|
Log-Analyse und Auswertung: Funde mit SpyhunterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.01.2014, 19:44 | #1 |
| Funde mit Spyhunter Hallo! Meine Mutter hat ein Problem mit ihrem Lapi auf Win 7. Er geht sehr langsam am Anfang und manchmal verzieht sich der Text, was nach einem Neustart wieder normal funktioniert. Sie hat auf ihre eigene Faust diesen ominösen Spyhunter installiert und die Suche ergab folgendes: Adware Helpus Adware Helpus PUP.FLVPlayer (bisher ger. Bedr.) Babylonsearch/Toolbar do-search.com (beide als gefährlich eingestuft) Hab dann einiges rüberfahren lassen. Malwarebytes und Avira fanden nichts. JRT:JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.9 (01.01.2014:1) OS: Windows 7 Home Premium x64 Ran by Romy on 03.01.2014 at 18:41:55,03 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3479445380-1746314367-3566438047-1000\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E8FD0672-F49F-4487-AFA2-CF63DEE93DDB} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn" Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{104D733F-184B-421D-8195-356BB8D45456} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{11C2961E-634B-47E5-A362-201B0142EC76} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{13AE1D0D-FA36-493D-8C85-380D4F622845} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{14C540E5-D421-46ED-8AF1-7CEE29E0D56E} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{1789E22A-397D-4629-BCA7-749D6A5DB3BF} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{17E130BE-841A-4049-82CC-1CF116E51F3A} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{183F0A99-84FD-4D6C-9755-772B5996F19C} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{190348C8-5A28-4740-9232-90067D385661} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{19654263-6039-41B5-AECC-93F2BCD7FF86} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{1BA24133-29AE-4E5B-B7EB-B791ABFE9BCF} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{1D0634FE-D331-48EB-9288-0B8F1AE48877} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{1D482AC0-2095-4FFD-9F77-BEB164CE95E0} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{246604BE-BC80-499E-8FB6-21C03041E956} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{2B4AD354-A81C-463A-95D0-15566F1A5810} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{2C74BFBF-FEF4-4746-9027-14E1C6F4A51A} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{2F9F1345-9A43-40F5-B03C-0A825FF5F78C} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{334C22C5-DECA-483A-92B1-827BD7B2478B} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{3530F9C2-51E4-4FB9-86D3-5E55AD6BE99B} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{360A965B-7292-4AF0-9786-1AA5FECDB9FE} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{387F34FC-6DEF-4FB4-96A7-BA1AF0196E4A} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{3BAA615B-8904-48E9-ACB3-FE3FC330222E} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{3D4F8823-BEFE-4688-BF94-913ED9649F12} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{3ECFDE45-5A64-4FD2-8C94-E8DFC3CCA3EF} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{3FB7AD0A-E1EB-49C7-BFBC-45DFB19BE193} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{40E50130-2B91-4DBD-9B8A-E8C96358D467} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{48729FFD-32A2-47B2-A84E-288CAD345F4A} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{4F62E382-2823-4873-8C0B-5CE96A594AE3} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{506EC15D-0B86-49E2-87F4-C81719A0FA8C} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{507AD547-CE8B-4B95-BF1D-C699C2BDA535} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{51E05FC3-2C7B-4EAF-80D7-421718AB8FC8} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{53E00391-B279-490F-9520-C4486C5A3878} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{54E00345-D748-44FC-9E6E-367E0D717388} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{59B4E10E-7FEA-4193-AEF1-60A49CBDDBAE} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{5DFB78FF-8023-49A8-8946-16E7D352AD60} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{5E087CD7-195C-4CC0-B76F-53ABC5C34D97} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{6233B111-9D0A-4773-A6D5-369256CA5B06} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{62682878-0ADD-4BE4-94E2-F108100A3F65} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{633D13E6-68D3-4F6E-99A4-8BAF48162065} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{659C4E74-7F66-41DB-A97E-59041C3ED895} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{6A8F8E51-FE22-4DD2-AB0C-B84458E02EFF} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{7053F1BC-A5E1-40BE-8DD4-DA2BA4DA11A9} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{71B660A7-3C03-4591-A5EF-644158F9690B} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{75A720DD-9D0E-42C3-AC74-EE36CEEABD08} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{763E1D3D-9DC2-4786-A7FF-D0CA36FD4CE4} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{77D0E10D-B471-40B7-A8C2-116F2566FC86} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{7A4B7429-EB6D-4E5F-B769-78F2727351AA} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{8003C723-2072-45B4-AA98-7080A48DE84C} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{84D0655E-DD88-41B3-9BF1-ECC00C7B2699} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{8913BB67-8778-4C2A-9806-72CE4AEC4BDD} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{8945BA54-189D-45F4-805E-4C8E3EA10F12} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{8E09020F-9123-4D02-B12E-84AEA100BFAB} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{8F147258-781C-4350-8302-2ECD9668B343} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{938B5F02-CA66-4705-BB2F-C21EBC1CBFAF} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{95941277-AC78-4494-A61E-9758FBFF0F8A} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{95FFB0F1-497F-42F1-86D7-421B3AFEC703} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{96F09663-C25A-4D29-98AF-7F7AB983CBA1} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{979A433B-5D2D-4E71-B21E-5F68A6FBAFE7} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{97B9EC8E-590D-4747-9364-C0EC2F3A2D7C} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{9AE866E8-3C63-41E0-8699-21220135C5FD} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{9F26192B-3F84-40E7-8B0F-6F0DA04FCBA4} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{A2E50E0C-6B89-4CA3-9F08-12B06DA6404F} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{A3401687-2929-4E1E-A8B2-3F882F0B7E11} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{A55BB36F-F30C-4A19-B44C-1785646C2CE7} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{A93517C3-619B-40CC-98CD-86F407CD3F95} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{AC39C41F-4A88-4D1B-8340-78168B8D16BE} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{BBF43C55-3C6F-4338-9B72-41F66C0DFAC0} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{BDF3DBB1-139E-4DC3-A5A1-714E5135573B} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{CDF073AD-5880-44BA-9D3C-B1A0417BE2A8} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{D54585A5-86B2-41BC-8ED7-0AA874D06424} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{D5DAEAB9-09F0-44F4-92A5-6EF1C6FABB06} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{D806BD5E-60FA-4A38-A88A-B2F9D62CA7F6} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{D953EBF4-7EB6-4C03-B3D7-C2D5B1C305E1} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{D99766BA-87B9-4151-B73D-28FCD4157C73} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{D9FDFF01-FEE4-4A5E-AC93-821344C753B8} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{E2DB9840-CE01-4546-80F5-40816B76C6A1} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{E3FA1635-9D8B-428D-9BC6-FDFE0C8D0FEC} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{E5DDD7B6-9AA5-4CB0-BD53-B1DB8778F621} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{E6C61341-C5E6-41C7-9A38-954998D79568} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{E840B54E-EB45-4A02-8F06-C6059C33A7B9} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{EA792A6A-A63F-4E67-B80A-40399B8A2E76} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{F3E26F9D-5BAD-4C1C-B12B-2B2818941BB4} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{F6BFC7B7-538F-4ED5-9DEB-FDA18462EF09} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{F74A6A1E-8D89-4B8D-A53C-D02BCF6FEE11} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{F79DA212-0E5B-458D-B9AC-9F00579BEAFB} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{FA762222-6B29-4DE5-8259-0FCB08F45DE1} Successfully deleted: [Empty Folder] C:\Users\Romy\appdata\local\{FAC3AB74-9173-4D57-BD55-4CEDAE59F2ED} ~~~ FireFox Successfully deleted: [File] C:\Users\Romy\AppData\Roaming\mozilla\firefox\profiles\an1j06y9.default\user.js Successfully deleted: [Folder] C:\Users\Romy\AppData\Roaming\mozilla\firefox\profiles\an1j06y9.default\extensions\toolbar@gmx.net Emptied folder: C:\Users\Romy\AppData\Roaming\mozilla\firefox\profiles\an1j06y9.default\minidumps [243 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 03.01.2014 at 18:52:40,30 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ADWCleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 03/01/2014 um 18:39:44 # Aktualisiert 23/12/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Romy - ROMY-PC # Gestartet von : C:\Users\Romy\Desktop\adwcleaner.exe # Option : Suchen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Datei Gefunden : C:\Users\Romy\AppData\Roaming\Mozilla\Firefox\Profiles\an1j06y9.default\user.js ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Mozilla Firefox v25.0.1 (de) [ Datei : C:\Users\Romy\AppData\Roaming\Mozilla\Firefox\Profiles\an1j06y9.default\prefs.js ] -\\ Google Chrome v [ Datei : C:\Users\Romy\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R1].txt - [1017 octets] - [03/01/2014 18:39:44] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1077 octets] ########## FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2014 Ran by Romy (administrator) on ROMY-PC on 03-01-2014 18:32:54 Running from C:\Users\Romy\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= () C:\Program Files (x86)\PHotkey\AsLdrSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe () C:\Program Files (x86)\PHotkey\PHotkey.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Sentelic Corporation) C:\Program Files\FSP\FspUip.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe (Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE () C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE () C:\Program Files (x86)\PHotkey\PVDesktop.exe () C:\Program Files (x86)\PHotkey\PVDAgent.exe () C:\Program Files (x86)\PHotkey\POsd.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Mozilla Corporation) C:\Users\Romy\AppData\Local\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.) HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation) HKLM\...\Run: [fspuip] - C:\Program Files\FSP\FspUip.exe [4055552 2010-11-08] (Sentelic Corporation) HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation) HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink) HKLM-x32\...\Run: [YouCam Mirage] - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-04-15] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [228448 2011-04-15] (CyberLink Corp.) HKLM-x32\...\Run: [Norton Ghost 15.0] - C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation) HKLM-x32\...\Run: [CorelDRAW Graphics Suite 11b] - C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\DE\Programs\registration.exe [733184 2003-11-27] (Corel Corporation) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) MountPoints2: G - G:\.\Autorun.exe AUTORUN=1 MountPoints2: H - H:\.\Autorun.exe AUTORUN=1 MountPoints2: {1136af84-b0f8-11e1-a27a-e840f22619d2} - G:\.\Autorun.exe AUTORUN=1 MountPoints2: {1136af8c-b0f8-11e1-a27a-e840f22619d2} - G:\.\Autorun.exe AUTORUN=1 MountPoints2: {2362f0fb-8f83-11e1-98a8-e840f22619d2} - G:\Startme.exe MountPoints2: {53d7d28e-b31a-11e1-adc0-e840f22619d2} - H:\.\Autorun.exe AUTORUN=1 MountPoints2: {6d85b9d6-8ff7-11e1-95cf-806e6f6e6963} - G:\.\Autorun.exe AUTORUN=1 AppInit_DLLs: [ ] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF URLSearchHook: HKCU - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {E8FD0672-F49F-4487-AFA2-CF63DEE93DDB} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10263&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGU&apn_dtid=^YYYYYY^YY^AT&apn_uid=d1b4f24e-336c-46c5-afe4-ccb05042da48&apn_sauid=6640A518-FD51-4C9C-A76D-C4209749E30A BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll (APN LLC.) Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Romy\AppData\Roaming\Mozilla\Firefox\Profiles\an1j06y9.default FF user.js: detected! => C:\Users\Romy\AppData\Roaming\Mozilla\Firefox\Profiles\an1j06y9.default\user.js FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF Homepage: hxxp://unterhaltung.at.msn.com/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @MoneyMillionaire/npdf - C:\ProgramData\Rabatt-Finder\FFExtension201306072049291\plugins\npdf.dll No File FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Romy\AppData\Roaming\Mozilla\Firefox\Profiles\an1j06y9.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Romy\AppData\Roaming\Mozilla\Firefox\Profiles\an1j06y9.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Romy\AppData\Roaming\Mozilla\Firefox\Profiles\an1j06y9.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Romy\AppData\Roaming\Mozilla\Firefox\Profiles\an1j06y9.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: GMX MailCheck - C:\Users\Romy\AppData\Roaming\Mozilla\Firefox\Profiles\an1j06y9.default\Extensions\toolbar@gmx.net FF Extension: GMX MailCheck - C:\Users\Romy\AppData\Roaming\Mozilla\Firefox\Profiles\an1j06y9.default\Extensions\toolbar@gmx.net.xpi FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Romy\AppData\Roaming\Mozilla\Firefox\Profiles\an1j06y9.default\Extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi FF Extension: Adblock Plus - C:\Users\Romy\AppData\Roaming\Mozilla\Firefox\Profiles\an1j06y9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF StartMenuInternet: FIREFOX.EXE - C:\Users\Romy\AppData\Local\Mozilla Firefox\firefox.exe Chrome: ======= CHR HomePage: hxxp://domredi.com/1/ CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR Extension: (YouTube) - C:\Users\Romy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0 CHR Extension: (Google Search) - C:\Users\Romy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0 CHR Extension: (MoneyMillionaire extension) - C:\Users\Romy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iapkompmljjcdangdahmcnicaoianjnf\2.7.0.0_0 CHR Extension: (Gmail) - C:\Users\Romy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1011768 2013-12-09] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.) R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-19] () S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec) R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-10-07] () S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] () R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation) R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2155848 2010-05-25] () R3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation) R3 Symantec SymSnap VSS Provider; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation) R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2010-02-11] (Symantec) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-09] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-09] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG) R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2010-02-11] (StorageCraft) S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] U2 V2iMount; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-03 18:05 - 2014-01-03 18:10 - 00031104 _____ C:\Users\Romy\Desktop\Addition.txt 2014-01-03 18:00 - 2014-01-03 18:33 - 00017348 _____ C:\Users\Romy\Desktop\FRST.txt 2014-01-03 17:57 - 2014-01-03 17:57 - 00000000 ____D C:\FRST 2014-01-03 17:56 - 2014-01-03 17:57 - 01931750 _____ (Farbar) C:\Users\Romy\Desktop\FRST64.exe 2014-01-03 17:21 - 2014-01-03 17:21 - 00007604 _____ C:\Users\Romy\AppData\Local\Resmon.ResmonCfg 2014-01-01 20:54 - 2014-01-01 20:54 - 00000000 ____D C:\Program Files\Enigma Software Group 2014-01-01 20:54 - 2014-01-01 20:54 - 00000000 _____ C:\autoexec.bat 2014-01-01 20:53 - 2014-01-02 00:17 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP 2014-01-01 20:00 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-01-01 20:00 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-01-01 20:00 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-01-01 20:00 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-01-01 20:00 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-01-01 20:00 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-01-01 20:00 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-01-01 20:00 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-01-01 20:00 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-01-01 20:00 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-01-01 20:00 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-01-01 20:00 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-01-01 20:00 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-01-01 20:00 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-01-01 20:00 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-01-01 20:00 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-01-01 20:00 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-01-01 20:00 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-01-01 20:00 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-01-01 20:00 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-01-01 20:00 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-01-01 20:00 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-01-01 20:00 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-01-01 20:00 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-01-01 20:00 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-01-01 20:00 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-01-01 20:00 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-01-01 20:00 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-01-01 20:00 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-01-01 20:00 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-01-01 20:00 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-01-01 18:44 - 2014-01-01 18:44 - 00001429 _____ C:\Users\Romy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-12-31 16:41 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2013-12-31 16:33 - 2013-12-31 16:33 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-12-31 16:33 - 2013-12-31 16:33 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-12-31 16:33 - 2013-12-31 16:33 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2013-12-31 16:33 - 2013-12-31 16:33 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-12-31 16:33 - 2013-12-31 16:33 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-12-31 16:33 - 2013-12-31 16:33 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-12-31 16:33 - 2013-12-31 16:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-12-31 16:27 - 2014-01-03 17:11 - 00027973 _____ C:\Windows\IE11_main.log 2013-12-31 16:26 - 2013-12-31 16:26 - 02077392 _____ (Microsoft Corporation) C:\Users\Romy\Desktop\IE11-Windows6.1.exe 2013-12-31 15:43 - 2013-12-31 15:43 - 00000000 ____D C:\Users\Romy\AppData\Roaming\Malwarebytes 2013-12-31 15:42 - 2013-12-31 15:42 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-31 15:42 - 2013-12-31 15:42 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-31 15:42 - 2013-12-31 15:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-31 15:42 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-12-31 15:41 - 2013-12-31 15:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Romy\Desktop\mbam-setup-1.75.0.1300.exe 2013-12-31 15:29 - 2013-12-31 15:29 - 00000000 ____D C:\ProgramData\AskPartnerNetwork 2013-12-31 15:29 - 2013-12-31 15:29 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork 2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Romy\AppData\Roaming\Avira 2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\ProgramData\APN 2013-12-31 15:27 - 2013-12-31 15:27 - 00002074 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-12-31 15:27 - 2013-12-31 15:27 - 00000000 ____D C:\Program Files (x86)\Avira 2013-12-31 15:27 - 2013-12-09 11:37 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-12-31 15:27 - 2013-12-09 11:37 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-31 15:27 - 2013-12-09 11:37 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-12-31 15:27 - 2013-12-09 11:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-12-31 15:26 - 2013-12-31 15:26 - 00000000 ____D C:\ProgramData\Oracle 2013-12-31 15:25 - 2013-12-31 15:25 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-12-31 15:25 - 2013-12-31 15:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-12-31 15:25 - 2013-12-31 15:25 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-12-31 15:25 - 2013-12-31 15:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-12-31 15:22 - 2013-12-31 15:23 - 00915368 _____ (Oracle Corporation) C:\Users\Romy\jxpiinstall.exe 2013-12-31 15:17 - 2013-12-31 15:26 - 129598176 _____ C:\Users\Romy\Desktop\avira_free_antivirus_de.exe 2013-12-18 13:20 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-12-18 13:20 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-12-18 13:20 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-12-18 13:20 - 2013-04-17 07:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2013-12-17 15:14 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2013-12-17 15:14 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2013-12-17 15:14 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys 2013-12-17 15:14 - 2012-08-23 15:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys 2013-12-17 15:14 - 2012-08-23 14:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll 2013-12-17 15:14 - 2012-08-23 14:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll 2013-12-17 15:14 - 2012-08-23 14:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe 2013-12-17 15:14 - 2012-08-23 14:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll 2013-12-17 15:14 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2013-12-17 15:14 - 2012-08-23 14:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll 2013-12-17 15:14 - 2012-08-23 14:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2013-12-17 15:14 - 2012-08-23 14:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll 2013-12-17 15:14 - 2012-08-23 14:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll 2013-12-17 15:14 - 2012-08-23 13:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2013-12-17 15:14 - 2012-08-23 12:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2013-12-17 15:14 - 2012-08-23 12:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2013-12-17 15:14 - 2012-08-23 12:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe 2013-12-17 15:14 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll 2013-12-17 15:14 - 2012-08-23 11:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2013-12-17 15:14 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll 2013-12-17 15:14 - 2012-08-23 11:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2013-12-17 15:14 - 2012-08-23 11:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2013-12-17 15:14 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2013-12-17 15:14 - 2012-08-23 09:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2013-12-17 15:14 - 2012-08-23 09:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2013-12-17 15:12 - 2013-01-04 07:11 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-12-17 15:11 - 2013-01-13 22:17 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-12-17 15:11 - 2013-01-13 22:17 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-12-17 15:11 - 2013-01-13 22:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-12-17 15:11 - 2013-01-13 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-12-17 15:11 - 2013-01-13 22:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-12-17 15:11 - 2013-01-13 22:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-12-17 15:11 - 2013-01-13 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-12-17 15:11 - 2013-01-13 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-12-17 15:11 - 2013-01-13 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-12-17 15:11 - 2013-01-13 21:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-12-17 15:11 - 2013-01-13 21:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-12-17 15:11 - 2013-01-13 21:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-12-17 15:11 - 2013-01-13 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-12-17 15:11 - 2013-01-13 21:31 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-12-17 15:11 - 2013-01-13 21:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-12-17 15:11 - 2013-01-13 21:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-12-17 15:11 - 2013-01-13 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-12-17 15:11 - 2013-01-13 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-12-17 15:11 - 2013-01-13 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-12-17 15:11 - 2013-01-13 21:22 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2013-12-17 15:11 - 2013-01-13 21:20 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2013-12-17 15:11 - 2013-01-13 21:09 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2013-12-17 15:11 - 2013-01-13 21:08 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2013-12-17 15:11 - 2013-01-13 20:59 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-12-17 15:11 - 2013-01-13 20:58 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2013-12-17 15:11 - 2013-01-13 20:54 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2013-12-17 15:11 - 2013-01-13 20:53 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-12-17 15:11 - 2013-01-13 20:53 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-12-17 15:11 - 2013-01-13 20:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2013-12-17 15:11 - 2013-01-13 20:49 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2013-12-17 15:11 - 2013-01-13 20:48 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2013-12-17 15:11 - 2013-01-13 20:46 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2013-12-17 15:11 - 2013-01-13 20:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2013-12-17 15:11 - 2013-01-13 20:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2013-12-17 15:11 - 2013-01-13 20:37 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2013-12-17 15:11 - 2013-01-13 20:25 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2013-12-17 15:11 - 2013-01-13 20:24 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2013-12-17 15:11 - 2013-01-13 20:24 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2013-12-17 15:11 - 2013-01-13 20:20 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2013-12-17 15:11 - 2013-01-13 20:20 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2013-12-17 15:11 - 2013-01-13 20:10 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2013-12-17 15:11 - 2013-01-13 19:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-12-17 15:11 - 2013-01-13 19:09 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2013-12-17 15:11 - 2013-01-13 18:26 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-12-17 15:11 - 2013-01-13 18:05 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2013-12-17 15:11 - 2013-01-04 07:11 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2013-12-17 15:08 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2013-12-17 15:08 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2013-12-17 15:02 - 2013-12-18 14:30 - 01594964 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-12-12 18:09 - 2013-12-31 15:25 - 00000000 ____D C:\Users\Romy\AppData\Local\Mozilla Firefox 2013-12-12 00:21 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-12-12 00:21 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-12-12 00:21 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2013-12-12 00:21 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2013-12-12 00:02 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2013-12-12 00:02 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2013-12-12 00:02 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-12-12 00:01 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-12-12 00:01 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-12-12 00:01 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2013-12-12 00:01 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2013-12-12 00:01 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-12-12 00:01 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-12-12 00:01 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2013-12-12 00:01 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2013-12-12 00:01 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-12-12 00:01 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-12-12 00:01 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2013-12-12 00:01 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2013-12-12 00:01 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2013-12-12 00:01 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys ==================== One Month Modified Files and Folders ======= 2014-01-03 18:33 - 2014-01-03 18:00 - 00017348 _____ C:\Users\Romy\Desktop\FRST.txt 2014-01-03 18:10 - 2014-01-03 18:05 - 00031104 _____ C:\Users\Romy\Desktop\Addition.txt 2014-01-03 17:59 - 2012-04-06 10:29 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-03 17:57 - 2014-01-03 17:57 - 00000000 ____D C:\FRST 2014-01-03 17:57 - 2014-01-03 17:56 - 01931750 _____ (Farbar) C:\Users\Romy\Desktop\FRST64.exe 2014-01-03 17:43 - 2009-07-14 05:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-03 17:43 - 2009-07-14 05:45 - 00017152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-03 17:38 - 2012-04-06 19:05 - 02055316 _____ C:\Windows\WindowsUpdate.log 2014-01-03 17:21 - 2014-01-03 17:21 - 00007604 _____ C:\Users\Romy\AppData\Local\Resmon.ResmonCfg 2014-01-03 17:11 - 2013-12-31 16:27 - 00027973 _____ C:\Windows\IE11_main.log 2014-01-03 17:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Registration 2014-01-03 16:53 - 2012-04-06 09:16 - 00000000 ____D C:\Users\Romy 2014-01-03 16:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-03 16:47 - 2009-07-14 05:51 - 00138984 _____ C:\Windows\setupact.log 2014-01-02 00:17 - 2014-01-01 20:53 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP 2014-01-01 20:54 - 2014-01-01 20:54 - 00000000 ____D C:\Program Files\Enigma Software Group 2014-01-01 20:54 - 2014-01-01 20:54 - 00000000 _____ C:\autoexec.bat 2014-01-01 19:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2014-01-01 18:44 - 2014-01-01 18:44 - 00001429 _____ C:\Users\Romy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-01-01 18:41 - 2010-11-21 04:47 - 01085670 _____ C:\Windows\PFRO.log 2013-12-31 20:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR 2013-12-31 20:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI 2013-12-31 20:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\tr-TR 2013-12-31 20:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sl-SI 2013-12-31 20:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-12-31 16:33 - 2013-12-31 16:33 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-12-31 16:33 - 2013-12-31 16:33 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-12-31 16:33 - 2013-12-31 16:33 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2013-12-31 16:33 - 2013-12-31 16:33 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-12-31 16:33 - 2013-12-31 16:33 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2013-12-31 16:33 - 2013-12-31 16:33 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-12-31 16:33 - 2013-12-31 16:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-12-31 16:33 - 2013-12-31 16:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2013-12-31 16:33 - 2013-12-31 16:33 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-12-31 16:26 - 2013-12-31 16:26 - 02077392 _____ (Microsoft Corporation) C:\Users\Romy\Desktop\IE11-Windows6.1.exe 2013-12-31 15:43 - 2013-12-31 15:43 - 00000000 ____D C:\Users\Romy\AppData\Roaming\Malwarebytes 2013-12-31 15:42 - 2013-12-31 15:42 - 00001117 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-12-31 15:42 - 2013-12-31 15:42 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-12-31 15:42 - 2013-12-31 15:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-12-31 15:42 - 2013-12-31 15:41 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Romy\Desktop\mbam-setup-1.75.0.1300.exe 2013-12-31 15:29 - 2013-12-31 15:29 - 00000000 ____D C:\ProgramData\AskPartnerNetwork 2013-12-31 15:29 - 2013-12-31 15:29 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork 2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\Users\Romy\AppData\Roaming\Avira 2013-12-31 15:28 - 2013-12-31 15:28 - 00000000 ____D C:\ProgramData\APN 2013-12-31 15:27 - 2013-12-31 15:27 - 00002074 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-12-31 15:27 - 2013-12-31 15:27 - 00000000 ____D C:\Program Files (x86)\Avira 2013-12-31 15:27 - 2013-05-14 21:45 - 00000000 ____D C:\ProgramData\Avira 2013-12-31 15:26 - 2013-12-31 15:26 - 00000000 ____D C:\ProgramData\Oracle 2013-12-31 15:26 - 2013-12-31 15:17 - 129598176 _____ C:\Users\Romy\Desktop\avira_free_antivirus_de.exe 2013-12-31 15:25 - 2013-12-31 15:25 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-12-31 15:25 - 2013-12-31 15:25 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-12-31 15:25 - 2013-12-31 15:25 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-12-31 15:25 - 2013-12-31 15:25 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-12-31 15:25 - 2013-12-12 18:09 - 00000000 ____D C:\Users\Romy\AppData\Local\Mozilla Firefox 2013-12-31 15:23 - 2013-12-31 15:22 - 00915368 _____ (Oracle Corporation) C:\Users\Romy\jxpiinstall.exe 2013-12-31 15:10 - 2013-12-03 13:03 - 00000000 ____D C:\ProgramData\MFAData 2013-12-31 15:05 - 2013-12-03 13:11 - 00000000 ___HD C:\$AVG 2013-12-31 15:05 - 2013-12-03 13:11 - 00000000 ____D C:\ProgramData\AVG2014 2013-12-30 18:11 - 2012-04-11 06:58 - 00000000 ____D C:\Users\Romy\AppData\Roaming\HpUpdate 2013-12-23 18:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-12-18 14:30 - 2013-12-17 15:02 - 01594964 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-12-18 14:30 - 2011-05-16 15:04 - 00699682 _____ C:\Windows\system32\perfh007.dat 2013-12-18 14:30 - 2011-05-16 15:04 - 00149790 _____ C:\Windows\system32\perfc007.dat 2013-12-18 14:29 - 2009-07-14 06:13 - 01594964 _____ C:\Windows\system32\PerfStringBackup.INI 2013-12-17 15:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK 2013-12-17 15:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\zh-HK 2013-12-15 00:21 - 2013-08-14 23:20 - 00000000 ____D C:\Windows\system32\MRT 2013-12-15 00:19 - 2011-07-18 21:31 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-12-13 12:15 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2013-12-12 17:11 - 2009-07-14 05:45 - 00366304 _____ C:\Windows\system32\FNTCACHE.DAT 2013-12-12 00:21 - 2012-04-06 14:09 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-12-10 22:01 - 2012-04-06 10:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-10 22:01 - 2012-04-06 10:29 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-10 22:01 - 2011-12-01 22:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-12-09 11:37 - 2013-12-31 15:27 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-12-09 11:37 - 2013-12-31 15:27 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-12-09 11:37 - 2013-12-31 15:27 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-12-09 11:37 - 2013-12-31 15:27 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2013-12-04 15:50 - 2012-04-06 09:16 - 00000000 ____D C:\Users\Romy\AppData\Local\VirtualStore Files to move or delete: ==================== C:\Users\Romy\jxpiinstall.exe Some content of TEMP: ==================== C:\Users\Romy\AppData\Local\Temp\avgnt.exe C:\Users\Romy\AppData\Local\Temp\Offercast_AVIRAV7_.exe C:\Users\Romy\AppData\Local\Temp\SHSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-30 18:29 ==================== End Of Log ============================ FRST Addition:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2014 Ran by Romy at 2014-01-03 18:33:35 Running from C:\Users\Romy\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft) Acronis*Disk*Director*Home (x32 Version: 11.0.216 - Acronis) Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8 - Adobe Systems Incorporated) Alcor Micro USB Card Reader (x32 Version: 1.8.1217.36096 - Alcor Micro Corp.) Alcor Micro USB Card Reader (x32 Version: 1.8.1217.36096 - Alcor Micro Corp.) Hidden Apple Application Support (x32 Version: 2.3.4 - Apple Inc.) Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.35 - Atheros Communications Inc.) Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira) Avira SearchFree Toolbar (x32 Version: 12.10.0.2951 - APN, LLC) BPM-Studio Professional v4.6 (x32 Version: - ) Conexant HD Audio (Version: 8.54.14.50 - Conexant) Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation) Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2 - Microsoft Corporation) Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2 - Microsoft Corporation) CorelDRAW Graphics Suite 12 (x32 Version: 12.0.0.458 - Corel Corporation) CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.) CyberLink Power2Go (x32 Version: 7.0.0.1327 - CyberLink Corp.) Hidden CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) CyberLink PowerDVD Copy (x32 Version: 1.5.1306 - CyberLink Corp.) Hidden CyberLink PowerRecover (x32 Version: 5.5.4125 - CyberLink Corp.) CyberLink PowerRecover (x32 Version: 5.5.4125 - CyberLink Corp.) Hidden CyberLink YouCam (x32 Version: 3.1.4013 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.1.4013 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DiMAGE Viewer (x32 Version: - ) Dolby Advanced Audio v2 (x32 Version: 7.2.7000.4 - Dolby Laboratories Inc) eMule (x32 Version: - ) Finger Sensing Pad Driver (Version: 8.8.0.5 - Sentelic) Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (x32 Version: 15.4.5722.2 - Microsoft Corporation) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Free YouTube to MP3 Converter version 3.12.2.430 (x32 Version: 3.12.2.430 - DVDVideoSoft Ltd.) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden HP Deskjet 3050A J611 series - Grundlegende Software für das Gerät (Version: 23.0.504.0 - Hewlett-Packard Co.) HP Deskjet 3050A J611 series Hilfe (x32 Version: 140.0.2.2 - Hewlett Packard) HP Update (x32 Version: 5.002.007.004 - Hewlett-Packard) Intel PROSet Wireless (Version: - ) Hidden Intel PROSet Wireless (x32 Version: - ) Hidden Intel(R) Management Engine Components (x32 Version: 7.0.0.1118 - Intel Corporation) Intel(R) Processor Graphics (x32 Version: 8.15.10.2342 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (Version: 14.01.1000 - Intel Corporation) Intel(R) Rapid Storage Technology (x32 Version: 10.1.0.1008 - Intel Corporation) Java 7 Update 45 (x32 Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java(TM) 7 Update 1 (64-bit) (Version: 7.0.10 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden KONICA_MINOLTA DiMAGE Webcam Treiber (x32 Version: 1.0.0 - ) Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (x32 Version: 15.4.5722.2 - Microsoft Corporation) LiveUpdate 3.2 (Symantec Corporation) (x32 Version: 3.2.0.68 - Symantec Corporation) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.) Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden Memeo Instant Backup (x32 Version: 4.60.0.7943 - Memeo Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1 - Mozilla) Mozilla Firefox 26.0 (x86 de) (HKCU Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 25.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) Norton Ghost (x32 Version: 15.0.1.36526 - Symantec Corporation) Opticon USB Drivers Installer (x32 Version: - ) PHotkey (x32 Version: 1.00.0040 - Pegatron Corporation) PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden QuickTime (x32 Version: 7.74.80.86 - Apple Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden ScanIT-Client 3.2 (x32 Version: - GfK Austria) SmartPCFixer 4.2 (Version: 4.2 - LionSea Software) <==== ATTENTION Sony Ericsson Update Engine (x32 Version: 2.12.5.57 - Sony Ericsson Mobile Communications AB) Sony PC Companion 2.10.053 (x32 Version: 2.10.053 - Sony) Spelling Dictionaries Support For Adobe Reader X (x32 Version: 10.0.0 - Adobe Systems Incorporated) Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (x32 Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft) Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2 - Microsoft Corporation) Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.0.1 (x32 Version: 2.0.1 - VideoLAN) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-objekt til fjernforbindelser (x32 Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (x32 Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinPcap 4.1.2 (x32 Version: 4.1.0.2001 - CACE Technologies) Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2 - Microsoft Corporation) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 25-12-2013 20:42:48 Geplanter Prüfpunkt 31-12-2013 13:58:25 Removed AVG 2014 31-12-2013 14:05:33 Removed AVG 2014 31-12-2013 14:07:16 AVG PC TuneUp 2014 wird entfernt 31-12-2013 14:08:01 AVG PC TuneUp 2014 (de-DE) wird entfernt 31-12-2013 14:24:36 Installed Java 7 Update 45 31-12-2013 15:30:51 Windows Modules Installer 01-01-2014 19:00:15 Windows Update 01-01-2014 19:53:53 Installed SpyHunter 01-01-2014 20:43:48 Removed SpyHunter 01-01-2014 20:45:28 Removed SpyHunter 01-01-2014 20:45:57 Removed SpyHunter 01-01-2014 23:04:41 Installed SpyHunter 01-01-2014 23:11:11 Removed SpyHunter 01-01-2014 23:17:03 Removed SpyHunter ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {19CADDEC-622F-4ED8-845E-AB97F3668940} - \Scheduled Update for Ask Toolbar No Task File Task: {1BE04A24-0221-4C07-9E49-4CBA62FD4D58} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {351A6645-9554-4A26-9032-41082B812576} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated) Task: {5B475969-68DD-4B79-B20F-B5C0B3E3A466} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [2011-01-12] (Hewlett-Packard) Task: {B10E5C5B-22FF-4AC1-BCEB-714CEF33733D} - \BitGuard No Task File Task: {B2FA39D7-6D8A-481D-8972-CD5B070DA5DE} - \EPUpdater No Task File Task: {F892CDB0-5CE3-4AEA-9F1D-825C922386CB} - \BrowserDefendert No Task File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2011-05-02 22:41 - 2011-05-02 22:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2011-05-02 22:41 - 2011-05-02 22:41 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2011-12-19 21:10 - 2010-11-08 14:50 - 00044032 _____ () C:\Program Files\FSP\KbdHook.dll 2011-12-19 21:10 - 2010-11-08 14:51 - 00070656 _____ () C:\Program Files\FSP\FspLib.dll 2011-12-19 21:09 - 2011-03-25 16:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2010-02-11 01:34 - 2010-02-11 01:34 - 02479096 _____ () C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapProviderx64.dll 2013-12-31 15:27 - 2013-12-09 11:37 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2011-12-19 23:47 - 2009-12-19 00:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll 2011-12-19 23:47 - 2009-12-19 00:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll 2010-08-04 00:39 - 2010-08-04 00:39 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2010-08-04 00:39 - 2010-08-04 00:39 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2013-08-17 20:14 - 2013-08-17 20:14 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\eb4812681f6ab4406053f3a1803e6da0\IsdiInterop.ni.dll 2011-12-19 23:09 - 2010-11-06 08:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2013-12-12 18:09 - 2013-12-12 18:09 - 03559024 _____ () C:\Users\Romy\AppData\Local\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/03/2014 04:47:33 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/03/2014 11:54:11 AM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/03/2014 00:40:18 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (01/03/2014 00:40:09 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (01/03/2014 00:39:56 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (01/03/2014 00:39:11 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (01/02/2014 08:38:43 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: VProSvc.exe, Version: 15.0.1.36526, Zeitstempel: 0x4b8e6c9a Name des fehlerhaften Moduls: VProSvc.exe, Version: 15.0.1.36526, Zeitstempel: 0x4b8e6c9a Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006272b ID des fehlerhaften Prozesses: 0xb54 Startzeit der fehlerhaften Anwendung: 0xVProSvc.exe0 Pfad der fehlerhaften Anwendung: VProSvc.exe1 Pfad des fehlerhaften Moduls: VProSvc.exe2 Berichtskennung: VProSvc.exe3 Error: (01/02/2014 08:38:43 PM) (Source: Norton Ghost) (User: ) Description: Fehler EC8F1780: Die Änderungen seit der letzten Sitzung können nicht ordnungsgemäß abgestimmt werden. Fehler EC8F1771: Die aktuellen Laufwerke auf diesem System können nicht aufgelistet werden. Fehler E0BB0147: Operation 'Snap Volume' ist derzeit nicht für Volume aktiviert. (UMI:V-281-3215-6016) Details: Quelle: Norton Ghost Error: (01/02/2014 08:35:59 PM) (Source: MemeoBackgroundService) (User: ) Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor) bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider) --- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args) Error: (01/02/2014 07:00:45 PM) (Source: Norton Ghost) (User: ) Description: Fehler EC8F17B7: Wiederherstellungspunkte können nicht erstellt werden für Auftrag: Arbeitsplatz-Backup. Fehler EC8F03FE: Die Eigenschaften des Auftrags können nicht gelesen werden. Fehler EC8F1F62: Externes Gerät "EXTERN" nicht gefunden. Fehler EBAB03F1: Das System kann den angegebenen Pfad nicht finden. (UMI:V-281-3215-6071) Details: Quelle: Norton Ghost System errors: ============= Error: (01/03/2014 04:48:04 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Intel(R) PROSet/Wireless Registry Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/03/2014 04:48:04 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) PROSet/Wireless Registry Service erreicht. Error: (01/03/2014 11:56:57 AM) (Source: DCOM) (User: ) Description: {7D1933CB-86F6-4A98-8628-01BE94C9A575} Error: (01/02/2014 08:38:46 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Norton Ghost" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (01/02/2014 08:38:35 PM) (Source: DCOM) (User: ) Description: {7D1933CB-86F6-4A98-8628-01BE94C9A575} Error: (01/02/2014 08:37:32 PM) (Source: DCOM) (User: ) Description: 1053SymSnapService{A62FB47E-2A72-44A7-B83D-16FB51636AAC} Error: (01/02/2014 08:37:32 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "SymSnapService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (01/02/2014 08:37:32 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SymSnapService erreicht. Error: (01/02/2014 08:36:39 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error: (01/02/2014 02:17:15 PM) (Source: DCOM) (User: ) Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 43% Total physical RAM: 4007.13 MB Available physical RAM: 2245.26 MB Total Pagefile: 8012.43 MB Available Pagefile: 5696.5 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: (Romy) (Fixed) (Total:204.3 GB) (Free:88.15 GB) NTFS Drive d: (Recover) (Fixed) (Total:50 GB) (Free:29.28 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (Platte II) (Fixed) (Total:443.23 GB) (Free:340.08 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 699 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=648 GB) - (Type=OF Extended) Partition 3: (Not Active) - (Size=50 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=1 GB) - (Type=12) ==================== End Of Log ============================ |
04.01.2014, 08:44 | #2 | |
/// the machine /// TB-Ausbilder | Funde mit Spyhunter hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
Themen zu Funde mit Spyhunter |
adblock, antivir, antivirus, auftrag, avira, browser, desktop, dllhost.exe, dvdvideosoft ltd., email, error, excel, flash player, google, helper, home, homepage, langsam, mozilla, mp3, newtab, object, plug-in, preferences, problem, registrierungsdatenbank, registry, security, software, svchost.exe, symantec, usb, windows, wsearch |