18 - 2013-01-26 09:50 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs 2013-10-20 12:18 - 2013-01-26 09:48 - 00047510 _____ C:\WINDOWS\PFRO.log 2013-10-20 12:18 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-10-20 12:18 - 2012-07-26 09:21 - 02299183 _____ C:\WINDOWS\setupact.log 2013-10-20 12:17 - 2012-07-26 07:26 - 00786432 ___SH C:\WINDOWS\system32\config\BBI 2013-10-20 12:16 - 2013-10-15 17:45 - 00000000 ____D C:\AdwCleaner 2013-10-20 12:15 - 2013-01-26 10:11 - 01335642 _____ C:\WINDOWS\WindowsUpdate.log 2013-10-20 12:14 - 2013-10-20 12:14 - 00001187 _____ C:\Users\Thunderbird\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk 2013-10-20 12:14 - 2013-10-20 12:14 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs 2013-10-20 12:13 - 2013-10-20 12:13 - 01056666 _____ C:\Users\Thunderbird\Downloads\adwcleaner.exe 2013-10-20 12:11 - 2013-10-20 12:11 - 00003436 _____ C:\Users\Thunderbird\Desktop\JRT.txt 2013-10-20 12:05 - 2013-10-20 12:05 - 01033335 _____ (Thisisu) C:\Users\Thunderbird\Desktop\JRT_6.0.7.exe 2013-10-20 12:05 - 2013-10-20 12:05 - 00000000 ____D C:\WINDOWS\ERUNT 2013-10-20 12:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru 2013-10-20 11:56 - 2010-01-18 20:50 - 00000000 ____D C:\Users\Thunderbird\AppData\Local\TSVNCache 2013-10-19 21:17 - 2013-10-14 19:23 - 00000000 ____D C:\Users\Pascal\AppData\Local\TSVNCache 2013-10-19 21:12 - 2011-10-26 20:46 - 00000000 ____D C:\Users\Thunderbird\MariosDocs 2013-10-19 20:45 - 2012-04-25 07:10 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-10-19 18:12 - 2013-10-19 18:12 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files\iTunes 2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files\iPod 2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-10-19 17:46 - 2013-01-26 09:50 - 00070180 _____ C:\WINDOWS\system32\lvcoinst.log 2013-10-18 17:30 - 2013-10-15 23:30 - 101792164 _____ C:\WINDOWS\SysWOW64\᯾眇拐ĥ߿ 2013-10-18 16:56 - 2013-02-07 04:57 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2365974122-1341937529-2636111329-1015 2013-10-18 15:48 - 2013-10-18 15:48 - 00000000 ___RD C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 2013-10-18 15:47 - 2011-07-30 10:07 - 00000000 ___RD C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-10-18 15:47 - 2011-07-24 13:06 - 00000000 ___RD C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-17 03:45 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2013-10-15 18:34 - 2010-02-05 14:42 - 00004092 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-15 18:34 - 2010-02-05 14:42 - 00003846 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-15 18:27 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache 2013-10-15 17:46 - 2013-07-18 19:52 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\Common 2013-10-15 17:46 - 2010-01-18 09:54 - 00000000 ____D C:\ProgramData\ICQ 2013-10-15 17:33 - 2010-01-16 20:10 - 00000000 ___RD C:\Users\Thunderbird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-10-15 17:33 - 2010-01-16 19:43 - 00000000 ___RD C:\Users\Thunderbird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-15 17:30 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData 2013-10-14 19:23 - 2013-10-14 19:23 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Subversion 2013-10-14 19:17 - 2013-10-14 19:17 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Avira 2013-10-14 19:12 - 2013-10-13 11:53 - 100910526 _____ C:\WINDOWS\SysWOW64\外熴ƌ 2013-10-13 20:07 - 2013-10-06 14:01 - 00330083 _____ C:\Users\Thunderbird\Documents\Hoschstr5.sh3d 2013-10-13 19:59 - 2013-10-13 19:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-10-13 19:59 - 2012-05-02 20:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-13 11:55 - 2013-10-13 11:55 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\Snz 2013-10-13 11:54 - 2010-03-14 22:24 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\VR-Networld 2013-10-13 11:51 - 2013-10-13 11:51 - 00501832 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-10-12 20:30 - 2013-10-12 20:30 - 00000000 ____D C:\Users\Thunderbird\Downloads\Afudos_238 2013-10-12 20:30 - 2013-10-12 20:29 - 00024609 _____ C:\Users\Thunderbird\Downloads\Afudos_238.zip 2013-10-12 20:01 - 2013-10-12 20:01 - 00000000 ____D C:\Users\Thunderbird\Desktop\ubbe 2013-10-12 19:56 - 2013-10-12 19:13 - 00000000 ____D C:\Users\Thunderbird\Desktop\1008HA-ASUS-1103 2013-10-12 19:49 - 2013-10-12 19:31 - 00000000 ____D C:\Users\Thunderbird\Desktop\Neuer Ordner 2013-10-12 19:47 - 2013-10-12 19:47 - 06213553 _____ C:\Users\Thunderbird\Desktop\ubbe.zip 2013-10-12 19:45 - 2013-10-12 19:47 - 00155102 _____ C:\Users\Thunderbird\Desktop\usbdos.zip 2013-10-12 19:13 - 2013-10-12 19:13 - 00000000 ____D C:\Users\Thunderbird\Desktop\download 2013-10-12 19:12 - 2013-10-12 19:12 - 00414215 _____ C:\Users\Thunderbird\Desktop\1008HA-ASUS-1103.zip 2013-10-12 19:11 - 2012-07-26 12:27 - 00921604 _____ C:\WINDOWS\system32\perfh007.dat 2013-10-12 19:11 - 2012-07-26 12:27 - 00221278 _____ C:\WINDOWS\system32\perfc007.dat 2013-10-12 19:11 - 2012-07-26 09:28 - 02180470 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-10-12 12:48 - 2010-01-20 07:58 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-12 12:46 - 2013-07-17 20:38 - 00000000 ____D C:\Program Files\Microsoft Office 15 2013-10-12 12:14 - 2012-05-10 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-12 12:14 - 2012-05-10 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-10 14:07 - 2013-10-10 14:07 - 02220366 _____ C:\Users\Thunderbird\AppData\Local\omesuperv.exe 2013-10-09 01:02 - 2013-07-22 12:19 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-10-09 00:55 - 2010-01-17 14:21 - 80541720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-10-08 19:46 - 2012-04-25 07:10 - 00003620 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2013-10-07 10:25 - 2013-10-05 18:31 - 99582406 _____ C:\WINDOWS\SysWOW64\짴熴Ë 2013-10-06 21:03 - 2013-10-06 21:03 - 04516404 _____ C:\Users\Thunderbird\Desktop\SweetHome3DExample4.sh3d 2013-10-06 16:31 - 2013-10-06 16:31 - 12389406 _____ C:\Users\Thunderbird\Desktop\3DModels-BlendSwap-CC-BY-1.3.zip 2013-10-06 16:31 - 2013-10-06 16:30 - 24803963 _____ C:\Users\Thunderbird\Downloads\3DModels-Contributions-1.3.zip 2013-10-06 16:30 - 2013-10-06 16:30 - 08270736 _____ C:\Users\Thunderbird\Downloads\3DModels-Trees-1.3.zip 2013-10-06 16:30 - 2013-10-06 16:30 - 07649661 _____ C:\Users\Thunderbird\Downloads\3DModels-Reallusion-1.3.zip 2013-10-06 16:30 - 2013-10-06 16:30 - 04307165 _____ C:\Users\Thunderbird\Downloads\3DModels-LucaPresidente-1.3.zip 2013-10-06 13:03 - 2013-10-06 13:03 - 00001135 _____ C:\Users\Thunderbird\Desktop\Sweet Home 3D.lnk 2013-10-06 13:03 - 2013-10-06 13:03 - 00000000 ____D C:\Program Files (x86)\Sweet Home 3D 2013-10-06 13:00 - 2013-10-06 12:56 - 24803963 _____ C:\Users\Thunderbird\Desktop\3DModels-Contributions-1.3.zip 2013-10-06 12:58 - 2013-10-06 12:57 - 15247272 _____ C:\Users\Thunderbird\Desktop\3DModels-BlendSwap-CC-0-1.3.zip 2013-10-06 12:58 - 2013-10-06 12:57 - 12389406 _____ C:\Users\Thunderbird\Downloads\3DModels-BlendSwap-CC-BY-1.3.zip 2013-10-06 12:58 - 2013-10-06 12:57 - 00000820 _____ C:\Users\Thunderbird\Desktop\README.TXT 2013-10-06 12:53 - 2013-10-06 12:53 - 23038249 _____ C:\Users\Thunderbird\Desktop\3DModels-Scopia-1.3.zip 2013-10-06 12:53 - 2013-10-06 12:53 - 08834339 _____ C:\Users\Thunderbird\Downloads\3DModels-KatorLegaz-1.3.zip 2013-10-06 12:53 - 2013-10-06 12:49 - 33703888 _____ (eTeks ) C:\Users\Thunderbird\Desktop\SweetHome3D-4.1-windows-oc.exe 2013-10-06 11:34 - 2011-01-28 10:39 - 00000000 ___SD C:\Users\Thunderbird\Documents\Meine Websites 2013-10-06 10:49 - 2013-10-06 10:49 - 00000000 ____D C:\Users\Thunderbird\AppData\Local\Brice_Lambson 2013-10-06 10:40 - 2013-10-06 10:40 - 00000000 ____D C:\Program Files\Image Resizer for Windows 2013-10-06 10:40 - 2013-10-06 10:40 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows 2013-10-06 10:39 - 2013-04-22 16:59 - 00000000 ____D C:\ProgramData\Package Cache 2013-10-06 10:39 - 2013-01-30 22:17 - 00132608 ___SH C:\Users\Thunderbird\Downloads\Thumbs.db 2013-10-06 10:37 - 2013-10-06 10:38 - 00922057 _____ (Brice Lambson) C:\Users\Thunderbird\Downloads\ImageResizerSetup_3.0.4802.exe 2013-10-06 10:09 - 2010-05-03 19:39 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\FileZilla 2013-10-06 10:07 - 2013-10-06 10:07 - 00002006 _____ C:\Users\Public\Desktop\FileZilla Client.lnk 2013-10-06 10:07 - 2010-05-03 19:39 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client 2013-10-06 10:06 - 2013-10-06 10:06 - 04812567 _____ (Tim Kosse) C:\Users\Thunderbird\Downloads\FileZilla_3.7.3_win32-setup.exe 2013-10-05 18:35 - 2013-10-05 18:35 - 00000000 ____D C:\VIA_XHCI 2013-10-05 18:35 - 2010-01-05 16:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-10-05 18:33 - 2013-10-05 18:33 - 00000000 ____D C:\Program Files (x86)\VIA 2013-10-05 12:16 - 2013-10-05 12:16 - 00000000 ____D C:\Users\Thunderbird\Downloads\V1.90A_WHQL 2013-10-05 12:14 - 2013-10-05 12:10 - 12368599 _____ C:\Users\Thunderbird\Downloads\V1.90A_WHQL.zip 2013-10-05 12:11 - 2013-10-05 12:11 - 00000000 ____D C:\Users\Thunderbird\Downloads\Usb3HubFWUpgrade_Setup_V0.41_VL810_VL811_formal 2013-10-05 12:10 - 2013-10-05 12:10 - 00728785 _____ C:\Users\Thunderbird\Downloads\Usb3HubFWUpgrade_Setup_V0.41_VL810_VL811_formal.zip 2013-10-04 10:56 - 2013-02-03 10:58 - 00314368 ___SH C:\Users\Thunderbird\Desktop\Thumbs.db 2013-10-03 18:57 - 2010-01-17 14:23 - 00000000 ____D C:\Users\Thunderbird\AppData\Local\Mozilla 2013-10-03 18:39 - 2013-10-03 18:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-02 03:38 - 2013-09-20 18:15 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2013-10-02 03:38 - 2013-09-20 18:15 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-25 11:29 - 2013-06-03 18:41 - 00000000 ____D C:\Program Files\My Dell 2013-09-25 11:29 - 2010-01-05 16:38 - 00000000 ____D C:\ProgramData\PCDr 2013-09-23 01:28 - 2013-10-09 00:50 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-09-23 01:28 - 2013-10-09 00:50 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-09-23 01:27 - 2013-10-09 00:50 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-09-23 01:27 - 2013-10-09 00:50 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2013-09-23 01:27 - 2013-10-09 00:49 - 14335488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-09-23 01:27 - 2013-10-09 00:49 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-09-23 01:27 - 2013-10-09 00:49 - 02048512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-09-23 01:27 - 2013-10-09 00:49 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2013-09-23 00:55 - 2013-10-09 00:50 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-09-23 00:55 - 2013-10-09 00:50 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-09-23 00:55 - 2013-10-09 00:50 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-09-23 00:54 - 2013-10-09 00:50 - 19252224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-09-23 00:54 - 2013-10-09 00:50 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-09-23 00:54 - 2013-10-09 00:50 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2013-09-23 00:54 - 2013-10-09 00:50 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-09-23 00:54 - 2013-10-09 00:49 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-09-23 00:54 - 2013-10-09 00:49 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-09-20 18:14 - 2013-09-20 18:14 - 98481651 _____ C:\WINDOWS\SysWOW64\⬱콰熴Ï 2013-09-20 18:10 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\WinStore 2013-09-20 18:10 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2013-09-20 18:10 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\oobe Some content of TEMP: ==================== C:\Users\Thunderbird\AppData\Local\Temp\13-4_win7_win8_64_dd_ccc_whql.exe C:\Users\Thunderbird\AppData\Local\Temp\9938.exe C:\Users\Thunderbird\AppData\Local\Temp\AdwCleaner.exe C:\Users\Thunderbird\AppData\Local\Temp\AskPIP_FF_.exe C:\Users\Thunderbird\AppData\Local\Temp\DivXSetup.exe C:\Users\Thunderbird\AppData\Local\Temp\DWPUpgradeInstaller.exe C:\Users\Thunderbird\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe C:\Users\Thunderbird\AppData\Local\Temp\jna1630119850053809962.dll C:\Users\Thunderbird\AppData\Local\Temp\jna2424119541046548336.dll C:\Users\Thunderbird\AppData\Local\Temp\jna332439445029199855.dll C:\Users\Thunderbird\AppData\Local\Temp\jna4134459294451900562.dll C:\Users\Thunderbird\AppData\Local\Temp\jna4779865687185956625.dll C:\Users\Thunderbird\AppData\Local\Temp\jna4804833339915221900.dll C:\Users\Thunderbird\AppData\Local\Temp\jna5062478780735537940.dll C:\Users\Thunderbird\AppData\Local\Temp\jna5857172928719657914.dll C:\Users\Thunderbird\AppData\Local\Temp\jna6506991178396327589.dll C:\Users\Thunderbird\AppData\Local\Temp\jna8794163596095324703.dll C:\Users\Thunderbird\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Thunderbird\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Thunderbird\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Thunderbird\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Thunderbird\AppData\Local\Temp\OfficeSetup.exe C:\Users\Thunderbird\AppData\Local\Temp\Quarantine.exe C:\Users\Thunderbird\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-15 18:03 ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-20 13:22:02
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 931,52GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\THUNDE~1\AppData\Local\Temp\afdiruod.sys
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\atiesrxx.exe[1152] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9dd0177a 4 bytes [D0, 9D, FB, 07]
.text C:\WINDOWS\system32\atiesrxx.exe[1152] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9dd01782 4 bytes [D0, 9D, FB, 07]
.text C:\WINDOWS\system32\atieclxx.exe[1384] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9dd0177a 4 bytes [D0, 9D, FB, 07]
.text C:\WINDOWS\system32\atieclxx.exe[1384] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9dd01782 4 bytes [D0, 9D, FB, 07]
.text C:\Program Files\FRITZ!Fernzugang\avmike.exe[2124] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fb95271b32 4 bytes [27, 95, FB, 07]
.text C:\Program Files\FRITZ!Fernzugang\avmike.exe[2124] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fb95271b3a 4 bytes [27, 95, FB, 07]
.text C:\Program Files\FRITZ!Fernzugang\certsrv.exe[2368] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fb95271b32 4 bytes [27, 95, FB, 07]
.text C:\Program Files\FRITZ!Fernzugang\certsrv.exe[2368] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fb95271b3a 4 bytes [27, 95, FB, 07]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2844] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9dd0177a 4 bytes [D0, 9D, FB, 07]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[2844] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9dd01782 4 bytes [D0, 9D, FB, 07]
.text C:\WINDOWS\system32\mqsvc.exe[2932] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 742 000007fb95271b32 4 bytes [27, 95, FB, 07]
.text C:\WINDOWS\system32\mqsvc.exe[2932] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 750 000007fb95271b3a 4 bytes [27, 95, FB, 07]
.text C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe[3068] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fb95271b32 4 bytes [27, 95, FB, 07]
.text C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe[3068] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fb95271b3a 4 bytes [27, 95, FB, 07]
.text C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe[3068] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb93b51532 4 bytes [B5, 93, FB, 07]
.text C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe[3068] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb93b5153a 4 bytes [B5, 93, FB, 07]
.text C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe[3068] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb93b5165a 4 bytes [B5, 93, FB, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2280] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9dd0177a 4 bytes [D0, 9D, FB, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[2280] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9dd01782 4 bytes [D0, 9D, FB, 07]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3280] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fb9dd0177a 4 bytes [D0, 9D, FB, 07]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3280] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fb9dd01782 4 bytes [D0, 9D, FB, 07]
.text C:\Program Files\Windows Defender\MsMpEng.exe[3404] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fb9dd0177a 4 bytes [D0, 9D, FB, 07]
.text C:\Program Files\Windows Defender\MsMpEng.exe[3404] C:\WINDOWS\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fb9dd01782 4 bytes [D0, 9D, FB, 07]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3804] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fb95271b32 4 bytes [27, 95, FB, 07]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3804] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fb95271b3a 4 bytes [27, 95, FB, 07]
.text C:\WINDOWS\Explorer.EXE[2292] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9dd0177a 4 bytes [D0, 9D, FB, 07]
.text C:\WINDOWS\Explorer.EXE[2292] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9dd01782 4 bytes [D0, 9D, FB, 07]
.text C:\WINDOWS\Explorer.EXE[2292] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb93b51532 4 bytes [B5, 93, FB, 07]
.text C:\WINDOWS\Explorer.EXE[2292] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb93b5153a 4 bytes [B5, 93, FB, 07]
.text C:\WINDOWS\Explorer.EXE[2292] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb93b5165a 4 bytes [B5, 93, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6040] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb93b51532 4 bytes [B5, 93, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6040] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb93b5153a 4 bytes [B5, 93, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6040] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb93b5165a 4 bytes [B5, 93, FB, 07]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [828:4624] fffff960009435e8
Thread C:\WINDOWS\system32\svchost.exe [1252:7124] 000007fb87c63158
Thread C:\WINDOWS\system32\svchost.exe [1252:7240] 000007fb7ce91fe4
Thread C:\WINDOWS\system32\svchost.exe [1252:7472] 000007fb7cf054f8
Thread C:\WINDOWS\system32\svchost.exe [1252:7564] 000007fb7cdf2520
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3044] 0000000077ea50a7
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:1136] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:1636] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:540] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:1240] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:2152] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:2076] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:2392] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:2144] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:2536] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:2540] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:2800] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:2804] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:2824] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3292] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3296] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3312] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3316] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3320] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3324] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3328] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3344] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3396] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3400] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3492] 0000000077ea50a7
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3496] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3596] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3600] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3604] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3608] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3628] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3696] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:4084] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:4088] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:3048] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:4108] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:4860] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:4852] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:1500] 0000000074e429e1
Thread c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [3016:1688] 0000000077e94ba2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -765053983
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 55069
---- EOF - GMER 2.1 ----
|
|
20.10.2013, 13:47
| #2 |
| /// the machine /// TB-Ausbilder    | Windows8 OfferMosquito bleibt, trotz Forum gelesen. hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
21.10.2013, 19:04
| #3 |
| | Windows8 OfferMosquito bleibt, trotz Forum gelesen. Danke für die schnelle Antwort. Hier meine Logs.
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.21.07 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16721 Thunderbird :: THUNDERBIRD-PC [Administrator] Schutz: Aktiviert 21.10.2013 19:04:14 mbam-log-2013-10-21 (19-04-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 329609 Laufzeit: 15 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|OMESupervisor (PUP.Optional.OfferMosquito.A) -> Daten: C:\Users\Thunderbird\AppData\Local\omesuperv.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Users\Thunderbird\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Thunderbird\AppData\Local\Temp\ct3297265 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Thunderbird\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 7 C:\Users\Thunderbird\AppData\Local\omesuperv.exe (PUP.Optional.OfferMosquito.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Thunderbird\AppData\Local\Temp\ct3297265\ism.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe (Adware.Clicker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Thunderbird\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Thunderbird\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Thunderbird\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Thunderbird\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.010 - Bericht erstellt am 21/10/2013 um 19:45:01
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows 8 Pro with Media Center (64 bits)
# Benutzername : Thunderbird - THUNDERBIRD-PC
# Gestartet von : C:\Users\Thunderbird\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\END
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\prefs.js ]
[ Datei : C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\tcuw5hzb.default\prefs.js ]
[ Datei : C:\Users\Conny\AppData\Roaming\Mozilla\Firefox\Profiles\gjcbqos6.default\prefs.js ]
[ Datei : C:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\sincqnqr.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [25637 octets] - [15/10/2013 17:45:22]
AdwCleaner[R1].txt - [1324 octets] - [15/10/2013 17:51:40]
AdwCleaner[R2].txt - [2567 octets] - [20/10/2013 12:14:37]
AdwCleaner[R3].txt - [1427 octets] - [21/10/2013 19:25:09]
AdwCleaner[R4].txt - [438 octets] - [21/10/2013 19:34:32]
AdwCleaner[R5].txt - [1663 octets] - [21/10/2013 19:42:01]
AdwCleaner[S0].txt - [24677 octets] - [15/10/2013 17:46:38]
AdwCleaner[S1].txt - [2577 octets] - [20/10/2013 12:16:16]
AdwCleaner[S2].txt - [1534 octets] - [21/10/2013 19:45:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1594 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 8 Pro with Media Center x64
Ran by Thunderbird on 21.10.2013 at 19:58:00,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Thunderbird\AppData\Roaming\mozilla\firefox\profiles\s166vagv.default\prefs.js
user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBlogs\" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.10.2013 at 20:04:05,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2013
Ran by Thunderbird (administrator) on THUNDERBIRD-PC on 21-10-2013 20:07:52
Running from C:\Users\Thunderbird\Downloads
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\WINDOWS\system32\atiesrxx.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Mobile Stream) C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
() C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-07] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [362952 2010-03-27] ()
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [VIAxHCUtl] - C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-15] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-15] (Samsung)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-15] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKCU\...\Run: [Remote Control Editor] - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1710664 2011-06-24] (Elgato Systems)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Valve\Steam\\Steam.exe [1353080 2012-09-16] (Valve Corporation)
HKCU\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-15] (Samsung)
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia)
HKCU\...\Run: [EasyTether] - C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [57128 2013-03-11] (Mobile Stream)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Snoozer] - C:\Users\Thunderbird\AppData\Roaming\Snz\Snz.exe [1226843 2013-10-10] ()
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {9cd6247a-03f3-11df-892f-002564ece8e7} - "P:\LaunchU3.exe" -a
MountPoints2: {9e048832-1934-11e1-86bc-726526594b04} - "N:\pushinst.exe"
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ATICustomerCare] - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-02-26] (cyberlink)
HKLM-x32\...\Run: [DellSupportCenter] - "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-07-16] (CyberLink Corp.)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [520192 2009-09-29] ()
HKLM-x32\...\Run: [ShwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5141512 2010-03-27] ()
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-10-20] ()
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKU\Conny\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\Conny\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2012-07-26] (Microsoft Corporation)
HKU\Conny\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Conny\...\Policies\system: [LogonHoursAction] 2
HKU\Pascal\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Pascal\...\Policies\system: [LogonHoursAction] 2
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Thunderbird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
==================== Internet (Whitelisted) ====================
ProxyServer: 192.168.178.21:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x23AFED583049CC01
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - DefaultScope {A2937363-6ACC-4F4B-9BD9-3F8F6CA1ACF4} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
SearchScopes: HKCU - {A2937363-6ACC-4F4B-9BD9-3F8F6CA1ACF4} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
SearchScopes: HKCU - {D285D91B-6B0E-42DF-A48E-D0F765A9098A} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\30.0.1599.101\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {72376E32-8AF2-473F-BE32-E5D0F39C865D} hxxp://de.cyberlink.com/prog/win7/js/UpdateAdvisor.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\30.0.1599.101\npchrome_frame.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: about:newtab
FF Keyword.URL: hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0-rc1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\searchplugins\mycsharpde.xml
FF SearchPlugin: C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\DeviceDetection@logitech.com
FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\fb_add_on@avm.de
FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\foxmarks@kei.com
FF Extension: All-in-One Gestures - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
FF Extension: DownloadHelper - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: adblockpopups - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: elemhidehelper - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi
FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi
FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox\
==================== Services (Whitelisted) =================
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1055288 2010-03-27] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-07] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-10-20] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-26] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-06] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [271760 2009-04-16] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-26] (Microsoft Corporation)
S3 wampapache; c:\wamp\bin\apache\apache2.4.2\bin\httpd.exe [24576 2012-05-13] (Apache Software Foundation)
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [9693696 2012-04-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-05-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132088 2013-09-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-03-21] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\drivers\avmaudio.sys [116480 2013-07-22] (AVM Berlin)
R3 avmaura; C:\Windows\System32\drivers\avmaura.sys [116480 2013-07-22] (AVM Berlin)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 easytether; C:\Windows\system32\DRIVERS\easytthr.sys [21704 2013-03-11] (Mobile Stream)
S3 FsUsbExDisk; C:\WINDOWS\SysWOW64\FsUsbExDisk.SYS [37344 2013-06-14] ()
R3 fwlanusbn; C:\Windows\system32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-05-04] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-26] (Microsoft Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [38536 2010-09-18] ()
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2010-09-19] (Acronis)
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-08-28] (CyberLink Corp.)
U3 idsvc;
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-21 20:07 - 2013-10-21 20:07 - 01954670 _____ (Farbar) C:\Users\Thunderbird\Downloads\FRST64.exe
2013-10-21 20:04 - 2013-10-21 20:04 - 00001677 _____ C:\Users\Thunderbird\Desktop\JRT.txt
2013-10-21 19:48 - 2013-10-21 19:48 - 00000000 ___RD C:\Users\Thunderbird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-10-21 19:34 - 2013-10-21 19:24 - 01060070 _____ C:\Users\Thunderbird\Desktop\adwcleaner.exe
2013-10-21 19:24 - 2013-10-21 19:24 - 01060070 _____ C:\Users\Thunderbird\Downloads\adwcleaner.exe
2013-10-21 19:21 - 2013-10-21 19:21 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Thunderbird\Downloads\mbam-clean-1.60.2.0003.exe
2013-10-21 19:06 - 2013-10-21 19:06 - 00000000 ____D C:\Program Files (x86)\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2013-10-21 19:00 - 2013-10-21 19:06 - 00004284 _____ C:\WINDOWS\SysWOW64\WLAN.INI
2013-10-21 18:58 - 2013-10-21 18:58 - 00000000 ____D C:\Users\Thunderbird\Downloads\WMP54GSv1-EU_dr_0
2013-10-21 18:57 - 2013-10-21 18:57 - 07437759 _____ C:\Users\Thunderbird\Downloads\WMP54GSv1-EU_dr_0.zip
2013-10-20 17:56 - 2013-10-21 05:56 - 102118912 _____ C:\WINDOWS\SysWOW64\㒬熴ƒ
2013-10-20 13:04 - 2013-10-20 13:04 - 00275536 _____ C:\WINDOWS\Minidump\102013-47515-01.dmp
2013-10-20 13:04 - 2013-10-20 13:04 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-20 12:39 - 2013-10-20 12:39 - 00000000 ____D C:\FRST
2013-10-20 12:37 - 2013-10-20 12:37 - 00000000 _____ C:\Users\Thunderbird\defogger_reenable
2013-10-20 12:28 - 2013-10-20 12:28 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-20 12:28 - 2013-10-20 12:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-20 12:14 - 2013-10-20 12:14 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-10-20 12:05 - 2013-10-20 12:05 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-19 18:12 - 2013-10-19 18:12 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files\iTunes
2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files\iPod
2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-18 15:48 - 2013-10-18 15:48 - 00000000 ___RD C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-10-15 23:30 - 2013-10-18 17:30 - 101792164 _____ C:\WINDOWS\SysWOW64\᯾眇拐ĥ߿
2013-10-15 17:45 - 2013-10-21 19:45 - 00000000 ____D C:\AdwCleaner
2013-10-14 19:23 - 2013-10-19 21:17 - 00000000 ____D C:\Users\Pascal\AppData\Local\TSVNCache
2013-10-14 19:23 - 2013-10-14 19:23 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Subversion
2013-10-14 19:17 - 2013-10-14 19:17 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Avira
2013-10-13 19:47 - 2013-10-13 19:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-13 12:08 - 2013-08-03 08:40 - 01374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2013-10-13 12:08 - 2013-08-03 08:40 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2013-10-13 12:08 - 2013-08-03 08:40 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmon.ocx
2013-10-13 12:08 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx
2013-10-13 12:08 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2013-10-13 12:08 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll
2013-10-13 12:07 - 2013-08-10 07:21 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2013-10-13 12:07 - 2013-08-10 07:21 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncInfo.dll
2013-10-13 12:07 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2013-10-13 12:07 - 2013-08-02 08:28 - 19758080 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2013-10-13 12:07 - 2013-08-02 08:28 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-10-13 12:07 - 2013-08-02 08:28 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2013-10-13 12:07 - 2013-08-02 08:26 - 02304512 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-10-13 12:07 - 2013-08-02 07:08 - 17561088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2013-10-13 12:07 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-10-13 12:07 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2013-10-13 12:07 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-10-13 12:07 - 2013-08-01 12:41 - 02233688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-10-13 12:07 - 2013-07-31 01:30 - 00386923 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-10-13 12:07 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2013-10-13 12:07 - 2013-07-25 01:06 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2013-10-13 12:07 - 2013-07-13 08:15 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2013-10-13 12:07 - 2013-07-13 06:23 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2013-10-13 12:07 - 2013-04-10 01:17 - 01125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-10-13 12:07 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2013-10-13 11:55 - 2013-10-13 11:55 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\Snz
2013-10-13 11:53 - 2013-10-14 19:12 - 100910526 _____ C:\WINDOWS\SysWOW64\外熴ƌ
2013-10-13 11:51 - 2013-10-13 11:51 - 00501832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-12 19:31 - 2013-10-20 13:37 - 00000000 ____D C:\Users\Thunderbird\Desktop\Neuer Ordner
2013-10-09 00:50 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-10-09 00:50 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-10-09 00:50 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-10-09 00:50 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-10-09 00:50 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-10-09 00:50 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-10-09 00:50 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-10-09 00:50 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-10-09 00:50 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-10-09 00:50 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-10-09 00:50 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-10-09 00:50 - 2013-08-29 05:11 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2013-10-09 00:50 - 2013-07-06 02:15 - 00652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2013-10-09 00:50 - 2013-07-04 04:13 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2013-10-09 00:50 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2013-10-09 00:50 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-10-09 00:50 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-10-09 00:50 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-10-09 00:50 - 2013-04-29 00:28 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-10-09 00:50 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2013-10-09 00:50 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2013-10-09 00:50 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2013-10-09 00:50 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2013-10-09 00:50 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-10-09 00:50 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-10-09 00:50 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2013-10-09 00:50 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-10-09 00:50 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-10-09 00:49 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-10-09 00:49 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-10-09 00:49 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-10-09 00:49 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-10-09 00:49 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-10-09 00:49 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-10-09 00:49 - 2013-08-23 07:11 - 04040192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-10-09 00:49 - 2013-07-20 00:13 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 00:49 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 00:49 - 2013-07-06 00:02 - 00121984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2013-10-09 00:49 - 2013-07-06 00:02 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2013-10-09 00:49 - 2013-07-02 03:41 - 00447320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2013-10-09 00:49 - 2013-07-02 03:41 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-10-09 00:49 - 2013-07-02 03:41 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-10-09 00:49 - 2013-07-02 00:14 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2013-10-09 00:49 - 2013-07-01 03:42 - 00623448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2013-10-09 00:49 - 2013-07-01 03:42 - 00498008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2013-10-09 00:49 - 2013-07-01 03:42 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2013-10-09 00:49 - 2013-07-01 03:42 - 00021848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2013-10-09 00:49 - 2013-06-29 05:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2013-10-09 00:49 - 2013-06-29 05:07 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-10-09 00:49 - 2013-06-29 05:07 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2013-10-09 00:49 - 2013-06-29 05:06 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2013-10-09 00:49 - 2013-06-22 07:45 - 00785624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2013-10-09 00:49 - 2013-06-22 07:45 - 00054488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys
2013-10-09 00:49 - 2013-05-27 01:17 - 00035328 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2013-10-09 00:49 - 2013-05-27 00:59 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2013-10-09 00:49 - 2013-05-25 05:15 - 00362496 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2013-10-09 00:49 - 2013-05-25 04:32 - 00300032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2013-10-06 13:03 - 2013-10-06 13:03 - 00001135 _____ C:\Users\Thunderbird\Desktop\Sweet Home 3D.lnk
2013-10-06 13:03 - 2013-10-06 13:03 - 00000000 ____D C:\Program Files (x86)\Sweet Home 3D
2013-10-06 10:49 - 2013-10-06 10:49 - 00000000 ____D C:\Users\Thunderbird\AppData\Local\Brice_Lambson
2013-10-06 10:40 - 2013-10-06 10:40 - 00000000 ____D C:\Program Files\Image Resizer for Windows
2013-10-06 10:40 - 2013-10-06 10:40 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows
2013-10-06 10:07 - 2013-10-06 10:07 - 00002006 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2013-10-05 18:35 - 2013-10-05 18:35 - 00000000 ____D C:\VIA_XHCI
2013-10-05 18:34 - 2012-01-20 06:39 - 00254464 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\xhcdrv.sys
2013-10-05 18:34 - 2012-01-20 06:39 - 00205312 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\ViaHub3.sys
2013-10-05 18:33 - 2013-10-05 18:33 - 00000000 ____D C:\Program Files (x86)\VIA
2013-10-05 18:31 - 2013-10-07 10:25 - 99582406 _____ C:\WINDOWS\SysWOW64\짴熴Ë
2013-10-04 10:29 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2013-10-03 18:38 - 2013-10-03 18:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-10-21 20:07 - 2013-10-21 20:07 - 01954670 _____ (Farbar) C:\Users\Thunderbird\Downloads\FRST64.exe
2013-10-21 20:05 - 2013-01-26 10:57 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2365974122-1341937529-2636111329-1001
2013-10-21 20:04 - 2013-10-21 20:04 - 00001677 _____ C:\Users\Thunderbird\Desktop\JRT.txt
2013-10-21 20:04 - 2011-10-26 20:46 - 00000000 ____D C:\Users\Thunderbird\MariosDocs
2013-10-21 20:03 - 2013-01-26 10:11 - 02031965 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-21 20:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-10-21 19:49 - 2010-01-18 09:52 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\Skype
2013-10-21 19:48 - 2013-10-21 19:48 - 00000000 ___RD C:\Users\Thunderbird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-10-21 19:46 - 2013-01-26 09:50 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2013-10-21 19:46 - 2013-01-26 09:48 - 00052042 _____ C:\WINDOWS\PFRO.log
2013-10-21 19:46 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-21 19:46 - 2012-07-26 09:21 - 02385847 _____ C:\WINDOWS\setupact.log
2013-10-21 19:46 - 2010-02-05 14:42 - 00001106 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-21 19:45 - 2013-10-15 17:45 - 00000000 ____D C:\AdwCleaner
2013-10-21 19:45 - 2012-04-25 07:10 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-21 19:43 - 2010-10-19 15:45 - 00000000 ____D C:\ProgramData\DivX
2013-10-21 19:42 - 2010-10-19 15:46 - 00000000 ____D C:\Program Files (x86)\DivX
2013-10-21 19:41 - 2010-02-05 14:42 - 00001110 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-21 19:38 - 2010-01-18 20:50 - 00000000 ____D C:\Users\Thunderbird\AppData\Local\TSVNCache
2013-10-21 19:35 - 2012-07-26 07:26 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2013-10-21 19:24 - 2013-10-21 19:34 - 01060070 _____ C:\Users\Thunderbird\Desktop\adwcleaner.exe
2013-10-21 19:24 - 2013-10-21 19:24 - 01060070 _____ C:\Users\Thunderbird\Downloads\adwcleaner.exe
2013-10-21 19:21 - 2013-10-21 19:21 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Thunderbird\Downloads\mbam-clean-1.60.2.0003.exe
2013-10-21 19:20 - 2010-07-05 07:00 - 00000000 ____D C:\Program Files (x86)\Unlocker
2013-10-21 19:06 - 2013-10-21 19:06 - 00000000 ____D C:\Program Files (x86)\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2013-10-21 19:06 - 2013-10-21 19:00 - 00004284 _____ C:\WINDOWS\SysWOW64\WLAN.INI
2013-10-21 19:06 - 2010-01-05 16:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-21 18:58 - 2013-10-21 18:58 - 00000000 ____D C:\Users\Thunderbird\Downloads\WMP54GSv1-EU_dr_0
2013-10-21 18:57 - 2013-10-21 18:57 - 07437759 _____ C:\Users\Thunderbird\Downloads\WMP54GSv1-EU_dr_0.zip
2013-10-21 18:53 - 2012-07-26 12:27 - 00921604 _____ C:\WINDOWS\system32\perfh007.dat
2013-10-21 18:53 - 2012-07-26 12:27 - 00221278 _____ C:\WINDOWS\system32\perfc007.dat
2013-10-21 18:53 - 2012-07-26 09:28 - 02180470 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-21 05:56 - 2013-10-20 17:56 - 102118912 _____ C:\WINDOWS\SysWOW64\㒬熴ƒ
2013-10-20 15:02 - 2013-01-26 09:50 - 00070764 _____ C:\WINDOWS\system32\lvcoinst.log
2013-10-20 14:20 - 2013-05-14 20:23 - 00000000 ____D C:\Users\Thunderbird\Downloads\USB Sicherung L
2013-10-20 13:55 - 2010-11-25 09:23 - 00000000 ____D C:\Users\Thunderbird\Documents\Steuer-Sparbuch
2013-10-20 13:37 - 2013-10-12 19:31 - 00000000 ____D C:\Users\Thunderbird\Desktop\Neuer Ordner
2013-10-20 13:04 - 2013-10-20 13:04 - 00275536 _____ C:\WINDOWS\Minidump\102013-47515-01.dmp
2013-10-20 13:04 - 2013-10-20 13:04 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-20 13:03 - 2011-01-30 18:53 - 677254261 _____ C:\WINDOWS\MEMORY.DMP
2013-10-20 12:39 - 2013-10-20 12:39 - 00000000 ____D C:\FRST
2013-10-20 12:37 - 2013-10-20 12:37 - 00000000 _____ C:\Users\Thunderbird\defogger_reenable
2013-10-20 12:37 - 2013-01-26 09:53 - 00000000 ____D C:\Users\Thunderbird
2013-10-20 12:28 - 2013-10-20 12:28 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-20 12:28 - 2013-10-20 12:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-20 12:14 - 2013-10-20 12:14 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-10-20 12:05 - 2013-10-20 12:05 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-19 21:17 - 2013-10-14 19:23 - 00000000 ____D C:\Users\Pascal\AppData\Local\TSVNCache
2013-10-19 18:12 - 2013-10-19 18:12 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files\iTunes
2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files\iPod
2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-18 17:30 - 2013-10-15 23:30 - 101792164 _____ C:\WINDOWS\SysWOW64\᯾眇拐ĥ߿
2013-10-18 16:56 - 2013-02-07 04:57 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2365974122-1341937529-2636111329-1015
2013-10-18 15:48 - 2013-10-18 15:48 - 00000000 ___RD C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-10-18 15:47 - 2011-07-30 10:07 - 00000000 ___RD C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-18 15:47 - 2011-07-24 13:06 - 00000000 ___RD C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-17 03:45 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-10-15 18:34 - 2010-02-05 14:42 - 00004092 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-15 18:34 - 2010-02-05 14:42 - 00003846 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-15 18:27 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache
2013-10-15 17:46 - 2013-07-18 19:52 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\Common
2013-10-15 17:46 - 2010-01-18 09:54 - 00000000 ____D C:\ProgramData\ICQ
2013-10-15 17:33 - 2010-01-16 20:10 - 00000000 ___RD C:\Users\Thunderbird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-15 17:33 - 2010-01-16 19:43 - 00000000 ___RD C:\Users\Thunderbird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-15 17:30 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData
2013-10-14 19:23 - 2013-10-14 19:23 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Subversion
2013-10-14 19:17 - 2013-10-14 19:17 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Avira
2013-10-14 19:12 - 2013-10-13 11:53 - 100910526 _____ C:\WINDOWS\SysWOW64\外熴ƌ
2013-10-13 19:59 - 2013-10-13 19:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-13 19:59 - 2012-05-02 20:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-13 11:55 - 2013-10-13 11:55 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\Snz
2013-10-13 11:54 - 2010-03-14 22:24 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\VR-Networld
2013-10-13 11:51 - 2013-10-13 11:51 - 00501832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-12 12:48 - 2010-01-20 07:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-12 12:46 - 2013-07-17 20:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-10-12 12:14 - 2012-05-10 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-12 12:14 - 2012-05-10 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 01:02 - 2013-07-22 12:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-09 00:55 - 2010-01-17 14:21 - 80541720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-08 19:46 - 2012-04-25 07:10 - 00003620 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-10-07 10:25 - 2013-10-05 18:31 - 99582406 _____ C:\WINDOWS\SysWOW64\짴熴Ë
2013-10-06 13:03 - 2013-10-06 13:03 - 00001135 _____ C:\Users\Thunderbird\Desktop\Sweet Home 3D.lnk
2013-10-06 13:03 - 2013-10-06 13:03 - 00000000 ____D C:\Program Files (x86)\Sweet Home 3D
2013-10-06 11:34 - 2011-01-28 10:39 - 00000000 ___SD C:\Users\Thunderbird\Documents\Meine Websites
2013-10-06 10:49 - 2013-10-06 10:49 - 00000000 ____D C:\Users\Thunderbird\AppData\Local\Brice_Lambson
2013-10-06 10:40 - 2013-10-06 10:40 - 00000000 ____D C:\Program Files\Image Resizer for Windows
2013-10-06 10:40 - 2013-10-06 10:40 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows
2013-10-06 10:39 - 2013-04-22 16:59 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-06 10:39 - 2013-01-30 22:17 - 00132608 ___SH C:\Users\Thunderbird\Downloads\Thumbs.db
2013-10-06 10:09 - 2010-05-03 19:39 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\FileZilla
2013-10-06 10:07 - 2013-10-06 10:07 - 00002006 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2013-10-06 10:07 - 2010-05-03 19:39 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-10-05 18:35 - 2013-10-05 18:35 - 00000000 ____D C:\VIA_XHCI
2013-10-05 18:33 - 2013-10-05 18:33 - 00000000 ____D C:\Program Files (x86)\VIA
2013-10-04 10:56 - 2013-02-03 10:58 - 00314368 ___SH C:\Users\Thunderbird\Desktop\Thumbs.db
2013-10-03 18:57 - 2010-01-17 14:23 - 00000000 ____D C:\Users\Thunderbird\AppData\Local\Mozilla
2013-10-03 18:39 - 2013-10-03 18:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 03:38 - 2013-09-20 18:15 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-10-02 03:38 - 2013-09-20 18:15 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-25 11:29 - 2013-06-03 18:41 - 00000000 ____D C:\Program Files\My Dell
2013-09-25 11:29 - 2010-01-05 16:38 - 00000000 ____D C:\ProgramData\PCDr
2013-09-23 01:28 - 2013-10-09 00:50 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-09 00:50 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-09 00:50 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-09 00:50 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-09 00:49 - 14335488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-09 00:49 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-09 00:49 - 02048512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-09 00:49 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-09-23 00:55 - 2013-10-09 00:50 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-23 00:55 - 2013-10-09 00:50 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-09 00:50 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-09 00:50 - 19252224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-09 00:50 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-09 00:50 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-09-23 00:54 - 2013-10-09 00:50 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-09 00:49 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-09 00:49 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
Some content of TEMP:
====================
C:\Users\Thunderbird\AppData\Local\Temp\13-4_win7_win8_64_dd_ccc_whql.exe
C:\Users\Thunderbird\AppData\Local\Temp\9938.exe
C:\Users\Thunderbird\AppData\Local\Temp\AdwCleaner.exe
C:\Users\Thunderbird\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Thunderbird\AppData\Local\Temp\DivXSetup.exe
C:\Users\Thunderbird\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Thunderbird\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\Thunderbird\AppData\Local\Temp\jna1630119850053809962.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna2424119541046548336.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna332439445029199855.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna4134459294451900562.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna4779865687185956625.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna4804833339915221900.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna5062478780735537940.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna5857172928719657914.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna6506991178396327589.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna8794163596095324703.dll
C:\Users\Thunderbird\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Thunderbird\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Thunderbird\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Thunderbird\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Thunderbird\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Thunderbird\AppData\Local\Temp\Quarantine.exe
C:\Users\Thunderbird\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-21 03:05
==================== End Of Log ============================
Danke Geändert von Thunderbird0 (21.10.2013 um 19:09 Uhr) Grund: Frst vergessen. |
|
22.10.2013, 08:27
| #4 |
| /// the machine /// TB-Ausbilder | Windows8 OfferMosquito bleibt, trotz Forum gelesen.ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.10.2013, 12:13
| #5 |
| | Windows8 OfferMosquito bleibt, trotz Forum gelesen. So hier noch die Logs. Ich habe ein paar Laufwerspfade die von meinem Lehrgang waren ausgeblendet mit ****. Die Dateien die dort genannt werden sind aber "sauber". Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=67394bf4785b7c4b8bb4ea0c168c7b44
# engine=15634
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-26 12:39:44
# local_time=2013-10-26 02:39:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1799 16775165 100 96 28342 248167674 21106 0
# compatibility_mode=5893 16776573 100 94 411732 10031459 0 0
# scanned=1253936
# found=4
# cleaned=0
# scan_time=27872
sh=981750634E37749521068C2DAFCF44D6C1C1186C ft=1 fh=d61241834f139065 vn="probably a variant of Win32/Delf.IESWGCD trojan" ac=I fn="****\Editors\syn_2-1-0-34.exe"
sh=04795ECDEFCF72CB7996F6607500A85E6394183C ft=1 fh=4c226616c343c228 vn="Win32/HackTool.EnumPlus.A application" ac=I fn="****Tools\Hackermethodik.exe"
sh=1F8A124248170EC5579F7099DFF895F7A263E5A6 ft=0 fh=0000000000000000 vn="probably a variant of ASP/Lexoc.A trojan" ac=I fn="****CGI\cgi-lib.pl"
sh=18159467DEE7C2019357BBC6A1D52C49BF5E2E65 ft=0 fh=0000000000000000 vn="probably a variant of ASP/Lexoc.A trojan" ac=I fn="****testform.cgi"
Code:
ATTFilter Results of screen317's Security Check version 0.99.74 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java Media Framework 2.1.1e Java 7 Update 25 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader XI Mozilla Firefox (24.0) Mozilla Thunderbird (24.0.1) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe ESET ESET Online Scanner OnlineScannerApp.exe Malwarebytes' Anti-Malware mbamscheduler.exe Windows Defender MsMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2013
Ran by Thunderbird (administrator) on THUNDERBIRD-PC on 26-10-2013 13:09:40
Running from C:\Users\Thunderbird\Desktop
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\WINDOWS\system32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Elgato Systems) C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Mobile Stream) C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
() C:\Users\Thunderbird\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\WINDOWS\syswow64\wwahost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-07] (Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [362952 2010-03-27] ()
HKLM\...\Run: [CDAServer] - C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [VIAxHCUtl] - C:\VIA_XHCI\usb3Monitor.exe [331776 2011-07-12] (VIA Technologies, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [ISUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-15] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-15] (Samsung)
HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-15] (Samsung Electronics Co., Ltd.)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKCU\...\Run: [Remote Control Editor] - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe [1710664 2011-06-24] (Elgato Systems)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Valve\Steam\\Steam.exe [1353080 2012-09-16] (Valve Corporation)
HKCU\...\Run: [ISUSPM Startup] - C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-15] (Samsung)
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090040 2012-12-21] (Nokia)
HKCU\...\Run: [EasyTether] - C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [57128 2013-03-11] (Mobile Stream)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Snoozer] - C:\Users\Thunderbird\AppData\Roaming\Snz\Snz.exe [1226843 2013-10-10] ()
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {9cd6247a-03f3-11df-892f-002564ece8e7} - "P:\LaunchU3.exe" -a
MountPoints2: {9e048832-1934-11e1-86bc-726526594b04} - "N:\pushinst.exe"
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [ATICustomerCare] - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [1904640 2009-03-20] (AVM Berlin)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-02-26] (cyberlink)
HKLM-x32\...\Run: [DellSupportCenter] - "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [PDVD8LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-07-16] (CyberLink Corp.)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [520192 2009-09-29] ()
HKLM-x32\...\Run: [ShwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5141512 2010-03-27] ()
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2013-10-20] ()
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKU\Conny\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883840 2009-07-26] (Microsoft Corporation)
HKU\Conny\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2012-07-26] (Microsoft Corporation)
HKU\Conny\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Conny\...\Policies\system: [LogonHoursAction] 2
HKU\Pascal\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Pascal\...\Policies\system: [LogonHoursAction] 2
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Thunderbird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
==================== Internet (Whitelisted) ====================
ProxyServer: 192.168.178.21:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x23AFED583049CC01
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - DefaultScope {A2937363-6ACC-4F4B-9BD9-3F8F6CA1ACF4} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
SearchScopes: HKCU - {A2937363-6ACC-4F4B-9BD9-3F8F6CA1ACF4} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
SearchScopes: HKCU - {D285D91B-6B0E-42DF-A48E-D0F765A9098A} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Oracle)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\30.0.1599.101\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {72376E32-8AF2-473F-BE32-E5D0F39C865D} hxxp://de.cyberlink.com/prog/win7/js/UpdateAdvisor.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\30.0.1599.101\npchrome_frame.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Google
FF Homepage: about:newtab
FF Keyword.URL: hxxp://www.google.com/search?sourceid=navclient&hl=de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0-rc1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\searchplugins\mycsharpde.xml
FF SearchPlugin: C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Виявлення пристроїв Logitech - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\DeviceDetection@logitech.com
FF Extension: FRITZ!Box AddOn - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\fb_add_on@avm.de
FF Extension: Xmarks - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\foxmarks@kei.com
FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\staged
FF Extension: All-in-One Gestures - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
FF Extension: DownloadHelper - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: adblockpopups - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: elemhidehelper - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\elemhidehelper@adblockplus.org.xpi
FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF Extension: multibmtoolbar - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi
FF Extension: noscript - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi
FF Extension: Adblock Plus - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: foxbox - C:\Users\Thunderbird\AppData\Roaming\Mozilla\Firefox\Profiles\s166vagv.default\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files (x86)\Google\Google Gears\Firefox\
FF Extension: Google Gears - C:\Program Files (x86)\Google\Google Gears\Firefox\
==================== Services (Whitelisted) =================
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1055288 2010-03-27] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-07] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [368640 2009-03-20] (AVM Berlin)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [335224 2010-03-30] (AVM Berlin)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143224 2010-03-30] (AVM Berlin)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2013-10-20] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-26] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-08] (Microsoft Corporation)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [189304 2010-03-30] (AVM Berlin)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-06] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [271760 2009-04-16] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-26] (Microsoft Corporation)
S3 wampapache; c:\wamp\bin\apache\apache2.4.2\bin\httpd.exe [24576 2012-05-13] (Apache Software Foundation)
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [9693696 2012-04-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-23] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-05-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132088 2013-09-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-03-21] (Avira Operations GmbH & Co. KG)
R3 avmaudio; C:\Windows\System32\drivers\avmaudio.sys [116480 2013-07-22] (AVM Berlin)
R3 avmaura; C:\Windows\System32\drivers\avmaura.sys [116480 2013-07-22] (AVM Berlin)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R3 easytether; C:\Windows\system32\DRIVERS\easytthr.sys [21704 2013-03-11] (Mobile Stream)
S3 FsUsbExDisk; C:\WINDOWS\SysWOW64\FsUsbExDisk.SYS [37344 2013-06-14] ()
R3 fwlanusbn; C:\Windows\system32\DRIVERS\fwlanusbn.sys [552704 2009-03-20] (AVM GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-05-04] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-26] (Microsoft Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [38536 2010-09-18] ()
R0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2010-09-19] (Acronis)
R3 usbehci; C:\Windows\SysWow64\drivers\usbehci.sys [26624 2004-06-10] (Microsoft Corporation)
R3 usbhub; C:\Windows\SysWow64\drivers\usbhub.sys [57600 2004-06-10] (Microsoft Corporation)
S3 usbuhci; C:\Windows\SysWow64\drivers\usbuhci.sys [20480 2004-06-10] (Microsoft Corporation)
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [205312 2012-01-20] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [254464 2012-01-20] (VIA Technologies, Inc.)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-08-28] (CyberLink Corp.)
U3 idsvc;
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-26 13:09 - 2013-10-26 13:09 - 01956086 _____ (Farbar) C:\Users\Thunderbird\Desktop\FRST64.exe
2013-10-26 13:08 - 2013-10-26 13:08 - 01088889 _____ (Farbar) C:\Users\Thunderbird\Desktop\FRST.exe
2013-10-25 18:53 - 2013-10-25 18:53 - 02347384 _____ (ESET) C:\Users\Thunderbird\Downloads\esetsmartinstaller_enu.exe
2013-10-25 18:53 - 2013-10-25 18:53 - 00891167 _____ C:\Users\Thunderbird\Desktop\SecurityCheck.exe
2013-10-25 18:53 - 2013-10-25 18:53 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-25 18:47 - 2013-10-26 12:47 - 103108672 _____ C:\WINDOWS\SysWOW64\垟熴ħ
2013-10-25 18:46 - 2013-10-25 18:46 - 00000000 ___RD C:\Users\Thunderbird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-10-21 20:09 - 2013-10-21 20:09 - 00059098 _____ C:\Users\Thunderbird\Downloads\FRST.txt
2013-10-21 20:04 - 2013-10-21 20:04 - 00001677 _____ C:\Users\Thunderbird\Desktop\JRT.txt
2013-10-21 19:34 - 2013-10-21 19:24 - 01060070 _____ C:\Users\Thunderbird\Desktop\adwcleaner.exe
2013-10-21 19:24 - 2013-10-21 19:24 - 01060070 _____ C:\Users\Thunderbird\Downloads\adwcleaner.exe
2013-10-21 19:21 - 2013-10-21 19:21 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Thunderbird\Downloads\mbam-clean-1.60.2.0003.exe
2013-10-21 19:06 - 2013-10-21 19:06 - 00000000 ____D C:\Program Files (x86)\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2013-10-21 19:00 - 2013-10-21 19:06 - 00004284 _____ C:\WINDOWS\SysWOW64\WLAN.INI
2013-10-21 18:58 - 2013-10-21 18:58 - 00000000 ____D C:\Users\Thunderbird\Downloads\WMP54GSv1-EU_dr_0
2013-10-21 18:57 - 2013-10-21 18:57 - 07437759 _____ C:\Users\Thunderbird\Downloads\WMP54GSv1-EU_dr_0.zip
2013-10-20 17:56 - 2013-10-21 05:56 - 102118912 _____ C:\WINDOWS\SysWOW64\㒬熴ƒ
2013-10-20 13:04 - 2013-10-20 13:04 - 00275536 _____ C:\WINDOWS\Minidump\102013-47515-01.dmp
2013-10-20 13:04 - 2013-10-20 13:04 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-20 12:39 - 2013-10-20 12:39 - 00000000 ____D C:\FRST
2013-10-20 12:37 - 2013-10-20 12:37 - 00000000 _____ C:\Users\Thunderbird\defogger_reenable
2013-10-20 12:28 - 2013-10-20 12:28 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-20 12:28 - 2013-10-20 12:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-20 12:14 - 2013-10-20 12:14 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-10-20 12:05 - 2013-10-20 12:05 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-19 18:12 - 2013-10-19 18:12 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files\iTunes
2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files\iPod
2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-18 15:48 - 2013-10-18 15:48 - 00000000 ___RD C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-10-15 23:30 - 2013-10-18 17:30 - 101792164 _____ C:\WINDOWS\SysWOW64\᯾眇拐ĥ߿
2013-10-15 17:45 - 2013-10-21 19:45 - 00000000 ____D C:\AdwCleaner
2013-10-14 19:23 - 2013-10-19 21:17 - 00000000 ____D C:\Users\Pascal\AppData\Local\TSVNCache
2013-10-14 19:23 - 2013-10-14 19:23 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Subversion
2013-10-14 19:17 - 2013-10-14 19:17 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Avira
2013-10-13 19:47 - 2013-10-13 19:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-13 12:08 - 2013-08-03 08:40 - 01374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2013-10-13 12:08 - 2013-08-03 08:40 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2013-10-13 12:08 - 2013-08-03 08:40 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmon.ocx
2013-10-13 12:08 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx
2013-10-13 12:08 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2013-10-13 12:08 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll
2013-10-13 12:07 - 2013-08-10 07:21 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2013-10-13 12:07 - 2013-08-10 07:21 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncInfo.dll
2013-10-13 12:07 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2013-10-13 12:07 - 2013-08-02 08:28 - 19758080 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2013-10-13 12:07 - 2013-08-02 08:28 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-10-13 12:07 - 2013-08-02 08:28 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2013-10-13 12:07 - 2013-08-02 08:26 - 02304512 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-10-13 12:07 - 2013-08-02 07:08 - 17561088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2013-10-13 12:07 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-10-13 12:07 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2013-10-13 12:07 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-10-13 12:07 - 2013-08-01 12:41 - 02233688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-10-13 12:07 - 2013-07-31 01:30 - 00386923 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-10-13 12:07 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2013-10-13 12:07 - 2013-07-25 01:06 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2013-10-13 12:07 - 2013-07-13 08:15 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2013-10-13 12:07 - 2013-07-13 06:23 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2013-10-13 12:07 - 2013-04-10 01:17 - 01125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-10-13 12:07 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2013-10-13 11:55 - 2013-10-13 11:55 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\Snz
2013-10-13 11:53 - 2013-10-14 19:12 - 100910526 _____ C:\WINDOWS\SysWOW64\外熴ƌ
2013-10-13 11:51 - 2013-10-13 11:51 - 00501832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-12 19:31 - 2013-10-20 13:37 - 00000000 ____D C:\Users\Thunderbird\Desktop\Neuer Ordner
2013-10-09 00:50 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-10-09 00:50 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-10-09 00:50 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-10-09 00:50 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-10-09 00:50 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-10-09 00:50 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-10-09 00:50 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-10-09 00:50 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-10-09 00:50 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-10-09 00:50 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-10-09 00:50 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-10-09 00:50 - 2013-08-29 05:11 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2013-10-09 00:50 - 2013-07-06 02:15 - 00652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2013-10-09 00:50 - 2013-07-04 04:13 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2013-10-09 00:50 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2013-10-09 00:50 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-10-09 00:50 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-10-09 00:50 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-10-09 00:50 - 2013-04-29 00:28 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-10-09 00:50 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2013-10-09 00:50 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2013-10-09 00:50 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2013-10-09 00:50 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2013-10-09 00:50 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-10-09 00:50 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-10-09 00:50 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2013-10-09 00:50 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-10-09 00:50 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-10-09 00:49 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-10-09 00:49 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-10-09 00:49 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-10-09 00:49 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-10-09 00:49 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-10-09 00:49 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-10-09 00:49 - 2013-08-23 07:11 - 04040192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-10-09 00:49 - 2013-07-20 00:13 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 00:49 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 00:49 - 2013-07-06 00:02 - 00121984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2013-10-09 00:49 - 2013-07-06 00:02 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2013-10-09 00:49 - 2013-07-02 03:41 - 00447320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2013-10-09 00:49 - 2013-07-02 03:41 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-10-09 00:49 - 2013-07-02 03:41 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-10-09 00:49 - 2013-07-02 00:14 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2013-10-09 00:49 - 2013-07-01 03:42 - 00623448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2013-10-09 00:49 - 2013-07-01 03:42 - 00498008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2013-10-09 00:49 - 2013-07-01 03:42 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2013-10-09 00:49 - 2013-07-01 03:42 - 00021848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2013-10-09 00:49 - 2013-06-29 05:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2013-10-09 00:49 - 2013-06-29 05:07 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-10-09 00:49 - 2013-06-29 05:07 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2013-10-09 00:49 - 2013-06-29 05:06 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2013-10-09 00:49 - 2013-06-22 07:45 - 00785624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2013-10-09 00:49 - 2013-06-22 07:45 - 00054488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys
2013-10-09 00:49 - 2013-05-27 01:17 - 00035328 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2013-10-09 00:49 - 2013-05-27 00:59 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2013-10-09 00:49 - 2013-05-25 05:15 - 00362496 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2013-10-09 00:49 - 2013-05-25 04:32 - 00300032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2013-10-06 13:03 - 2013-10-06 13:03 - 00001135 _____ C:\Users\Thunderbird\Desktop\Sweet Home 3D.lnk
2013-10-06 13:03 - 2013-10-06 13:03 - 00000000 ____D C:\Program Files (x86)\Sweet Home 3D
2013-10-06 10:49 - 2013-10-06 10:49 - 00000000 ____D C:\Users\Thunderbird\AppData\Local\Brice_Lambson
2013-10-06 10:40 - 2013-10-06 10:40 - 00000000 ____D C:\Program Files\Image Resizer for Windows
2013-10-06 10:40 - 2013-10-06 10:40 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows
2013-10-06 10:07 - 2013-10-06 10:07 - 00002006 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2013-10-05 18:35 - 2013-10-05 18:35 - 00000000 ____D C:\VIA_XHCI
2013-10-05 18:34 - 2012-01-20 06:39 - 00254464 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\xhcdrv.sys
2013-10-05 18:34 - 2012-01-20 06:39 - 00205312 _____ (VIA Technologies, Inc.) C:\WINDOWS\system32\Drivers\ViaHub3.sys
2013-10-05 18:33 - 2013-10-05 18:33 - 00000000 ____D C:\Program Files (x86)\VIA
2013-10-05 18:31 - 2013-10-07 10:25 - 99582406 _____ C:\WINDOWS\SysWOW64\짴熴Ë
2013-10-04 10:29 - 2013-08-07 07:15 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2013-10-03 18:38 - 2013-10-03 18:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-10-26 13:09 - 2013-10-26 13:09 - 01956086 _____ (Farbar) C:\Users\Thunderbird\Desktop\FRST64.exe
2013-10-26 13:08 - 2013-10-26 13:08 - 01088889 _____ (Farbar) C:\Users\Thunderbird\Desktop\FRST.exe
2013-10-26 13:03 - 2010-01-18 09:52 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\Skype
2013-10-26 13:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-10-26 12:47 - 2013-10-25 18:47 - 103108672 _____ C:\WINDOWS\SysWOW64\垟熴ħ
2013-10-26 12:45 - 2012-04-25 07:10 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-26 12:39 - 2010-02-05 14:42 - 00001110 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-26 03:30 - 2013-01-26 10:11 - 01331105 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-26 02:40 - 2013-01-26 10:57 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2365974122-1341937529-2636111329-1001
2013-10-25 19:29 - 2013-01-26 09:50 - 00071360 _____ C:\WINDOWS\system32\lvcoinst.log
2013-10-25 18:54 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-10-25 18:53 - 2013-10-25 18:53 - 02347384 _____ (ESET) C:\Users\Thunderbird\Downloads\esetsmartinstaller_enu.exe
2013-10-25 18:53 - 2013-10-25 18:53 - 00891167 _____ C:\Users\Thunderbird\Desktop\SecurityCheck.exe
2013-10-25 18:53 - 2013-10-25 18:53 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-25 18:49 - 2010-01-18 20:50 - 00000000 ____D C:\Users\Thunderbird\AppData\Local\TSVNCache
2013-10-25 18:46 - 2013-10-25 18:46 - 00000000 ___RD C:\Users\Thunderbird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-10-25 18:46 - 2010-02-05 14:42 - 00001106 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-25 18:45 - 2013-01-26 09:50 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2013-10-21 20:09 - 2013-10-21 20:09 - 00059098 _____ C:\Users\Thunderbird\Downloads\FRST.txt
2013-10-21 20:04 - 2013-10-21 20:04 - 00001677 _____ C:\Users\Thunderbird\Desktop\JRT.txt
2013-10-21 20:04 - 2011-10-26 20:46 - 00000000 ____D C:\Users\Thunderbird\MariosDocs
2013-10-21 19:46 - 2013-01-26 09:48 - 00052042 _____ C:\WINDOWS\PFRO.log
2013-10-21 19:46 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-21 19:46 - 2012-07-26 09:21 - 02385847 _____ C:\WINDOWS\setupact.log
2013-10-21 19:45 - 2013-10-15 17:45 - 00000000 ____D C:\AdwCleaner
2013-10-21 19:43 - 2010-10-19 15:45 - 00000000 ____D C:\ProgramData\DivX
2013-10-21 19:42 - 2010-10-19 15:46 - 00000000 ____D C:\Program Files (x86)\DivX
2013-10-21 19:35 - 2012-07-26 07:26 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2013-10-21 19:24 - 2013-10-21 19:34 - 01060070 _____ C:\Users\Thunderbird\Desktop\adwcleaner.exe
2013-10-21 19:24 - 2013-10-21 19:24 - 01060070 _____ C:\Users\Thunderbird\Downloads\adwcleaner.exe
2013-10-21 19:21 - 2013-10-21 19:21 - 00080456 _____ (Malwarebytes Corporation) C:\Users\Thunderbird\Downloads\mbam-clean-1.60.2.0003.exe
2013-10-21 19:20 - 2010-07-05 07:00 - 00000000 ____D C:\Program Files (x86)\Unlocker
2013-10-21 19:06 - 2013-10-21 19:06 - 00000000 ____D C:\Program Files (x86)\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2013-10-21 19:06 - 2013-10-21 19:00 - 00004284 _____ C:\WINDOWS\SysWOW64\WLAN.INI
2013-10-21 19:06 - 2010-01-05 16:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-21 18:58 - 2013-10-21 18:58 - 00000000 ____D C:\Users\Thunderbird\Downloads\WMP54GSv1-EU_dr_0
2013-10-21 18:57 - 2013-10-21 18:57 - 07437759 _____ C:\Users\Thunderbird\Downloads\WMP54GSv1-EU_dr_0.zip
2013-10-21 18:53 - 2012-07-26 12:27 - 00921604 _____ C:\WINDOWS\system32\perfh007.dat
2013-10-21 18:53 - 2012-07-26 12:27 - 00221278 _____ C:\WINDOWS\system32\perfc007.dat
2013-10-21 18:53 - 2012-07-26 09:28 - 02180470 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-21 05:56 - 2013-10-20 17:56 - 102118912 _____ C:\WINDOWS\SysWOW64\㒬熴ƒ
2013-10-20 14:20 - 2013-05-14 20:23 - 00000000 ____D C:\Users\Thunderbird\Downloads\USB Sicherung L
2013-10-20 13:55 - 2010-11-25 09:23 - 00000000 ____D C:\Users\Thunderbird\Documents\Steuer-Sparbuch
2013-10-20 13:37 - 2013-10-12 19:31 - 00000000 ____D C:\Users\Thunderbird\Desktop\Neuer Ordner
2013-10-20 13:04 - 2013-10-20 13:04 - 00275536 _____ C:\WINDOWS\Minidump\102013-47515-01.dmp
2013-10-20 13:04 - 2013-10-20 13:04 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-20 13:03 - 2011-01-30 18:53 - 677254261 _____ C:\WINDOWS\MEMORY.DMP
2013-10-20 12:39 - 2013-10-20 12:39 - 00000000 ____D C:\FRST
2013-10-20 12:37 - 2013-10-20 12:37 - 00000000 _____ C:\Users\Thunderbird\defogger_reenable
2013-10-20 12:37 - 2013-01-26 09:53 - 00000000 ____D C:\Users\Thunderbird
2013-10-20 12:28 - 2013-10-20 12:28 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-20 12:28 - 2013-10-20 12:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-20 12:14 - 2013-10-20 12:14 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-10-20 12:05 - 2013-10-20 12:05 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-19 21:17 - 2013-10-14 19:23 - 00000000 ____D C:\Users\Pascal\AppData\Local\TSVNCache
2013-10-19 18:12 - 2013-10-19 18:12 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files\iTunes
2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files\iPod
2013-10-19 18:12 - 2013-10-19 18:12 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-18 17:30 - 2013-10-15 23:30 - 101792164 _____ C:\WINDOWS\SysWOW64\᯾眇拐ĥ߿
2013-10-18 16:56 - 2013-02-07 04:57 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2365974122-1341937529-2636111329-1015
2013-10-18 15:48 - 2013-10-18 15:48 - 00000000 ___RD C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2013-10-18 15:47 - 2011-07-30 10:07 - 00000000 ___RD C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-18 15:47 - 2011-07-24 13:06 - 00000000 ___RD C:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-15 18:34 - 2010-02-05 14:42 - 00004092 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-15 18:34 - 2010-02-05 14:42 - 00003846 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-15 18:27 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache
2013-10-15 17:46 - 2013-07-18 19:52 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\Common
2013-10-15 17:46 - 2010-01-18 09:54 - 00000000 ____D C:\ProgramData\ICQ
2013-10-15 17:33 - 2010-01-16 20:10 - 00000000 ___RD C:\Users\Thunderbird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-15 17:33 - 2010-01-16 19:43 - 00000000 ___RD C:\Users\Thunderbird\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-15 17:30 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData
2013-10-14 19:23 - 2013-10-14 19:23 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Subversion
2013-10-14 19:17 - 2013-10-14 19:17 - 00000000 ____D C:\Users\Pascal\AppData\Roaming\Avira
2013-10-14 19:12 - 2013-10-13 11:53 - 100910526 _____ C:\WINDOWS\SysWOW64\外熴ƌ
2013-10-13 19:59 - 2013-10-13 19:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-10-13 19:59 - 2012-05-02 20:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-13 11:55 - 2013-10-13 11:55 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\Snz
2013-10-13 11:54 - 2010-03-14 22:24 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\VR-Networld
2013-10-13 11:51 - 2013-10-13 11:51 - 00501832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-12 12:48 - 2010-01-20 07:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-12 12:46 - 2013-07-17 20:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-10-12 12:14 - 2012-05-10 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-12 12:14 - 2012-05-10 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 01:02 - 2013-07-22 12:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-09 00:55 - 2010-01-17 14:21 - 80541720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-08 19:46 - 2012-04-25 07:10 - 00003620 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-10-07 10:25 - 2013-10-05 18:31 - 99582406 _____ C:\WINDOWS\SysWOW64\짴熴Ë
2013-10-06 13:03 - 2013-10-06 13:03 - 00001135 _____ C:\Users\Thunderbird\Desktop\Sweet Home 3D.lnk
2013-10-06 13:03 - 2013-10-06 13:03 - 00000000 ____D C:\Program Files (x86)\Sweet Home 3D
2013-10-06 11:34 - 2011-01-28 10:39 - 00000000 ___SD C:\Users\Thunderbird\Documents\Meine Websites
2013-10-06 10:49 - 2013-10-06 10:49 - 00000000 ____D C:\Users\Thunderbird\AppData\Local\Brice_Lambson
2013-10-06 10:40 - 2013-10-06 10:40 - 00000000 ____D C:\Program Files\Image Resizer for Windows
2013-10-06 10:40 - 2013-10-06 10:40 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows
2013-10-06 10:39 - 2013-04-22 16:59 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-06 10:39 - 2013-01-30 22:17 - 00132608 ___SH C:\Users\Thunderbird\Downloads\Thumbs.db
2013-10-06 10:09 - 2010-05-03 19:39 - 00000000 ____D C:\Users\Thunderbird\AppData\Roaming\FileZilla
2013-10-06 10:07 - 2013-10-06 10:07 - 00002006 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2013-10-06 10:07 - 2010-05-03 19:39 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-10-05 18:35 - 2013-10-05 18:35 - 00000000 ____D C:\VIA_XHCI
2013-10-05 18:33 - 2013-10-05 18:33 - 00000000 ____D C:\Program Files (x86)\VIA
2013-10-04 10:56 - 2013-02-03 10:58 - 00314368 ___SH C:\Users\Thunderbird\Desktop\Thumbs.db
2013-10-03 18:57 - 2010-01-17 14:23 - 00000000 ____D C:\Users\Thunderbird\AppData\Local\Mozilla
2013-10-03 18:39 - 2013-10-03 18:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 03:38 - 2013-09-20 18:15 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-10-02 03:38 - 2013-09-20 18:15 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Thunderbird\AppData\Local\Temp\13-4_win7_win8_64_dd_ccc_whql.exe
C:\Users\Thunderbird\AppData\Local\Temp\9938.exe
C:\Users\Thunderbird\AppData\Local\Temp\AdwCleaner.exe
C:\Users\Thunderbird\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Thunderbird\AppData\Local\Temp\DivXSetup.exe
C:\Users\Thunderbird\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Thunderbird\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\Thunderbird\AppData\Local\Temp\jna1630119850053809962.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna2424119541046548336.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna332439445029199855.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna4134459294451900562.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna4779865687185956625.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna4804833339915221900.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna5062478780735537940.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna5857172928719657914.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna6506991178396327589.dll
C:\Users\Thunderbird\AppData\Local\Temp\jna8794163596095324703.dll
C:\Users\Thunderbird\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Thunderbird\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Thunderbird\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Thunderbird\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Thunderbird\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Thunderbird\AppData\Local\Temp\Quarantine.exe
C:\Users\Thunderbird\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-26 02:46
==================== End Of Log ============================
Danke für die Hilfe momentan ist Ruhe |
|
26.10.2013, 18:15
| #6 |
| /// the machine /// TB-Ausbilder | Windows8 OfferMosquito bleibt, trotz Forum gelesen. Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Run: [Snoozer] - C:\Users\Thunderbird\AppData\Roaming\Snz\Snz.exe [1226843 2013-10-10] ()
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Windows8 OfferMosquito bleibt, trotz Forum gelesen. |
|
27.10.2013, 07:51
| #7 |
| | Windows8 OfferMosquito bleibt, trotz Forum gelesen.Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2013
Ran by Thunderbird at 2013-10-27 07:42:57 Run:1
Running from C:\Users\Thunderbird\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\...\Run: [Snoozer] - C:\Users\Thunderbird\AppData\Roaming\Snz\Snz.exe [1226843 2013-10-10] ()
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Snoozer => Value deleted successfully.
==== End of Fixlog ====
Code:
ATTFilter # DelFix v10.4 - Datei am 27/10/2013 um 07:46:40 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Benutzer : Thunderbird - THUNDERBIRD-PC
# Betriebssystem : Windows 8 Pro with Media Center (64 bits)
~ Aktiviere die Benutzerkontensteuerung ... OK
~ Entferne die Bereinigungsprogramme ...
Gelöscht : C:\FRST
Gelöscht : C:\Users\Thunderbird\Desktop\adwcleaner.exe
Gelöscht : C:\Users\Thunderbird\Desktop\Fixlog.txt
Gelöscht : C:\Users\Thunderbird\Desktop\FRST.exe
Gelöscht : C:\Users\Thunderbird\Desktop\FRST.txt
Gelöscht : C:\Users\Thunderbird\Desktop\FRST64.exe
Gelöscht : C:\Users\Thunderbird\Desktop\JRT.txt
Gelöscht : C:\Users\Thunderbird\Desktop\SecurityCheck.exe
Gelöscht : C:\Users\Thunderbird\Downloads\adwcleaner.exe
Gelöscht : C:\Users\Thunderbird\Downloads\esetsmartinstaller_enu.exe
Gelöscht : C:\Users\Thunderbird\Downloads\FRST.txt
Gelöscht : HKLM\SOFTWARE\AdwCleaner
~ Erstelle ein Backup der Registrierungsdatenbank ... OK
~ Lösche die Wiederherstellungspunkte ...
Gelöscht : RP #45 [Windows Update | 10/13/2013 10:36:04]
Gelöscht : RP #46 [Geplanter Prüfpunkt | 10/20/2013 11:20:09]
Gelöscht : RP #47 [Installed Linksys Wireless-G PCI Network Adapter with SpeedBoost | 10/21/2013 17:00:12]
Gelöscht : RP #48 [Installed Java 7 Update 45 | 10/27/2013 06:36:41]
Ein neuer Wiederherstellungspunkt wurde erstellt !
~ Stelle die Systemeinstellungen wieder her ... OK
########## - EOF - ##########
|
|
27.10.2013, 08:05
| #8 |
| /// the machine /// TB-Ausbilder | Windows8 OfferMosquito bleibt, trotz Forum gelesen. Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows8 OfferMosquito bleibt, trotz Forum gelesen. |
| .dll, adware.clicker, antivir, asp/lexoc.a, defender, explorer, farbar, farbar recovery scan tool, flash player, ftp, homepage, installation, kommt wieder, offermosquito, plug-in, pup.optional.conduit.a, pup.optional.offermosquito.a, remote control, scan, services.exe, snoozer, temp, win32/delf.ieswgcd, win32/hacktool.enumplus.a, windows, windowsapps, winlogon.exe |
Linear-Darstellung
