regsvr32 Fehler und einige Funde

bauk77 · 26.02.2014, 13:31

Hallo,

bekomme beim windows start immer eine "regsvr32" Fehlermeldung.

Weiters bekomme ich von avira häufig Meldungen über Funde, malwarebytes hat auch einige Fehler gefunden.
Der PC funktioniert eigentlich sonst ohne Auffälligkeiten.
Den GMER scan habe ich mit aktivierten Avira durchgeführt, deaktivieren funktionierte nicht.

lg
Marco

schrauber · 26.02.2014, 13:49

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

bauk77 · 26.02.2014, 14:24

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-02-2014
Ran by bauk at 2014-02-26 12:36:14
Running from C:\Users\bauk\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

ActiveSky Version 6 and ActiveSky Graphics (HKLM-x32\...\{6C06AC26-DBD1-46E5-9863-33E7633566E5}) (Version: 0.6.6442 - HiFi Simulation Software)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AFX Demo (HKLM-x32\...\afxdemo) (Version:  - )
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version:  - )
Avira Antivirus Suite (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.340 - Avira)
Avira SearchFree Toolbar plus Web Protection (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0202}) (Version: 12.2.2.663 - Ask Partner Network)
Ben Gurion Airport for FS2004 (HKLM-x32\...\BG9_is1) (Version:  - FSAddon)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FIFA 13 (HKLM-x32\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.8.0.0 - Electronic Arts)
FIFA 14 (HKLM-x32\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.4 - Electronic Arts)
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Free Video Flip and Rotate version 2.1.9.827 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.827 - DVDVideoSoft Ltd.)
FS Flight Keeper (HKLM-x32\...\{B7057895-A93D-44D6-B87A-D3C1FCF28E01}) (Version: 3.5.1 - Thomas Molitor & Aerosoft GmbH)
FSacars (HKLM-x32\...\{FFC78FC9-2FE6-4648-BFEB-446C61C2D61E}) (Version: 4.0 - Jose Oliveira/FSacars team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{C768E610-4DFB-4A60-A59B-71549EB7BF75}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{C818BA3A-226F-4ED0-9CEF-96A0DF300211}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICQ 8.2 (build 6870) (HKCU\...\ICQ) (Version: 8.2.6870.0 - Mail.Ru)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Level-D Simulations 767-300 (HKLM-x32\...\Level-D Simulations 767-300) (Version:  - )
Live! Cam Sync HD VF0770 Driver (1.00.02.00) (HKLM\...\Creative VF0770) (Version:  - Creative Technology Ltd.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
ODESSA My Favourite City (HKLM-x32\...\ODESSA My Favourite City) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Opera Stable 19.0.1326.63 (HKLM-x32\...\Opera 19.0.1326.63) (Version: 19.0.1326.63 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4643 - Electronic Arts, Inc.)
PMDG747_400 Queen of the Skies (HKLM-x32\...\{97679567-0095-464E-B5F2-E218A1CF3421}) (Version: 1.20.0000 - Precision Manuals Development Group)
PMDG747_400F (HKLM-x32\...\{164360E5-0AAD-48AD-8A36-3F8A859FAB6F}) (Version: 1.20.0000 - Precision Manuals Development Group)
SaveSense (HKCU\...\SaveSense) (Version:  - ) <==== ATTENTION
Shutdown Timer (HKLM\...\{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}) (Version: 3.3.4 - Sinvise Systems)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Stronghold Kingdoms (HKLM-x32\...\{D1D632A2-E249-466D-A094-B1B934D37645}_is1) (Version: 1.17 - Firefly Studios)
Studie zur Verbesserung von HP Officejet 6600 Produkten (HKLM\...\{B6B44AEB-3F57-45D7-9A89-5020135CBF90}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
TTS_Technology (HKLM-x32\...\{AC696733-F8C5-4EAD-B165-AC8AB8C2A755}) (Version: 1.0.0.0 - )
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Windows 7 Codec Pack 4.0.8 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.8 - Windows 7 Codec Pack)
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-02-19 02:36 - 00450709 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {08A068E6-DA35-4231-A550-F1872512F310} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {0A280299-E0FD-4653-A454-877631BBD65B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-12] (Google Inc.)
Task: {51768D26-44BE-46A2-B22B-27AA69036939} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {8D287E4F-FCFB-4163-9778-C449E2F32A24} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {976FAB65-A0A0-40CF-825D-FDAD9CE94ED2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {9839B24A-8266-44BF-A593-C50F7B70888F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-25] (Adobe Systems Incorporated)
Task: {A3F082A5-3D65-4E0E-AB9A-E9DB4EE7A8E4} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-10-14] ()
Task: {C078327F-A409-4DFD-8C1A-E7413AEA3B61} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-12] (Google Inc.)
Task: {EE30228B-7A96-442B-A0DE-2E5DE8582804} - System32\Tasks\SaveSense => C:\Users\bauk\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\bauk\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-09-12 15:14 - 2013-01-18 16:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-13 15:31 - 2014-02-13 15:31 - 02487808 _____ () C:\Program Files\Windows Defender\Security\Manager\SecurityManager.dll
2014-02-13 15:31 - 2014-02-13 15:31 - 02173440 _____ () C:\Program Files\Windows Defender\Security\Manager\BingDesktopCore.dll
2014-02-19 02:03 - 2014-02-18 17:30 - 00028672 _____ () C:\Users\bauk\AppData\Roaming\wincrt\wincrt.exe
2013-11-13 19:47 - 2013-10-31 11:35 - 00070880 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2013-08-29 20:36 - 2013-08-29 20:36 - 00048200 _____ () C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
2014-02-16 13:50 - 2014-02-10 10:41 - 01378144 _____ () C:\Program Files (x86)\Opera\19.0.1326.63\opera_crashreporter.exe
2014-02-26 12:32 - 2014-02-26 12:32 - 00050477 _____ () C:\Users\bauk\Downloads\Defogger.exe
2013-09-12 17:56 - 2013-10-31 19:25 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-12-05 16:15 - 2013-12-05 16:15 - 00857944 _____ () C:\Users\bauk\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
2013-11-13 19:47 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-11-13 19:47 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll
2013-11-13 19:47 - 2013-05-20 11:58 - 00620718 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll
2013-11-06 15:33 - 2013-11-06 15:33 - 00654336 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll
2014-02-14 12:29 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-02-14 12:29 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-02-14 12:29 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-02-14 12:29 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-02-14 12:29 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-16 13:50 - 2014-02-10 10:41 - 00907616 _____ () C:\Program Files (x86)\Opera\19.0.1326.63\libglesv2.dll
2014-02-16 13:50 - 2014-02-10 10:41 - 00108896 _____ () C:\Program Files (x86)\Opera\19.0.1326.63\libegl.dll
2014-02-16 13:50 - 2014-02-10 10:41 - 00890208 _____ () C:\Program Files (x86)\Opera\19.0.1326.63\ffmpegsumo.dll
2013-09-20 16:11 - 2013-09-20 16:11 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2014 00:19:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 09:27:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 09:13:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2014 10:47:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2014 09:57:18 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2014 05:52:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2014 10:49:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 10:42:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 11:32:56 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: SecurityManager.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52dd9206
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fefc04fdbc
ID des fehlerhaften Prozesses: 0x1764
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3

Error: (02/23/2014 11:32:24 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: SecurityManager.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x52dd9206
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fefc04fdbc
ID des fehlerhaften Prozesses: 0x132c
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3


System errors:
=============
Error: (02/26/2014 09:17:55 AM) (Source: AtcL001) (User: )
Description: \Device\NDMP3Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller

Error: (02/26/2014 09:17:55 AM) (Source: AtcL001) (User: )
Description: \Device\NDMP3Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller

Error: (02/26/2014 09:17:55 AM) (Source: AtcL001) (User: )
Description: \Device\NDMP3Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller

Error: (02/26/2014 09:17:55 AM) (Source: AtcL001) (User: )
Description: \Device\NDMP3Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller

Error: (02/26/2014 09:17:54 AM) (Source: AtcL001) (User: )
Description: \Device\NDMP3Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller

Error: (02/26/2014 09:17:54 AM) (Source: AtcL001) (User: )
Description: \Device\NDMP3Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller

Error: (02/26/2014 09:17:54 AM) (Source: AtcL001) (User: )
Description: \Device\NDMP3Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller

Error: (02/25/2014 03:11:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (02/25/2014 03:11:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/25/2014 03:01:04 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5


Microsoft Office Sessions:
=========================
Error: (02/26/2014 00:19:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 09:27:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 09:13:23 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2014 10:47:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2014 09:57:18 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2014 05:52:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2014 10:49:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 10:42:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 11:32:56 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4SecurityManager.dll_unloaded0.0.0.052dd9206c0000005000007fefc04fdbc176401cf30828d0689f3C:\Windows\explorer.exeSecurityManager.dlldb4ef12e-9c75-11e3-9d87-002354400a08

Error: (02/23/2014 11:32:24 AM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7601.175674d672ee4SecurityManager.dll_unloaded0.0.0.052dd9206c0000005000007fefc04fdbc132c01cf308286472528C:\Windows\explorer.exeSecurityManager.dllc871b788-9c75-11e3-9d87-002354400a08


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 4095.24 MB
Available physical RAM: 2183.09 MB
Total Pagefile: 8188.66 MB
Available Pagefile: 5765.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.59 GB) (Free:4.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (programme) (Fixed) (Total:97.66 GB) (Free:29.61 GB) NTFS
Drive e: (flightsim) (Fixed) (Total:97.66 GB) (Free:59.19 GB) NTFS
Drive f: (spiele) (Fixed) (Total:118.15 GB) (Free:96.87 GB) NTFS
Drive g: (Volume) (Fixed) (Total:118.04 GB) (Free:6.87 GB) NTFS
Drive h: (Data) (Fixed) (Total:431.65 GB) (Free:1.85 GB) NTFS
Drive i: (THE_ROLLING_STONES) (CDROM) (Total:6.76 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1A4F07A7)
Partition 1: (Active) - (Size=59 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=432 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=432 GB) - (Type=OF Extended)

==================== End Of Log ==================

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:34 on 26/02/2014 (bauk)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-02-2014
Ran by bauk (administrator) on BAUK-PC on 26-02-2014 12:35:41
Running from C:\Users\bauk\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(ICQ) C:\Users\bauk\AppData\Roaming\ICQM\icq.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\bauk\AppData\Roaming\wincrt\wincrt.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd.) C:\Windows\V0770Mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
() C:\Program Files (x86)\Opera\19.0.1326.63\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
() C:\Users\bauk\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [V0770Mon.exe] - C:\Windows\V0770Mon.exe [32884 2012-06-01] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [osk.exe] - C:\Windows\system32\osk.exe [692736 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [HP Officejet 6600 (NET)] - C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [icq] - C:\Users\bauk\AppData\Roaming\ICQM\icq.exe [29919576 2013-12-05] (ICQ)
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [YpvsPack] - regsvr32.exe
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [wincrt.exe] - C:\Users\bauk\AppData\Roaming\wincrt\wincrt.exe [28672 2014-02-18] ()
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\MountPoints2: {2371157d-4c54-11e3-852d-002354400a08} - O:\Startme.exe
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\MountPoints2: {8095202b-1c45-11e3-8731-002354400a08} - R:\autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.news.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC5A2CA9ABBAFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
SearchScopes: HKCU - DefaultScope {AA8572AD-553A-4F08-B44E-92332F72EA47} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
SearchScopes: HKCU - {AA8572AD-553A-4F08-B44E-92332F72EA47} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default
FF user.js: detected! => C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default\user.js
FF DefaultSearchEngine: Mysearchdial
FF SearchEngineOrder.1: Mysearchdial
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: softonic.com - C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default\Extensions\ffxtlbra@softonic.com [2013-11-01]
FF Extension: MySearchDial NewTab - C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2013-11-07]
FF Extension: Interval Class - C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default\Extensions\{D928476A-C251-DDF7-9978-48AAF44CE027} [2014-02-15]

Chrome: 
=======
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
CHR DefaultSearchKeyword: mysearchdial.com
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultSearchURL: hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-09-12]
CHR Extension: (Google Docs) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-12]
CHR Extension: (Google Drive) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-12]
CHR Extension: (YouTube) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-12]
CHR Extension: (Google-Suche) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-12]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-11-01]
CHR Extension: (Google Wallet) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Google Mail) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-12]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\bauk\AppData\Local\mysearchdial-speeddial.crx [2013-11-07]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\bauk\AppData\Local\mysearchdial-speeddial.crx [2013-11-07]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-07-26]
CHR HKLM-x32\...\Chrome\Extension: [pbpjplgmaeigbnpadeajipebdlihpcfn] - C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx [2013-07-26]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\bauk\AppData\Local\mysearchdial-speeddial.crx [2013-11-07]

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [910392 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)

==================== Drivers (Whitelisted) ====================

R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 V0770Vid; C:\Windows\System32\DRIVERS\V0770Vid.sys [379776 2012-06-01] (Creative Technology Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-26 12:35 - 2014-02-26 12:35 - 00019367 _____ () C:\Users\bauk\Downloads\FRST.txt
2014-02-26 12:35 - 2014-02-26 12:35 - 00000000 ____D () C:\FRST
2014-02-26 12:34 - 2014-02-26 12:35 - 02155520 _____ (Farbar) C:\Users\bauk\Downloads\FRST64.exe
2014-02-26 12:33 - 2014-02-26 12:34 - 00000470 _____ () C:\Users\bauk\Downloads\defogger_disable.log
2014-02-26 12:33 - 2014-02-26 12:33 - 00050477 _____ () C:\Users\bauk\Downloads\Defogger (1).exe
2014-02-26 12:33 - 2014-02-26 12:33 - 00000000 _____ () C:\Users\bauk\defogger_reenable
2014-02-26 12:32 - 2014-02-26 12:32 - 00050477 _____ () C:\Users\bauk\Downloads\Defogger.exe
2014-02-25 15:34 - 2014-02-02 10:28 - 100583512 _____ () C:\Users\bauk\Desktop\Tina -  Perverse Zugabe.flv
2014-02-25 13:04 - 2014-02-25 13:04 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-21 19:19 - 2014-02-21 19:19 - 03143032 _____ () C:\Users\bauk\Downloads\10c2e42a9b2011e38b890e44eb87a70a_101.mp4
2014-02-21 18:51 - 2014-02-21 18:51 - 02272845 _____ () C:\Users\bauk\Downloads\c341e04a9b1d11e3acbb0e1e4758a66e_101.mp4
2014-02-19 13:31 - 2014-02-19 13:31 - 00055994 _____ () C:\Users\bauk\Desktop\AVSCAN-20140219-124250-0F0DE2D8.LOG
2014-02-19 11:31 - 2014-02-19 11:31 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Malwarebytes
2014-02-19 11:30 - 2014-02-19 11:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300 (2).exe
2014-02-19 11:30 - 2014-02-19 11:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-19 11:30 - 2014-02-19 11:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 11:30 - 2014-02-19 11:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 11:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-19 11:28 - 2014-02-19 11:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-19 11:28 - 2014-02-19 11:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-19 02:36 - 2014-02-19 02:36 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140219-023652.backup
2014-02-19 02:36 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140219-023609.backup
2014-02-19 02:35 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140219-023544.backup
2014-02-19 02:30 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140219-023013.backup
2014-02-19 02:29 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140219-022908.backup
2014-02-19 02:03 - 2014-02-19 02:03 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\wincrt
2014-02-17 10:23 - 2013-11-27 00:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-17 10:23 - 2013-11-26 23:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-16 13:50 - 2014-02-16 13:50 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Opera Software
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\bauk\AppData\Local\Opera Software
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-16 12:07 - 2014-02-16 12:07 - 63320784 _____ (Microsoft Corporation) C:\Users\bauk\Downloads\IE11-Windows6.1-x64-de-de.exe
2014-02-16 11:54 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-16 11:54 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-16 11:54 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-16 11:54 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-16 11:54 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-16 11:54 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-16 11:54 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-16 11:54 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-16 11:54 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-16 11:54 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-16 11:54 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-16 11:54 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-16 11:54 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-16 11:54 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-16 11:54 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-16 11:54 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-16 11:54 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-02-16 11:54 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-02-16 11:54 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-02-16 11:54 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-02-16 11:54 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-02-16 11:54 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-02-16 11:54 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-02-16 11:53 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-16 11:53 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-16 11:53 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-02-16 11:53 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-02-15 15:34 - 2014-02-25 10:45 - 00000000 ____D () C:\Users\bauk\AppData\Local\YpvsPack
2014-02-14 12:29 - 2014-02-19 00:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-14 12:29 - 2014-02-14 12:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-14 12:29 - 2014-02-14 12:29 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-14 12:29 - 2014-02-14 12:29 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-14 12:29 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-02-14 12:28 - 2014-02-14 12:28 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\bauk\Desktop\spybot-2.2.exe
2014-02-14 12:24 - 2014-02-14 12:24 - 00003118 _____ () C:\Windows\System32\Tasks\{4C825E27-1EB4-45B7-8396-AA595B2A39FF}
2014-02-14 12:22 - 2014-02-14 18:44 - 00011657 _____ () C:\Users\bauk\Desktop\hijackthis.log
2014-02-14 12:21 - 2014-02-14 12:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\bauk\Desktop\HiJackThis204.exe
2014-02-13 15:30 - 2014-02-13 15:30 - 07423976 _____ () C:\Users\bauk\Desktop\x264_jan.zip
2014-02-13 15:10 - 2014-02-13 15:32 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Azureus
2014-02-13 15:10 - 2014-02-13 15:10 - 00000000 ____D () C:\ProgramData\Azureus
2014-02-13 15:02 - 2014-02-13 15:02 - 00033025 _____ () C:\Users\bauk\Desktop\Nymphomaniac Volume 1 2013.torrent
2014-02-12 15:01 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 15:01 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 15:00 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 15:00 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 15:00 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 15:00 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 15:00 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 15:00 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 15:00 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 15:00 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 15:00 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 15:00 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 15:00 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 15:00 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 15:00 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 15:00 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 15:00 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 15:00 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 15:00 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 15:00 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 15:00 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 15:00 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 15:00 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 15:00 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 15:00 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 15:00 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 15:00 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 15:00 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 15:00 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 15:00 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 15:00 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 15:00 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 15:00 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 15:00 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 15:00 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 15:00 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 15:00 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 15:00 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 15:00 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 15:00 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 15:00 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 08:19 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 08:19 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 08:19 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 08:19 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 08:19 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 08:19 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 08:19 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 08:19 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 08:19 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 08:19 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 08:19 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 08:19 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 08:19 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 08:19 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 08:19 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 08:19 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 08:19 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 08:19 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 08:19 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 08:19 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 08:19 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 08:19 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 08:19 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 08:19 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 08:19 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 08:19 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 08:19 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 08:19 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-02-26 12:35 - 2014-02-26 12:35 - 00019367 _____ () C:\Users\bauk\Downloads\FRST.txt
2014-02-26 12:35 - 2014-02-26 12:35 - 00000000 ____D () C:\FRST
2014-02-26 12:35 - 2014-02-26 12:34 - 02155520 _____ (Farbar) C:\Users\bauk\Downloads\FRST64.exe
2014-02-26 12:34 - 2014-02-26 12:33 - 00000470 _____ () C:\Users\bauk\Downloads\defogger_disable.log
2014-02-26 12:33 - 2014-02-26 12:33 - 00050477 _____ () C:\Users\bauk\Downloads\Defogger (1).exe
2014-02-26 12:33 - 2014-02-26 12:33 - 00000000 _____ () C:\Users\bauk\defogger_reenable
2014-02-26 12:33 - 2013-09-12 14:22 - 00000000 ____D () C:\Users\bauk
2014-02-26 12:32 - 2014-02-26 12:32 - 00050477 _____ () C:\Users\bauk\Downloads\Defogger.exe
2014-02-26 12:26 - 2009-07-14 05:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-26 12:26 - 2009-07-14 05:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-26 12:25 - 2013-09-12 20:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-26 12:22 - 2013-09-12 14:17 - 02036375 _____ () C:\Windows\WindowsUpdate.log
2014-02-26 12:18 - 2013-09-12 17:43 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-26 12:18 - 2013-09-12 15:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-26 12:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 12:18 - 2009-07-14 05:51 - 00056822 _____ () C:\Windows\setupact.log
2014-02-26 12:14 - 2013-10-14 20:56 - 00000322 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-02-26 12:05 - 2013-09-12 17:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-26 11:38 - 2013-12-05 22:38 - 00000288 _____ () C:\Windows\Tasks\SaveSense.job
2014-02-25 17:51 - 2013-09-12 22:21 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\vlc
2014-02-25 13:04 - 2014-02-25 13:04 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-25 13:04 - 2013-09-12 18:00 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-02-25 10:47 - 2010-11-21 04:47 - 00396562 _____ () C:\Windows\PFRO.log
2014-02-25 10:47 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-25 10:45 - 2014-02-15 15:34 - 00000000 ____D () C:\Users\bauk\AppData\Local\YpvsPack
2014-02-22 15:45 - 2013-09-12 17:51 - 00000000 ____D () C:\Users\bauk\AppData\Local\Windows Live
2014-02-22 01:43 - 2013-09-12 19:05 - 00000000 ____D () C:\ProgramData\Origin
2014-02-22 01:42 - 2013-09-26 16:17 - 00000000 ____D () C:\Users\bauk\Documents\FIFA 14
2014-02-21 23:11 - 2013-09-12 17:44 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 19:19 - 2014-02-21 19:19 - 03143032 _____ () C:\Users\bauk\Downloads\10c2e42a9b2011e38b890e44eb87a70a_101.mp4
2014-02-21 18:51 - 2014-02-21 18:51 - 02272845 _____ () C:\Users\bauk\Downloads\c341e04a9b1d11e3acbb0e1e4758a66e_101.mp4
2014-02-20 21:30 - 2013-10-25 16:54 - 00000000 ____D () C:\Users\bauk\Documents\My PSP Files
2014-02-19 16:37 - 2013-09-24 18:31 - 00000000 ____D () C:\ProgramData\Skype
2014-02-19 13:31 - 2014-02-19 13:31 - 00055994 _____ () C:\Users\bauk\Desktop\AVSCAN-20140219-124250-0F0DE2D8.LOG
2014-02-19 12:39 - 2013-09-12 14:22 - 00000000 ___RD () C:\Users\bauk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-19 12:38 - 2013-11-07 02:40 - 00000000 ____D () C:\Program Files (x86)\BatBrowse
2014-02-19 11:31 - 2014-02-19 11:31 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Malwarebytes
2014-02-19 11:30 - 2014-02-19 11:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300 (2).exe
2014-02-19 11:30 - 2014-02-19 11:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-19 11:30 - 2014-02-19 11:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 11:30 - 2014-02-19 11:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 11:28 - 2014-02-19 11:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-19 11:28 - 2014-02-19 11:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-19 02:36 - 2014-02-19 02:36 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140219-023652.backup
2014-02-19 02:03 - 2014-02-19 02:03 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\wincrt
2014-02-19 00:59 - 2014-02-14 12:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-17 20:22 - 2010-11-21 07:50 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-02-17 20:22 - 2010-11-21 07:50 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-02-17 20:22 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 19:10 - 2013-09-12 16:06 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Adobe
2014-02-16 18:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-16 13:50 - 2014-02-16 13:50 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Opera Software
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\bauk\AppData\Local\Opera Software
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-16 12:12 - 2013-12-03 23:27 - 00019232 _____ () C:\Windows\IE11_main.log
2014-02-16 12:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-16 12:07 - 2014-02-16 12:07 - 63320784 _____ (Microsoft Corporation) C:\Users\bauk\Downloads\IE11-Windows6.1-x64-de-de.exe
2014-02-15 17:42 - 2013-09-12 15:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 17:41 - 2013-09-12 15:30 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 17:40 - 2013-09-12 17:57 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-15 14:39 - 2014-01-16 18:38 - 00000000 ____D () C:\Users\bauk\Documents\FS Flight Keeper
2014-02-14 18:44 - 2014-02-14 12:22 - 00011657 _____ () C:\Users\bauk\Desktop\hijackthis.log
2014-02-14 18:43 - 2013-12-05 22:38 - 00000000 ____D () C:\Program Files (x86)\SaveSenseLive
2014-02-14 12:33 - 2014-02-14 12:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-14 12:29 - 2014-02-14 12:29 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-14 12:29 - 2014-02-14 12:29 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-14 12:28 - 2014-02-14 12:28 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\bauk\Desktop\spybot-2.2.exe
2014-02-14 12:24 - 2014-02-14 12:24 - 00003118 _____ () C:\Windows\System32\Tasks\{4C825E27-1EB4-45B7-8396-AA595B2A39FF}
2014-02-14 12:21 - 2014-02-14 12:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\bauk\Desktop\HiJackThis204.exe
2014-02-14 11:38 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-14 00:38 - 2013-12-19 12:38 - 00000154 _____ () C:\Users\bauk\AppData\Roaming\WB.CFG
2014-02-14 00:38 - 2013-12-05 22:38 - 00003224 _____ () C:\Windows\System32\Tasks\SaveSense
2014-02-13 15:32 - 2014-02-13 15:10 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Azureus
2014-02-13 15:31 - 2014-01-13 03:45 - 00000000 ____D () C:\Program Files\Sinvise Systems
2014-02-13 15:31 - 2013-12-08 01:12 - 00000000 ____D () C:\Program Files\Google
2014-02-13 15:31 - 2013-09-18 18:11 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-13 15:31 - 2013-09-12 22:13 - 00000000 ____D () C:\Program Files\HP
2014-02-13 15:31 - 2013-09-12 18:59 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-13 15:31 - 2013-09-12 18:48 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-13 15:31 - 2013-09-12 15:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-13 15:31 - 2010-11-21 08:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-02-13 15:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-02-13 15:30 - 2014-02-13 15:30 - 07423976 _____ () C:\Users\bauk\Desktop\x264_jan.zip
2014-02-13 15:10 - 2014-02-13 15:10 - 00000000 ____D () C:\ProgramData\Azureus
2014-02-12 19:34 - 2013-11-13 19:49 - 00098648 _____ () C:\Windows\DPINST.LOG
2014-02-11 17:46 - 2013-09-24 19:59 - 00008704 _____ () C:\Users\bauk\Desktop\Liga.xls
2014-02-10 23:00 - 2013-09-12 17:43 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-10 23:00 - 2013-09-12 17:43 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-06 14:05 - 2013-07-01 19:12 - 00000000 ____D () C:\Users\bauk\Desktop\Neuer Ordner (4)
2014-02-06 13:16 - 2014-02-12 15:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 15:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 15:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 15:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 15:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 15:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 15:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 15:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-12 15:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-12 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 15:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 15:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 15:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 15:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 15:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 15:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 15:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 15:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 15:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 15:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 15:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 15:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 15:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-12 15:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-12 15:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 15:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 15:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 15:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 15:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 15:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 15:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 15:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 15:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 15:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 15:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 15:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 15:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 15:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-03 14:36 - 2013-09-13 13:03 - 00000000 ____D () C:\Users\bauk\Documents\Flight Simulator-Dateien
2014-02-03 14:33 - 2014-01-25 14:09 - 00000000 ____D () C:\Users\bauk\AppData\Local\FS Flight Keeper
2014-02-02 20:04 - 2013-09-25 15:16 - 00000110 _____ () C:\Windows\AISmooth.INI
2014-02-02 17:01 - 2013-09-12 16:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information


Some content of TEMP:
====================
C:\Users\bauk\AppData\Local\Temp\avgnt.exe
C:\Users\bauk\AppData\Local\Temp\SaveSenseUpdateVer.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 01:58

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

GMER Logfile:

	Code: 

 ATTFilter

  
	GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-26 13:12:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD10EAVS-00D7B0 rev.01.01A01 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\bauk\AppData\Local\Temp\kxldqpoc.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[1288] C:\Windows\syswow64\USER32.dll!GetMenu + 412                          0000000075cc51dd 7 bytes JMP 0000000110053ac0
.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[1288] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407                     0000000075cc610b 7 bytes JMP 0000000110053c10
.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[1288] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131       0000000075ccc6c1 7 bytes JMP 0000000110053bf0
.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[1288] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199              0000000075d0fc98 7 bytes JMP 0000000110053c60
.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[1288] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52               0000000075d0fcd1 7 bytes JMP 0000000110053d30
.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[1288] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31                     0000000075d0fcf5 7 bytes JMP 0000000110053ce0
.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69               0000000075a01465 2 bytes [A0, 75]
.text    C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155              0000000075a014bb 2 bytes [A0, 75]
.text    ...                                                                                                                                       * 2
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           0000000075a01465 2 bytes [A0, 75]
.text    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          0000000075a014bb 2 bytes [A0, 75]
.text    ...                                                                                                                                       * 2
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2536] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69               0000000075a01465 2 bytes [A0, 75]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2536] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155              0000000075a014bb 2 bytes [A0, 75]
.text    ...                                                                                                                                       * 2
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2636] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69              0000000075a01465 2 bytes [A0, 75]
.text    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2636] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155             0000000075a014bb 2 bytes [A0, 75]
.text    ...                                                                                                                                       * 2
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69    0000000075a01465 2 bytes [A0, 75]
.text    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4304] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155   0000000075a014bb 2 bytes [A0, 75]
.text    ...                                                                                                                                       * 2

---- Threads - GMER 2.1 ----

Thread    [1336:1352]                                                                                                                              00000000758a7587
Thread    [1336:1380]                                                                                                                              0000000072c4c59c
Thread    [1336:1596]                                                                                                                              0000000072c4c59c
Thread    [1336:1600]                                                                                                                              0000000072c4c59c
Thread    [1336:1604]                                                                                                                              0000000072c4c59c
Thread    [1336:1616]                                                                                                                              00000000734e32fb
Thread    [1336:1628]                                                                                                                              0000000077b22e65
Thread    [1336:5456]                                                                                                                              0000000077b23e85
---- Processes - GMER 2.1 ----

Process  C:\Users\bauk\AppData\Roaming\wincrt\wincrt.exe (*** suspicious ***) @ C:\Users\bauk\AppData\Roaming\wincrt\wincrt.exe [940](2014-02-19   0000000000400000

---- EOF - GMER 2.1 ----
         
 --- --- ---

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.26.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
bauk :: BAUK-PC [Administrator]

Schutz: Aktiviert

26.02.2014 12:24:40
MBAM-log-2014-02-26 (12-30-33).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235877
Laufzeit: 4 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 12
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt.
HKCR\esrv.mysearchdialESrvc.1 (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt.
HKCR\esrv.mysearchdialESrvc (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\SaveSenseLive (PUP.Optional.SaveSense.A) -> Keine Aktion durchgeführt.
HKCU\Software\mysearchdial.com (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\SaveSenseLive (PUP.Optional.SaveSense.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense (PUP.Optional.SaveSense) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0G1N2W0E2W1L2Z -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bösartig: (hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 11
C:\Users\bauk\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\bauk\AppData\Roaming\OpenCandy\12236CBFDBD44741AAC5BBF63A10C635 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SaveSenseLive (PUP.Optional.SaveSense) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SaveSenseLive\CrashReports (PUP.Optional.SaveSense) -> Keine Aktion durchgeführt.
C:\ProgramData\SaveSenseLive (PUP.Optional.SaveSense) -> Keine Aktion durchgeführt.
C:\ProgramData\SaveSenseLive\Update (PUP.Optional.SaveSense) -> Keine Aktion durchgeführt.
C:\ProgramData\SaveSenseLive\Update\Log (PUP.Optional.SaveSense) -> Keine Aktion durchgeführt.
C:\Users\bauk\AppData\Roaming\SaveSense (PUP.Optional.SaveSense) -> Keine Aktion durchgeführt.
C:\Users\bauk\AppData\Roaming\SaveSense\UpdateProc (PUP.Optional.SaveSense) -> Keine Aktion durchgeführt.
C:\Users\bauk\AppData\Local\SaveSenseLive (PUP.Optional.SaveSense.A) -> Keine Aktion durchgeführt.
C:\Users\bauk\AppData\Local\SaveSenseLive\CrashReports (PUP.Optional.SaveSense.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 12
C:\Users\bauk\Desktop\DTLite4471-0333.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\bauk\Desktop\FreeVideoFlipAndRotate.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\bauk\Desktop\windows.7.codec.pack.v4.0.8.setup.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\bauk\AppData\Local\Temp\SaveSenseUpdateVer.exe (PUP.Optional.SaveSense.A) -> Keine Aktion durchgeführt.
C:\Users\bauk\AppData\Local\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> Keine Aktion durchgeführt.
C:\Users\bauk\AppData\Roaming\OpenCandy\12236CBFDBD44741AAC5BBF63A10C635\Setupsft_chr_p1v7.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\ProgramData\SaveSenseLive\Update\Log\SaveSenseLive.log (PUP.Optional.SaveSense) -> Keine Aktion durchgeführt.
C:\Users\bauk\AppData\Roaming\SaveSense\UpdateProc\config.dat (PUP.Optional.SaveSense) -> Keine Aktion durchgeführt.
C:\Users\bauk\AppData\Roaming\SaveSense\UpdateProc\info.dat (PUP.Optional.SaveSense) -> Keine Aktion durchgeführt.
C:\Users\bauk\AppData\Roaming\SaveSense\UpdateProc\STTL.DAT (PUP.Optional.SaveSense) -> Keine Aktion durchgeführt.
C:\Users\bauk\AppData\Roaming\SaveSense\UpdateProc\TTL.DAT (PUP.Optional.SaveSense) -> Keine Aktion durchgeführt.
C:\Users\bauk\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe (PUP.Optional.SaveSense) -> Keine Aktion durchgeführt.

(Ende)

Code:

ATTFilter


Avira Antivirus Suite
Erstellungsdatum der Reportdatei: Dienstag, 25. Februar 2014  10:40


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Marco Rubatto
Seriennummer   : 2224192775-PEPWE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : BAUK-PC

Versionsinformationen:
BUILD.DAT      : 14.0.2.286     57857 Bytes  09.12.2013 11:37:00
AVSCAN.EXE     : 14.0.2.254   1032760 Bytes  17.12.2013 12:10:17
AVSCANRC.DLL   : 14.0.2.180     62008 Bytes  17.12.2013 12:10:17
LUKE.DLL       : 14.0.2.234     65592 Bytes  17.12.2013 12:10:29
AVSCPLR.DLL    : 14.0.2.254    124472 Bytes  17.12.2013 12:10:17
AVREG.DLL      : 14.0.2.212    250424 Bytes  17.12.2013 12:10:16
avlode.dll     : 14.0.2.254    540216 Bytes  17.12.2013 12:10:12
avlode.rdf     : 14.0.3.26      58589 Bytes  11.02.2014 09:44:09
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 16:46:19
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 16:46:22
VBASE002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 16:46:24
VBASE003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 16:46:26
VBASE004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 16:46:30
VBASE005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 16:46:37
VBASE006.VDF   : 7.11.103.230  2293248 Bytes  24.09.2013 10:37:48
VBASE007.VDF   : 7.11.116.38  5485568 Bytes  28.11.2013 16:17:57
VBASE008.VDF   : 7.11.126.50  3615744 Bytes  22.01.2014 14:10:28
VBASE009.VDF   : 7.11.128.174  2030080 Bytes  03.02.2014 14:22:12
VBASE010.VDF   : 7.11.128.175     2048 Bytes  03.02.2014 14:22:12
VBASE011.VDF   : 7.11.128.176     2048 Bytes  03.02.2014 14:22:12
VBASE012.VDF   : 7.11.128.177     2048 Bytes  03.02.2014 14:22:12
VBASE013.VDF   : 7.11.128.178     2048 Bytes  03.02.2014 14:22:12
VBASE014.VDF   : 7.11.129.9    211456 Bytes  04.02.2014 15:19:49
VBASE015.VDF   : 7.11.129.163   215040 Bytes  06.02.2014 11:24:49
VBASE016.VDF   : 7.11.130.21   220672 Bytes  08.02.2014 10:21:33
VBASE017.VDF   : 7.11.130.99   230400 Bytes  10.02.2014 10:02:11
VBASE018.VDF   : 7.11.130.193   195072 Bytes  11.02.2014 09:44:08
VBASE019.VDF   : 7.11.131.53   285184 Bytes  13.02.2014 13:54:06
VBASE020.VDF   : 7.11.131.125   154624 Bytes  14.02.2014 10:43:44
VBASE021.VDF   : 7.11.131.201   194560 Bytes  15.02.2014 10:38:01
VBASE022.VDF   : 7.11.132.11   233472 Bytes  17.02.2014 18:13:09
VBASE023.VDF   : 7.11.132.80   415232 Bytes  18.02.2014 14:32:33
VBASE024.VDF   : 7.11.132.205   185344 Bytes  20.02.2014 15:58:04
VBASE025.VDF   : 7.11.133.33   291328 Bytes  22.02.2014 10:31:57
VBASE026.VDF   : 7.11.133.81   134144 Bytes  23.02.2014 21:47:36
VBASE027.VDF   : 7.11.133.143   183808 Bytes  25.02.2014 08:57:28
VBASE028.VDF   : 7.11.133.144     2048 Bytes  25.02.2014 08:57:28
VBASE029.VDF   : 7.11.133.145     2048 Bytes  25.02.2014 08:57:28
VBASE030.VDF   : 7.11.133.146     2048 Bytes  25.02.2014 08:57:28
VBASE031.VDF   : 7.11.133.148    76800 Bytes  25.02.2014 08:57:28
Engineversion  : 8.2.14.12 
AEVDF.DLL      : 8.1.3.4       102774 Bytes  12.09.2013 16:46:45
AESCRIPT.DLL   : 8.1.4.190     516478 Bytes  13.02.2014 18:54:24
AESCN.DLL      : 8.1.10.6      131447 Bytes  11.12.2013 14:42:13
AESBX.DLL      : 8.2.20.6     1331575 Bytes  13.01.2014 14:40:17
AERDL.DLL      : 8.2.0.138     704888 Bytes  02.12.2013 14:32:23
AEPACK.DLL     : 8.4.0.0       774520 Bytes  11.02.2014 14:44:14
AEOFFICE.DLL   : 8.1.2.82      205181 Bytes  18.02.2014 14:32:33
AEHEUR.DLL     : 8.1.4.918    6484346 Bytes  13.02.2014 18:54:24
AEHELP.DLL     : 8.1.27.10     266618 Bytes  22.11.2013 11:45:54
AEGEN.DLL      : 8.1.7.22      446839 Bytes  15.01.2014 15:19:35
AEEXP.DLL      : 8.4.1.204     434552 Bytes  11.02.2014 14:44:14
AEEMU.DLL      : 8.1.3.2       393587 Bytes  12.09.2013 16:46:41
AECORE.DLL     : 8.1.35.0      229753 Bytes  11.02.2014 14:44:11
AEBB.DLL       : 8.1.1.4        53619 Bytes  12.09.2013 16:46:41
AVWINLL.DLL    : 14.0.2.180     23608 Bytes  17.12.2013 12:10:06
AVPREF.DLL     : 14.0.2.180     48696 Bytes  17.12.2013 12:10:16
AVREP.DLL      : 14.0.2.180    175672 Bytes  17.12.2013 12:10:16
AVARKT.DLL     : 14.0.2.254    256056 Bytes  17.12.2013 12:10:10
AVEVTLOG.DLL   : 14.0.2.180    165944 Bytes  17.12.2013 12:10:11
SQLITE3.DLL    : 3.7.0.1       394808 Bytes  31.10.2013 18:25:40
AVSMTP.DLL     : 14.0.2.180     60472 Bytes  17.12.2013 12:10:17
NETNT.DLL      : 14.0.2.180     13368 Bytes  17.12.2013 12:10:29
RCIMAGE.DLL    : 14.0.2.180   4784696 Bytes  17.12.2013 12:10:06
RCTEXT.DLL     : 14.0.2.270     73272 Bytes  17.12.2013 12:10:06

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_530c5b0d\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig

Beginn des Suchlaufs: Dienstag, 25. Februar 2014  10:40

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '156' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '177' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'ScanToPCActivationApp.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'icq.exe' - '161' Modul(e) wurden durchsucht
  Modul ist OK -> <C:\Users\bauk\AppData\Roaming\ICQM\icq.exe>
  [HINWEIS]   Prozess 'icq.exe' wurde beendet
  Modul ist infiziert -> <C:\Users\bauk\AppData\Local\YpvsPack\FWLaunch.dll>
  [FUND]      Ist das Trojanische Pferd TR/Kazy.queimneab
  [HINWEIS]   Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanion.exe' - '129' Modul(e) wurden durchsucht
  Modul ist OK -> <C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe>
  [HINWEIS]   Prozess 'PCCompanion.exe' wurde beendet
  Modul ist infiziert -> <C:\Users\bauk\AppData\Local\YpvsPack\FWLaunch.dll>
  [FUND]      Ist das Trojanische Pferd TR/Kazy.queimneab
  [HINWEIS]   Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
Durchsuche Prozess 'regsvr32.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'wincrt.exe' - '74' Modul(e) wurden durchsucht
  Modul ist OK -> <C:\Users\bauk\AppData\Roaming\wincrt\wincrt.exe>
  [HINWEIS]   Prozess 'wincrt.exe' wurde beendet
  Modul ist infiziert -> <C:\Users\bauk\AppData\Local\YpvsPack\FWLaunch.dll>
  [FUND]      Ist das Trojanische Pferd TR/Kazy.queimneab
  [HINWEIS]   Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
Durchsuche Prozess 'UpdateChecker.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'regsvr32.exe' - '64' Modul(e) wurden durchsucht
  Modul ist OK -> <C:\Windows\SysWOW64\regsvr32.exe>
  [HINWEIS]   Prozess 'regsvr32.exe' wurde beendet
  Modul ist infiziert -> <C:\Users\bauk\AppData\Local\YpvsPack\FWLaunch.dll>
  [FUND]      Ist das Trojanische Pferd TR/Kazy.queimneab
  [HINWEIS]   Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
Durchsuche Prozess 'mbamscheduler.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '106' Modul(e) wurden durchsucht
  Modul ist OK -> <C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe>
  [HINWEIS]   Prozess 'avgnt.exe' wurde beendet
  Modul ist infiziert -> <C:\Users\bauk\AppData\Local\YpvsPack\FWLaunch.dll>
  [FUND]      Ist das Trojanische Pferd TR/Kazy.queimneab
  [HINWEIS]   Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
Durchsuche Prozess 'hpwuschd2.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'V0770Mon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCCompanionInfo.exe' - '53' Modul(e) wurden durchsucht
  Modul ist OK -> <C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe>
  [HINWEIS]   Prozess 'PCCompanionInfo.exe' wurde beendet
  Modul ist infiziert -> <C:\Users\bauk\AppData\Local\YpvsPack\FWLaunch.dll>
  [FUND]      Ist das Trojanische Pferd TR/Kazy.queimneab
  [HINWEIS]   Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
Durchsuche Prozess 'mbamservice.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDTray.exe' - '107' Modul(e) wurden durchsucht
  Modul ist OK -> <C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe>
  [HINWEIS]   Prozess 'SDTray.exe' wurde beendet
  Modul ist infiziert -> <C:\Users\bauk\AppData\Local\YpvsPack\FWLaunch.dll>
  [FUND]      Ist das Trojanische Pferd TR/Kazy.queimneab
  [HINWEIS]   Für die abschliessende Reparatur wird ein Neustart des Computers eingeleitet.
Durchsuche Prozess 'SDFSSvc.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '42' Modul(e) wurden durchsucht
  Modul ist OK -> <C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe>
  [HINWEIS]   Prozess 'mbamgui.exe' wurde beendet
  Modul ist infiziert -> <C:\Users\bauk\AppData\Local\YpvsPack\FWLaunch.dll>
  [FUND]      Ist das Trojanische Pferd TR/Kazy.queimneab
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '11adc042.qua' verschoben!
Durchsuche Prozess 'nvtray.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDUpdSvc.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWSCSvc.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPNetworkCommunicator.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'IEXPLORE.EXE' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'osk.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'IEXPLORE.EXE' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'opera.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'opera_crashreporter.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'opera.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'opera.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'opera.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'opera.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'opera.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3804239024-788253240-2279899610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YpvsPack> wurde erfolgreich repariert.

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Users\bauk\AppData\Local\YpvsPack\FWLaunch.dll
  [FUND]      Ist das Trojanische Pferd TR/Kazy.queimneab
  [HINWEIS]   Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
  [HINWEIS]   Die Datei existiert nicht!
  [HINWEIS]   Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3804239024-788253240-2279899610-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YpvsPack> wurde erfolgreich repariert.


Ende des Suchlaufs: Dienstag, 25. Februar 2014  10:45
Benötigte Zeit: 05:18 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
   3526 Dateien wurden geprüft
      2 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
   3524 Dateien ohne Befall
     55 Archive wurden durchsucht
      0 Warnungen
     17 Hinweise

schrauber · 27.02.2014, 12:01

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

bauk77 · 27.02.2014, 13:41

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 14-02-24.02 - bauk 27.02.2014  13:22:31.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2437 [GMT 1:00]
ausgeführt von:: c:\users\bauk\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SaveSenseLive
c:\programdata\SaveSenseLive
c:\programdata\SaveSenseLive\Update\Log\SaveSenseLive.log
c:\users\bauk\AppData\Local\Microsoft\Windows\Temporary Internet Files\BatBrowse_iels
c:\users\bauk\AppData\Roaming\SaveSense
c:\users\bauk\AppData\Roaming\SaveSense\UpdateProc\config.dat
c:\users\bauk\AppData\Roaming\SaveSense\UpdateProc\info.dat
c:\users\bauk\AppData\Roaming\SaveSense\UpdateProc\STTL.DAT
c:\users\bauk\AppData\Roaming\SaveSense\UpdateProc\TTL.DAT
c:\users\bauk\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe
c:\windows\iun6002.exe
c:\windows\SysWow64\ijl11.dll
H:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-01-27 bis 2014-02-27  ))))))))))))))))))))))))))))))
.
.
2014-02-27 12:30 . 2014-02-27 12:30	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-02-27 12:30 . 2014-02-27 12:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-02-27 12:28 . 2014-02-27 12:28	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{40EB1C03-606F-43C4-9E82-562104587961}\offreg.dll
2014-02-26 13:23 . 2014-01-09 02:22	5694464	----a-w-	c:\windows\SysWow64\mstscax.dll
2014-02-26 13:23 . 2014-01-03 22:44	6574592	----a-w-	c:\windows\system32\mstscax.dll
2014-02-26 11:35 . 2014-02-26 11:36	--------	d-----w-	C:\FRST
2014-02-25 12:04 . 2014-02-25 12:04	--------	d-----w-	c:\program files\Windows Live
2014-02-25 09:03 . 2014-02-06 09:01	10536864	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{40EB1C03-606F-43C4-9E82-562104587961}\mpengine.dll
2014-02-19 14:37 . 2014-02-19 14:37	83519	----a-w-	c:\program files\Windows Defender\Security\Manager\temp\tmp2119.exe
2014-02-19 10:31 . 2014-02-19 10:31	--------	d-----w-	c:\users\bauk\AppData\Roaming\Malwarebytes
2014-02-19 10:30 . 2014-02-19 10:30	--------	d-----w-	c:\programdata\Malwarebytes
2014-02-19 10:30 . 2014-02-19 10:30	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-19 10:30 . 2013-04-04 13:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-02-19 01:03 . 2014-02-19 01:03	--------	d-----w-	c:\users\bauk\AppData\Roaming\wincrt
2014-02-16 12:50 . 2014-02-16 12:50	--------	d-----w-	c:\users\bauk\AppData\Local\Opera Software
2014-02-16 12:50 . 2014-02-16 12:50	--------	d-----w-	c:\users\bauk\AppData\Roaming\Opera Software
2014-02-16 12:50 . 2014-02-16 12:50	--------	d-----w-	c:\program files (x86)\Opera
2014-02-16 10:53 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2014-02-16 10:53 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-02-16 10:53 . 2013-09-25 02:23	1030144	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-02-16 10:53 . 2013-09-25 01:57	792576	----a-w-	c:\windows\SysWow64\TSWorkspace.dll
2014-02-15 14:34 . 2014-02-25 09:45	--------	d-----w-	c:\users\bauk\AppData\Local\YpvsPack
2014-02-14 11:29 . 2013-09-20 09:49	21040	----a-w-	c:\windows\system32\sdnclean64.exe
2014-02-14 11:29 . 2014-02-18 23:59	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2014-02-14 11:29 . 2014-02-14 11:33	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2014-02-13 14:31 . 2014-02-13 14:31	2173440	----a-w-	c:\program files\Windows Defender\Security\Manager\BingDesktopCore.dll
2014-02-13 14:10 . 2014-02-13 14:10	--------	d-----w-	c:\programdata\Azureus
2014-02-13 14:10 . 2014-02-13 14:32	--------	d-----w-	c:\users\bauk\AppData\Roaming\Azureus
2014-02-12 14:01 . 2013-12-21 09:53	548864	----a-w-	c:\windows\system32\vbscript.dll
2014-02-12 14:01 . 2013-12-21 08:56	454656	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-02-12 07:19 . 2013-12-04 02:27	485888	----a-w-	c:\windows\system32\secproc_isv.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-15 16:41 . 2013-09-12 14:30	88567024	----a-w-	c:\windows\system32\MRT.exe
2014-01-25 16:58 . 2013-09-12 19:31	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-25 16:58 . 2013-09-12 19:31	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-18 05:13 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
2013-12-17 12:10 . 2013-09-12 16:56	84720	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-12-17 12:10 . 2013-09-12 16:56	131576	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-12-17 12:10 . 2013-09-12 16:56	108440	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-12-03 22:29 . 2013-12-03 22:29	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 22:29 . 2013-12-03 22:29	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-12-03 22:29 . 2013-12-03 22:29	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 22:29 . 2013-12-03 22:29	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2013-12-03 22:29 . 2013-12-03 22:29	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-12-03 22:29 . 2013-12-03 22:29	34816	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 22:29 . 2013-12-03 22:29	235008	----a-w-	c:\windows\system32\elshyph.dll
2013-12-03 22:29 . 2013-12-03 22:29	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2013-12-03 22:29 . 2013-12-03 22:28	337408	----a-w-	c:\windows\SysWow64\html.iec
2013-12-03 22:28 . 2013-12-03 22:28	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 22:28 . 2013-12-03 22:28	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-12-03 22:28 . 2013-12-03 22:28	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-12-03 22:28 . 2013-12-03 22:28	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-12-03 22:28 . 2013-12-03 22:28	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2013-12-03 22:28 . 2013-12-03 22:28	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2013-12-03 22:28 . 2013-12-03 22:28	1051136	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 22:28 . 2013-12-03 22:28	942592	----a-w-	c:\windows\system32\jsIntl.dll
2013-12-03 22:28 . 2013-12-03 22:28	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 22:28 . 2013-12-03 22:28	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-12-03 22:28 . 2013-12-03 22:28	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 22:28 . 2013-12-03 22:28	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-12-03 22:28 . 2013-12-03 22:28	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 22:28 . 2013-12-03 22:28	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2013-12-03 22:28 . 2013-12-03 22:28	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-12-03 22:28 . 2013-12-03 22:28	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-12-03 22:28 . 2013-12-03 22:28	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-12-03 22:28 . 2013-12-03 22:28	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2013-12-03 22:28 . 2013-12-03 22:28	413696	----a-w-	c:\windows\system32\html.iec
2013-12-03 22:28 . 2013-12-03 22:28	40448	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 22:28 . 2013-12-03 22:28	296960	----a-w-	c:\windows\system32\dxtrans.dll
2013-12-03 22:28 . 2013-12-03 22:28	247808	----a-w-	c:\windows\system32\msls31.dll
2013-12-03 22:28 . 2013-12-03 22:28	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2013-12-03 22:28 . 2013-12-03 22:28	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-12-03 22:28 . 2013-12-03 22:28	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 22:28 . 2013-12-03 22:28	105984	----a-w-	c:\windows\system32\iesysprep.dll
2013-12-03 22:28 . 2013-12-03 22:28	84992	----a-w-	c:\windows\system32\mshtmled.dll
2013-12-03 22:28 . 2013-12-03 22:28	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2013-12-03 22:28 . 2013-12-03 22:28	81408	----a-w-	c:\windows\system32\icardie.dll
2013-12-03 22:28 . 2013-12-03 22:28	774144	----a-w-	c:\windows\system32\jscript.dll
2013-12-03 22:28 . 2013-12-03 22:28	62464	----a-w-	c:\windows\system32\pngfilt.dll
2013-12-03 22:28 . 2013-12-03 22:28	48128	----a-w-	c:\windows\system32\imgutil.dll
2013-12-03 22:28 . 2013-12-03 22:28	30208	----a-w-	c:\windows\system32\licmgr10.dll
2013-12-03 22:28 . 2013-12-03 22:28	263376	----a-w-	c:\windows\system32\iedkcs32.dll
2013-12-03 22:28 . 2013-12-03 22:28	243200	----a-w-	c:\windows\system32\webcheck.dll
2013-12-03 22:28 . 2013-12-03 22:28	235520	----a-w-	c:\windows\system32\url.dll
2013-12-03 22:28 . 2013-12-03 22:28	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-12-03 22:28 . 2013-12-03 22:28	147968	----a-w-	c:\windows\system32\occache.dll
2013-12-03 22:28 . 2013-12-03 22:28	143872	----a-w-	c:\windows\system32\wextract.exe
2013-12-03 22:28 . 2013-12-03 22:28	13824	----a-w-	c:\windows\system32\mshta.exe
2013-12-03 22:28 . 2013-12-03 22:28	135680	----a-w-	c:\windows\system32\iepeers.dll
2013-12-03 22:28 . 2013-12-03 22:28	1228800	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-12-03 22:28 . 2013-12-03 22:28	101376	----a-w-	c:\windows\system32\inseng.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-07-26 20:30	12240	----a-w-	c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-07-26 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]
"icq"="c:\users\bauk\AppData\Roaming\ICQM\icq.exe" [2013-12-05 29919576]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-10-31 449760]
"YpvsPack"="regsvr32.exe" [2009-07-14 14848]
"wincrt.exe"="c:\users\bauk\AppData\Roaming\wincrt\wincrt.exe" [2014-02-18 28672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"V0770Mon.exe"="c:\windows\V0770Mon.exe" [2012-06-01 32884]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"osk.exe"="osk.exe" [2009-07-14 646144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2013-8-29 48200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;d:\program files (x86)\Skype\Updater\Updater.exe;d:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys;c:\windows\SYSNATIVE\DRIVERS\l160x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 V0770Vid;Live! Cam Sync HD VF0770 Driver;c:\windows\system32\DRIVERS\V0770Vid.sys;c:\windows\SYSNATIVE\DRIVERS\V0770Vid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-21 22:06	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-12 16:58]
.
2014-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-12 16:43]
.
2014-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-12 16:43]
.
2014-02-27 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-10-14 19:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1SecurityInfoIcons]
@="{C0CEFF27-08AD-4E60-BF47-4AEE8FEB381A}"
[HKEY_CLASSES_ROOT\CLSID\{C0CEFF27-08AD-4E60-BF47-4AEE8FEB381A}]
2014-02-13 14:31	2487808	----a-w-	c:\program files\Windows Defender\Security\Manager\SecurityManager.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.news.at/
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default\
FF - ExtSQL: !HIDDEN! 1970-05-29 12:56; {D928476A-C251-DDF7-9978-48AAF44CE027}; - 
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=d0fcdd57000000000000002354400a08&q=
FF - user.js: extensions.Softonic.id - d0fcdd57000000000000002354400a08
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 16010
FF - user.js: extensions.Softonic.vrsn - 1.8.21.14
FF - user.js: extensions.Softonic.vrsni - 1.8.21.14
FF - user.js: extensions.Softonic.vrsnTs - 1.8.21.147:50
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - OC
FF - user.js: extensions.Softonic.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - opencandy2013
FF - user.js: extensions.Softonic.instlRef - MOY00621
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.ffxUnstlRst - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - false
FF - user.js: extensions.Softonic.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=d0fcdd57000000000000002354400a08
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.dnsErr - true
FF - user.js: extensions.Softonic.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=d0fcdd57000000000000002354400a08
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=&q=
FF - user.js: extensions.mysearchdial.id - 002354400A08DD57
FF - user.js: extensions.mysearchdial.instlDay - 16016
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.02:40
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd103
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 
FF - user.js: extensions.mysearchdial.dfltLng - 
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 699734266
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA
FF - user.js: extensions.irmysearch.aflt - irmsd103
FF - user.js: extensions.irmysearch.instlRef - 
FF - user.js: extensions.irmysearch.cr - 699734266
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-afxdemo - c:\windows\iun6002.exe
AddRemove-UltimateTraffic13 - c:\windows\iun6002.exe
AddRemove-SaveSense - c:\users\bauk\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3804239024-788253240-2279899610-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3804239024-788253240-2279899610-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-02-27  13:33:52
ComboFix-quarantined-files.txt  2014-02-27 12:33
.
Vor Suchlauf: 4.859.318.272 Bytes frei
Nach Suchlauf: 5.349.888.000 Bytes frei
.
- - End Of File - - C14AE6F025D1A4B23F4A218179E54D9E
         
 --- --- ---
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 28.02.2014, 13:59

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

bauk77 · 28.02.2014, 15:44

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.28.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
bauk :: BAUK-PC [Administrator]

Schutz: Deaktiviert

28.02.2014 15:05:55
mbam-log-2014-02-28 (15-05-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 242349
Laufzeit: 4 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 11
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.mysearchdialESrvc.1 (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.mysearchdialESrvc (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\SaveSenseLive (PUP.Optional.SaveSense.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\mysearchdial.com (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\SaveSenseLive (PUP.Optional.SaveSense.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0G1N2W0E2W1L2Z -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bösartig: (hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 4
C:\Users\bauk\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\bauk\AppData\Roaming\OpenCandy\12236CBFDBD44741AAC5BBF63A10C635 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\bauk\AppData\Local\SaveSenseLive (PUP.Optional.SaveSense.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\bauk\AppData\Local\SaveSenseLive\CrashReports (PUP.Optional.SaveSense.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 5
C:\Users\bauk\Desktop\DTLite4471-0333.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\bauk\Desktop\FreeVideoFlipAndRotate.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\bauk\Desktop\windows.7.codec.pack.v4.0.8.setup.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\bauk\AppData\Local\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\bauk\AppData\Roaming\OpenCandy\12236CBFDBD44741AAC5BBF63A10C635\Setupsft_chr_p1v7.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.020 - Bericht erstellt am 28/02/2014 um 15:18:12
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : bauk - BAUK-PC
# Gestartet von : C:\Users\bauk\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\BatBrowse
Ordner Gelöscht : C:\Users\bauk\AppData\LocalLow\Mysearchdial
Ordner Gelöscht : C:\Users\bauk\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
Ordner Gelöscht : C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default\Extensions\ffxtlbra@softonic.com
Datei Gelöscht : C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default\searchplugins\softonic.xml
Datei Gelöscht : C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default\user.js
Datei Gelöscht : C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{33333333-F789-11CE-86F8-0020AFD8C6DB}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SoftonicToolbar

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Mysearchdial");
Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.Softonic.admin", false);
Zeile gelöscht : user_pref("extensions.Softonic.aflt", "OC");
Zeile gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.cntry", "AT");
Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.Softonic.dnsErr", true);
Zeile gelöscht : user_pref("extensions.Softonic.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,182856413[...]
Zeile gelöscht : user_pref("extensions.Softonic.dspFFXOld", "");
Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Zeile gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.Softonic.hdrMd5", "5A81D7C65424FB9B4401A382A4901935");
Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true);
Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=d0fcdd57000000000000002354400a08");
Zeile gelöscht : user_pref("extensions.Softonic.hpFFXOld", "hxxp://go.microsoft.com/fwlink/?LinkId=69157");
Zeile gelöscht : user_pref("extensions.Softonic.id", "d0fcdd57000000000000002354400a08");
Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "16010");
Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00621");
Zeile gelöscht : user_pref("extensions.Softonic.lastB", "hxxp://go.microsoft.com/fwlink/?LinkId=69157");
Zeile gelöscht : user_pref("extensions.Softonic.lastVrsnTs", "1.8.21.147:50:49");
Zeile gelöscht : user_pref("extensions.Softonic.newTab", true);
Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=d0fcdd57000000000000002354400a08");
Zeile gelöscht : user_pref("extensions.Softonic.pnu_opencandy2013", "{\"newVrsn\":\"3\",\"lastVrsn\":\"3\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Zeile gelöscht : user_pref("extensions.Softonic.rvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.sg", "none");
Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Zeile gelöscht : user_pref("extensions.Softonic.storage\\mpvfloatingwindmutex", "Sun Nov 24 2013 15:51:46 GMT+0100");
Zeile gelöscht : user_pref("extensions.Softonic.storage\\storage\\mpvfloatingwindmutex", "596131650690173@@@Thu Jan 01 1970 01:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.Softonic.storage\\storage\\mpvinpagemutex", "19c67e4130e7efd1a10063fd8c01814a@@@Tue Jan 28 2014 16:16:58 GMT+0100");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "opencandy2013");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=d0fcdd57000000000000002354400a08&q=");
Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.21.147:50:49");
Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.enabledAddons", "ffxtlbra%40softonic.com:1.6.0,%7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3,%7BD928476A-C251-DDF7-9978-48AAF44CE027%7D:3.0.4,%7B972ce4c6-7e08-4474-a285-320819[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "irmsd103");
Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");
Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "AT");
Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "699734266");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "218D9A6ABEF996AA7CB301CE49D487E1");
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.id", "002354400A08DD57");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16016");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.02:40:39");
Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"81\",\"lastVrsn\":\"81\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.02:40:39");

[ Datei : C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Mysearchdial");

-\\ Google Chrome v33.0.1750.117

[ Datei : C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : keyword

*************************

AdwCleaner[R0].txt - [10909 octets] - [28/02/2014 15:16:38]
AdwCleaner[S0].txt - [10366 octets] - [28/02/2014 15:18:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10427 octets] ##########

--- --- ---

[/CODE]

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by bauk on 28.02.2014 at 15:25:45,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AA8572AD-553A-4F08-B44E-92332F72EA47}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"



~~~ FireFox

Emptied folder: C:\Users\bauk\AppData\Roaming\mozilla\firefox\profiles\54q08z2s.default\minidumps [40 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\bauk\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.02.2014 at 15:37:09,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-02-2014
Ran by bauk (administrator) on BAUK-PC on 28-02-2014 15:40:40
Running from C:\Users\bauk\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(ICQ) C:\Users\bauk\AppData\Roaming\ICQM\icq.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Users\bauk\AppData\Roaming\wincrt\wincrt.exe
(Microsoft) C:\Users\bauk\AppData\Roaming\Adobe\WmiPrv\WmiPrvSE.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd.) C:\Windows\V0770Mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
() C:\Program Files (x86)\Opera\19.0.1326.63\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [V0770Mon.exe] - C:\Windows\V0770Mon.exe [32884 2012-06-01] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [osk.exe] - C:\Windows\system32\osk.exe [692736 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [HP Officejet 6600 (NET)] - C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [icq] - C:\Users\bauk\AppData\Roaming\ICQM\icq.exe [29919576 2013-12-05] (ICQ)
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [YpvsPack] - regsvr32.exe
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [wincrt.exe] - C:\Users\bauk\AppData\Roaming\wincrt\wincrt.exe [28672 2014-02-18] ()
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [WmiPrv] - C:\Users\bauk\AppData\Roaming\Adobe\WmiPrv\WmiPrvSE.exe [580096 2014-02-28] (Microsoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.news.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC5A2CA9ABBAFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Interval Class - C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default\Extensions\{D928476A-C251-DDF7-9978-48AAF44CE027} [2014-02-15]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultSearchURL: hxxp://www.google.com
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-12]
CHR Extension: (Google Drive) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-12]
CHR Extension: (YouTube) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-12]
CHR Extension: (Google-Suche) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-12]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-11-01]
CHR Extension: (Google Wallet) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Google Mail) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-12]
CHR HKLM-x32\...\Chrome\Extension: [pbpjplgmaeigbnpadeajipebdlihpcfn] - C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx [2013-09-12]

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [910392 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)

==================== Drivers (Whitelisted) ====================

R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 V0770Vid; C:\Windows\System32\DRIVERS\V0770Vid.sys [379776 2012-06-01] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-28 15:40 - 2014-02-28 15:40 - 02155520 _____ (Farbar) C:\Users\bauk\Downloads\FRST64 (1).exe
2014-02-28 15:37 - 2014-02-28 15:37 - 00001338 _____ () C:\Users\bauk\Desktop\JRT.txt
2014-02-28 15:25 - 2014-02-28 15:25 - 00000000 ____D () C:\Windows\ERUNT
2014-02-28 15:23 - 2014-02-28 15:23 - 01037734 _____ (Thisisu) C:\Users\bauk\Downloads\JRT (1).exe
2014-02-28 15:23 - 2014-02-28 15:23 - 01037734 _____ (Thisisu) C:\Users\bauk\Desktop\JRT.exe
2014-02-28 15:21 - 2014-02-28 15:21 - 00010516 _____ () C:\Users\bauk\Desktop\AdwCleaner[S0].txt
2014-02-28 15:16 - 2014-02-28 15:18 - 00000000 ____D () C:\AdwCleaner
2014-02-28 15:14 - 2014-02-28 15:14 - 01244192 _____ () C:\Users\bauk\Desktop\adwcleaner.exe
2014-02-27 13:33 - 2014-02-27 13:33 - 00027506 _____ () C:\ComboFix.txt
2014-02-27 13:20 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-27 13:20 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-27 13:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-27 13:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-27 13:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-27 13:20 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-27 13:20 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-27 13:20 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-27 13:18 - 2014-02-27 13:33 - 00000000 ____D () C:\Qoobox
2014-02-27 13:18 - 2014-02-27 13:32 - 00000000 ____D () C:\Windows\erdnt
2014-02-27 12:17 - 2014-02-27 12:18 - 05185084 ____R (Swearware) C:\Users\bauk\Desktop\ComboFix.exe
2014-02-26 14:23 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-26 14:23 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-26 13:27 - 2014-02-26 13:27 - 00033076 _____ () C:\Users\bauk\Desktop\AVSCAN-20140225-104012-967E5176.LOG
2014-02-26 13:26 - 2014-02-26 13:26 - 00023652 _____ () C:\Users\bauk\Desktop\AVSCAN-20140225-111912-2CD8CB8A.LOG
2014-02-26 13:12 - 2014-02-26 13:12 - 00005658 _____ () C:\Users\bauk\Desktop\gmerscanavira.log
2014-02-26 12:57 - 2014-02-26 12:57 - 00000000 _____ () C:\Users\bauk\Desktop\gmerscan.log
2014-02-26 12:45 - 2014-02-26 12:45 - 00380416 _____ () C:\Users\bauk\Downloads\Gmer-19357.exe
2014-02-26 12:36 - 2014-02-26 12:40 - 00026042 _____ () C:\Users\bauk\Desktop\Addition.txt
2014-02-26 12:35 - 2014-02-28 15:40 - 00015579 _____ () C:\Users\bauk\Desktop\FRST.txt
2014-02-26 12:35 - 2014-02-28 15:40 - 00000000 ____D () C:\FRST
2014-02-26 12:34 - 2014-02-26 12:35 - 02155520 _____ (Farbar) C:\Users\bauk\Desktop\FRST64.exe
2014-02-26 12:33 - 2014-02-26 12:34 - 00000470 _____ () C:\Users\bauk\Desktop\defogger_disable.log
2014-02-26 12:33 - 2014-02-26 12:33 - 00050477 _____ () C:\Users\bauk\Downloads\Defogger (1).exe
2014-02-26 12:33 - 2014-02-26 12:33 - 00000000 _____ () C:\Users\bauk\defogger_reenable
2014-02-26 12:32 - 2014-02-26 12:32 - 00050477 _____ () C:\Users\bauk\Downloads\Defogger.exe
2014-02-25 13:04 - 2014-02-25 13:04 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-21 19:19 - 2014-02-21 19:19 - 03143032 _____ () C:\Users\bauk\Downloads\10c2e42a9b2011e38b890e44eb87a70a_101.mp4
2014-02-21 18:51 - 2014-02-21 18:51 - 02272845 _____ () C:\Users\bauk\Downloads\c341e04a9b1d11e3acbb0e1e4758a66e_101.mp4
2014-02-19 13:31 - 2014-02-19 13:31 - 00055994 _____ () C:\Users\bauk\Desktop\AVSCAN-20140219-124250-0F0DE2D8.LOG
2014-02-19 11:31 - 2014-02-19 11:31 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Malwarebytes
2014-02-19 11:30 - 2014-02-19 11:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300 (2).exe
2014-02-19 11:30 - 2014-02-19 11:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-19 11:30 - 2014-02-19 11:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 11:30 - 2014-02-19 11:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 11:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-19 11:28 - 2014-02-19 11:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-19 11:28 - 2014-02-19 11:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-19 02:36 - 2014-02-19 02:36 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140219-023652.backup
2014-02-19 02:36 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140219-023609.backup
2014-02-19 02:35 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140219-023544.backup
2014-02-19 02:30 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140219-023013.backup
2014-02-19 02:29 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140219-022908.backup
2014-02-19 02:03 - 2014-02-19 02:03 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\wincrt
2014-02-16 13:50 - 2014-02-16 13:50 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Opera Software
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\bauk\AppData\Local\Opera Software
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-16 12:07 - 2014-02-16 12:07 - 63320784 _____ (Microsoft Corporation) C:\Users\bauk\Downloads\IE11-Windows6.1-x64-de-de.exe
2014-02-16 11:54 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-16 11:54 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-16 11:54 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-16 11:54 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-16 11:54 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-16 11:54 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-16 11:54 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-16 11:54 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-16 11:54 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-16 11:54 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-16 11:54 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-16 11:54 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-16 11:54 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-16 11:54 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-16 11:54 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-16 11:54 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-16 11:54 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-02-16 11:54 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-02-16 11:54 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-02-16 11:54 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-02-16 11:54 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-02-16 11:54 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-02-16 11:54 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-02-16 11:53 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-16 11:53 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-16 11:53 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-02-16 11:53 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-02-15 15:34 - 2014-02-25 10:45 - 00000000 ____D () C:\Users\bauk\AppData\Local\YpvsPack
2014-02-14 12:29 - 2014-02-19 00:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-14 12:29 - 2014-02-14 12:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-14 12:29 - 2014-02-14 12:29 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-14 12:29 - 2014-02-14 12:29 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-14 12:29 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-02-14 12:28 - 2014-02-14 12:28 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\bauk\Desktop\spybot-2.2.exe
2014-02-14 12:24 - 2014-02-14 12:24 - 00003118 _____ () C:\Windows\System32\Tasks\{4C825E27-1EB4-45B7-8396-AA595B2A39FF}
2014-02-14 12:22 - 2014-02-14 18:44 - 00011657 _____ () C:\Users\bauk\Desktop\hijackthis.log
2014-02-14 12:21 - 2014-02-14 12:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\bauk\Desktop\HiJackThis204.exe
2014-02-13 15:30 - 2014-02-13 15:30 - 07423976 _____ () C:\Users\bauk\Desktop\x264_jan.zip
2014-02-13 15:10 - 2014-02-13 15:32 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Azureus
2014-02-13 15:10 - 2014-02-13 15:10 - 00000000 ____D () C:\ProgramData\Azureus
2014-02-12 15:01 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 15:01 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 15:00 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 15:00 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 15:00 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 15:00 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 15:00 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 15:00 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 15:00 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 15:00 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 15:00 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 15:00 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 15:00 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 15:00 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 15:00 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 15:00 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 15:00 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 15:00 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 15:00 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 15:00 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 15:00 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 15:00 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 15:00 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 15:00 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 15:00 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 15:00 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 15:00 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 15:00 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 15:00 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 15:00 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 15:00 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 15:00 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 15:00 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 15:00 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 15:00 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 15:00 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 15:00 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 15:00 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 15:00 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 15:00 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 15:00 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 08:19 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 08:19 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 08:19 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 08:19 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 08:19 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 08:19 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 08:19 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 08:19 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 08:19 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 08:19 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 08:19 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 08:19 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 08:19 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 08:19 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 08:19 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 08:19 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 08:19 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 08:19 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 08:19 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 08:19 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 08:19 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 08:19 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 08:19 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 08:19 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 08:19 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 08:19 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 08:19 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 08:19 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-02-28 15:41 - 2014-02-26 12:35 - 00015579 _____ () C:\Users\bauk\Desktop\FRST.txt
2014-02-28 15:40 - 2014-02-28 15:40 - 02155520 _____ (Farbar) C:\Users\bauk\Downloads\FRST64 (1).exe
2014-02-28 15:40 - 2014-02-26 12:35 - 00000000 ____D () C:\FRST
2014-02-28 15:37 - 2014-02-28 15:37 - 00001338 _____ () C:\Users\bauk\Desktop\JRT.txt
2014-02-28 15:27 - 2009-07-14 05:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-28 15:27 - 2009-07-14 05:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-28 15:25 - 2014-02-28 15:25 - 00000000 ____D () C:\Windows\ERUNT
2014-02-28 15:25 - 2013-09-12 20:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-28 15:23 - 2014-02-28 15:23 - 01037734 _____ (Thisisu) C:\Users\bauk\Downloads\JRT (1).exe
2014-02-28 15:23 - 2014-02-28 15:23 - 01037734 _____ (Thisisu) C:\Users\bauk\Desktop\JRT.exe
2014-02-28 15:21 - 2014-02-28 15:21 - 00010516 _____ () C:\Users\bauk\Desktop\AdwCleaner[S0].txt
2014-02-28 15:20 - 2013-09-12 16:06 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Adobe
2014-02-28 15:19 - 2013-09-12 17:43 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 15:19 - 2013-09-12 15:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-28 15:19 - 2010-11-21 04:47 - 00399502 _____ () C:\Windows\PFRO.log
2014-02-28 15:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-28 15:19 - 2009-07-14 05:51 - 00057326 _____ () C:\Windows\setupact.log
2014-02-28 15:18 - 2014-02-28 15:16 - 00000000 ____D () C:\AdwCleaner
2014-02-28 15:18 - 2013-09-12 14:17 - 01089669 _____ () C:\Windows\WindowsUpdate.log
2014-02-28 15:14 - 2014-02-28 15:14 - 01244192 _____ () C:\Users\bauk\Desktop\adwcleaner.exe
2014-02-28 15:14 - 2013-10-14 20:56 - 00000322 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-02-28 15:05 - 2013-09-12 17:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-27 13:33 - 2014-02-27 13:33 - 00027506 _____ () C:\ComboFix.txt
2014-02-27 13:33 - 2014-02-27 13:18 - 00000000 ____D () C:\Qoobox
2014-02-27 13:33 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-27 13:32 - 2014-02-27 13:18 - 00000000 ____D () C:\Windows\erdnt
2014-02-27 13:31 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-27 12:18 - 2014-02-27 12:17 - 05185084 ____R (Swearware) C:\Users\bauk\Desktop\ComboFix.exe
2014-02-26 22:54 - 2013-09-26 16:17 - 00000000 ____D () C:\Users\bauk\Documents\FIFA 14
2014-02-26 17:56 - 2013-09-12 19:05 - 00000000 ____D () C:\ProgramData\Origin
2014-02-26 13:27 - 2014-02-26 13:27 - 00033076 _____ () C:\Users\bauk\Desktop\AVSCAN-20140225-104012-967E5176.LOG
2014-02-26 13:26 - 2014-02-26 13:26 - 00023652 _____ () C:\Users\bauk\Desktop\AVSCAN-20140225-111912-2CD8CB8A.LOG
2014-02-26 13:12 - 2014-02-26 13:12 - 00005658 _____ () C:\Users\bauk\Desktop\gmerscanavira.log
2014-02-26 12:57 - 2014-02-26 12:57 - 00000000 _____ () C:\Users\bauk\Desktop\gmerscan.log
2014-02-26 12:45 - 2014-02-26 12:45 - 00380416 _____ () C:\Users\bauk\Downloads\Gmer-19357.exe
2014-02-26 12:40 - 2014-02-26 12:36 - 00026042 _____ () C:\Users\bauk\Desktop\Addition.txt
2014-02-26 12:35 - 2014-02-26 12:34 - 02155520 _____ (Farbar) C:\Users\bauk\Desktop\FRST64.exe
2014-02-26 12:34 - 2014-02-26 12:33 - 00000470 _____ () C:\Users\bauk\Desktop\defogger_disable.log
2014-02-26 12:33 - 2014-02-26 12:33 - 00050477 _____ () C:\Users\bauk\Downloads\Defogger (1).exe
2014-02-26 12:33 - 2014-02-26 12:33 - 00000000 _____ () C:\Users\bauk\defogger_reenable
2014-02-26 12:33 - 2013-09-12 14:22 - 00000000 ____D () C:\Users\bauk
2014-02-26 12:32 - 2014-02-26 12:32 - 00050477 _____ () C:\Users\bauk\Downloads\Defogger.exe
2014-02-25 17:51 - 2013-09-12 22:21 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\vlc
2014-02-25 13:04 - 2014-02-25 13:04 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-25 13:04 - 2013-09-12 18:00 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-02-25 10:47 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-25 10:45 - 2014-02-15 15:34 - 00000000 ____D () C:\Users\bauk\AppData\Local\YpvsPack
2014-02-22 15:45 - 2013-09-12 17:51 - 00000000 ____D () C:\Users\bauk\AppData\Local\Windows Live
2014-02-21 23:11 - 2013-09-12 17:44 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 19:19 - 2014-02-21 19:19 - 03143032 _____ () C:\Users\bauk\Downloads\10c2e42a9b2011e38b890e44eb87a70a_101.mp4
2014-02-21 18:51 - 2014-02-21 18:51 - 02272845 _____ () C:\Users\bauk\Downloads\c341e04a9b1d11e3acbb0e1e4758a66e_101.mp4
2014-02-20 21:30 - 2013-10-25 16:54 - 00000000 ____D () C:\Users\bauk\Documents\My PSP Files
2014-02-19 16:37 - 2013-09-24 18:31 - 00000000 ____D () C:\ProgramData\Skype
2014-02-19 13:31 - 2014-02-19 13:31 - 00055994 _____ () C:\Users\bauk\Desktop\AVSCAN-20140219-124250-0F0DE2D8.LOG
2014-02-19 12:39 - 2013-09-12 14:22 - 00000000 ___RD () C:\Users\bauk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-19 11:31 - 2014-02-19 11:31 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Malwarebytes
2014-02-19 11:30 - 2014-02-19 11:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300 (2).exe
2014-02-19 11:30 - 2014-02-19 11:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-19 11:30 - 2014-02-19 11:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 11:30 - 2014-02-19 11:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 11:28 - 2014-02-19 11:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-19 11:28 - 2014-02-19 11:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-19 02:36 - 2014-02-19 02:36 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140219-023652.backup
2014-02-19 02:03 - 2014-02-19 02:03 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\wincrt
2014-02-19 00:59 - 2014-02-14 12:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-17 20:22 - 2010-11-21 07:50 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-02-17 20:22 - 2010-11-21 07:50 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-02-17 20:22 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-16 18:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-16 13:50 - 2014-02-16 13:50 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Opera Software
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\bauk\AppData\Local\Opera Software
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-16 12:12 - 2013-12-03 23:27 - 00019232 _____ () C:\Windows\IE11_main.log
2014-02-16 12:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-16 12:07 - 2014-02-16 12:07 - 63320784 _____ (Microsoft Corporation) C:\Users\bauk\Downloads\IE11-Windows6.1-x64-de-de.exe
2014-02-15 17:42 - 2013-09-12 15:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 17:41 - 2013-09-12 15:30 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 17:40 - 2013-09-12 17:57 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-15 14:39 - 2014-01-16 18:38 - 00000000 ____D () C:\Users\bauk\Documents\FS Flight Keeper
2014-02-14 18:44 - 2014-02-14 12:22 - 00011657 _____ () C:\Users\bauk\Desktop\hijackthis.log
2014-02-14 12:33 - 2014-02-14 12:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-14 12:29 - 2014-02-14 12:29 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-14 12:29 - 2014-02-14 12:29 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-14 12:28 - 2014-02-14 12:28 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\bauk\Desktop\spybot-2.2.exe
2014-02-14 12:24 - 2014-02-14 12:24 - 00003118 _____ () C:\Windows\System32\Tasks\{4C825E27-1EB4-45B7-8396-AA595B2A39FF}
2014-02-14 12:21 - 2014-02-14 12:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\bauk\Desktop\HiJackThis204.exe
2014-02-14 11:38 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-14 00:38 - 2013-12-19 12:38 - 00000154 _____ () C:\Users\bauk\AppData\Roaming\WB.CFG
2014-02-13 15:32 - 2014-02-13 15:10 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Azureus
2014-02-13 15:31 - 2014-01-13 03:45 - 00000000 ____D () C:\Program Files\Sinvise Systems
2014-02-13 15:31 - 2013-12-08 01:12 - 00000000 ____D () C:\Program Files\Google
2014-02-13 15:31 - 2013-09-18 18:11 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-13 15:31 - 2013-09-12 22:13 - 00000000 ____D () C:\Program Files\HP
2014-02-13 15:31 - 2013-09-12 18:59 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-13 15:31 - 2013-09-12 18:48 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-13 15:31 - 2013-09-12 15:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-13 15:31 - 2010-11-21 08:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-02-13 15:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-02-13 15:30 - 2014-02-13 15:30 - 07423976 _____ () C:\Users\bauk\Desktop\x264_jan.zip
2014-02-13 15:10 - 2014-02-13 15:10 - 00000000 ____D () C:\ProgramData\Azureus
2014-02-12 19:34 - 2013-11-13 19:49 - 00098648 _____ () C:\Windows\DPINST.LOG
2014-02-11 17:46 - 2013-09-24 19:59 - 00008704 _____ () C:\Users\bauk\Desktop\Liga.xls
2014-02-10 23:00 - 2013-09-12 17:43 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-10 23:00 - 2013-09-12 17:43 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-06 14:05 - 2013-07-01 19:12 - 00000000 ____D () C:\Users\bauk\Desktop\Neuer Ordner (4)
2014-02-06 13:16 - 2014-02-12 15:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 15:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 15:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 15:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 15:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 15:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 15:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 15:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-12 15:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-12 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 15:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 15:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 15:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 15:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 15:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 15:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 15:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 15:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 15:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 15:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 15:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 15:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 15:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-12 15:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-12 15:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 15:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 15:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 15:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 15:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 15:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 15:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 15:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 15:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 15:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 15:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 15:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 15:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 15:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-03 14:36 - 2013-09-13 13:03 - 00000000 ____D () C:\Users\bauk\Documents\Flight Simulator-Dateien
2014-02-03 14:33 - 2014-01-25 14:09 - 00000000 ____D () C:\Users\bauk\AppData\Local\FS Flight Keeper
2014-02-02 20:04 - 2013-09-25 15:16 - 00000110 _____ () C:\Windows\AISmooth.INI
2014-02-02 17:01 - 2013-09-12 16:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information


Some content of TEMP:
====================
C:\Users\bauk\AppData\Local\Temp\avgnt.exe
C:\Users\bauk\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 01:58

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 01.03.2014, 12:07

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

bauk77 · 01.03.2014, 18:56

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c39167a8c2066347a4dfbdb60aa0acf4
# engine=17280
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-01 05:10:56
# local_time=2014-03-01 06:10:56 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 98397 145323706 0 0
# scanned=360482
# found=10
# cleaned=0
# scan_time=19296
sh=E5E5B0E088B2C5E9D0FBC8B6D02EED488FAA8745 ft=1 fh=f760aca5a301c050 vn="Win32/Boaxxe.BE trojan" ac=I fn="C:\Program Files\Windows Defender\Security\Manager\temp\tmp2119.exe"
sh=FC172F5E3D263A9765A46759A292FD465064FB49 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="C:\Users\bauk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GWHGG25V\S1BXNSFI.htm"
sh=4ABA940F4AAEE2534991BD44A9F9994E2B0AF1A7 ft=1 fh=a9fb32d7fff5d02f vn="probably unknown NewHeur_PE virus" ac=I fn="C:\Users\bauk\AppData\Roaming\wincrt\wincrt.exe"
sh=2BEC3A89EB5BF0BED90AD0923C7D12D44AEB3111 ft=1 fh=169012abcb12da52 vn="Win32/SuspLibLoad.B trojan" ac=I fn="C:\Windows\System32\flt1chk4.dll"
sh=2BEC3A89EB5BF0BED90AD0923C7D12D44AEB3111 ft=1 fh=169012abcb12da52 vn="Win32/SuspLibLoad.B trojan" ac=I fn="C:\Windows\SysWOW64\flt1chk4.dll"
sh=9E82D51C0281B6D1D189F9EFF7FC1F0C47D68CDD ft=1 fh=f8c81eb628cfeab1 vn="Win32/SuspLibLoad.B trojan" ac=I fn="E:\Program Files (x86)\LDS763-Setup3.exe"
sh=2BEC3A89EB5BF0BED90AD0923C7D12D44AEB3111 ft=1 fh=169012abcb12da52 vn="Win32/SuspLibLoad.B trojan" ac=I fn="E:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Level-D Simulations\B767-300\flt1chk4.dll"
sh=9E82D51C0281B6D1D189F9EFF7FC1F0C47D68CDD ft=1 fh=f8c81eb628cfeab1 vn="Win32/SuspLibLoad.B trojan" ac=I fn="H:\LDS763-Setup3.exe"
sh=9E82D51C0281B6D1D189F9EFF7FC1F0C47D68CDD ft=1 fh=f8c81eb628cfeab1 vn="Win32/SuspLibLoad.B trojan" ac=I fn="H:\flightsim\leveld767\LDS763-Setup3.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="probably unknown NewHeur_PE virus" ac=I fn="${Memory}"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Flash Player 11.8.800.168  
 Adobe Reader XI  
 Mozilla Firefox (26.0) 
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.117  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Spybot Teatimer.exe is disabled! 
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-02-2014
Ran by bauk (administrator) on BAUK-PC on 01-03-2014 18:24:06
Running from C:\Users\bauk\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(ICQ) C:\Users\bauk\AppData\Roaming\ICQM\icq.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Users\bauk\AppData\Roaming\wincrt\wincrt.exe
(Microsoft) C:\Users\bauk\AppData\Roaming\Adobe\WmiPrv\WmiPrvSE.exe
() C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd.) C:\Windows\V0770Mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
() C:\Program Files (x86)\Opera\19.0.1326.63\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\19.0.1326.63\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [V0770Mon.exe] - C:\Windows\V0770Mon.exe [32884 2012-06-01] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [osk.exe] - C:\Windows\system32\osk.exe [692736 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [HP Officejet 6600 (NET)] - C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [icq] - C:\Users\bauk\AppData\Roaming\ICQM\icq.exe [29919576 2013-12-05] (ICQ)
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [YpvsPack] - regsvr32.exe
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [wincrt.exe] - C:\Users\bauk\AppData\Roaming\wincrt\wincrt.exe [28672 2014-02-18] ()
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [WmiPrv] - C:\Users\bauk\AppData\Roaming\Adobe\WmiPrv\WmiPrvSE.exe [580096 2014-02-28] (Microsoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.news.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC5A2CA9ABBAFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Interval Class - C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default\Extensions\{D928476A-C251-DDF7-9978-48AAF44CE027} [2014-02-15]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: Mysearchdial
CHR DefaultSearchURL: hxxp://www.google.com
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-12]
CHR Extension: (Google Drive) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-12]
CHR Extension: (YouTube) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-12]
CHR Extension: (Google-Suche) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-12]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-11-01]
CHR Extension: (Google Wallet) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Google Mail) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-12]
CHR HKLM-x32\...\Chrome\Extension: [pbpjplgmaeigbnpadeajipebdlihpcfn] - C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx [2013-09-12]

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [910392 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)

==================== Drivers (Whitelisted) ====================

R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 V0770Vid; C:\Windows\System32\DRIVERS\V0770Vid.sys [379776 2012-06-01] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-01 18:24 - 2014-03-01 18:24 - 00016152 _____ () C:\Users\bauk\Desktop\FRST.txt
2014-03-01 18:17 - 2014-03-01 18:17 - 00987425 _____ () C:\Users\bauk\Desktop\SecurityCheck.exe
2014-03-01 12:46 - 2014-03-01 12:47 - 02347384 _____ (ESET) C:\Users\bauk\Downloads\esetsmartinstaller_enu.exe
2014-02-28 15:49 - 2014-02-28 15:49 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-02-28 15:48 - 2014-02-28 15:48 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-28 15:48 - 2014-02-28 15:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-28 15:40 - 2014-02-28 15:40 - 02155520 _____ (Farbar) C:\Users\bauk\Downloads\FRST64 (1).exe
2014-02-28 15:37 - 2014-02-28 15:37 - 00001338 _____ () C:\Users\bauk\Desktop\JRT.txt
2014-02-28 15:25 - 2014-02-28 15:25 - 00000000 ____D () C:\Windows\ERUNT
2014-02-28 15:23 - 2014-02-28 15:23 - 01037734 _____ (Thisisu) C:\Users\bauk\Downloads\JRT (1).exe
2014-02-28 15:23 - 2014-02-28 15:23 - 01037734 _____ (Thisisu) C:\Users\bauk\Desktop\JRT.exe
2014-02-28 15:21 - 2014-02-28 15:21 - 00010516 _____ () C:\Users\bauk\Desktop\AdwCleaner[S0].txt
2014-02-28 15:16 - 2014-02-28 15:18 - 00000000 ____D () C:\AdwCleaner
2014-02-28 15:14 - 2014-02-28 15:14 - 01244192 _____ () C:\Users\bauk\Desktop\adwcleaner.exe
2014-02-27 13:33 - 2014-02-27 13:33 - 00027506 _____ () C:\ComboFix.txt
2014-02-27 13:20 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-27 13:20 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-27 13:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-27 13:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-27 13:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-27 13:20 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-27 13:20 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-27 13:20 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-27 13:18 - 2014-02-27 13:33 - 00000000 ____D () C:\Qoobox
2014-02-27 13:18 - 2014-02-27 13:32 - 00000000 ____D () C:\Windows\erdnt
2014-02-27 12:17 - 2014-02-27 12:18 - 05185084 ____R (Swearware) C:\Users\bauk\Desktop\ComboFix.exe
2014-02-26 14:23 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-26 14:23 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-26 13:27 - 2014-02-26 13:27 - 00033076 _____ () C:\Users\bauk\Desktop\AVSCAN-20140225-104012-967E5176.LOG
2014-02-26 13:26 - 2014-02-26 13:26 - 00023652 _____ () C:\Users\bauk\Desktop\AVSCAN-20140225-111912-2CD8CB8A.LOG
2014-02-26 13:12 - 2014-02-26 13:12 - 00005658 _____ () C:\Users\bauk\Desktop\gmerscanavira.log
2014-02-26 12:45 - 2014-02-26 12:45 - 00380416 _____ () C:\Users\bauk\Downloads\Gmer-19357.exe
2014-02-26 12:36 - 2014-02-26 12:40 - 00026042 _____ () C:\Users\bauk\Desktop\Addition.txt
2014-02-26 12:35 - 2014-03-01 18:24 - 00000000 ____D () C:\FRST
2014-02-26 12:34 - 2014-02-26 12:35 - 02155520 _____ (Farbar) C:\Users\bauk\Desktop\FRST64.exe
2014-02-26 12:33 - 2014-02-26 12:34 - 00000470 _____ () C:\Users\bauk\Desktop\defogger_disable.log
2014-02-26 12:33 - 2014-02-26 12:33 - 00050477 _____ () C:\Users\bauk\Downloads\Defogger (1).exe
2014-02-26 12:33 - 2014-02-26 12:33 - 00000000 _____ () C:\Users\bauk\defogger_reenable
2014-02-26 12:32 - 2014-02-26 12:32 - 00050477 _____ () C:\Users\bauk\Downloads\Defogger.exe
2014-02-25 13:04 - 2014-02-25 13:04 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-21 19:19 - 2014-02-21 19:19 - 03143032 _____ () C:\Users\bauk\Downloads\10c2e42a9b2011e38b890e44eb87a70a_101.mp4
2014-02-21 18:51 - 2014-02-21 18:51 - 02272845 _____ () C:\Users\bauk\Downloads\c341e04a9b1d11e3acbb0e1e4758a66e_101.mp4
2014-02-19 13:31 - 2014-02-19 13:31 - 00055994 _____ () C:\Users\bauk\Desktop\AVSCAN-20140219-124250-0F0DE2D8.LOG
2014-02-19 11:31 - 2014-02-19 11:31 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Malwarebytes
2014-02-19 11:30 - 2014-02-19 11:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300 (2).exe
2014-02-19 11:30 - 2014-02-19 11:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-19 11:30 - 2014-02-19 11:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 11:30 - 2014-02-19 11:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 11:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-19 11:28 - 2014-02-19 11:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-19 11:28 - 2014-02-19 11:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-19 02:36 - 2014-02-19 02:36 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140219-023652.backup
2014-02-19 02:36 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140219-023609.backup
2014-02-19 02:35 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140219-023544.backup
2014-02-19 02:30 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140219-023013.backup
2014-02-19 02:29 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140219-022908.backup
2014-02-19 02:03 - 2014-02-19 02:03 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\wincrt
2014-02-16 13:50 - 2014-02-16 13:50 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Opera Software
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\bauk\AppData\Local\Opera Software
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-16 12:07 - 2014-02-16 12:07 - 63320784 _____ (Microsoft Corporation) C:\Users\bauk\Downloads\IE11-Windows6.1-x64-de-de.exe
2014-02-16 11:54 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-16 11:54 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-16 11:54 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-16 11:54 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-16 11:54 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-16 11:54 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-16 11:54 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-16 11:54 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-16 11:54 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-16 11:54 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-16 11:54 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-16 11:54 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-16 11:54 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-16 11:54 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-16 11:54 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-16 11:54 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-16 11:54 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-02-16 11:54 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-02-16 11:54 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-02-16 11:54 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-02-16 11:54 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-02-16 11:54 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-02-16 11:54 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-02-16 11:53 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-16 11:53 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-16 11:53 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-02-16 11:53 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-02-15 15:34 - 2014-02-25 10:45 - 00000000 ____D () C:\Users\bauk\AppData\Local\YpvsPack
2014-02-14 12:29 - 2014-02-19 00:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-14 12:29 - 2014-02-14 12:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-14 12:29 - 2014-02-14 12:29 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-14 12:29 - 2014-02-14 12:29 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-14 12:29 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-02-14 12:28 - 2014-02-14 12:28 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\bauk\Desktop\spybot-2.2.exe
2014-02-14 12:24 - 2014-02-14 12:24 - 00003118 _____ () C:\Windows\System32\Tasks\{4C825E27-1EB4-45B7-8396-AA595B2A39FF}
2014-02-14 12:22 - 2014-02-14 18:44 - 00011657 _____ () C:\Users\bauk\Desktop\hijackthis.log
2014-02-14 12:21 - 2014-02-14 12:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\bauk\Desktop\HiJackThis204.exe
2014-02-13 15:30 - 2014-02-13 15:30 - 07423976 _____ () C:\Users\bauk\Desktop\x264_jan.zip
2014-02-13 15:10 - 2014-02-13 15:32 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Azureus
2014-02-13 15:10 - 2014-02-13 15:10 - 00000000 ____D () C:\ProgramData\Azureus
2014-02-12 15:01 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 15:01 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 15:00 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 15:00 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 15:00 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 15:00 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 15:00 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 15:00 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 15:00 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 15:00 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 15:00 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 15:00 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 15:00 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 15:00 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 15:00 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 15:00 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 15:00 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 15:00 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 15:00 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 15:00 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 15:00 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 15:00 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 15:00 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 15:00 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 15:00 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 15:00 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 15:00 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 15:00 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 15:00 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 15:00 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 15:00 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 15:00 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 15:00 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 15:00 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 15:00 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 15:00 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 15:00 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 15:00 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 15:00 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 15:00 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 15:00 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 08:19 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 08:19 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 08:19 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 08:19 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 08:19 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 08:19 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 08:19 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 08:19 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 08:19 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 08:19 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 08:19 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 08:19 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 08:19 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 08:19 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 08:19 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 08:19 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 08:19 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 08:19 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 08:19 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 08:19 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 08:19 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 08:19 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 08:19 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 08:19 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 08:19 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 08:19 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 08:19 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 08:19 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-01 18:24 - 2014-03-01 18:24 - 00016152 _____ () C:\Users\bauk\Desktop\FRST.txt
2014-03-01 18:24 - 2014-02-26 12:35 - 00000000 ____D () C:\FRST
2014-03-01 18:17 - 2014-03-01 18:17 - 00987425 _____ () C:\Users\bauk\Desktop\SecurityCheck.exe
2014-03-01 18:14 - 2013-10-14 20:56 - 00000322 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-03-01 18:06 - 2013-09-12 17:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-01 17:25 - 2013-09-12 20:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-01 15:40 - 2013-09-12 14:17 - 01163135 _____ () C:\Windows\WindowsUpdate.log
2014-03-01 15:40 - 2009-07-14 05:51 - 00057494 _____ () C:\Windows\setupact.log
2014-03-01 14:37 - 2013-09-12 22:21 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\vlc
2014-03-01 12:47 - 2014-03-01 12:46 - 02347384 _____ (ESET) C:\Users\bauk\Downloads\esetsmartinstaller_enu.exe
2014-03-01 12:25 - 2009-07-14 05:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-01 12:25 - 2009-07-14 05:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-01 12:17 - 2013-09-12 17:43 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-01 12:17 - 2013-09-12 16:06 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Adobe
2014-03-01 12:16 - 2013-09-12 15:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-01 12:16 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-28 16:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-28 15:49 - 2014-02-28 15:49 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-02-28 15:48 - 2014-02-28 15:48 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-28 15:48 - 2014-02-28 15:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-28 15:40 - 2014-02-28 15:40 - 02155520 _____ (Farbar) C:\Users\bauk\Downloads\FRST64 (1).exe
2014-02-28 15:37 - 2014-02-28 15:37 - 00001338 _____ () C:\Users\bauk\Desktop\JRT.txt
2014-02-28 15:25 - 2014-02-28 15:25 - 00000000 ____D () C:\Windows\ERUNT
2014-02-28 15:23 - 2014-02-28 15:23 - 01037734 _____ (Thisisu) C:\Users\bauk\Downloads\JRT (1).exe
2014-02-28 15:23 - 2014-02-28 15:23 - 01037734 _____ (Thisisu) C:\Users\bauk\Desktop\JRT.exe
2014-02-28 15:21 - 2014-02-28 15:21 - 00010516 _____ () C:\Users\bauk\Desktop\AdwCleaner[S0].txt
2014-02-28 15:19 - 2010-11-21 04:47 - 00399502 _____ () C:\Windows\PFRO.log
2014-02-28 15:18 - 2014-02-28 15:16 - 00000000 ____D () C:\AdwCleaner
2014-02-28 15:14 - 2014-02-28 15:14 - 01244192 _____ () C:\Users\bauk\Desktop\adwcleaner.exe
2014-02-27 13:33 - 2014-02-27 13:33 - 00027506 _____ () C:\ComboFix.txt
2014-02-27 13:33 - 2014-02-27 13:18 - 00000000 ____D () C:\Qoobox
2014-02-27 13:33 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-27 13:32 - 2014-02-27 13:18 - 00000000 ____D () C:\Windows\erdnt
2014-02-27 13:31 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-27 12:18 - 2014-02-27 12:17 - 05185084 ____R (Swearware) C:\Users\bauk\Desktop\ComboFix.exe
2014-02-26 22:54 - 2013-09-26 16:17 - 00000000 ____D () C:\Users\bauk\Documents\FIFA 14
2014-02-26 17:56 - 2013-09-12 19:05 - 00000000 ____D () C:\ProgramData\Origin
2014-02-26 13:27 - 2014-02-26 13:27 - 00033076 _____ () C:\Users\bauk\Desktop\AVSCAN-20140225-104012-967E5176.LOG
2014-02-26 13:26 - 2014-02-26 13:26 - 00023652 _____ () C:\Users\bauk\Desktop\AVSCAN-20140225-111912-2CD8CB8A.LOG
2014-02-26 13:12 - 2014-02-26 13:12 - 00005658 _____ () C:\Users\bauk\Desktop\gmerscanavira.log
2014-02-26 12:45 - 2014-02-26 12:45 - 00380416 _____ () C:\Users\bauk\Downloads\Gmer-19357.exe
2014-02-26 12:40 - 2014-02-26 12:36 - 00026042 _____ () C:\Users\bauk\Desktop\Addition.txt
2014-02-26 12:35 - 2014-02-26 12:34 - 02155520 _____ (Farbar) C:\Users\bauk\Desktop\FRST64.exe
2014-02-26 12:34 - 2014-02-26 12:33 - 00000470 _____ () C:\Users\bauk\Desktop\defogger_disable.log
2014-02-26 12:33 - 2014-02-26 12:33 - 00050477 _____ () C:\Users\bauk\Downloads\Defogger (1).exe
2014-02-26 12:33 - 2014-02-26 12:33 - 00000000 _____ () C:\Users\bauk\defogger_reenable
2014-02-26 12:33 - 2013-09-12 14:22 - 00000000 ____D () C:\Users\bauk
2014-02-26 12:32 - 2014-02-26 12:32 - 00050477 _____ () C:\Users\bauk\Downloads\Defogger.exe
2014-02-25 13:04 - 2014-02-25 13:04 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-25 13:04 - 2013-09-12 18:00 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-02-25 10:47 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-25 10:45 - 2014-02-15 15:34 - 00000000 ____D () C:\Users\bauk\AppData\Local\YpvsPack
2014-02-22 15:45 - 2013-09-12 17:51 - 00000000 ____D () C:\Users\bauk\AppData\Local\Windows Live
2014-02-21 23:11 - 2013-09-12 17:44 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 19:19 - 2014-02-21 19:19 - 03143032 _____ () C:\Users\bauk\Downloads\10c2e42a9b2011e38b890e44eb87a70a_101.mp4
2014-02-21 18:51 - 2014-02-21 18:51 - 02272845 _____ () C:\Users\bauk\Downloads\c341e04a9b1d11e3acbb0e1e4758a66e_101.mp4
2014-02-20 21:30 - 2013-10-25 16:54 - 00000000 ____D () C:\Users\bauk\Documents\My PSP Files
2014-02-19 16:37 - 2013-09-24 18:31 - 00000000 ____D () C:\ProgramData\Skype
2014-02-19 13:31 - 2014-02-19 13:31 - 00055994 _____ () C:\Users\bauk\Desktop\AVSCAN-20140219-124250-0F0DE2D8.LOG
2014-02-19 12:39 - 2013-09-12 14:22 - 00000000 ___RD () C:\Users\bauk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-19 11:31 - 2014-02-19 11:31 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Malwarebytes
2014-02-19 11:30 - 2014-02-19 11:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300 (2).exe
2014-02-19 11:30 - 2014-02-19 11:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-19 11:30 - 2014-02-19 11:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 11:30 - 2014-02-19 11:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 11:28 - 2014-02-19 11:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-19 11:28 - 2014-02-19 11:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-19 02:36 - 2014-02-19 02:36 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140219-023652.backup
2014-02-19 02:03 - 2014-02-19 02:03 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\wincrt
2014-02-19 00:59 - 2014-02-14 12:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-17 20:22 - 2010-11-21 07:50 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-02-17 20:22 - 2010-11-21 07:50 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-02-17 20:22 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-16 13:50 - 2014-02-16 13:50 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Opera Software
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\bauk\AppData\Local\Opera Software
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-16 12:12 - 2013-12-03 23:27 - 00019232 _____ () C:\Windows\IE11_main.log
2014-02-16 12:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-16 12:07 - 2014-02-16 12:07 - 63320784 _____ (Microsoft Corporation) C:\Users\bauk\Downloads\IE11-Windows6.1-x64-de-de.exe
2014-02-15 17:42 - 2013-09-12 15:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 17:41 - 2013-09-12 15:30 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 17:40 - 2013-09-12 17:57 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-15 14:39 - 2014-01-16 18:38 - 00000000 ____D () C:\Users\bauk\Documents\FS Flight Keeper
2014-02-14 18:44 - 2014-02-14 12:22 - 00011657 _____ () C:\Users\bauk\Desktop\hijackthis.log
2014-02-14 12:33 - 2014-02-14 12:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-14 12:29 - 2014-02-14 12:29 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-14 12:29 - 2014-02-14 12:29 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-14 12:28 - 2014-02-14 12:28 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\bauk\Desktop\spybot-2.2.exe
2014-02-14 12:24 - 2014-02-14 12:24 - 00003118 _____ () C:\Windows\System32\Tasks\{4C825E27-1EB4-45B7-8396-AA595B2A39FF}
2014-02-14 12:21 - 2014-02-14 12:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\bauk\Desktop\HiJackThis204.exe
2014-02-14 11:38 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-14 00:38 - 2013-12-19 12:38 - 00000154 _____ () C:\Users\bauk\AppData\Roaming\WB.CFG
2014-02-13 15:32 - 2014-02-13 15:10 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Azureus
2014-02-13 15:31 - 2014-01-13 03:45 - 00000000 ____D () C:\Program Files\Sinvise Systems
2014-02-13 15:31 - 2013-12-08 01:12 - 00000000 ____D () C:\Program Files\Google
2014-02-13 15:31 - 2013-09-18 18:11 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-13 15:31 - 2013-09-12 22:13 - 00000000 ____D () C:\Program Files\HP
2014-02-13 15:31 - 2013-09-12 18:59 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-13 15:31 - 2013-09-12 18:48 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-13 15:31 - 2013-09-12 15:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-13 15:31 - 2010-11-21 08:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-02-13 15:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-02-13 15:30 - 2014-02-13 15:30 - 07423976 _____ () C:\Users\bauk\Desktop\x264_jan.zip
2014-02-13 15:10 - 2014-02-13 15:10 - 00000000 ____D () C:\ProgramData\Azureus
2014-02-12 19:34 - 2013-11-13 19:49 - 00098648 _____ () C:\Windows\DPINST.LOG
2014-02-11 17:46 - 2013-09-24 19:59 - 00008704 _____ () C:\Users\bauk\Desktop\Liga.xls
2014-02-10 23:00 - 2013-09-12 17:43 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-10 23:00 - 2013-09-12 17:43 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-06 14:05 - 2013-07-01 19:12 - 00000000 ____D () C:\Users\bauk\Desktop\Neuer Ordner (4)
2014-02-06 13:16 - 2014-02-12 15:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 15:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 15:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 15:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 15:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 15:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 15:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 15:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-12 15:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-12 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 15:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 15:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 15:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 15:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 15:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 15:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 15:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 15:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 15:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 15:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 15:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 15:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 15:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-12 15:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-12 15:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 15:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 15:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 15:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 15:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 15:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 15:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 15:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 15:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 15:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 15:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 15:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 15:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 15:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-03 14:36 - 2013-09-13 13:03 - 00000000 ____D () C:\Users\bauk\Documents\Flight Simulator-Dateien
2014-02-03 14:33 - 2014-01-25 14:09 - 00000000 ____D () C:\Users\bauk\AppData\Local\FS Flight Keeper
2014-02-02 20:04 - 2013-09-25 15:16 - 00000110 _____ () C:\Windows\AISmooth.INI
2014-02-02 17:01 - 2013-09-12 16:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information


Some content of TEMP:
====================
C:\Users\bauk\AppData\Local\Temp\avgnt.exe
C:\Users\bauk\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 16:45

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Hallo,

malwarebytes meldet immer zugang zu einer bestimmten ip adresse geblockt.
ausgehend von wincrt.exe .
ich habe aber nicht einmal einen browser offen.
sieht so aus das irgendetwas im hintergrund abläuft.

schrauber · 02.03.2014, 18:21

Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\bauk\AppData\Roaming\wincrt
C:\Windows\System32\flt1chk4.dll
C:\Windows\SysWOW64\flt1chk4.dll
E:\Program Files (x86)\LDS763-Setup3.exe
H:\LDS763-Setup3.exe
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [wincrt.exe] - C:\Users\bauk\AppData\Roaming\wincrt\wincrt.exe [28672 2014-02-18] ()
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [WmiPrv] - C:\Users\bauk\AppData\Roaming\Adobe\WmiPrv\WmiPrvSE.exe [580096 2014-02-28] (Microsoft)
C:\Users\bauk\AppData\Roaming\Adobe\WmiPrv

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST log bitte.

bauk77 · 02.03.2014, 19:39

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2014 02
Ran by bauk at 2014-03-02 19:31:55 Run:1
Running from C:\Users\bauk\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
:\Users\bauk\AppData\Roaming\wincrt
C:\Windows\System32\flt1chk4.dll
C:\Windows\SysWOW64\flt1chk4.dll
E:\Program Files (x86)\LDS763-Setup3.exe
H:\LDS763-Setup3.exe
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [wincrt.exe] - C:\Users\bauk\AppData\Roaming\wincrt\wincrt.exe [28672 2014-02-18] ()
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [WmiPrv] - C:\Users\bauk\AppData\Roaming\Adobe\WmiPrv\WmiPrvSE.exe [580096 2014-02-28] (Microsoft)
C:\Users\bauk\AppData\Roaming\Adobe\WmiPrv
*****************

"C:\Windows\System32\flt1chk4.dll" => File/Directory not found.
C:\Windows\SysWOW64\flt1chk4.dll => Moved successfully.
E:\Program Files (x86)\LDS763-Setup3.exe => Moved successfully.
H:\LDS763-Setup3.exe => Moved successfully.
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\Software\Microsoft\Windows\CurrentVersion\Run\\wincrt.exe => Value deleted successfully.
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WmiPrv => Value deleted successfully.
C:\Users\bauk\AppData\Roaming\Adobe\WmiPrv => Moved successfully.

==== End of Fixlog ====

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2014 02
Ran by bauk (administrator) on BAUK-PC on 02-03-2014 19:36:13
Running from C:\Users\bauk\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(ICQ) C:\Users\bauk\AppData\Roaming\ICQM\icq.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
() C:\Users\bauk\AppData\Roaming\wincrt\wincrt.exe
() C:\Users\bauk\AppData\Roaming\Adobe\WmiPrv\WmiPrvSE.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
() C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd.) C:\Windows\V0770Mon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [V0770Mon.exe] - C:\Windows\V0770Mon.exe [32884 2012-06-01] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [osk.exe] - C:\Windows\system32\osk.exe [692736 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [HP Officejet 6600 (NET)] - C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [icq] - C:\Users\bauk\AppData\Roaming\ICQM\icq.exe [29919576 2013-12-05] (ICQ)
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [YpvsPack] - regsvr32.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.news.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC5A2CA9ABBAFCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEyEtDtD0AtDzz0D0DyDyBtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=699734266&ir=
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Interval Class - C:\Users\bauk\AppData\Roaming\Mozilla\Firefox\Profiles\54q08z2s.default\Extensions\{D928476A-C251-DDF7-9978-48AAF44CE027} [2014-02-15]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-12]
CHR Extension: (Google Drive) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-12]
CHR Extension: (YouTube) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-12]
CHR Extension: (Google-Suche) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-12]
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak [2013-11-01]
CHR Extension: (Google Wallet) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Google Mail) - C:\Users\bauk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-12]
CHR HKLM-x32\...\Chrome\Extension: [pbpjplgmaeigbnpadeajipebdlihpcfn] - C:\Program Files (x86)\BatBrowse\pbpjplgmaeigbnpadeajipebdlihpcfn.crx [2013-09-12]

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [910392 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-25] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [171680 2013-09-05] (Skype Technologies)

==================== Drivers (Whitelisted) ====================

R3 AtcL001; C:\Windows\System32\DRIVERS\l160x64.sys [61440 2009-10-13] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-17] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 V0770Vid; C:\Windows\System32\DRIVERS\V0770Vid.sys [379776 2012-06-01] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-02 19:34 - 2014-03-02 19:36 - 00015583 _____ () C:\Users\bauk\Desktop\FRST.txt
2014-03-02 19:31 - 2014-03-02 19:31 - 00000000 ____D () C:\Users\bauk\Desktop\FRST-OlderVersion
2014-03-01 18:17 - 2014-03-01 18:17 - 00987425 _____ () C:\Users\bauk\Desktop\SecurityCheck.exe
2014-03-01 12:46 - 2014-03-01 12:47 - 02347384 _____ (ESET) C:\Users\bauk\Downloads\esetsmartinstaller_enu.exe
2014-02-28 15:49 - 2014-02-28 15:49 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-02-28 15:48 - 2014-02-28 15:48 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-28 15:48 - 2014-02-28 15:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-28 15:40 - 2014-02-28 15:40 - 02155520 _____ (Farbar) C:\Users\bauk\Downloads\FRST64 (1).exe
2014-02-28 15:25 - 2014-02-28 15:25 - 00000000 ____D () C:\Windows\ERUNT
2014-02-28 15:23 - 2014-02-28 15:23 - 01037734 _____ (Thisisu) C:\Users\bauk\Downloads\JRT (1).exe
2014-02-28 15:23 - 2014-02-28 15:23 - 01037734 _____ (Thisisu) C:\Users\bauk\Desktop\JRT.exe
2014-02-28 15:21 - 2014-02-28 15:21 - 00010516 _____ () C:\Users\bauk\Desktop\AdwCleaner[S0].txt
2014-02-28 15:16 - 2014-02-28 15:18 - 00000000 ____D () C:\AdwCleaner
2014-02-28 15:14 - 2014-02-28 15:14 - 01244192 _____ () C:\Users\bauk\Desktop\adwcleaner.exe
2014-02-27 13:33 - 2014-02-27 13:33 - 00027506 _____ () C:\ComboFix.txt
2014-02-27 13:20 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-27 13:20 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-27 13:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-27 13:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-27 13:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-27 13:20 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-27 13:20 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-27 13:20 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-27 13:18 - 2014-02-27 13:33 - 00000000 ____D () C:\Qoobox
2014-02-27 13:18 - 2014-02-27 13:32 - 00000000 ____D () C:\Windows\erdnt
2014-02-27 12:17 - 2014-02-27 12:18 - 05185084 ____R (Swearware) C:\Users\bauk\Desktop\ComboFix.exe
2014-02-26 14:23 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-26 14:23 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-26 12:45 - 2014-02-26 12:45 - 00380416 _____ () C:\Users\bauk\Downloads\Gmer-19357.exe
2014-02-26 12:35 - 2014-03-02 19:36 - 00000000 ____D () C:\FRST
2014-02-26 12:34 - 2014-03-02 19:31 - 02156544 _____ (Farbar) C:\Users\bauk\Desktop\FRST64.exe
2014-02-26 12:33 - 2014-02-26 12:33 - 00050477 _____ () C:\Users\bauk\Downloads\Defogger (1).exe
2014-02-26 12:33 - 2014-02-26 12:33 - 00000000 _____ () C:\Users\bauk\defogger_reenable
2014-02-26 12:32 - 2014-02-26 12:32 - 00050477 _____ () C:\Users\bauk\Downloads\Defogger.exe
2014-02-25 13:04 - 2014-02-25 13:04 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-21 19:19 - 2014-02-21 19:19 - 03143032 _____ () C:\Users\bauk\Downloads\10c2e42a9b2011e38b890e44eb87a70a_101.mp4
2014-02-21 18:51 - 2014-02-21 18:51 - 02272845 _____ () C:\Users\bauk\Downloads\c341e04a9b1d11e3acbb0e1e4758a66e_101.mp4
2014-02-19 11:31 - 2014-02-19 11:31 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Malwarebytes
2014-02-19 11:30 - 2014-02-19 11:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300 (2).exe
2014-02-19 11:30 - 2014-02-19 11:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-19 11:30 - 2014-02-19 11:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 11:30 - 2014-02-19 11:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 11:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-19 11:28 - 2014-02-19 11:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-19 11:28 - 2014-02-19 11:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-19 02:36 - 2014-02-19 02:36 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140219-023652.backup
2014-02-19 02:36 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140219-023609.backup
2014-02-19 02:35 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140219-023544.backup
2014-02-19 02:30 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140219-023013.backup
2014-02-19 02:29 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140219-022908.backup
2014-02-19 02:03 - 2014-02-19 02:03 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\wincrt
2014-02-16 13:50 - 2014-02-16 13:50 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Opera Software
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\bauk\AppData\Local\Opera Software
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-16 12:07 - 2014-02-16 12:07 - 63320784 _____ (Microsoft Corporation) C:\Users\bauk\Downloads\IE11-Windows6.1-x64-de-de.exe
2014-02-16 11:54 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-16 11:54 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-16 11:54 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-16 11:54 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-16 11:54 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-16 11:54 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-16 11:54 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-16 11:54 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-16 11:54 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-16 11:54 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-16 11:54 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-16 11:54 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-16 11:54 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-16 11:54 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-16 11:54 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-16 11:54 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-16 11:54 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-02-16 11:54 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-02-16 11:54 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-02-16 11:54 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-02-16 11:54 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-02-16 11:54 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-02-16 11:54 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-02-16 11:53 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-16 11:53 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-16 11:53 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-02-16 11:53 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-02-15 15:34 - 2014-02-25 10:45 - 00000000 ____D () C:\Users\bauk\AppData\Local\YpvsPack
2014-02-14 12:29 - 2014-02-19 00:59 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-14 12:29 - 2014-02-14 12:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-14 12:29 - 2014-02-14 12:29 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-14 12:29 - 2014-02-14 12:29 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-14 12:29 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-02-14 12:28 - 2014-02-14 12:28 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\bauk\Desktop\spybot-2.2.exe
2014-02-14 12:24 - 2014-02-14 12:24 - 00003118 _____ () C:\Windows\System32\Tasks\{4C825E27-1EB4-45B7-8396-AA595B2A39FF}
2014-02-14 12:21 - 2014-02-14 12:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\bauk\Desktop\HiJackThis204.exe
2014-02-13 15:30 - 2014-02-13 15:30 - 07423976 _____ () C:\Users\bauk\Desktop\x264_jan.zip
2014-02-13 15:10 - 2014-02-13 15:32 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Azureus
2014-02-13 15:10 - 2014-02-13 15:10 - 00000000 ____D () C:\ProgramData\Azureus
2014-02-12 15:01 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 15:01 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 15:00 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 15:00 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 15:00 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 15:00 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 15:00 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 15:00 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 15:00 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 15:00 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 15:00 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 15:00 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 15:00 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 15:00 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 15:00 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 15:00 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 15:00 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 15:00 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 15:00 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 15:00 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 15:00 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 15:00 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 15:00 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 15:00 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 15:00 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 15:00 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 15:00 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 15:00 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 15:00 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 15:00 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 15:00 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 15:00 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 15:00 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 15:00 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 15:00 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 15:00 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 15:00 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 15:00 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 15:00 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 15:00 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 15:00 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 08:19 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 08:19 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 08:19 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 08:19 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 08:19 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 08:19 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 08:19 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 08:19 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 08:19 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 08:19 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 08:19 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 08:19 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 08:19 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 08:19 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 08:19 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 08:19 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 08:19 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 08:19 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 08:19 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 08:19 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 08:19 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 08:19 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 08:19 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 08:19 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 08:19 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 08:19 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 08:19 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 08:19 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-02 19:36 - 2014-03-02 19:34 - 00015583 _____ () C:\Users\bauk\Desktop\FRST.txt
2014-03-02 19:36 - 2014-02-26 12:35 - 00000000 ____D () C:\FRST
2014-03-02 19:32 - 2013-09-12 16:06 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Adobe
2014-03-02 19:31 - 2014-03-02 19:31 - 00000000 ____D () C:\Users\bauk\Desktop\FRST-OlderVersion
2014-03-02 19:31 - 2014-02-26 12:34 - 02156544 _____ (Farbar) C:\Users\bauk\Desktop\FRST64.exe
2014-03-02 19:25 - 2013-09-12 20:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-02 19:14 - 2013-10-14 20:56 - 00000322 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-03-02 19:05 - 2013-09-12 17:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-02 17:04 - 2013-09-12 14:17 - 01207884 _____ () C:\Windows\WindowsUpdate.log
2014-03-02 17:04 - 2009-07-14 05:51 - 00057718 _____ () C:\Windows\setupact.log
2014-03-02 11:37 - 2009-07-14 05:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-02 11:37 - 2009-07-14 05:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-02 11:28 - 2013-09-12 17:43 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-02 11:28 - 2013-09-12 15:14 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-02 11:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-01 18:33 - 2010-11-21 04:47 - 00400328 _____ () C:\Windows\PFRO.log
2014-03-01 18:17 - 2014-03-01 18:17 - 00987425 _____ () C:\Users\bauk\Desktop\SecurityCheck.exe
2014-03-01 14:37 - 2013-09-12 22:21 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\vlc
2014-03-01 12:47 - 2014-03-01 12:46 - 02347384 _____ (ESET) C:\Users\bauk\Downloads\esetsmartinstaller_enu.exe
2014-02-28 16:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-28 15:49 - 2014-02-28 15:49 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-02-28 15:48 - 2014-02-28 15:48 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-28 15:48 - 2014-02-28 15:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-28 15:40 - 2014-02-28 15:40 - 02155520 _____ (Farbar) C:\Users\bauk\Downloads\FRST64 (1).exe
2014-02-28 15:25 - 2014-02-28 15:25 - 00000000 ____D () C:\Windows\ERUNT
2014-02-28 15:23 - 2014-02-28 15:23 - 01037734 _____ (Thisisu) C:\Users\bauk\Downloads\JRT (1).exe
2014-02-28 15:23 - 2014-02-28 15:23 - 01037734 _____ (Thisisu) C:\Users\bauk\Desktop\JRT.exe
2014-02-28 15:21 - 2014-02-28 15:21 - 00010516 _____ () C:\Users\bauk\Desktop\AdwCleaner[S0].txt
2014-02-28 15:18 - 2014-02-28 15:16 - 00000000 ____D () C:\AdwCleaner
2014-02-28 15:14 - 2014-02-28 15:14 - 01244192 _____ () C:\Users\bauk\Desktop\adwcleaner.exe
2014-02-27 13:33 - 2014-02-27 13:33 - 00027506 _____ () C:\ComboFix.txt
2014-02-27 13:33 - 2014-02-27 13:18 - 00000000 ____D () C:\Qoobox
2014-02-27 13:33 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-02-27 13:32 - 2014-02-27 13:18 - 00000000 ____D () C:\Windows\erdnt
2014-02-27 13:31 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-27 12:18 - 2014-02-27 12:17 - 05185084 ____R (Swearware) C:\Users\bauk\Desktop\ComboFix.exe
2014-02-26 22:54 - 2013-09-26 16:17 - 00000000 ____D () C:\Users\bauk\Documents\FIFA 14
2014-02-26 17:56 - 2013-09-12 19:05 - 00000000 ____D () C:\ProgramData\Origin
2014-02-26 12:45 - 2014-02-26 12:45 - 00380416 _____ () C:\Users\bauk\Downloads\Gmer-19357.exe
2014-02-26 12:33 - 2014-02-26 12:33 - 00050477 _____ () C:\Users\bauk\Downloads\Defogger (1).exe
2014-02-26 12:33 - 2014-02-26 12:33 - 00000000 _____ () C:\Users\bauk\defogger_reenable
2014-02-26 12:33 - 2013-09-12 14:22 - 00000000 ____D () C:\Users\bauk
2014-02-26 12:32 - 2014-02-26 12:32 - 00050477 _____ () C:\Users\bauk\Downloads\Defogger.exe
2014-02-25 13:04 - 2014-02-25 13:04 - 00000000 ____D () C:\Program Files\Windows Live
2014-02-25 13:04 - 2013-09-12 18:00 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-02-25 10:47 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-25 10:45 - 2014-02-15 15:34 - 00000000 ____D () C:\Users\bauk\AppData\Local\YpvsPack
2014-02-22 15:45 - 2013-09-12 17:51 - 00000000 ____D () C:\Users\bauk\AppData\Local\Windows Live
2014-02-21 23:11 - 2013-09-12 17:44 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-21 19:19 - 2014-02-21 19:19 - 03143032 _____ () C:\Users\bauk\Downloads\10c2e42a9b2011e38b890e44eb87a70a_101.mp4
2014-02-21 18:51 - 2014-02-21 18:51 - 02272845 _____ () C:\Users\bauk\Downloads\c341e04a9b1d11e3acbb0e1e4758a66e_101.mp4
2014-02-20 21:30 - 2013-10-25 16:54 - 00000000 ____D () C:\Users\bauk\Documents\My PSP Files
2014-02-19 16:37 - 2013-09-24 18:31 - 00000000 ____D () C:\ProgramData\Skype
2014-02-19 12:39 - 2013-09-12 14:22 - 00000000 ___RD () C:\Users\bauk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-19 11:31 - 2014-02-19 11:31 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Malwarebytes
2014-02-19 11:30 - 2014-02-19 11:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300 (2).exe
2014-02-19 11:30 - 2014-02-19 11:30 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-19 11:30 - 2014-02-19 11:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 11:30 - 2014-02-19 11:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 11:28 - 2014-02-19 11:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-19 11:28 - 2014-02-19 11:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\bauk\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-02-19 02:36 - 2014-02-19 02:36 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140219-023652.backup
2014-02-19 02:03 - 2014-02-19 02:03 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\wincrt
2014-02-19 00:59 - 2014-02-14 12:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-17 20:22 - 2010-11-21 07:50 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-02-17 20:22 - 2010-11-21 07:50 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-02-17 20:22 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-16 13:50 - 2014-02-16 13:50 - 00001129 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Opera Software
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Users\bauk\AppData\Local\Opera Software
2014-02-16 13:50 - 2014-02-16 13:50 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-02-16 12:12 - 2013-12-03 23:27 - 00019232 _____ () C:\Windows\IE11_main.log
2014-02-16 12:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-16 12:07 - 2014-02-16 12:07 - 63320784 _____ (Microsoft Corporation) C:\Users\bauk\Downloads\IE11-Windows6.1-x64-de-de.exe
2014-02-15 17:42 - 2013-09-12 15:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 17:41 - 2013-09-12 15:30 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-15 17:40 - 2013-09-12 17:57 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-15 14:39 - 2014-01-16 18:38 - 00000000 ____D () C:\Users\bauk\Documents\FS Flight Keeper
2014-02-14 12:33 - 2014-02-14 12:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-14 12:29 - 2014-02-14 12:29 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-02-14 12:29 - 2014-02-14 12:29 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-14 12:28 - 2014-02-14 12:28 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\bauk\Desktop\spybot-2.2.exe
2014-02-14 12:24 - 2014-02-14 12:24 - 00003118 _____ () C:\Windows\System32\Tasks\{4C825E27-1EB4-45B7-8396-AA595B2A39FF}
2014-02-14 12:21 - 2014-02-14 12:21 - 00388608 _____ (Trend Micro Inc.) C:\Users\bauk\Desktop\HiJackThis204.exe
2014-02-14 11:38 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-14 00:38 - 2013-12-19 12:38 - 00000154 _____ () C:\Users\bauk\AppData\Roaming\WB.CFG
2014-02-13 15:32 - 2014-02-13 15:10 - 00000000 ____D () C:\Users\bauk\AppData\Roaming\Azureus
2014-02-13 15:31 - 2014-01-13 03:45 - 00000000 ____D () C:\Program Files\Sinvise Systems
2014-02-13 15:31 - 2013-12-08 01:12 - 00000000 ____D () C:\Program Files\Google
2014-02-13 15:31 - 2013-09-18 18:11 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-13 15:31 - 2013-09-12 22:13 - 00000000 ____D () C:\Program Files\HP
2014-02-13 15:31 - 2013-09-12 18:59 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-13 15:31 - 2013-09-12 18:48 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-13 15:31 - 2013-09-12 15:13 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-13 15:31 - 2010-11-21 08:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\MSBuild
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-02-13 15:31 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-02-13 15:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-02-13 15:30 - 2014-02-13 15:30 - 07423976 _____ () C:\Users\bauk\Desktop\x264_jan.zip
2014-02-13 15:10 - 2014-02-13 15:10 - 00000000 ____D () C:\ProgramData\Azureus
2014-02-12 19:34 - 2013-11-13 19:49 - 00098648 _____ () C:\Windows\DPINST.LOG
2014-02-11 17:46 - 2013-09-24 19:59 - 00008704 _____ () C:\Users\bauk\Desktop\Liga.xls
2014-02-10 23:00 - 2013-09-12 17:43 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-10 23:00 - 2013-09-12 17:43 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-06 14:05 - 2013-07-01 19:12 - 00000000 ____D () C:\Users\bauk\Desktop\Neuer Ordner (4)
2014-02-06 13:16 - 2014-02-12 15:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 15:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 15:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 15:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 15:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 15:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 15:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 15:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-12 15:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-12 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 15:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 15:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 15:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 15:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 15:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 15:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 15:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 15:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 15:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 15:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 15:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 15:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 15:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-12 15:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-12 15:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 15:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 15:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 15:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 15:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 15:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 15:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 15:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 15:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 15:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 15:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 15:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 15:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 15:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-03 14:36 - 2013-09-13 13:03 - 00000000 ____D () C:\Users\bauk\Documents\Flight Simulator-Dateien
2014-02-03 14:33 - 2014-01-25 14:09 - 00000000 ____D () C:\Users\bauk\AppData\Local\FS Flight Keeper
2014-02-02 20:04 - 2013-09-25 15:16 - 00000110 _____ () C:\Windows\AISmooth.INI
2014-02-02 17:01 - 2013-09-12 16:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information


Some content of TEMP:
====================
C:\Users\bauk\AppData\Local\Temp\avgnt.exe
C:\Users\bauk\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 16:45

==================== End Of Log ============================

--- --- ---

--- --- ---

bauk77 · 03.03.2014, 11:43

Hallo, sieht ganz gut aus.

Hast du eine idee zu dem regsvr fehler?
Ich hänge mal einen screenshot an.

lg

schrauber · 04.03.2014, 09:42

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [YpvsPack] - regsvr32.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Sollte weg sein

bauk77 · 04.03.2014, 12:35

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2014 02
Ran by bauk at 2014-03-04 12:33:58 Run:2
Running from C:\Users\bauk\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3804239024-788253240-2279899610-1001\...\Run: [YpvsPack] - regsvr32.exe
*****************

HKU\S-1-5-21-3804239024-788253240-2279899610-1001\Software\Microsoft\Windows\CurrentVersion\Run\\YpvsPack => Value deleted successfully.

==== End of Fixlog ====

schrauber · 05.03.2014, 12:14

Ist die Meldung weg?

05.03.2014, 12:14	#15
schrauber /// the machine /// TB-Ausbilder	regsvr32 Fehler und einige Funde Ist die Meldung weg? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

regsvr32 Fehler und einige Funde

Log-Analyse und Auswertung: regsvr32 Fehler und einige Funde