| |
| |||||||
Log-Analyse und Auswertung: http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke LeistungsmängelWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.11.2013, 17:47
| #1 |
| |  http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel Guten Tag, So wie einige andere hier habe ich das Problem, dass sich die Seite "http-rvzr-a-akamaihd-net" sich selbstständig öffnet und die Leistung meines PCs deutlich schlechter ist (hängt sich sogar mehrere Male am Tag auf). Da ich auf dem Gebiet wirklich wenig Ahnung habe versuch ich mich an die "Anleitung für Hilfesuchende bei Trojaner- und Virenbefall" zu halten: Informationen: Vorweg, ich benutze Windows 7 64 Bit, Firefox und hab Virenschutzmässig nur die kostenlose Version von Avast. Edit: Ich weis nicht ob es damit zusammen hängt, aber meine Flashplayer für Firefox stürtzt ebenfalls mehrmals täglich ab. Defogger hat keine Fehlermeldung ausgegeben Frst.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013 02
Ran by Janik (ATTENTION: The logged in user is not administrator) on JANIKSPC on 18-11-2013 16:51:27
Running from C:\Users\Janik\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Akamai Technologies, Inc.) C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Dropbox, Inc.) C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM-x32\...\Runonce: [InstallShieldSetup] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKLM-x32\...\Runonce: [InstallShieldSetup1] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKLM-x32\...\Runonce: [InstallShieldSetup2] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {505ac668-b2e5-11e0-be37-002522a1d429} - E:\DTVP_Launcher.exe
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Startup: C:\Users\Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x804583C7A3FBCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.234.128.7 195.234.128.16 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20(shExpMatch(host%2C%20'(*.turntable.fm%7Cturntable.fm)')%20%26%26%20url.indexOf('.css')%20%3D%3D%20-1%20%26%26%20url.indexOf('.js')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1))%20%7B%20return%20'PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.3 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=0.80.0 - C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Feven 1.5 - C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com
FF Extension: Battlefield Heroes Updater - C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: Battlefield Play4Free - C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default\Extensions\battlefieldplay4free@ea.com
FF Extension: jid1-QpHD8URtZWJC2A - C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-27] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
S3 RTCore64; C:\after\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 X6va005; \??\C:\Users\ADMINI~1\AppData\Local\Temp\005E51A.tmp [x]
S3 X6va006; \??\C:\Users\ADMINI~1\AppData\Local\Temp\0062148.tmp [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-18 16:51 - 2013-11-18 16:52 - 00016234 _____ C:\Users\Janik\Desktop\FRST.txt
2013-11-18 16:51 - 2013-11-18 16:51 - 00000000 ____D C:\FRST
2013-11-18 16:50 - 2013-11-18 16:50 - 00050477 _____ C:\Users\Janik\Downloads\Defogger.exe
2013-11-18 16:49 - 2013-11-18 16:49 - 01958026 _____ (Farbar) C:\Users\Janik\Desktop\FRST64.exe
2013-11-18 16:48 - 2013-11-18 16:48 - 00000500 _____ C:\Users\Janik\Desktop\defogger_disable.log
2013-11-18 16:45 - 2013-11-18 16:45 - 00050477 _____ C:\Users\Janik\Desktop\Defogger.exe
2013-11-17 15:54 - 2013-11-17 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 12:20 - 2013-11-17 12:21 - 00000000 ____D C:\Users\Janik\Documents\BFBC2
2013-11-14 20:08 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 20:08 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 20:08 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 20:08 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 20:08 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 20:08 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 20:07 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 20:07 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 20:07 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 20:07 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 16:11 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 16:11 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 16:10 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 16:10 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 16:10 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 16:10 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 16:10 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 16:10 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 16:10 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 16:09 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 16:09 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 16:09 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 16:09 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 16:09 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 16:09 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 16:09 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 16:09 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 16:09 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 16:09 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 16:09 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 16:09 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 16:09 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 16:09 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 16:09 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 16:09 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 16:08 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 16:08 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 16:08 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 16:08 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 16:08 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-04 14:04 - 2013-11-04 14:04 - 00000000 ____D C:\Users\Janik\Desktop\LOLPBE
2013-11-02 22:35 - 2013-11-02 22:35 - 00000000 ____D C:\Users\Janik\Documents\League of Legends
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-11-01 17:30 - 2013-11-01 17:31 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Janik\Downloads\AdobeAIRInstaller.exe
2013-11-01 17:24 - 2013-11-01 17:24 - 00000000 ____D C:\ProgramData\Oracle
2013-11-01 17:23 - 2013-11-01 17:23 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-01 17:22 - 2013-11-01 17:22 - 30694824 _____ (Oracle Corporation) C:\Users\Janik\Downloads\jre-7u45-windows-x64.exe
2013-11-01 17:19 - 2013-11-01 17:19 - 23294592 _____ (Mozilla) C:\Users\Janik\Downloads\Firefox_Setup_25.0.exe
2013-10-21 15:48 - 2013-11-07 23:25 - 00000000 ____D C:\Users\Janik\Desktop\GG
2013-10-21 14:19 - 2013-10-21 14:19 - 00001865 _____ C:\Users\Janik\Downloads\Sklansky-Tabelle.zip
2013-10-21 12:08 - 2013-10-21 13:01 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Desk 365
2013-10-20 21:37 - 2013-10-21 13:58 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-10-20 21:35 - 2013-11-18 14:30 - 00000364 _____ C:\Windows\Tasks\spmonitor.job
2013-10-20 21:34 - 2013-11-18 14:30 - 00000286 _____ C:\Windows\Tasks\SpeedUpMyPC.job
2013-10-20 21:34 - 2013-10-21 13:07 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-10-20 21:34 - 2013-10-21 13:05 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-20 21:32 - 2013-10-20 21:32 - 00319200 _____ C:\Users\Janik\Downloads\Java.exe
==================== One Month Modified Files and Folders =======
2013-11-18 16:52 - 2013-11-18 16:51 - 00016234 _____ C:\Users\Janik\Desktop\FRST.txt
2013-11-18 16:51 - 2013-11-18 16:51 - 00000000 ____D C:\FRST
2013-11-18 16:51 - 2011-09-01 15:01 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Skype
2013-11-18 16:50 - 2013-11-18 16:50 - 00050477 _____ C:\Users\Janik\Downloads\Defogger.exe
2013-11-18 16:49 - 2013-11-18 16:49 - 01958026 _____ (Farbar) C:\Users\Janik\Desktop\FRST64.exe
2013-11-18 16:48 - 2013-11-18 16:48 - 00000500 _____ C:\Users\Janik\Desktop\defogger_disable.log
2013-11-18 16:48 - 2011-04-06 20:06 - 00000000 ____D C:\Users\Administrator Janik
2013-11-18 16:45 - 2013-11-18 16:45 - 00050477 _____ C:\Users\Janik\Desktop\Defogger.exe
2013-11-18 16:23 - 2011-05-05 19:55 - 00000000 ____D C:\Users\Janik\AppData\Roaming\TS3Client
2013-11-18 16:19 - 2013-09-06 19:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-18 15:49 - 2011-04-06 19:55 - 01580475 _____ C:\Windows\WindowsUpdate.log
2013-11-18 14:36 - 2009-07-14 05:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-18 14:36 - 2009-07-14 05:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-18 14:31 - 2013-09-23 11:34 - 00000000 ___RD C:\Users\Janik\Dropbox
2013-11-18 14:31 - 2013-09-23 11:32 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Dropbox
2013-11-18 14:30 - 2013-10-20 21:35 - 00000364 _____ C:\Windows\Tasks\spmonitor.job
2013-11-18 14:30 - 2013-10-20 21:34 - 00000286 _____ C:\Windows\Tasks\SpeedUpMyPC.job
2013-11-18 14:30 - 2013-04-12 00:06 - 00000000 ____D C:\Users\Janik\AppData\Local\FreePDF_XP
2013-11-18 14:29 - 2013-09-06 19:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-18 14:29 - 2011-04-08 13:35 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-18 14:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-18 14:29 - 2009-07-14 05:51 - 00138411 _____ C:\Windows\setupact.log
2013-11-17 20:30 - 2013-02-01 19:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-17 20:30 - 2011-09-01 15:01 - 00000000 ____D C:\ProgramData\Skype
2013-11-17 15:54 - 2013-11-17 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 12:24 - 2011-04-15 18:12 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-11-17 12:21 - 2013-11-17 12:20 - 00000000 ____D C:\Users\Janik\Documents\BFBC2
2013-11-17 12:20 - 2011-04-15 20:22 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-11-17 12:20 - 2011-04-15 18:37 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-17 01:17 - 2013-10-01 16:52 - 00000000 ____D C:\Users\Janik\Desktop\Esis
2013-11-14 20:37 - 2011-07-08 12:58 - 00000000 ____D C:\Users\Janik\AppData\Local\CrashDumps
2013-11-14 20:06 - 2013-08-19 12:22 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 20:05 - 2013-01-22 16:26 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 21:22 - 2011-10-31 15:32 - 00000000 ____D C:\Users\Janik\Desktop\Was noch so rumfliegt
2013-11-11 13:36 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-09 18:55 - 2009-07-14 18:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-11-09 18:55 - 2009-07-14 18:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-11-09 18:55 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-07 23:25 - 2013-10-21 15:48 - 00000000 ____D C:\Users\Janik\Desktop\GG
2013-11-06 16:44 - 2011-05-05 19:55 - 00000000 ____D C:\Program Files\ts3
2013-11-04 14:04 - 2013-11-04 14:04 - 00000000 ____D C:\Users\Janik\Desktop\LOLPBE
2013-11-02 22:35 - 2013-11-02 22:35 - 00000000 ____D C:\Users\Janik\Documents\League of Legends
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:30 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Janik\Downloads\AdobeAIRInstaller.exe
2013-11-01 17:31 - 2011-05-13 19:16 - 00000000 ____D C:\Users\Janik\AppData\Local\Adobe
2013-11-01 17:31 - 2011-04-15 20:31 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Adobe
2013-11-01 17:31 - 2011-04-07 20:13 - 00000000 ____D C:\ProgramData\Adobe
2013-11-01 17:31 - 2011-04-07 20:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-01 17:29 - 2012-01-23 22:23 - 00000000 ____D C:\Program Files\Java
2013-11-01 17:24 - 2013-11-01 17:24 - 00000000 ____D C:\ProgramData\Oracle
2013-11-01 17:23 - 2013-11-01 17:23 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-01 17:23 - 2012-01-23 22:23 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-01 17:23 - 2012-01-23 22:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-01 17:23 - 2012-01-23 22:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-01 17:22 - 2013-11-01 17:22 - 30694824 _____ (Oracle Corporation) C:\Users\Janik\Downloads\jre-7u45-windows-x64.exe
2013-11-01 17:21 - 2013-09-06 19:17 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-01 17:19 - 2013-11-01 17:19 - 23294592 _____ (Mozilla) C:\Users\Janik\Downloads\Firefox_Setup_25.0.exe
2013-10-31 08:58 - 2011-04-08 13:20 - 00335344 _____ C:\Windows\PFRO.log
2013-10-21 14:19 - 2013-10-21 14:19 - 00001865 _____ C:\Users\Janik\Downloads\Sklansky-Tabelle.zip
2013-10-21 13:58 - 2013-10-20 21:37 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-10-21 13:58 - 2013-10-06 11:47 - 00000000 ____D C:\Users\Janik\bluej
2013-10-21 13:58 - 2011-12-28 16:47 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-21 13:58 - 2011-12-04 14:26 - 00000000 ____D C:\Windows\Minidump
2013-10-21 13:58 - 2011-11-17 16:05 - 00000000 ____D C:\Users\Janik\AppData\Local\Akamai
2013-10-21 13:58 - 2011-09-29 22:48 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-10-21 13:58 - 2011-09-29 15:47 - 00000000 ____D C:\ProgramData\Origin
2013-10-21 13:58 - 2011-04-20 07:18 - 00000000 ____D C:\Users\Tom
2013-10-21 13:58 - 2011-04-08 13:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-21 13:58 - 2011-04-08 13:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-21 13:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-10-21 13:57 - 2013-10-14 20:16 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-21 13:57 - 2011-04-15 20:26 - 00000000 ____D C:\Users\Janik\AppData\Local\PunkBuster
2013-10-21 13:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\security
2013-10-21 13:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-21 13:07 - 2013-10-20 21:34 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-10-21 13:05 - 2013-10-20 21:34 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-21 13:04 - 2011-09-29 15:47 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-10-21 13:01 - 2013-10-21 12:08 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Desk 365
2013-10-21 13:00 - 2011-04-08 15:05 - 00000000 ____D C:\Users\Janik
2013-10-21 12:06 - 2011-12-21 16:56 - 00064536 _____ C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-21 12:06 - 2011-12-21 16:56 - 00064536 _____ C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-20 21:34 - 2011-06-11 01:58 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-10-20 21:34 - 2011-06-11 01:58 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-10-20 21:32 - 2013-10-20 21:32 - 00319200 _____ C:\Users\Janik\Downloads\Java.exe
Some content of TEMP:
====================
C:\Users\Janik\AppData\Local\Temp\CF_Downloader.exe
C:\Users\Janik\AppData\Local\Temp\DLBT.dll
C:\Users\Janik\AppData\Local\Temp\EADCBB7.exe
C:\Users\Janik\AppData\Local\Temp\installerdll1613565.dll
C:\Users\Janik\AppData\Local\Temp\installerdll358443.dll
C:\Users\Janik\AppData\Local\Temp\installerdll5023856.dll
C:\Users\Janik\AppData\Local\Temp\installerdll5515649.dll
C:\Users\Janik\AppData\Local\Temp\installerdll6632897.dll
C:\Users\Janik\AppData\Local\Temp\Setup.exe
C:\Users\Janik\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Additon.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2013 02
Ran by Janik at 2013-11-18 16:52:36
Running from C:\Users\Janik\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.1.377)
Adobe AIR (x32 Version: 3.9.0.1030)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
ASRock App Charger v1.0.4
ASRock eXtreme Tuner v0.1.54 (x32)
ASRock InstantBoot v1.26 (x32)
Assassin's Creed(R) III v1.06 (x32 Version: 1.06)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Battlefield 3™ (x32 Version: 1.0.0.0)
Battlelog Web Plugins (x32 Version: 2.3.0)
BlueJ (x32 Version: 3.1.0)
Die Sims™ 3 (x32 Version: 1.33.2)
Dropbox (HKCU Version: 2.0.26)
ESN Sonar (x32 Version: 0.70.0)
ESN Sonar (x32 Version: 0.70.3)
ESN Sonar (x32 Version: 0.70.4)
Etron USB3.0 Host Controller (x32 Version: 0.96)
FreePDF (Remove only) (x32)
Geeks3D.com FurMark 1.9.1 (x32)
GPL Ghostscript (x32 Version: 9.04)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
James Bond 007(TM) - Blood Stone (x32 Version: 1.0)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java SE Development Kit 7 Update 40 (64-bit) (Version: 1.7.0.400)
League of Legends (x32 Version: 1.02.0000)
League of Legends (x32 Version: 3.0.1)
marvell 91xx driver (x32 Version: 1.0.0.1047)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)
Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)
Microsoft Visual C# 2010 Express - DEU (x32 Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSI Afterburner 2.3.1 (x32 Version: 2.3.1)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19)
NVIDIA 3D Vision Controller-Treiber 326.01 (Version: 326.01)
NVIDIA 3D Vision Treiber 327.23 (Version: 327.23)
NVIDIA Grafiktreiber 327.23 (Version: 327.23)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.133.902)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)
NVIDIA Systemsteuerung 327.23 (Version: 327.23)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Origin (x32 Version: 8.5.0.4550)
Pando Media Booster (x32 Version: 2.6.0.1)
PDF-Viewer (Version: 2.5.210.0)
PunkBuster Services (x32 Version: 0.991)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.23.623.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6167)
RedMon - Redirection Port Monitor
Skype™ 6.10 (x32 Version: 6.10.104)
Snap.Do (x32 Version: 1.138.1.12259)
swMSM (x32 Version: 12.0.0.1)
Tag - IGF Professional 2008 (x32)
TeamSpeak 3 Client (HKCU)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Uplay (x32 Version: 2.0)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (x32 Version: 4.0.8080.0)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)
==================== Restore Points =========================
Could not list Restore Points. Check WMI.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\SpeedUpMyPC.job => ?
Task: C:\Windows\Tasks\spmonitor.job => ?
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/18/2013 04:28:37 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 25.0.1.5064 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f64
Startzeit: 01cee4628164df5a
Endzeit: 1862
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 144e0ecc-5066-11e3-9348-002522a1d429
Error: (11/14/2013 08:37:55 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 3.13.0.399, Zeitstempel: 0x526ed0a3
Name des fehlerhaften Moduls: cgD3D9.dll, Version: 3.0.0.16, Zeitstempel: 0x4d55a06f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b6539
ID des fehlerhaften Prozesses: 0xd6c
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3
Error: (11/09/2013 07:33:21 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.0.5046, Zeitstempel: 0x526b1e27
Name des fehlerhaften Moduls: xul.dll, Version: 25.0.0.5046, Zeitstempel: 0x526b1d27
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001157e7
ID des fehlerhaften Prozesses: 0x1284
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (11/02/2013 11:12:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 3.14.0.163, Zeitstempel: 0x5271dabe
Name des fehlerhaften Moduls: cgD3D9.dll, Version: 3.0.0.16, Zeitstempel: 0x4d55a06f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b6539
ID des fehlerhaften Prozesses: 0x10d0
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3
Error: (11/02/2013 09:39:42 PM) (Source: Application Hang) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 784
Startzeit: 01ced80b84f1818e
Endzeit: 0
Anwendungspfad: C:\Users\Janik\AppData\Local\Temp\Rar$EX01.056\LOLPBE\RADS\system\rads_user_kernel.exe
Berichts-ID: e2cbbb30-43fe-11e3-a605-002522a1d429
Error: (10/30/2013 10:39:15 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (10/30/2013 07:00:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AC3SP.exe, Version: 0.0.0.0, Zeitstempel: 0x5155b537
Name des fehlerhaften Moduls: AC3SP.exe, Version: 0.0.0.0, Zeitstempel: 0x5155b537
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003f36c2
ID des fehlerhaften Prozesses: 0x12b0
Startzeit der fehlerhaften Anwendung: 0xAC3SP.exe0
Pfad der fehlerhaften Anwendung: AC3SP.exe1
Pfad des fehlerhaften Moduls: AC3SP.exe2
Berichtskennung: AC3SP.exe3
Error: (10/26/2013 04:09:00 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (10/25/2013 05:25:06 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (10/24/2013 10:18:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (11/18/2013 04:27:31 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5!0702(24f8)
Error: (11/18/2013 02:31:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (11/18/2013 02:31:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (11/17/2013 05:46:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (11/17/2013 05:46:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (11/17/2013 05:44:12 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 17.11.2013 um 17:41:24 unerwartet heruntergefahren.
Error: (11/17/2013 02:05:25 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (11/17/2013 00:05:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (11/17/2013 00:05:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (11/17/2013 01:16:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Microsoft Office Sessions:
=========================
Error: (11/18/2013 04:28:37 PM) (Source: Application Hang)(User: )
Description: firefox.exe25.0.1.5064f6401cee4628164df5a1862C:\Program Files (x86)\Mozilla Firefox\firefox.exe144e0ecc-5066-11e3-9348-002522a1d429
Error: (11/14/2013 08:37:55 PM) (Source: Application Error)(User: )
Description: League of Legends.exe3.13.0.399526ed0a3cgD3D9.dll3.0.0.164d55a06fc0000005000b6539d6c01cee170d88f7e89C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.251\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.251\deploy\cgD3D9.dll41c3503c-4d64-11e3-a5ed-002522a1d429
Error: (11/09/2013 07:33:21 PM) (Source: Application Error)(User: )
Description: firefox.exe25.0.0.5046526b1e27xul.dll25.0.0.5046526b1d27c0000005001157e7128401cedd6f9f43fcc5C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll6848aa5a-496d-11e3-b654-002522a1d429
Error: (11/02/2013 11:12:28 PM) (Source: Application Error)(User: )
Description: League of Legends.exe3.14.0.1635271dabecgD3D9.dll3.0.0.164d55a06fc0000005000b653910d001ced81872bd617cC:\Users\Janik\AppData\Local\Temp\Rar$EX25.056\LOLPBE\RADS\solutions\lol_game_client_sln\releases\0.0.1.191\deploy\League of Legends.exeC:\Users\Janik\AppData\Local\Temp\Rar$EX25.056\LOLPBE\RADS\solutions\lol_game_client_sln\releases\0.0.1.191\deploy\cgD3D9.dlldbb84232-440b-11e3-a605-002522a1d429
Error: (11/02/2013 09:39:42 PM) (Source: Application Hang)(User: )
Description: rads_user_kernel.exe0.0.0.078401ced80b84f1818e0C:\Users\Janik\AppData\Local\Temp\Rar$EX01.056\LOLPBE\RADS\system\rads_user_kernel.exee2cbbb30-43fe-11e3-a605-002522a1d429
Error: (10/30/2013 10:39:15 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (10/30/2013 07:00:37 PM) (Source: Application Error)(User: )
Description: AC3SP.exe0.0.0.05155b537AC3SP.exe0.0.0.05155b537c0000005003f36c212b001ced596a4c9b999C:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3SP.exeC:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3SP.exe2da68166-418d-11e3-a571-002522a1d429
Error: (10/26/2013 04:09:00 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (10/25/2013 05:25:06 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (10/24/2013 10:18:04 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
==================== Memory info ===========================
Percentage of memory in use: 38%
Total physical RAM: 4078.71 MB
Available physical RAM: 2528.07 MB
Total Pagefile: 8155.59 MB
Available Pagefile: 6326.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.54 GB) (Free:330.2 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
"C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird." und nocheinmal diese Meldung mit einem anderen Pfad. (Ich hab die Meldungen abgenickt um den Scan zu beenden) gmer.txt: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-18 17:10:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD502HJ rev.1AJ10001 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\uwloypod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80004bee000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff80004bee011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\services.exe[600] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[780] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[856] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
.text C:\Windows\System32\svchost.exe[124] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[256] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[560] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2556] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff9f6e00 5 bytes JMP 000007ff7fa11dac
.text C:\Windows\system32\svchost.exe[2556] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff9f6f2c 5 bytes JMP 000007ff7fa10ecc
.text C:\Windows\system32\svchost.exe[2556] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff9f7220 5 bytes JMP 000007ff7fa11284
.text C:\Windows\system32\svchost.exe[2556] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff9f739c 5 bytes JMP 000007ff7fa1163c
.text C:\Windows\system32\svchost.exe[2556] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff9f7538 5 bytes JMP 000007ff7fa119f4
.text C:\Windows\system32\svchost.exe[2556] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9f75e8 5 bytes JMP 000007ff7fa103a4
.text C:\Windows\system32\svchost.exe[2556] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff9f790c 5 bytes JMP 000007ff7fa1075c
.text C:\Windows\system32\svchost.exe[2556] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff9f7ab4 5 bytes JMP 000007ff7fa10b14
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077943b10 5 bytes JMP 000000010010075c
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077947ac0 5 bytes JMP 00000001001003a4
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077971430 5 bytes JMP 0000000100100b14
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077971490 5 bytes JMP 0000000100100ecc
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 000000010010163c
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000779717b0 5 bytes JMP 0000000100101284
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 00000001001019f4
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff9f6e00 5 bytes JMP 000007ff7fa11dac
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff9f6f2c 5 bytes JMP 000007ff7fa10ecc
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff9f7220 5 bytes JMP 000007ff7fa11284
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff9f739c 5 bytes JMP 000007ff7fa1163c
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff9f7538 5 bytes JMP 000007ff7fa119f4
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9f75e8 5 bytes JMP 000007ff7fa103a4
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff9f790c 5 bytes JMP 000007ff7fa1075c
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff9f7ab4 5 bytes JMP 000007ff7fa10b14
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077943b10 5 bytes JMP 000000010018075c
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077947ac0 5 bytes JMP 00000001001803a4
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077971430 5 bytes JMP 0000000100180b14
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077971490 5 bytes JMP 0000000100180ecc
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 000000010018163c
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000779717b0 5 bytes JMP 0000000100181284
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 00000001001819f4
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff9f6e00 5 bytes JMP 000007ff7fa11dac
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff9f6f2c 5 bytes JMP 000007ff7fa10ecc
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff9f7220 5 bytes JMP 000007ff7fa11284
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff9f739c 5 bytes JMP 000007ff7fa1163c
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff9f7538 5 bytes JMP 000007ff7fa119f4
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9f75e8 5 bytes JMP 000007ff7fa103a4
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff9f790c 5 bytes JMP 000007ff7fa1075c
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff9f7ab4 5 bytes JMP 000007ff7fa10b14
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077943b10 5 bytes JMP 000000010036075c
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077947ac0 5 bytes JMP 00000001003603a4
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077971430 5 bytes JMP 0000000100360b14
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077971490 5 bytes JMP 0000000100360ecc
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 000000010036163c
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000779717b0 5 bytes JMP 0000000100361284
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 00000001003619f4
.text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff9f6e00 5 bytes JMP 000007ff7fa11dac
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff9f6f2c 5 bytes JMP 000007ff7fa10ecc
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff9f7220 5 bytes JMP 000007ff7fa11284
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff9f739c 5 bytes JMP 000007ff7fa1163c
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff9f7538 5 bytes JMP 000007ff7fa119f4
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9f75e8 5 bytes JMP 000007ff7fa103a4
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff9f790c 5 bytes JMP 000007ff7fa1075c
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff9f7ab4 5 bytes JMP 000007ff7fa10b14
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077943b10 5 bytes JMP 000000010013075c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077947ac0 5 bytes JMP 00000001001303a4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077971430 5 bytes JMP 0000000100130b14
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077971490 5 bytes JMP 0000000100130ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 000000010013163c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000779717b0 5 bytes JMP 0000000100131284
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 00000001001319f4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077943b10 5 bytes JMP 000000010043075c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077947ac0 5 bytes JMP 00000001004303a4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077971430 5 bytes JMP 0000000100430b14
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077971490 5 bytes JMP 0000000100430ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 000000010043163c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000779717b0 5 bytes JMP 0000000100431284
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 00000001004319f4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2620] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b1fac0 5 bytes JMP 0000000100030600
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b1fb58 5 bytes JMP 0000000100030804
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b1fcb0 5 bytes JMP 0000000100030c0c
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b20038 5 bytes JMP 0000000100030a08
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b21920 5 bytes JMP 0000000100030e10
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b3c4dd 5 bytes JMP 00000001000301f8
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b41287 5 bytes JMP 00000001000303fc
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007754ee09 5 bytes JMP 00000001002301f8
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077553982 5 bytes JMP 00000001002303fc
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077557603 5 bytes JMP 0000000100230804
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007755835c 5 bytes JMP 0000000100230600
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007756f52b 5 bytes JMP 0000000100230a08
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000756e5181 5 bytes JMP 0000000100241014
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000756e5254 5 bytes JMP 0000000100240804
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756e53d5 5 bytes JMP 0000000100240a08
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756e54c2 5 bytes JMP 0000000100240c0c
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756e55e2 5 bytes JMP 0000000100240e10
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000756e567c 5 bytes JMP 00000001002401f8
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000756e589f 5 bytes JMP 00000001002403fc
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000756e5a22 5 bytes JMP 0000000100240600
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077943b10 5 bytes JMP 000000010041075c
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077947ac0 5 bytes JMP 00000001004103a4
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077971430 5 bytes JMP 0000000100410b14
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077971490 5 bytes JMP 0000000100410ecc
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 000000010041163c
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000779717b0 5 bytes JMP 0000000100411284
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 00000001004119f4
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff9f6e00 5 bytes JMP 000007ff7fa11dac
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff9f6f2c 5 bytes JMP 000007ff7fa10ecc
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff9f7220 5 bytes JMP 000007ff7fa11284
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff9f739c 5 bytes JMP 000007ff7fa1163c
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff9f7538 5 bytes JMP 000007ff7fa119f4
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9f75e8 5 bytes JMP 000007ff7fa103a4
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff9f790c 5 bytes JMP 000007ff7fa1075c
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff9f7ab4 5 bytes JMP 000007ff7fa10b14
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b1fac0 5 bytes JMP 0000000100030600
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b1fb58 5 bytes JMP 0000000100030804
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b1fcb0 5 bytes JMP 0000000100030c0c
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b20038 5 bytes JMP 0000000100030a08
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b21920 5 bytes JMP 0000000100030e10
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b3c4dd 5 bytes JMP 00000001000301f8
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b41287 5 bytes JMP 00000001000303fc
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007754ee09 5 bytes JMP 00000001001c01f8
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077553982 5 bytes JMP 00000001001c03fc
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077557603 5 bytes JMP 00000001001c0804
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007755835c 5 bytes JMP 00000001001c0600
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007756f52b 5 bytes JMP 00000001001c0a08
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000756e5181 5 bytes JMP 00000001001d1014
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000756e5254 5 bytes JMP 00000001001d0804
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756e53d5 5 bytes JMP 00000001001d0a08
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756e54c2 5 bytes JMP 00000001001d0c0c
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756e55e2 5 bytes JMP 00000001001d0e10
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000756e567c 5 bytes JMP 00000001001d01f8
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000756e589f 5 bytes JMP 00000001001d03fc
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000756e5a22 5 bytes JMP 00000001001d0600
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077311465 2 bytes [31, 77]
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773114bb 2 bytes [31, 77]
.text ... * 2
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2540] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b1fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b1fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b1fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b20038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b21920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b3c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b41287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007754ee09 5 bytes JMP 00000001002301f8
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077553982 5 bytes JMP 00000001002303fc
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077557603 5 bytes JMP 0000000100230804
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007755835c 5 bytes JMP 0000000100230600
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007756f52b 5 bytes JMP 0000000100230a08
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b1fac0 5 bytes JMP 0000000100030600
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b1fb58 5 bytes JMP 0000000100030804
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b1fcb0 5 bytes JMP 0000000100030c0c
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b20038 5 bytes JMP 0000000100030a08
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b21920 5 bytes JMP 0000000100030e10
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b3c4dd 5 bytes JMP 00000001000301f8
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b41287 5 bytes JMP 00000001000303fc
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007754ee09 5 bytes JMP 00000001002401f8
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077553982 5 bytes JMP 00000001002403fc
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077557603 5 bytes JMP 0000000100240804
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007755835c 5 bytes JMP 0000000100240600
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007756f52b 5 bytes JMP 0000000100240a08
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000756e5181 5 bytes JMP 0000000100251014
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000756e5254 5 bytes JMP 0000000100250804
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756e53d5 5 bytes JMP 0000000100250a08
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756e54c2 5 bytes JMP 0000000100250c0c
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756e55e2 5 bytes JMP 0000000100250e10
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000756e567c 5 bytes JMP 00000001002501f8
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000756e589f 5 bytes JMP 00000001002503fc
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000756e5a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b1fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b1fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b1fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b20038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b21920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b3c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b41287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000756e5181 5 bytes JMP 0000000100261014
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000756e5254 5 bytes JMP 0000000100260804
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756e53d5 5 bytes JMP 0000000100260a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756e54c2 5 bytes JMP 0000000100260c0c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756e55e2 5 bytes JMP 0000000100260e10
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000756e567c 5 bytes JMP 00000001002601f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000756e589f 5 bytes JMP 00000001002603fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000756e5a22 5 bytes JMP 0000000100260600
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b1fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b1fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b1fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b20038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b21920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b3c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b41287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007754ee09 5 bytes JMP 00000001001201f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077553982 5 bytes JMP 00000001001203fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077557603 5 bytes JMP 0000000100120804
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007755835c 5 bytes JMP 0000000100120600
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007756f52b 5 bytes JMP 0000000100120a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000756e5181 5 bytes JMP 00000001001b1014
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000756e5254 5 bytes JMP 00000001001b0804
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756e53d5 5 bytes JMP 00000001001b0a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756e54c2 5 bytes JMP 00000001001b0c0c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756e55e2 5 bytes JMP 00000001001b0e10
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000756e567c 5 bytes JMP 00000001001b01f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000756e589f 5 bytes JMP 00000001001b03fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000756e5a22 5 bytes JMP 00000001001b0600
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077943b10 5 bytes JMP 000000010043075c
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077947ac0 5 bytes JMP 00000001004303a4
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077971430 5 bytes JMP 0000000100430b14
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077971490 5 bytes JMP 0000000100430ecc
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 000000010043163c
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000779717b0 5 bytes JMP 0000000100431284
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 00000001004319f4
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff9f6e00 5 bytes JMP 000007ff7fa11dac
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff9f6f2c 5 bytes JMP 000007ff7fa10ecc
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff9f7220 5 bytes JMP 000007ff7fa11284
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff9f739c 5 bytes JMP 000007ff7fa1163c
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff9f7538 5 bytes JMP 000007ff7fa119f4
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9f75e8 5 bytes JMP 000007ff7fa103a4
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff9f790c 5 bytes JMP 000007ff7fa1075c
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff9f7ab4 5 bytes JMP 000007ff7fa10b14
.text C:\Users\Janik\Desktop\gmer_2.1.19163.exe[1268] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [256:1124] 000007fefb4ca2b0
Thread C:\Windows\System32\svchost.exe [256:1228] 000007fef87f20c0
Thread C:\Windows\System32\svchost.exe [256:1932] 000007fef87f26a8
Thread C:\Windows\System32\svchost.exe [256:2156] 000007fef87f29dc
Thread C:\Windows\System32\svchost.exe [256:1356] 000007fef92544e0
Thread C:\Windows\System32\svchost.exe [256:3948] 000007fef98c88f8
Thread C:\Windows\system32\svchost.exe [488:1912] 000007fef8cb0ea8
Thread C:\Windows\system32\svchost.exe [488:1948] 000007fef8ca9db0
Thread C:\Windows\system32\svchost.exe [488:1928] 000007fef8caaa10
Thread C:\Windows\system32\svchost.exe [488:336] 000007fef8cb1c94
Thread C:\Windows\System32\spoolsv.exe [1556:1236] 000007fefab010c8
Thread C:\Windows\System32\spoolsv.exe [1556:3028] 000007fef5be6144
Thread C:\Windows\System32\spoolsv.exe [1556:2700] 000007fef5cb5fd0
Thread C:\Windows\System32\spoolsv.exe [1556:2708] 000007fef6613438
Thread C:\Windows\System32\spoolsv.exe [1556:2712] 000007fef5cb63ec
Thread C:\Windows\System32\spoolsv.exe [1556:2152] 000007fef69e5e5c
Thread C:\Windows\System32\svchost.exe [3916:5084] 000007fef2f59688
---- EOF - GMER 2.1 ----
Tut mir Leid falls ich unnötige Informationen mitaufgenommen haben sollte, aber ich kann selbst nicht zwischen wichtig/unwichtig unterscheiden. Ich Hoffe, dass Ihr/Du/Sie mir helfen könnt/kannst/können, Janik Geändert von AmigoBandito (18.11.2013 um 17:54 Uhr) Grund: Einfall |
|
18.11.2013, 19:37
| #2 |
| /// the machine /// TB-Ausbilder    | http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel Hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Und ein frisches frst log bitte.
__________________ |
|
18.11.2013, 21:06
| #3 |
| | http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel Nach dem Quickscan hat Malware ca. 900 infizierte Objekte gefunden.
__________________Ich habe diese entfernen lassen, allerdings sollte ich meinen computer neustarten laut Meldung, wobei die logfiles verloren gegangen sind (Leerer Ordner). Das ist das log vom 2. Quickscan: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.18.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 Janik :: JANIKSPC [limitiert] 18.11.2013 20:20:18 mbam-log-2013-11-18 (20-20-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 159916 Laufzeit: 3 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.012 - Bericht erstellt am 18/11/2013 um 20:32:00
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Administrator Janik - JANIKSPC
# Gestartet von : C:\Users\Janik\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\DeviceVM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\SpeedUpMyPC
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Users\ADMINI~1\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\Administrator Janik\AppData\Roaming\DeviceVM
Ordner Gelöscht : C:\Users\Administrator Janik\AppData\Roaming\optimizer pro
Ordner Gelöscht : C:\Users\Janik\AppData\Roaming\Desk 365
Ordner Gelöscht : C:\Users\Janik\AppData\Roaming\DeviceVM
Ordner Gelöscht : C:\Users\Tom\AppData\Roaming\DeviceVM
Datei Gelöscht : C:\Users\Administrator Janik\AppData\Roaming\Mozilla\Firefox\Profiles\vz785cye.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
Datei Gelöscht : C:\Windows\Tasks\SpeedUpMyPC.job
Datei Gelöscht : C:\Windows\System32\Tasks\SpeedUpMyPC
Datei Gelöscht : C:\Windows\Tasks\spmonitor.job
Datei Gelöscht : C:\Windows\System32\Tasks\spmonitor
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_battlefield-2_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_battlefield-2_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_call-of-duty-4_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_call-of-duty-4_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\smartbar
Schlüssel Gelöscht : HKCU\Software\smartbarbackup
Schlüssel Gelöscht : HKCU\Software\smartbarlog
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\hdcode
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DomaIQ
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16736
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v25.0.1 (en-US)
[ Datei : C:\Users\Administrator Janik\AppData\Roaming\Mozilla\Firefox\Profiles\vz785cye.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=a5f778b7-5d55-5bb9-7e74-c97ba97d1a9a&searchtype=hp&installDate={installDate}");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=a5f778b7-5d55-5bb9-7e74-c97ba97d1a9a&searchtype=ds&installDate={installDate}&q=");
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=a5f778b7-5d55-5bb9-7e74-c97ba97d1a9a&searchtype=nt&installDate={installDate}");
[ Datei : C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "141daea5ac8dfedf505bb589c05a8b7e");
[ Datei : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\vx9x4lwy.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
*************************
AdwCleaner[R0].txt - [8185 octets] - [18/11/2013 20:30:40]
AdwCleaner[S0].txt - [7221 octets] - [18/11/2013 20:32:00]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [7281 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Administrator Janik on 18.11.2013 at 20:38:23,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Users\Administrator Janik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\Administrator Janik\AppData\Roaming\mozilla\firefox\profiles\vz785cye.default\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.11.2013 at 20:42:55,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Administrator Janik (administrator) on JANIKSPC on 18-11-2013 20:54:23
Running from C:\Users\Administrator Janik\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Dropbox, Inc.) C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Akamai Technologies, Inc.) C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM-x32\...\Runonce: [InstallShieldSetup] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKLM-x32\...\Runonce: [InstallShieldSetup1] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKLM-x32\...\Runonce: [InstallShieldSetup2] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin [829832 2013-10-09] (Adobe Systems Incorporated)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Tom\...\Policies\system: [LogonHoursAction] 2
HKU\Tom\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.234.128.7 195.234.128.16 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Administrator Janik\AppData\Roaming\Mozilla\Firefox\Profiles\vz785cye.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.3 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=0.80.0 - C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-27] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
S3 RTCore64; C:\after\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 X6va005; \??\C:\Users\ADMINI~1\AppData\Local\Temp\005E51A.tmp [x]
S3 X6va006; \??\C:\Users\ADMINI~1\AppData\Local\Temp\0062148.tmp [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-18 20:54 - 2013-11-18 20:54 - 00012504 _____ C:\Users\Administrator Janik\Downloads\FRST.txt
2013-11-18 20:52 - 2013-11-18 20:52 - 01957964 _____ (Farbar) C:\Users\Administrator Janik\Downloads\FRST64.exe
2013-11-18 20:42 - 2013-11-18 20:42 - 00001085 _____ C:\Users\Administrator Janik\Desktop\JRT.txt
2013-11-18 20:38 - 2013-11-18 20:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-18 20:37 - 2013-11-18 20:37 - 01034531 _____ (Thisisu) C:\Users\Janik\Desktop\JRT.exe
2013-11-18 20:30 - 2013-11-18 20:32 - 00000000 ____D C:\AdwCleaner
2013-11-18 20:28 - 2013-11-18 20:28 - 01085542 _____ C:\Users\Janik\Desktop\adwcleaner.exe
2013-11-18 20:24 - 2013-11-18 20:49 - 00009899 _____ C:\Users\Janik\Desktop\Post.txt
2013-11-18 20:17 - 2013-11-18 20:17 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Malwarebytes
2013-11-18 20:04 - 2013-11-18 20:04 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\Users\Administrator Janik\AppData\Roaming\Malwarebytes
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 20:04 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-18 20:01 - 2013-11-18 20:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Janik\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-18 17:10 - 2013-11-18 17:41 - 00046431 _____ C:\Users\Janik\Desktop\Gmer.log
2013-11-18 16:54 - 2013-11-18 16:54 - 00377856 _____ C:\Users\Janik\Desktop\gmer_2.1.19163.exe
2013-11-18 16:52 - 2013-11-18 16:52 - 00018806 _____ C:\Users\Janik\Desktop\Addition.txt
2013-11-18 16:51 - 2013-11-18 16:52 - 00034711 _____ C:\Users\Janik\Desktop\FRST.txt
2013-11-18 16:51 - 2013-11-18 16:51 - 00000000 ____D C:\FRST
2013-11-18 16:50 - 2013-11-18 16:50 - 00050477 _____ C:\Users\Janik\Downloads\Defogger.exe
2013-11-18 16:48 - 2013-11-18 16:48 - 00000500 _____ C:\Users\Janik\Desktop\defogger_disable.log
2013-11-18 16:48 - 2013-11-18 16:48 - 00000000 _____ C:\Users\Administrator Janik\defogger_reenable
2013-11-18 16:45 - 2013-11-18 16:45 - 00050477 _____ C:\Users\Janik\Desktop\Defogger.exe
2013-11-17 15:54 - 2013-11-17 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 12:20 - 2013-11-17 12:21 - 00000000 ____D C:\Users\Janik\Documents\BFBC2
2013-11-14 20:08 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 20:08 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 20:08 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 20:08 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 20:08 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 20:08 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 20:07 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 20:07 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 20:07 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 20:07 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 16:11 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 16:11 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 16:10 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 16:10 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 16:10 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 16:10 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 16:10 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 16:10 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 16:10 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 16:09 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 16:09 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 16:09 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 16:09 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 16:09 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 16:09 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 16:09 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 16:09 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 16:09 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 16:09 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 16:09 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 16:09 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 16:09 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 16:09 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 16:09 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 16:09 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 16:08 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 16:08 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 16:08 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 16:08 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 16:08 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-04 14:04 - 2013-11-04 14:04 - 00000000 ____D C:\Users\Janik\Desktop\LOLPBE
2013-11-02 22:35 - 2013-11-02 22:35 - 00000000 ____D C:\Users\Janik\Documents\League of Legends
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-11-01 17:30 - 2013-11-01 17:31 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Janik\Downloads\AdobeAIRInstaller.exe
2013-11-01 17:24 - 2013-11-01 17:24 - 00000000 ____D C:\ProgramData\Oracle
2013-11-01 17:23 - 2013-11-01 17:23 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-01 17:22 - 2013-11-01 17:22 - 30694824 _____ (Oracle Corporation) C:\Users\Janik\Downloads\jre-7u45-windows-x64.exe
2013-11-01 17:19 - 2013-11-01 17:19 - 23294592 _____ (Mozilla) C:\Users\Janik\Downloads\Firefox_Setup_25.0.exe
2013-10-21 15:48 - 2013-11-07 23:25 - 00000000 ____D C:\Users\Janik\Desktop\GG
2013-10-21 14:19 - 2013-10-21 14:19 - 00001865 _____ C:\Users\Janik\Downloads\Sklansky-Tabelle.zip
2013-10-20 21:39 - 2013-10-20 21:39 - 00000000 ____D C:\Users\Administrator Janik\AppData\Local\Macromedia
2013-10-20 21:34 - 2013-10-21 13:07 - 00000000 ____D C:\Program Files (x86)\Uniblue
==================== One Month Modified Files and Folders =======
2013-11-18 20:54 - 2013-11-18 20:54 - 00012504 _____ C:\Users\Administrator Janik\Downloads\FRST.txt
2013-11-18 20:52 - 2013-11-18 20:52 - 01957964 _____ (Farbar) C:\Users\Administrator Janik\Downloads\FRST64.exe
2013-11-18 20:49 - 2013-11-18 20:24 - 00009899 _____ C:\Users\Janik\Desktop\Post.txt
2013-11-18 20:42 - 2013-11-18 20:42 - 00001085 _____ C:\Users\Administrator Janik\Desktop\JRT.txt
2013-11-18 20:40 - 2011-04-06 20:06 - 00001425 _____ C:\Users\Administrator Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-18 20:40 - 2011-04-06 20:06 - 00000000 ___RD C:\Users\Administrator Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-18 20:40 - 2011-04-06 20:06 - 00000000 ___RD C:\Users\Administrator Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-18 20:40 - 2009-07-14 05:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-18 20:40 - 2009-07-14 05:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-18 20:38 - 2013-11-18 20:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-18 20:37 - 2013-11-18 20:37 - 01034531 _____ (Thisisu) C:\Users\Janik\Desktop\JRT.exe
2013-11-18 20:34 - 2013-09-23 11:34 - 00000000 ___RD C:\Users\Janik\Dropbox
2013-11-18 20:34 - 2013-09-23 11:32 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Dropbox
2013-11-18 20:34 - 2013-04-12 00:06 - 00000000 ____D C:\Users\Janik\AppData\Local\FreePDF_XP
2013-11-18 20:33 - 2011-04-08 13:35 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-18 20:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-18 20:33 - 2009-07-14 05:51 - 00138523 _____ C:\Windows\setupact.log
2013-11-18 20:32 - 2013-11-18 20:30 - 00000000 ____D C:\AdwCleaner
2013-11-18 20:32 - 2011-04-06 19:55 - 01674200 _____ C:\Windows\WindowsUpdate.log
2013-11-18 20:28 - 2013-11-18 20:28 - 01085542 _____ C:\Users\Janik\Desktop\adwcleaner.exe
2013-11-18 20:19 - 2013-09-06 19:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-18 20:17 - 2013-11-18 20:17 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Malwarebytes
2013-11-18 20:15 - 2012-07-18 12:07 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-18 20:14 - 2011-04-08 13:20 - 00667000 _____ C:\Windows\PFRO.log
2013-11-18 20:04 - 2013-11-18 20:04 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\Users\Administrator Janik\AppData\Roaming\Malwarebytes
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 20:02 - 2013-11-18 20:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Janik\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-18 17:41 - 2013-11-18 17:10 - 00046431 _____ C:\Users\Janik\Desktop\Gmer.log
2013-11-18 16:55 - 2011-09-01 15:01 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Skype
2013-11-18 16:54 - 2013-11-18 16:54 - 00377856 _____ C:\Users\Janik\Desktop\gmer_2.1.19163.exe
2013-11-18 16:52 - 2013-11-18 16:52 - 00018806 _____ C:\Users\Janik\Desktop\Addition.txt
2013-11-18 16:52 - 2013-11-18 16:51 - 00034711 _____ C:\Users\Janik\Desktop\FRST.txt
2013-11-18 16:51 - 2013-11-18 16:51 - 00000000 ____D C:\FRST
2013-11-18 16:50 - 2013-11-18 16:50 - 00050477 _____ C:\Users\Janik\Downloads\Defogger.exe
2013-11-18 16:48 - 2013-11-18 16:48 - 00000500 _____ C:\Users\Janik\Desktop\defogger_disable.log
2013-11-18 16:48 - 2013-11-18 16:48 - 00000000 _____ C:\Users\Administrator Janik\defogger_reenable
2013-11-18 16:48 - 2011-04-06 20:06 - 00000000 ____D C:\Users\Administrator Janik
2013-11-18 16:45 - 2013-11-18 16:45 - 00050477 _____ C:\Users\Janik\Desktop\Defogger.exe
2013-11-18 16:23 - 2011-05-05 19:55 - 00000000 ____D C:\Users\Janik\AppData\Roaming\TS3Client
2013-11-18 14:29 - 2013-09-06 19:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 20:30 - 2013-02-01 19:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-17 20:30 - 2011-09-01 15:01 - 00000000 ____D C:\ProgramData\Skype
2013-11-17 15:54 - 2013-11-17 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 12:24 - 2011-04-15 18:12 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-11-17 12:21 - 2013-11-17 12:20 - 00000000 ____D C:\Users\Janik\Documents\BFBC2
2013-11-17 12:20 - 2011-04-15 20:22 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-11-17 12:20 - 2011-04-15 18:37 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-17 01:17 - 2013-10-01 16:52 - 00000000 ____D C:\Users\Janik\Desktop\Esis
2013-11-14 20:37 - 2011-07-08 12:58 - 00000000 ____D C:\Users\Janik\AppData\Local\CrashDumps
2013-11-14 20:06 - 2013-08-19 12:22 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 20:05 - 2013-01-22 16:26 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 21:22 - 2011-10-31 15:32 - 00000000 ____D C:\Users\Janik\Desktop\Was noch so rumfliegt
2013-11-11 13:36 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-09 18:55 - 2009-07-14 18:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-11-09 18:55 - 2009-07-14 18:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-11-09 18:55 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-07 23:25 - 2013-10-21 15:48 - 00000000 ____D C:\Users\Janik\Desktop\GG
2013-11-06 16:44 - 2011-05-05 19:55 - 00000000 ____D C:\Program Files\ts3
2013-11-04 14:04 - 2013-11-04 14:04 - 00000000 ____D C:\Users\Janik\Desktop\LOLPBE
2013-11-02 22:35 - 2013-11-02 22:35 - 00000000 ____D C:\Users\Janik\Documents\League of Legends
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:30 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Janik\Downloads\AdobeAIRInstaller.exe
2013-11-01 17:31 - 2011-05-13 19:16 - 00000000 ____D C:\Users\Janik\AppData\Local\Adobe
2013-11-01 17:31 - 2011-04-15 20:31 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Adobe
2013-11-01 17:31 - 2011-04-07 20:19 - 00000000 ____D C:\Users\Administrator Janik\AppData\Local\Adobe
2013-11-01 17:31 - 2011-04-07 20:13 - 00000000 ____D C:\ProgramData\Adobe
2013-11-01 17:31 - 2011-04-07 20:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-01 17:29 - 2012-01-23 22:23 - 00000000 ____D C:\Program Files\Java
2013-11-01 17:24 - 2013-11-01 17:24 - 00000000 ____D C:\ProgramData\Oracle
2013-11-01 17:23 - 2013-11-01 17:23 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-01 17:23 - 2012-01-23 22:23 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-01 17:23 - 2012-01-23 22:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-01 17:23 - 2012-01-23 22:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-01 17:22 - 2013-11-01 17:22 - 30694824 _____ (Oracle Corporation) C:\Users\Janik\Downloads\jre-7u45-windows-x64.exe
2013-11-01 17:21 - 2013-09-06 19:17 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-01 17:19 - 2013-11-01 17:19 - 23294592 _____ (Mozilla) C:\Users\Janik\Downloads\Firefox_Setup_25.0.exe
2013-10-21 14:19 - 2013-10-21 14:19 - 00001865 _____ C:\Users\Janik\Downloads\Sklansky-Tabelle.zip
2013-10-21 13:58 - 2013-10-06 11:47 - 00000000 ____D C:\Users\Janik\bluej
2013-10-21 13:58 - 2011-12-28 16:47 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-21 13:58 - 2011-12-04 14:26 - 00000000 ____D C:\Windows\Minidump
2013-10-21 13:58 - 2011-11-17 16:05 - 00000000 ____D C:\Users\Janik\AppData\Local\Akamai
2013-10-21 13:58 - 2011-09-29 22:48 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-10-21 13:58 - 2011-09-29 15:47 - 00000000 ____D C:\ProgramData\Origin
2013-10-21 13:58 - 2011-04-20 07:18 - 00000000 ____D C:\Users\Tom
2013-10-21 13:58 - 2011-04-08 13:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-21 13:58 - 2011-04-08 13:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-21 13:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-10-21 13:57 - 2013-10-14 20:16 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-21 13:57 - 2011-04-15 20:26 - 00000000 ____D C:\Users\Janik\AppData\Local\PunkBuster
2013-10-21 13:57 - 2011-04-15 20:22 - 00000000 ____D C:\Users\Administrator Janik\AppData\Local\PunkBuster
2013-10-21 13:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\security
2013-10-21 13:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-21 13:07 - 2013-10-20 21:34 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-10-21 13:04 - 2011-09-29 15:47 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-10-21 13:00 - 2011-04-08 15:05 - 00000000 ____D C:\Users\Janik
2013-10-21 12:06 - 2011-12-21 16:56 - 00064536 _____ C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-21 12:06 - 2011-12-21 16:56 - 00064536 _____ C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-20 21:39 - 2013-10-20 21:39 - 00000000 ____D C:\Users\Administrator Janik\AppData\Local\Macromedia
2013-10-20 21:39 - 2011-06-17 16:51 - 00000000 ____D C:\Users\Administrator Janik\AppData\Local\CrashDumps
2013-10-20 21:34 - 2011-06-11 01:58 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-10-20 21:34 - 2011-06-11 01:58 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-10-20 21:32 - 2011-04-08 13:38 - 00064536 _____ C:\Users\Administrator Janik\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-19 01:50 - 2012-05-05 08:06 - 00003022 _____ C:\Windows\System32\Tasks\MSIAfterburner
Some content of TEMP:
====================
C:\Users\Administrator Janik\AppData\Local\Temp\AskSLib.dll
C:\Users\Administrator Janik\AppData\Local\Temp\BackupSetup.exe
C:\Users\Administrator Janik\AppData\Local\Temp\CF_Downloader.exe
C:\Users\Administrator Janik\AppData\Local\Temp\DLBT.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll1594642.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll1632207.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll1751984.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll1753981.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll1761485.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll2660877.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll370907.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll4738109.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll4739653.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll4745768.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll6642226.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll911997.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll913573.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll921419.dll
C:\Users\Administrator Janik\AppData\Local\Temp\Java.exe
C:\Users\Administrator Janik\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Administrator Janik\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Administrator Janik\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Administrator Janik\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Administrator Janik\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Administrator Janik\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Administrator Janik\AppData\Local\Temp\nvStInst.exe
C:\Users\Administrator Janik\AppData\Local\Temp\OriginLauncher1751984.exe
C:\Users\Administrator Janik\AppData\Local\Temp\OriginLauncher4738109.exe
C:\Users\Administrator Janik\AppData\Local\Temp\OriginLauncher911997.exe
C:\Users\Administrator Janik\AppData\Local\Temp\Play.exe
C:\Users\Administrator Janik\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator Janik\AppData\Local\Temp\rootsupd.exe
C:\Users\Administrator Janik\AppData\Local\Temp\Setup.exe
C:\Users\Administrator Janik\AppData\Local\Temp\sonarinst.exe
C:\Users\Administrator Janik\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Administrator Janik\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Administrator Janik\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Administrator Janik\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Administrator Janik\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Janik\AppData\Local\Temp\CF_Downloader.exe
C:\Users\Janik\AppData\Local\Temp\DLBT.dll
C:\Users\Janik\AppData\Local\Temp\EADCBB7.exe
C:\Users\Janik\AppData\Local\Temp\installerdll1613565.dll
C:\Users\Janik\AppData\Local\Temp\installerdll358443.dll
C:\Users\Janik\AppData\Local\Temp\installerdll5023856.dll
C:\Users\Janik\AppData\Local\Temp\installerdll5515649.dll
C:\Users\Janik\AppData\Local\Temp\installerdll6632897.dll
C:\Users\Janik\AppData\Local\Temp\Setup.exe
C:\Users\Janik\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-10 13:26
==================== End Of Log ============================
Nach dem Junkware removal tool, sind aus Firefox scheinbar all meine Lesezeichen entfernt worden. Gibt es eine Möglichkeit sie wieder zurückzuholen? Außerdem Ist der Desktop mit anderen Symbolen bestickt und ich kann keinen Rechtsklick/ Linksklick mehr machen. Mein Alter Desktop ist noch im Windows-Explorer. Kann ich meinen ehemaligen Desktop wiederherstellen? Vielen Dank für dein Verständis, Janik |
|
19.11.2013, 11:55
| #4 |
| /// the machine /// TB-Ausbilder | http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel Mach bitte mal ne Systemwiederherstellung auf vor Junkware. Dann MBAM und Adw neu laufen lassen und ein frisches FRST log posten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.11.2013, 20:22
| #5 |
| | http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel Habe den einzigen Systemwiederherstellungspunkt genutzt der verfügbar war, MBAM und Adw laufen lassen. Hier das Frst: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Administrator Janik (administrator) on JANIKSPC on 19-11-2013 20:18:32
Running from C:\Users\Janik\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe
(Dropbox, Inc.) C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM\...\RunOnce: [*Restore] - C:\Windows\System32\rstrui.exe /runonce [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Runonce: [InstallShieldSetup] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKLM-x32\...\Runonce: [InstallShieldSetup1] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKLM-x32\...\Runonce: [InstallShieldSetup2] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [zASRockInstantBoot] - [x]
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe -update plugin [829832 2013-10-09] (Adobe Systems Incorporated)
HKCU\...\RunOnce: [Report] - \AdwCleaner\AdwCleaner[S1].txt [1208 2013-11-19] ()
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Tom\...\Policies\system: [LogonHoursAction] 2
HKU\Tom\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Administrator Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.234.128.7 195.234.128.16 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Administrator Janik\AppData\Roaming\Mozilla\Firefox\Profiles\vz785cye.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.3 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=0.80.0 - C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-27] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
S3 RTCore64; C:\after\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 X6va005; \??\C:\Users\ADMINI~1\AppData\Local\Temp\005E51A.tmp [x]
S3 X6va006; \??\C:\Users\ADMINI~1\AppData\Local\Temp\0062148.tmp [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-19 20:18 - 2013-11-19 20:18 - 00012686 _____ C:\Users\Janik\Desktop\FRST.txt
2013-11-19 20:10 - 2013-11-19 20:11 - 01957964 _____ (Farbar) C:\Users\Janik\Desktop\FRST64.exe
2013-11-18 20:54 - 2013-11-18 20:55 - 00037390 _____ C:\Users\Administrator Janik\Downloads\FRST.txt
2013-11-18 20:52 - 2013-11-18 20:52 - 01957964 _____ (Farbar) C:\Users\Administrator Janik\Downloads\FRST64.exe
2013-11-18 20:42 - 2013-11-18 20:42 - 00001085 _____ C:\Users\Administrator Janik\Desktop\JRT.txt
2013-11-18 20:38 - 2013-11-18 20:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-18 20:37 - 2013-11-18 20:37 - 01034531 _____ (Thisisu) C:\Users\Janik\Desktop\JRT.exe
2013-11-18 20:30 - 2013-11-19 20:13 - 00000000 ____D C:\AdwCleaner
2013-11-18 20:28 - 2013-11-18 20:28 - 01085542 _____ C:\Users\Janik\Desktop\adwcleaner.exe
2013-11-18 20:17 - 2013-11-18 20:17 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Malwarebytes
2013-11-18 20:04 - 2013-11-18 20:04 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\Users\Administrator Janik\AppData\Roaming\Malwarebytes
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 20:04 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-18 20:01 - 2013-11-18 20:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Janik\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-18 16:54 - 2013-11-18 16:54 - 00377856 _____ C:\Users\Janik\Desktop\gmer_2.1.19163.exe
2013-11-18 16:51 - 2013-11-18 16:51 - 00000000 ____D C:\FRST
2013-11-18 16:50 - 2013-11-18 16:50 - 00050477 _____ C:\Users\Janik\Downloads\Defogger.exe
2013-11-18 16:48 - 2013-11-18 16:48 - 00000000 _____ C:\Users\Administrator Janik\defogger_reenable
2013-11-18 16:45 - 2013-11-18 16:45 - 00050477 _____ C:\Users\Janik\Desktop\Defogger.exe
2013-11-17 15:54 - 2013-11-17 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 12:20 - 2013-11-17 12:21 - 00000000 ____D C:\Users\Janik\Documents\BFBC2
2013-11-14 20:08 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 20:08 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 20:08 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 20:08 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 20:08 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 20:08 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 20:07 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 20:07 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 20:07 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 20:07 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 16:11 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 16:11 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 16:10 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 16:10 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 16:10 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 16:10 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 16:10 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 16:10 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 16:10 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 16:09 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 16:09 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 16:09 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 16:09 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 16:09 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 16:09 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 16:09 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 16:09 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 16:09 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 16:09 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 16:09 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 16:09 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 16:09 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 16:09 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 16:09 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 16:09 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 16:08 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 16:08 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 16:08 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 16:08 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 16:08 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-04 14:04 - 2013-11-04 14:04 - 00000000 ____D C:\Users\Janik\Desktop\LOLPBE
2013-11-02 22:35 - 2013-11-02 22:35 - 00000000 ____D C:\Users\Janik\Documents\League of Legends
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-11-01 17:30 - 2013-11-01 17:31 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Janik\Downloads\AdobeAIRInstaller.exe
2013-11-01 17:24 - 2013-11-01 17:24 - 00000000 ____D C:\ProgramData\Oracle
2013-11-01 17:23 - 2013-11-01 17:23 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-01 17:22 - 2013-11-01 17:22 - 30694824 _____ (Oracle Corporation) C:\Users\Janik\Downloads\jre-7u45-windows-x64.exe
2013-11-01 17:19 - 2013-11-01 17:19 - 23294592 _____ (Mozilla) C:\Users\Janik\Downloads\Firefox_Setup_25.0.exe
2013-10-21 15:48 - 2013-11-07 23:25 - 00000000 ____D C:\Users\Janik\Desktop\GG
2013-10-21 14:19 - 2013-10-21 14:19 - 00001865 _____ C:\Users\Janik\Downloads\Sklansky-Tabelle.zip
2013-10-20 21:39 - 2013-10-20 21:39 - 00000000 ____D C:\Users\Administrator Janik\AppData\Local\Macromedia
2013-10-20 21:34 - 2013-10-21 13:07 - 00000000 ____D C:\Program Files (x86)\Uniblue
==================== One Month Modified Files and Folders =======
2013-11-19 20:18 - 2013-11-19 20:18 - 00012686 _____ C:\Users\Janik\Desktop\FRST.txt
2013-11-19 20:15 - 2013-09-23 11:34 - 00000000 ___RD C:\Users\Janik\Dropbox
2013-11-19 20:15 - 2013-09-23 11:32 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Dropbox
2013-11-19 20:15 - 2013-04-12 00:06 - 00000000 ____D C:\Users\Janik\AppData\Local\FreePDF_XP
2013-11-19 20:15 - 2012-07-18 12:07 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-19 20:14 - 2011-04-08 13:35 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-19 20:14 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-19 20:14 - 2009-07-14 05:51 - 00138691 _____ C:\Windows\setupact.log
2013-11-19 20:13 - 2013-11-18 20:30 - 00000000 ____D C:\AdwCleaner
2013-11-19 20:13 - 2011-04-06 19:55 - 01734519 _____ C:\Windows\WindowsUpdate.log
2013-11-19 20:13 - 2009-07-14 05:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-19 20:13 - 2009-07-14 05:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-19 20:12 - 2011-04-06 20:06 - 00000000 ____D C:\Users\Administrator Janik
2013-11-19 20:11 - 2013-11-19 20:10 - 01957964 _____ (Farbar) C:\Users\Janik\Desktop\FRST64.exe
2013-11-19 20:06 - 2011-04-15 18:56 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-19 20:06 - 2011-04-15 18:56 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-11-19 20:04 - 2011-04-08 15:05 - 00000000 ____D C:\Users\Janik
2013-11-19 20:03 - 2011-11-17 16:05 - 00000000 ____D C:\Users\Janik\AppData\Local\Akamai
2013-11-19 20:03 - 2011-09-01 15:01 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Skype
2013-11-19 20:03 - 2011-04-20 07:18 - 00000000 ____D C:\Users\Tom
2013-11-19 20:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-19 20:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-18 21:19 - 2013-09-06 19:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-18 21:11 - 2011-04-15 18:57 - 00003234 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-11-18 20:55 - 2013-11-18 20:54 - 00037390 _____ C:\Users\Administrator Janik\Downloads\FRST.txt
2013-11-18 20:52 - 2013-11-18 20:52 - 01957964 _____ (Farbar) C:\Users\Administrator Janik\Downloads\FRST64.exe
2013-11-18 20:42 - 2013-11-18 20:42 - 00001085 _____ C:\Users\Administrator Janik\Desktop\JRT.txt
2013-11-18 20:40 - 2011-04-06 20:06 - 00001425 _____ C:\Users\Administrator Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-18 20:40 - 2011-04-06 20:06 - 00000000 ___RD C:\Users\Administrator Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-18 20:40 - 2011-04-06 20:06 - 00000000 ___RD C:\Users\Administrator Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-18 20:38 - 2013-11-18 20:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-18 20:37 - 2013-11-18 20:37 - 01034531 _____ (Thisisu) C:\Users\Janik\Desktop\JRT.exe
2013-11-18 20:28 - 2013-11-18 20:28 - 01085542 _____ C:\Users\Janik\Desktop\adwcleaner.exe
2013-11-18 20:17 - 2013-11-18 20:17 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Malwarebytes
2013-11-18 20:14 - 2011-04-08 13:20 - 00667000 _____ C:\Windows\PFRO.log
2013-11-18 20:04 - 2013-11-18 20:04 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\Users\Administrator Janik\AppData\Roaming\Malwarebytes
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 20:02 - 2013-11-18 20:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Janik\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-18 16:54 - 2013-11-18 16:54 - 00377856 _____ C:\Users\Janik\Desktop\gmer_2.1.19163.exe
2013-11-18 16:51 - 2013-11-18 16:51 - 00000000 ____D C:\FRST
2013-11-18 16:50 - 2013-11-18 16:50 - 00050477 _____ C:\Users\Janik\Downloads\Defogger.exe
2013-11-18 16:48 - 2013-11-18 16:48 - 00000000 _____ C:\Users\Administrator Janik\defogger_reenable
2013-11-18 16:45 - 2013-11-18 16:45 - 00050477 _____ C:\Users\Janik\Desktop\Defogger.exe
2013-11-18 16:23 - 2011-05-05 19:55 - 00000000 ____D C:\Users\Janik\AppData\Roaming\TS3Client
2013-11-18 14:29 - 2013-09-06 19:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 20:30 - 2013-02-01 19:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-17 20:30 - 2011-09-01 15:01 - 00000000 ____D C:\ProgramData\Skype
2013-11-17 15:54 - 2013-11-17 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 12:24 - 2011-04-15 18:12 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-11-17 12:21 - 2013-11-17 12:20 - 00000000 ____D C:\Users\Janik\Documents\BFBC2
2013-11-17 12:20 - 2011-04-15 20:22 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-11-17 12:20 - 2011-04-15 18:37 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-17 01:17 - 2013-10-01 16:52 - 00000000 ____D C:\Users\Janik\Desktop\Esis
2013-11-14 20:37 - 2011-07-08 12:58 - 00000000 ____D C:\Users\Janik\AppData\Local\CrashDumps
2013-11-14 20:06 - 2013-08-19 12:22 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 20:05 - 2013-01-22 16:26 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 21:22 - 2011-10-31 15:32 - 00000000 ____D C:\Users\Janik\Desktop\Was noch so rumfliegt
2013-11-11 13:36 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-09 18:55 - 2009-07-14 18:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-11-09 18:55 - 2009-07-14 18:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-11-09 18:55 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-07 23:25 - 2013-10-21 15:48 - 00000000 ____D C:\Users\Janik\Desktop\GG
2013-11-06 16:44 - 2011-05-05 19:55 - 00000000 ____D C:\Program Files\ts3
2013-11-04 14:04 - 2013-11-04 14:04 - 00000000 ____D C:\Users\Janik\Desktop\LOLPBE
2013-11-02 22:35 - 2013-11-02 22:35 - 00000000 ____D C:\Users\Janik\Documents\League of Legends
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:30 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Janik\Downloads\AdobeAIRInstaller.exe
2013-11-01 17:31 - 2011-05-13 19:16 - 00000000 ____D C:\Users\Janik\AppData\Local\Adobe
2013-11-01 17:31 - 2011-04-15 20:31 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Adobe
2013-11-01 17:31 - 2011-04-07 20:19 - 00000000 ____D C:\Users\Administrator Janik\AppData\Local\Adobe
2013-11-01 17:31 - 2011-04-07 20:13 - 00000000 ____D C:\ProgramData\Adobe
2013-11-01 17:31 - 2011-04-07 20:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-01 17:29 - 2012-01-23 22:23 - 00000000 ____D C:\Program Files\Java
2013-11-01 17:24 - 2013-11-01 17:24 - 00000000 ____D C:\ProgramData\Oracle
2013-11-01 17:23 - 2013-11-01 17:23 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-01 17:23 - 2012-01-23 22:23 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-01 17:23 - 2012-01-23 22:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-01 17:23 - 2012-01-23 22:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-01 17:22 - 2013-11-01 17:22 - 30694824 _____ (Oracle Corporation) C:\Users\Janik\Downloads\jre-7u45-windows-x64.exe
2013-11-01 17:21 - 2013-09-06 19:17 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-01 17:19 - 2013-11-01 17:19 - 23294592 _____ (Mozilla) C:\Users\Janik\Downloads\Firefox_Setup_25.0.exe
2013-10-21 14:19 - 2013-10-21 14:19 - 00001865 _____ C:\Users\Janik\Downloads\Sklansky-Tabelle.zip
2013-10-21 13:58 - 2013-10-06 11:47 - 00000000 ____D C:\Users\Janik\bluej
2013-10-21 13:58 - 2011-12-28 16:47 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-21 13:58 - 2011-12-04 14:26 - 00000000 ____D C:\Windows\Minidump
2013-10-21 13:58 - 2011-09-29 22:48 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-10-21 13:58 - 2011-09-29 15:47 - 00000000 ____D C:\ProgramData\Origin
2013-10-21 13:58 - 2011-04-08 13:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-21 13:58 - 2011-04-08 13:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-21 13:57 - 2013-10-14 20:16 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-21 13:57 - 2011-04-15 20:26 - 00000000 ____D C:\Users\Janik\AppData\Local\PunkBuster
2013-10-21 13:57 - 2011-04-15 20:22 - 00000000 ____D C:\Users\Administrator Janik\AppData\Local\PunkBuster
2013-10-21 13:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\security
2013-10-21 13:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-21 13:07 - 2013-10-20 21:34 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-10-21 13:04 - 2011-09-29 15:47 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-10-21 12:06 - 2011-12-21 16:56 - 00064536 _____ C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-21 12:06 - 2011-12-21 16:56 - 00064536 _____ C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-20 21:39 - 2013-10-20 21:39 - 00000000 ____D C:\Users\Administrator Janik\AppData\Local\Macromedia
2013-10-20 21:39 - 2011-06-17 16:51 - 00000000 ____D C:\Users\Administrator Janik\AppData\Local\CrashDumps
2013-10-20 21:34 - 2011-06-11 01:58 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-10-20 21:34 - 2011-06-11 01:58 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-10-20 21:32 - 2011-04-08 13:38 - 00064536 _____ C:\Users\Administrator Janik\AppData\Local\GDIPFONTCACHEV1.DAT
Some content of TEMP:
====================
C:\Users\Administrator Janik\AppData\Local\Temp\AskSLib.dll
C:\Users\Administrator Janik\AppData\Local\Temp\BackupSetup.exe
C:\Users\Administrator Janik\AppData\Local\Temp\CF_Downloader.exe
C:\Users\Administrator Janik\AppData\Local\Temp\DLBT.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll1594642.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll1632207.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll1751984.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll1753981.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll1761485.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll2660877.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll370907.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll4738109.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll4739653.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll4745768.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll6642226.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll911997.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll913573.dll
C:\Users\Administrator Janik\AppData\Local\Temp\installerdll921419.dll
C:\Users\Administrator Janik\AppData\Local\Temp\Java.exe
C:\Users\Administrator Janik\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Administrator Janik\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Administrator Janik\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Administrator Janik\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Administrator Janik\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Administrator Janik\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Administrator Janik\AppData\Local\Temp\nvStInst.exe
C:\Users\Administrator Janik\AppData\Local\Temp\OriginLauncher1751984.exe
C:\Users\Administrator Janik\AppData\Local\Temp\OriginLauncher4738109.exe
C:\Users\Administrator Janik\AppData\Local\Temp\OriginLauncher911997.exe
C:\Users\Administrator Janik\AppData\Local\Temp\Play.exe
C:\Users\Administrator Janik\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator Janik\AppData\Local\Temp\rootsupd.exe
C:\Users\Administrator Janik\AppData\Local\Temp\Setup.exe
C:\Users\Administrator Janik\AppData\Local\Temp\sonarinst.exe
C:\Users\Administrator Janik\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Administrator Janik\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Administrator Janik\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Administrator Janik\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Administrator Janik\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Janik\AppData\Local\Temp\CF_Downloader.exe
C:\Users\Janik\AppData\Local\Temp\DLBT.dll
C:\Users\Janik\AppData\Local\Temp\EADCBB7.exe
C:\Users\Janik\AppData\Local\Temp\installerdll1613565.dll
C:\Users\Janik\AppData\Local\Temp\installerdll358443.dll
C:\Users\Janik\AppData\Local\Temp\installerdll5023856.dll
C:\Users\Janik\AppData\Local\Temp\installerdll5515649.dll
C:\Users\Janik\AppData\Local\Temp\installerdll6632897.dll
C:\Users\Janik\AppData\Local\Temp\Setup.exe
C:\Users\Janik\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-10 13:26
==================== End Of Log ============================
--- --- --- Janik |
|
20.11.2013, 12:55
| #6 |
| /// the machine /// TB-Ausbilder | http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel Von wann war der Punkt? ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel |
|
20.11.2013, 21:56
| #7 |
| | http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel Punkt war 18.11.13 ~ 21:40, nach JRT. ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8cbac04d138a3b48ac4712f656686a26
# engine=15961
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-20 08:28:08
# local_time=2013-11-20 09:28:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 2112278 161692760 0 0
# compatibility_mode=5893 16776573 100 94 353350 136609138 0 0
# scanned=223355
# found=0
# cleaned=0
# scan_time=5429
Code:
ATTFilter Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.9.900.117 Adobe Reader XI Mozilla Firefox (25.0.1) ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Janik (ATTENTION: The logged in user is not administrator) on JANIKSPC on 20-11-2013 21:53:31
Running from C:\Users\Janik\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Akamai Technologies, Inc.) C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Dropbox, Inc.) C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM\...\RunOnce: [*Restore] - C:\Windows\System32\rstrui.exe /runonce [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Runonce: [InstallShieldSetup] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKLM-x32\...\Runonce: [InstallShieldSetup1] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKLM-x32\...\Runonce: [InstallShieldSetup2] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {505ac668-b2e5-11e0-be37-002522a1d429} - E:\DTVP_Launcher.exe
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Startup: C:\Users\Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x804583C7A3FBCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.234.128.7 195.234.128.16 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.3 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=0.80.0 - C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Feven 1.5 - C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com
FF Extension: Battlefield Heroes Updater - C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: Battlefield Play4Free - C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default\Extensions\battlefieldplay4free@ea.com
FF Extension: jid1-QpHD8URtZWJC2A - C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-27] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
S3 RTCore64; C:\after\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 X6va005; \??\C:\Users\ADMINI~1\AppData\Local\Temp\005E51A.tmp [x]
S3 X6va006; \??\C:\Users\ADMINI~1\AppData\Local\Temp\0062148.tmp [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-20 19:47 - 2013-11-20 19:48 - 00891184 _____ C:\Users\Janik\Desktop\SecurityCheck.exe
2013-11-20 16:14 - 2013-11-20 16:14 - 02347384 _____ (ESET) C:\Users\Janik\Desktop\esetsmartinstaller_enu.exe
2013-11-19 20:18 - 2013-11-20 21:53 - 00012910 _____ C:\Users\Janik\Desktop\FRST.txt
2013-11-19 20:10 - 2013-11-19 20:11 - 01957964 _____ (Farbar) C:\Users\Janik\Desktop\FRST64.exe
2013-11-18 20:38 - 2013-11-18 20:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-18 20:37 - 2013-11-18 20:37 - 01034531 _____ (Thisisu) C:\Users\Janik\Desktop\JRT.exe
2013-11-18 20:30 - 2013-11-19 20:13 - 00000000 ____D C:\AdwCleaner
2013-11-18 20:28 - 2013-11-18 20:28 - 01085542 _____ C:\Users\Janik\Desktop\adwcleaner.exe
2013-11-18 20:17 - 2013-11-18 20:17 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Malwarebytes
2013-11-18 20:04 - 2013-11-18 20:04 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 20:04 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-18 20:01 - 2013-11-18 20:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Janik\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-18 16:54 - 2013-11-18 16:54 - 00377856 _____ C:\Users\Janik\Desktop\gmer_2.1.19163.exe
2013-11-18 16:51 - 2013-11-18 16:51 - 00000000 ____D C:\FRST
2013-11-18 16:50 - 2013-11-18 16:50 - 00050477 _____ C:\Users\Janik\Downloads\Defogger.exe
2013-11-18 16:45 - 2013-11-18 16:45 - 00050477 _____ C:\Users\Janik\Desktop\Defogger.exe
2013-11-17 15:54 - 2013-11-17 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 12:20 - 2013-11-17 12:21 - 00000000 ____D C:\Users\Janik\Documents\BFBC2
2013-11-14 20:08 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 20:08 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 20:08 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 20:08 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 20:08 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 20:08 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 20:07 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 20:07 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 20:07 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 20:07 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 16:11 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 16:11 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 16:10 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 16:10 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 16:10 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 16:10 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 16:10 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 16:10 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 16:10 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 16:09 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 16:09 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 16:09 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 16:09 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 16:09 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 16:09 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 16:09 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 16:09 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 16:09 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 16:09 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 16:09 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 16:09 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 16:09 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 16:09 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 16:09 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 16:09 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 16:08 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 16:08 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 16:08 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 16:08 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 16:08 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-04 14:04 - 2013-11-04 14:04 - 00000000 ____D C:\Users\Janik\Desktop\LOLPBE
2013-11-02 22:35 - 2013-11-02 22:35 - 00000000 ____D C:\Users\Janik\Documents\League of Legends
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-11-01 17:30 - 2013-11-01 17:31 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Janik\Downloads\AdobeAIRInstaller.exe
2013-11-01 17:24 - 2013-11-01 17:24 - 00000000 ____D C:\ProgramData\Oracle
2013-11-01 17:23 - 2013-11-01 17:23 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-01 17:22 - 2013-11-01 17:22 - 30694824 _____ (Oracle Corporation) C:\Users\Janik\Downloads\jre-7u45-windows-x64.exe
2013-11-01 17:19 - 2013-11-01 17:19 - 23294592 _____ (Mozilla) C:\Users\Janik\Downloads\Firefox_Setup_25.0.exe
2013-10-21 15:48 - 2013-11-07 23:25 - 00000000 ____D C:\Users\Janik\Desktop\GG
2013-10-21 14:19 - 2013-10-21 14:19 - 00001865 _____ C:\Users\Janik\Downloads\Sklansky-Tabelle.zip
==================== One Month Modified Files and Folders =======
2013-11-20 21:53 - 2013-11-19 20:18 - 00012910 _____ C:\Users\Janik\Desktop\FRST.txt
2013-11-20 21:51 - 2011-09-01 15:01 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Skype
2013-11-20 21:20 - 2013-09-06 19:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-20 20:55 - 2011-04-06 19:55 - 01885107 _____ C:\Windows\WindowsUpdate.log
2013-11-20 19:48 - 2013-11-20 19:47 - 00891184 _____ C:\Users\Janik\Desktop\SecurityCheck.exe
2013-11-20 16:15 - 2009-07-14 05:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-20 16:15 - 2009-07-14 05:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-20 16:14 - 2013-11-20 16:14 - 02347384 _____ (ESET) C:\Users\Janik\Desktop\esetsmartinstaller_enu.exe
2013-11-20 16:09 - 2013-09-23 11:34 - 00000000 ___RD C:\Users\Janik\Dropbox
2013-11-20 16:09 - 2013-09-23 11:32 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Dropbox
2013-11-20 16:09 - 2013-04-12 00:06 - 00000000 ____D C:\Users\Janik\AppData\Local\FreePDF_XP
2013-11-20 16:08 - 2011-04-08 13:35 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-20 16:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-20 16:08 - 2009-07-14 05:51 - 00138803 _____ C:\Windows\setupact.log
2013-11-19 23:01 - 2013-10-01 16:52 - 00000000 ____D C:\Users\Janik\Desktop\Esis
2013-11-19 22:56 - 2011-05-05 19:55 - 00000000 ____D C:\Users\Janik\AppData\Roaming\TS3Client
2013-11-19 20:13 - 2013-11-18 20:30 - 00000000 ____D C:\AdwCleaner
2013-11-19 20:12 - 2011-04-06 20:06 - 00000000 ____D C:\Users\Administrator Janik
2013-11-19 20:11 - 2013-11-19 20:10 - 01957964 _____ (Farbar) C:\Users\Janik\Desktop\FRST64.exe
2013-11-19 20:06 - 2011-04-15 18:56 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-19 20:06 - 2011-04-15 18:56 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-11-19 20:04 - 2011-04-08 15:05 - 00000000 ____D C:\Users\Janik
2013-11-19 20:03 - 2011-11-17 16:05 - 00000000 ____D C:\Users\Janik\AppData\Local\Akamai
2013-11-19 20:03 - 2011-04-20 07:18 - 00000000 ____D C:\Users\Tom
2013-11-19 20:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-19 20:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-18 20:38 - 2013-11-18 20:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-18 20:37 - 2013-11-18 20:37 - 01034531 _____ (Thisisu) C:\Users\Janik\Desktop\JRT.exe
2013-11-18 20:28 - 2013-11-18 20:28 - 01085542 _____ C:\Users\Janik\Desktop\adwcleaner.exe
2013-11-18 20:17 - 2013-11-18 20:17 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Malwarebytes
2013-11-18 20:14 - 2011-04-08 13:20 - 00667000 _____ C:\Windows\PFRO.log
2013-11-18 20:04 - 2013-11-18 20:04 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 20:02 - 2013-11-18 20:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Janik\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-18 16:54 - 2013-11-18 16:54 - 00377856 _____ C:\Users\Janik\Desktop\gmer_2.1.19163.exe
2013-11-18 16:51 - 2013-11-18 16:51 - 00000000 ____D C:\FRST
2013-11-18 16:50 - 2013-11-18 16:50 - 00050477 _____ C:\Users\Janik\Downloads\Defogger.exe
2013-11-18 16:45 - 2013-11-18 16:45 - 00050477 _____ C:\Users\Janik\Desktop\Defogger.exe
2013-11-18 14:29 - 2013-09-06 19:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-17 20:30 - 2013-02-01 19:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-17 20:30 - 2011-09-01 15:01 - 00000000 ____D C:\ProgramData\Skype
2013-11-17 15:54 - 2013-11-17 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 12:24 - 2011-04-15 18:12 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-11-17 12:21 - 2013-11-17 12:20 - 00000000 ____D C:\Users\Janik\Documents\BFBC2
2013-11-17 12:20 - 2011-04-15 20:22 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-11-17 12:20 - 2011-04-15 18:37 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-14 20:37 - 2011-07-08 12:58 - 00000000 ____D C:\Users\Janik\AppData\Local\CrashDumps
2013-11-14 20:06 - 2013-08-19 12:22 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 20:05 - 2013-01-22 16:26 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 21:22 - 2011-10-31 15:32 - 00000000 ____D C:\Users\Janik\Desktop\Was noch so rumfliegt
2013-11-11 13:36 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-09 18:55 - 2009-07-14 18:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-11-09 18:55 - 2009-07-14 18:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-11-09 18:55 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-07 23:25 - 2013-10-21 15:48 - 00000000 ____D C:\Users\Janik\Desktop\GG
2013-11-06 16:44 - 2011-05-05 19:55 - 00000000 ____D C:\Program Files\ts3
2013-11-04 14:04 - 2013-11-04 14:04 - 00000000 ____D C:\Users\Janik\Desktop\LOLPBE
2013-11-02 22:35 - 2013-11-02 22:35 - 00000000 ____D C:\Users\Janik\Documents\League of Legends
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:30 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Janik\Downloads\AdobeAIRInstaller.exe
2013-11-01 17:31 - 2011-05-13 19:16 - 00000000 ____D C:\Users\Janik\AppData\Local\Adobe
2013-11-01 17:31 - 2011-04-15 20:31 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Adobe
2013-11-01 17:31 - 2011-04-07 20:13 - 00000000 ____D C:\ProgramData\Adobe
2013-11-01 17:31 - 2011-04-07 20:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-01 17:29 - 2012-01-23 22:23 - 00000000 ____D C:\Program Files\Java
2013-11-01 17:24 - 2013-11-01 17:24 - 00000000 ____D C:\ProgramData\Oracle
2013-11-01 17:23 - 2013-11-01 17:23 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-01 17:23 - 2012-01-23 22:23 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-01 17:23 - 2012-01-23 22:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-01 17:23 - 2012-01-23 22:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-01 17:22 - 2013-11-01 17:22 - 30694824 _____ (Oracle Corporation) C:\Users\Janik\Downloads\jre-7u45-windows-x64.exe
2013-11-01 17:21 - 2013-09-06 19:17 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-01 17:19 - 2013-11-01 17:19 - 23294592 _____ (Mozilla) C:\Users\Janik\Downloads\Firefox_Setup_25.0.exe
2013-10-21 14:19 - 2013-10-21 14:19 - 00001865 _____ C:\Users\Janik\Downloads\Sklansky-Tabelle.zip
2013-10-21 13:58 - 2013-10-06 11:47 - 00000000 ____D C:\Users\Janik\bluej
2013-10-21 13:58 - 2011-12-28 16:47 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-21 13:58 - 2011-12-04 14:26 - 00000000 ____D C:\Windows\Minidump
2013-10-21 13:58 - 2011-09-29 22:48 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-10-21 13:58 - 2011-09-29 15:47 - 00000000 ____D C:\ProgramData\Origin
2013-10-21 13:58 - 2011-04-08 13:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-21 13:58 - 2011-04-08 13:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-21 13:57 - 2013-10-14 20:16 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-21 13:57 - 2011-04-15 20:26 - 00000000 ____D C:\Users\Janik\AppData\Local\PunkBuster
2013-10-21 13:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\security
2013-10-21 13:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-21 13:07 - 2013-10-20 21:34 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-10-21 13:04 - 2011-09-29 15:47 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-10-21 12:06 - 2011-12-21 16:56 - 00064536 _____ C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-21 12:06 - 2011-12-21 16:56 - 00064536 _____ C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
Some content of TEMP:
====================
C:\Users\Janik\AppData\Local\Temp\CF_Downloader.exe
C:\Users\Janik\AppData\Local\Temp\DLBT.dll
C:\Users\Janik\AppData\Local\Temp\EADCBB7.exe
C:\Users\Janik\AppData\Local\Temp\installerdll1613565.dll
C:\Users\Janik\AppData\Local\Temp\installerdll358443.dll
C:\Users\Janik\AppData\Local\Temp\installerdll5023856.dll
C:\Users\Janik\AppData\Local\Temp\installerdll5515649.dll
C:\Users\Janik\AppData\Local\Temp\installerdll6632897.dll
C:\Users\Janik\AppData\Local\Temp\Setup.exe
C:\Users\Janik\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Wegen Schusseligkeit hab ich alles nochmal durchführen müssen und konnte nur den 2. Durchlauf posten (deswegen kommt meine Antwort auch so spät). Probleme wären: - Werbung ist noch auf Wörtern verlinkt (sogar hier im Forum) - mehrmals täglich Standbilder für ca. 2-5 Sekunden - Adobe Flash plugin stürtzt alle paar Minuten ab - PC läuft immer noch nicht so wie vor ca. 2 Wochen (in Firefox ruckelt es beim Scrollen, firefox allg. reagiert langsam, wenn ich aus Spielen raus/rein "tabbe" kurzes Standbild, etc.) Das wären die Mängel die mir spontan auffallen, wobei ich bei den Adobe Flash plugin-Abstürzen nicht sicher bin ob das etwas mit dem Grundproblem zu tun hat. Die im Titel angegebene Internetseite ist aber in den letzten 2 Tagen nicht mehr aufgetreten, Gruß Janik Geändert von AmigoBandito (20.11.2013 um 22:41 Uhr) Grund: Formulierung |
|
21.11.2013, 13:37
| #8 |
| /// the machine /// TB-Ausbilder | http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel In welchem Browser ist das mit den Wörtern?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.11.2013, 20:41
| #9 |
| | http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel Firefox |
|
22.11.2013, 16:21
| #10 |
| /// the machine /// TB-Ausbilder | http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel Firefox deinstalliern, keine Daten behalten, neu installieren. Dann bitte ein frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.11.2013, 17:45
| #11 |
| | http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel Hab Firefox über Systemsteuerung - Programme & Funktionen - die Uninstall exe deinstalliert, Haken bei das er persönliches Zeug löscht, dann Haken bei eigene Daten und Anpassungen entfernen gesetzt. Was mich allerings verwundert ist, dass nach der Neuinstallation meine Lesezeichen noch drinn waren. Wie erwünscht das FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2013 01
Ran by Janik (ATTENTION: The logged in user is not administrator) on JANIKSPC on 22-11-2013 17:40:04
Running from C:\Users\Janik\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dropbox, Inc.) C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.192\deploy\LoLLauncher.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.58\deploy\LolClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM\...\RunOnce: [*Restore] - C:\Windows\System32\rstrui.exe /runonce [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Runonce: [InstallShieldSetup] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKLM-x32\...\Runonce: [InstallShieldSetup1] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKLM-x32\...\Runonce: [InstallShieldSetup2] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {505ac668-b2e5-11e0-be37-002522a1d429} - E:\DTVP_Launcher.exe
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Startup: C:\Users\Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x804583C7A3FBCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.234.128.7 195.234.128.16 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.3 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=0.80.0 - C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Feven 1.5 - C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com
FF Extension: Battlefield Heroes Updater - C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: Battlefield Play4Free - C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default\Extensions\battlefieldplay4free@ea.com
FF Extension: jid1-QpHD8URtZWJC2A - C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-27] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
S3 RTCore64; C:\after\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 X6va005; \??\C:\Users\ADMINI~1\AppData\Local\Temp\005E51A.tmp [x]
S3 X6va006; \??\C:\Users\ADMINI~1\AppData\Local\Temp\0062148.tmp [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-22 17:40 - 2013-11-22 17:40 - 00013724 _____ C:\Users\Janik\Desktop\FRST.txt
2013-11-22 17:39 - 2013-11-22 17:39 - 01958070 _____ (Farbar) C:\Users\Janik\Desktop\FRST64.exe
2013-11-22 17:37 - 2013-11-22 17:37 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-22 17:37 - 2013-11-22 17:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-22 17:37 - 2013-11-22 17:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-22 17:36 - 2013-11-22 17:36 - 00283184 _____ (Mozilla) C:\Users\Janik\Downloads\Firefox Setup Stub 25.0.1 (1).exe
2013-11-22 17:35 - 2013-11-22 17:35 - 00283184 _____ (Mozilla) C:\Users\Janik\Downloads\Firefox Setup Stub 25.0.1.exe
2013-11-22 17:32 - 2013-11-22 17:32 - 00001751 _____ C:\Users\Janik\Documents\tabs.txt
2013-11-20 19:47 - 2013-11-20 19:48 - 00891184 _____ C:\Users\Janik\Desktop\SecurityCheck.exe
2013-11-20 16:14 - 2013-11-20 16:14 - 02347384 _____ (ESET) C:\Users\Janik\Desktop\esetsmartinstaller_enu.exe
2013-11-18 20:38 - 2013-11-18 20:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-18 20:37 - 2013-11-18 20:37 - 01034531 _____ (Thisisu) C:\Users\Janik\Desktop\JRT.exe
2013-11-18 20:30 - 2013-11-19 20:13 - 00000000 ____D C:\AdwCleaner
2013-11-18 20:28 - 2013-11-18 20:28 - 01085542 _____ C:\Users\Janik\Desktop\adwcleaner.exe
2013-11-18 20:17 - 2013-11-18 20:17 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Malwarebytes
2013-11-18 20:04 - 2013-11-18 20:04 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 20:04 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-18 20:01 - 2013-11-18 20:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Janik\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-18 16:54 - 2013-11-18 16:54 - 00377856 _____ C:\Users\Janik\Desktop\gmer_2.1.19163.exe
2013-11-18 16:51 - 2013-11-18 16:51 - 00000000 ____D C:\FRST
2013-11-18 16:50 - 2013-11-18 16:50 - 00050477 _____ C:\Users\Janik\Downloads\Defogger.exe
2013-11-18 16:45 - 2013-11-18 16:45 - 00050477 _____ C:\Users\Janik\Desktop\Defogger.exe
2013-11-17 12:20 - 2013-11-17 12:21 - 00000000 ____D C:\Users\Janik\Documents\BFBC2
2013-11-14 20:08 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 20:08 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 20:08 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 20:08 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 20:08 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 20:08 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 20:07 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 20:07 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 20:07 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 20:07 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 16:11 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 16:11 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 16:10 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 16:10 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 16:10 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 16:10 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 16:10 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 16:10 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 16:10 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 16:09 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 16:09 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 16:09 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 16:09 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 16:09 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 16:09 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 16:09 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 16:09 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 16:09 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 16:09 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 16:09 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 16:09 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 16:09 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 16:09 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 16:09 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 16:09 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 16:08 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 16:08 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 16:08 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 16:08 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 16:08 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-04 14:04 - 2013-11-04 14:04 - 00000000 ____D C:\Users\Janik\Desktop\LOLPBE
2013-11-02 22:35 - 2013-11-02 22:35 - 00000000 ____D C:\Users\Janik\Documents\League of Legends
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-11-01 17:30 - 2013-11-01 17:31 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Janik\Downloads\AdobeAIRInstaller.exe
2013-11-01 17:24 - 2013-11-01 17:24 - 00000000 ____D C:\ProgramData\Oracle
2013-11-01 17:23 - 2013-11-01 17:23 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-01 17:22 - 2013-11-01 17:22 - 30694824 _____ (Oracle Corporation) C:\Users\Janik\Downloads\jre-7u45-windows-x64.exe
2013-11-01 17:19 - 2013-11-01 17:19 - 23294592 _____ (Mozilla) C:\Users\Janik\Downloads\Firefox_Setup_25.0.exe
==================== One Month Modified Files and Folders =======
2013-11-22 17:40 - 2013-11-22 17:40 - 00013724 _____ C:\Users\Janik\Desktop\FRST.txt
2013-11-22 17:39 - 2013-11-22 17:39 - 01958070 _____ (Farbar) C:\Users\Janik\Desktop\FRST64.exe
2013-11-22 17:37 - 2013-11-22 17:37 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-22 17:37 - 2013-11-22 17:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-22 17:37 - 2013-11-22 17:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-22 17:36 - 2013-11-22 17:36 - 00283184 _____ (Mozilla) C:\Users\Janik\Downloads\Firefox Setup Stub 25.0.1 (1).exe
2013-11-22 17:35 - 2013-11-22 17:35 - 00283184 _____ (Mozilla) C:\Users\Janik\Downloads\Firefox Setup Stub 25.0.1.exe
2013-11-22 17:32 - 2013-11-22 17:32 - 00001751 _____ C:\Users\Janik\Documents\tabs.txt
2013-11-22 17:22 - 2011-09-01 15:01 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Skype
2013-11-22 17:19 - 2013-09-06 19:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-22 15:49 - 2009-07-14 05:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-22 15:49 - 2009-07-14 05:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-22 15:45 - 2011-04-06 19:55 - 01082178 _____ C:\Windows\WindowsUpdate.log
2013-11-22 15:45 - 2009-07-14 05:51 - 00139139 _____ C:\Windows\setupact.log
2013-11-22 15:42 - 2013-09-23 11:34 - 00000000 ___RD C:\Users\Janik\Dropbox
2013-11-22 15:42 - 2013-09-23 11:32 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Dropbox
2013-11-22 15:41 - 2013-04-12 00:06 - 00000000 ____D C:\Users\Janik\AppData\Local\FreePDF_XP
2013-11-22 15:41 - 2011-04-08 13:35 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-22 15:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-21 22:53 - 2013-09-06 19:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-21 22:53 - 2011-08-14 22:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-21 22:51 - 2011-05-05 19:55 - 00000000 ____D C:\Users\Janik\AppData\Roaming\TS3Client
2013-11-21 00:15 - 2011-04-08 13:20 - 00668562 _____ C:\Windows\PFRO.log
2013-11-20 19:48 - 2013-11-20 19:47 - 00891184 _____ C:\Users\Janik\Desktop\SecurityCheck.exe
2013-11-20 16:14 - 2013-11-20 16:14 - 02347384 _____ (ESET) C:\Users\Janik\Desktop\esetsmartinstaller_enu.exe
2013-11-19 23:01 - 2013-10-01 16:52 - 00000000 ____D C:\Users\Janik\Desktop\Esis
2013-11-19 20:13 - 2013-11-18 20:30 - 00000000 ____D C:\AdwCleaner
2013-11-19 20:12 - 2011-04-06 20:06 - 00000000 ____D C:\Users\Administrator Janik
2013-11-19 20:06 - 2011-04-15 18:56 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-19 20:06 - 2011-04-15 18:56 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-11-19 20:04 - 2011-04-08 15:05 - 00000000 ____D C:\Users\Janik
2013-11-19 20:03 - 2011-11-17 16:05 - 00000000 ____D C:\Users\Janik\AppData\Local\Akamai
2013-11-19 20:03 - 2011-04-20 07:18 - 00000000 ____D C:\Users\Tom
2013-11-19 20:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-19 20:03 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-18 20:38 - 2013-11-18 20:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-18 20:37 - 2013-11-18 20:37 - 01034531 _____ (Thisisu) C:\Users\Janik\Desktop\JRT.exe
2013-11-18 20:28 - 2013-11-18 20:28 - 01085542 _____ C:\Users\Janik\Desktop\adwcleaner.exe
2013-11-18 20:17 - 2013-11-18 20:17 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Malwarebytes
2013-11-18 20:04 - 2013-11-18 20:04 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-18 20:04 - 2013-11-18 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-18 20:02 - 2013-11-18 20:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Janik\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-18 16:54 - 2013-11-18 16:54 - 00377856 _____ C:\Users\Janik\Desktop\gmer_2.1.19163.exe
2013-11-18 16:51 - 2013-11-18 16:51 - 00000000 ____D C:\FRST
2013-11-18 16:50 - 2013-11-18 16:50 - 00050477 _____ C:\Users\Janik\Downloads\Defogger.exe
2013-11-18 16:45 - 2013-11-18 16:45 - 00050477 _____ C:\Users\Janik\Desktop\Defogger.exe
2013-11-17 20:30 - 2013-02-01 19:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-17 20:30 - 2011-09-01 15:01 - 00000000 ____D C:\ProgramData\Skype
2013-11-17 12:24 - 2011-04-15 18:12 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-11-17 12:21 - 2013-11-17 12:20 - 00000000 ____D C:\Users\Janik\Documents\BFBC2
2013-11-17 12:20 - 2011-04-15 20:22 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-11-17 12:20 - 2011-04-15 18:37 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-14 20:37 - 2011-07-08 12:58 - 00000000 ____D C:\Users\Janik\AppData\Local\CrashDumps
2013-11-14 20:06 - 2013-08-19 12:22 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 20:05 - 2013-01-22 16:26 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 21:22 - 2011-10-31 15:32 - 00000000 ____D C:\Users\Janik\Desktop\Was noch so rumfliegt
2013-11-11 13:36 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-09 18:55 - 2009-07-14 18:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-11-09 18:55 - 2009-07-14 18:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-11-09 18:55 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-07 23:25 - 2013-10-21 15:48 - 00000000 ____D C:\Users\Janik\Desktop\GG
2013-11-06 16:44 - 2011-05-05 19:55 - 00000000 ____D C:\Program Files\ts3
2013-11-04 14:04 - 2013-11-04 14:04 - 00000000 ____D C:\Users\Janik\Desktop\LOLPBE
2013-11-02 22:35 - 2013-11-02 22:35 - 00000000 ____D C:\Users\Janik\Documents\League of Legends
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:30 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Janik\Downloads\AdobeAIRInstaller.exe
2013-11-01 17:31 - 2011-05-13 19:16 - 00000000 ____D C:\Users\Janik\AppData\Local\Adobe
2013-11-01 17:31 - 2011-04-15 20:31 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Adobe
2013-11-01 17:31 - 2011-04-07 20:13 - 00000000 ____D C:\ProgramData\Adobe
2013-11-01 17:31 - 2011-04-07 20:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-01 17:29 - 2012-01-23 22:23 - 00000000 ____D C:\Program Files\Java
2013-11-01 17:24 - 2013-11-01 17:24 - 00000000 ____D C:\ProgramData\Oracle
2013-11-01 17:23 - 2013-11-01 17:23 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-01 17:23 - 2012-01-23 22:23 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-01 17:23 - 2012-01-23 22:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-01 17:23 - 2012-01-23 22:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-01 17:22 - 2013-11-01 17:22 - 30694824 _____ (Oracle Corporation) C:\Users\Janik\Downloads\jre-7u45-windows-x64.exe
2013-11-01 17:19 - 2013-11-01 17:19 - 23294592 _____ (Mozilla) C:\Users\Janik\Downloads\Firefox_Setup_25.0.exe
Files to move or delete:
====================
C:\Users\Janik\AppData\Roaming\Origin
Some content of TEMP:
====================
C:\Users\Janik\AppData\Local\Temp\CF_Downloader.exe
C:\Users\Janik\AppData\Local\Temp\DLBT.dll
C:\Users\Janik\AppData\Local\Temp\EADCBB7.exe
C:\Users\Janik\AppData\Local\Temp\installerdll1613565.dll
C:\Users\Janik\AppData\Local\Temp\installerdll358443.dll
C:\Users\Janik\AppData\Local\Temp\installerdll5023856.dll
C:\Users\Janik\AppData\Local\Temp\installerdll5515649.dll
C:\Users\Janik\AppData\Local\Temp\installerdll6632897.dll
C:\Users\Janik\AppData\Local\Temp\Setup.exe
C:\Users\Janik\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Gruß Janik |
|
23.11.2013, 07:59
| #12 |
| /// the machine /// TB-Ausbilder | http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel https://support.mozilla.org/de/kb/fi...einfach-loesen Mach das, dann sollte alles gut sein.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.11.2013, 14:24
| #13 |
| | http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel Es hat funktioniert, Werbung ist weg, Firefox läuft wie ne 1, plugin abstürtze wurden durch das neue Update behoben. Vielen Dank Schrauber, sie waren mir eine große Hilfe  Eine letzte Frage hätte ich aber noch, ich hab jetzt ein Haufen Tools auf dem Pc, Welche Tools sollte ich regelmässig laufen lassen? gruß Janik |
|
24.11.2013, 08:36
| #14 |
| /// the machine /// TB-Ausbilder | http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel Kommt jetzt Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.11.2013, 14:06
| #15 |
| | http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel Alles erledigt, keine Fragen. Vielen Dank nochmal für die Hilfe, ich bin froh das ich das nicht auf eigene Faust machen musste gruß Janik |
|
| Themen zu http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel |
| adobe, antivirus, defender, error, farbar recovery scan tool, fehlermeldung, firefox, firefox 25.0.1, flash player, helper, home, homepage, hängt, mozilla, ntdll.dll, plug-in, problem, programm, realtek, registry, richtlinie, rundll, scan, security, services.exe, software, svchost.exe, system, taskhost.exe, tracker, usb, wenig ahnung, windows |
Linear-Darstellung
