|
Plagegeister aller Art und deren Bekämpfung: PC kürzlich bereinigt und schon wieder MalwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.03.2014, 00:08 | #1 |
| PC kürzlich bereinigt und schon wieder Malware Hallo, erst vor kurzer Zeit wurde der PC von Schrauber bereinigt und jetzt habe ich mir wieder Malware eingefangen. Obwohl ich alle Ratschläge von Schrauber befolgt habe, hat sich etwas auf dem Computer eingenistet. Ich habe keine Ahnung, wie das passieren konnte. Da ich regelmäßig den Computer scanne, hatte Search & Destroy Alarm geschlagen. Avast hat nichts gefunden. Search & Destroy: Code:
ATTFilter Search results from Spybot - Search & Destroy 28.03.2014 23:46:47 Scan took 00:26:09. 11 items found. Somoto.BetterInstaller: [SBI $B8A7F4F7] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp Somoto.BetterInstaller: [SBI $B8A7F4F7] Root class (Registry Key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-21-5302519-908166271-969323471-1002\Software\Microsoft\DirectInput\MostRecentApplication\Name MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done) HKEY_USERS\S-1-5-21-5302519-908166271-969323471-1002\Software\Microsoft\DirectInput\MostRecentApplication\Id Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-5302519-908166271-969323471-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-5302519-908166271-969323471-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Cookie: [SBI $49804B54] Browser: Cookie (3) (Browser: Cookie, nothing done) Cache: [SBI $49804B54] Browser: Cache (50) (Browser: Cache, nothing done) Verlauf: [SBI $49804B54] Browser: History (10) (Browser: History, nothing done) --- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) --- 2013-09-20 blindman.exe (2.2.18.151) 2013-09-20 explorer.exe (2.2.18.177) 2013-09-20 SDBootCD.exe (2.2.18.109) 2013-09-20 SDCleaner.exe (2.2.18.110) 2013-09-20 SDDelFile.exe (2.2.18.94) 2013-06-18 SDDisableProxy.exe 2013-09-20 SDFiles.exe (2.2.18.135) 2013-09-20 SDFileScanHelper.exe (2.2.16.1) 2013-10-15 SDFSSvc.exe (2.2.25.211) 2013-10-10 SDHookHelper.exe (2.3.30.2) 2013-10-10 SDHookInst32.exe (2.3.30.2) 2013-10-10 SDHookInst64.exe (2.3.30.2) 2013-09-20 SDImmunize.exe (2.2.18.130) 2013-05-16 SDLogReport.exe (2.1.18.107) 2013-10-14 SDOnAccess.exe (2.2.25.4) 2013-09-20 SDPESetup.exe (2.2.18.3) 2013-09-20 SDPEStart.exe (2.2.18.86) 2013-09-20 SDPhoneScan.exe (2.2.18.28) 2013-09-20 SDPRE.exe (2.2.18.22) 2013-09-20 SDPrepPos.exe (2.2.18.10) 2013-09-20 SDQuarantine.exe (2.2.18.103) 2013-09-20 SDRootAlyzer.exe (2.2.18.116) 2013-09-20 SDSBIEdit.exe (2.2.18.39) 2013-09-20 SDScan.exe (2.2.18.177) 2013-09-20 SDScript.exe (2.2.18.53) 2013-10-15 SDSettings.exe (2.2.25.138) 2013-09-20 SDShell.exe (2.2.18.2) 2013-09-20 SDShred.exe (2.2.18.107) 2013-09-20 SDSysRepair.exe (2.2.18.101) 2013-09-20 SDTools.exe (2.2.18.150) 2013-07-25 SDTray.exe (2.1.21.129) 2013-09-20 SDUpdate.exe (2.2.18.91) 2013-09-20 SDUpdSvc.exe (2.2.18.76) 2013-09-20 SDWelcome.exe (2.2.21.129) 2013-09-13 SDWSCSvc.exe (2.2.22.2) 2013-06-19 spybotsd2-translation-frx.exe 2014-03-11 unins000.exe (51.1052.0.0) 1999-12-02 xcacls.exe 2012-08-23 borlndmm.dll (10.0.2288.42451) 2012-09-05 DelZip190.dll (1.9.0.107) 2012-09-10 libeay32.dll (1.0.0.4) 2012-09-10 libssl32.dll (1.0.0.4) 2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98) 2013-05-16 SDAV.dll 2013-05-16 SDECon32.dll (2.1.18.113) 2013-05-16 SDECon64.dll (2.1.18.113) 2013-04-05 SDEvents.dll (2.1.16.2) 2013-10-14 SDFileScanLibrary.dll (2.2.25.14) 2013-10-10 SDHook32.dll (2.3.30.2) 2013-10-10 SDHook64.dll (2.3.30.2) 2013-05-16 SDImmunizeLibrary.dll (2.1.18.2) 2013-05-16 SDLicense.dll (2.1.18.0) 2013-05-16 SDLists.dll (2.1.18.4) 2013-05-16 SDResources.dll (2.1.18.7) 2013-05-16 SDScanLibrary.dll (2.1.18.131) 2013-05-16 SDTasks.dll (2.1.18.15) 2013-05-16 SDWinLogon.dll (2.1.18.0) 2012-08-23 sqlite3.dll 2012-09-10 ssleay32.dll (1.0.0.4) 2013-05-16 Tools.dll (2.1.18.36) 2014-03-05 Includes\Adware-000.sbi (*) 2014-01-08 Includes\Adware-001.sbi (*) 2014-03-26 Includes\Adware-C.sbi (*) 2014-01-13 Includes\Adware.sbi (*) 2014-01-13 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2014-01-08 Includes\Dialer-000.sbi (*) 2014-01-08 Includes\Dialer-001.sbi (*) 2014-01-08 Includes\Dialer-C.sbi (*) 2014-01-13 Includes\Dialer.sbi (*) 2014-01-13 Includes\DialerC.sbi (*) 2012-11-14 Includes\HeavyDuty.sbi (*) 2014-01-08 Includes\Hijackers-000.sbi (*) 2014-01-08 Includes\Hijackers-001.sbi (*) 2014-01-08 Includes\Hijackers-C.sbi (*) 2014-01-13 Includes\Hijackers.sbi (*) 2014-01-13 Includes\HijackersC.sbi (*) 2014-01-08 Includes\iPhone-000.sbi (*) 2014-01-08 Includes\iPhone.sbi (*) 2014-01-08 Includes\Keyloggers-000.sbi (*) 2014-03-19 Includes\Keyloggers-C.sbi (*) 2014-01-13 Includes\Keyloggers.sbi (*) 2014-01-13 Includes\KeyloggersC.sbi (*) 2014-01-09 Includes\Malware-001.sbi (*) 2014-01-09 Includes\Malware-002.sbi (*) 2014-02-05 Includes\Malware-003.sbi (*) 2014-01-28 Includes\Malware-004.sbi (*) 2014-01-09 Includes\Malware-005.sbi (*) 2014-02-26 Includes\Malware-006.sbi (*) 2014-01-09 Includes\Malware-007.sbi (*) 2014-03-19 Includes\Malware-C.sbi (*) 2014-01-13 Includes\Malware.sbi (*) 2013-12-23 Includes\MalwareC.sbi (*) 2014-01-15 Includes\PUPS-000.sbi (*) 2014-01-15 Includes\PUPS-001.sbi (*) 2014-01-15 Includes\PUPS-002.sbi (*) 2014-03-26 Includes\PUPS-C.sbi (*) 2012-11-14 Includes\PUPS.sbi (*) 2014-01-07 Includes\PUPSC.sbi (*) 2014-01-08 Includes\Security-000.sbi (*) 2014-01-08 Includes\Security-C.sbi (*) 2014-01-21 Includes\Security.sbi (*) 2014-01-21 Includes\SecurityC.sbi (*) 2014-01-08 Includes\Spyware-000.sbi (*) 2014-01-08 Includes\Spyware-001.sbi (*) 2014-01-08 Includes\Spyware-C.sbi (*) 2014-01-21 Includes\Spyware.sbi (*) 2014-01-21 Includes\SpywareC.sbi (*) 2011-06-07 Includes\Tracks.sbi (*) 2012-11-19 Includes\Tracks.uti (*) 2014-01-15 Includes\Trojans-000.sbi (*) 2014-01-15 Includes\Trojans-001.sbi (*) 2014-01-15 Includes\Trojans-002.sbi (*) 2014-01-15 Includes\Trojans-003.sbi (*) 2014-01-15 Includes\Trojans-004.sbi (*) 2014-03-19 Includes\Trojans-005.sbi (*) 2014-01-15 Includes\Trojans-006.sbi (*) 2014-01-15 Includes\Trojans-007.sbi (*) 2014-01-15 Includes\Trojans-008.sbi (*) 2014-01-15 Includes\Trojans-009.sbi (*) 2014-03-26 Includes\Trojans-C.sbi (*) 2014-01-15 Includes\Trojans-OG-000.sbi (*) 2014-01-15 Includes\Trojans-TD-000.sbi (*) 2014-01-15 Includes\Trojans-VM-000.sbi (*) 2014-01-15 Includes\Trojans-VM-001.sbi (*) 2014-01-15 Includes\Trojans-VM-002.sbi (*) 2014-01-15 Includes\Trojans-VM-003.sbi (*) 2014-01-15 Includes\Trojans-VM-004.sbi (*) 2014-01-15 Includes\Trojans-VM-005.sbi (*) 2014-01-15 Includes\Trojans-VM-006.sbi (*) 2014-01-15 Includes\Trojans-VM-007.sbi (*) 2014-01-15 Includes\Trojans-VM-008.sbi (*) 2014-01-15 Includes\Trojans-VM-009.sbi (*) 2014-01-15 Includes\Trojans-VM-010.sbi (*) 2014-01-15 Includes\Trojans-VM-011.sbi (*) 2014-01-15 Includes\Trojans-VM-012.sbi (*) 2014-01-15 Includes\Trojans-VM-013.sbi (*) 2014-01-15 Includes\Trojans-VM-014.sbi (*) 2014-01-15 Includes\Trojans-VM-015.sbi (*) 2014-01-15 Includes\Trojans-VM-016.sbi (*) 2014-01-15 Includes\Trojans-VM-017.sbi (*) 2014-01-15 Includes\Trojans-VM-018.sbi (*) 2014-01-15 Includes\Trojans-VM-019.sbi (*) 2014-01-15 Includes\Trojans-VM-020.sbi (*) 2014-01-15 Includes\Trojans-VM-021.sbi (*) 2014-01-15 Includes\Trojans-VM-022.sbi (*) 2014-01-15 Includes\Trojans-VM-023.sbi (*) 2014-01-15 Includes\Trojans-VM-024.sbi (*) 2014-01-15 Includes\Trojans-ZB-000.sbi (*) 2014-01-15 Includes\Trojans-ZL-000.sbi (*) 2014-01-09 Includes\Trojans.sbi (*) 2014-01-16 Includes\TrojansC-01.sbi (*) 2014-01-16 Includes\TrojansC-02.sbi (*) 2014-01-16 Includes\TrojansC-03.sbi (*) 2014-01-16 Includes\TrojansC-04.sbi (*) 2014-01-16 Includes\TrojansC-05.sbi (*) 2014-01-09 Includes\TrojansC.sbi (*) Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by irmhov1 (administrator) on IRMHOV on 28-03-2014 23:57:49 Running from C:\Users\irmhov1\Desktop Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Microsoft Corporation) C:\Windows\system32\dashost.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (PC Drivers Headquarters) C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Microsoft Corporation) C:\Windows\system32\prevhost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor) HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] () HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-27] (AVAST Software) HKLM-x32\...\Run: [Ulead AutoDetector v2] - C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-5302519-908166271-969323471-1002\...\Run: [Driver Restore] - C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [3988856 2013-09-19] (PC Drivers Headquarters) HKU\S-1-5-21-5302519-908166271-969323471-1002\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-5302519-908166271-969323471-1002\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [527936 2014-03-17] (BillP Studios) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com SearchScopes: HKCU - {FE288B81-F739-409D-8A64-81FB9F33CE22} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt FireFox: ======== FF ProfilePath: C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default FF DefaultSearchEngine: Ixquick HTTPS - Deutsch FF SelectedSearchEngine: Ixquick HTTPS - Deutsch FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF SearchPlugin: C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\searchplugins\ixquick-https---deutsch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WOT - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-03-11] FF Extension: NoScript - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-11] FF Extension: Adblock Plus - C:\Users\irmhov1\AppData\Roaming\Mozilla\Firefox\Profiles\gxnjo8ee.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-11] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-27] Chrome: ======= CHR RestoreOnStartup: "hxxp://www.google.com/" CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-27] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-27] (AVAST Software) R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink) R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-27] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-27] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-27] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-27] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-27] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-27] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-27] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation ) R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation ) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-28 23:57 - 2014-03-28 23:57 - 00011650 _____ () C:\Users\irmhov1\Desktop\FRST.txt 2014-03-28 21:49 - 2014-03-28 21:49 - 02157056 _____ (Farbar) C:\Users\irmhov1\Desktop\FRST64.exe 2014-03-28 19:56 - 2012-07-26 06:26 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140328-195615.backup 2014-03-28 19:06 - 2014-03-28 19:06 - 04864896 _____ (Gougelet Pierre-e ) C:\Users\irmhov1\Downloads\XnView-win.exe 2014-03-28 19:04 - 2014-03-28 19:05 - 31429160 _____ (Any-Video-Converter.com ) C:\Users\irmhov1\Downloads\avc-free.exe 2014-03-28 19:04 - 2014-03-28 19:04 - 11617048 _____ () C:\Users\irmhov1\Downloads\YTD471Setup.exe 2014-03-28 18:44 - 2014-03-28 22:40 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-03-28 16:24 - 2014-03-28 16:24 - 00000000 _____ () C:\Users\irmhov1\Sti_Trace.log 2014-03-27 23:37 - 2014-03-28 18:43 - 00000204 _____ () C:\Windows\ulead32.ini 2014-03-27 23:33 - 2014-03-27 23:33 - 00000000 ____D () C:\Program Files (x86)\Ulead Systems 2014-03-27 23:33 - 1995-10-27 04:55 - 00087328 ____N (Twain Working Group) C:\Windows\TWAIN.DLL 2014-03-27 23:33 - 1995-09-15 02:51 - 00069632 ____N (Twain Working Group) C:\Windows\TWUNK_32.EXE 2014-03-27 23:33 - 1995-09-15 02:51 - 00048560 ____N (Twain Working Group) C:\Windows\TWUNK_16.EXE 2014-03-27 23:21 - 2014-03-27 23:21 - 00000000 ____D () C:\Windows\de 2014-03-27 23:20 - 2014-03-27 23:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-03-27 22:47 - 2014-03-27 23:29 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Windows Live 2014-03-27 22:47 - 2014-03-27 22:47 - 00000000 ___RD () C:\Users\irmhov1\OneDrive 2014-03-27 22:47 - 2014-03-27 22:47 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive 2014-03-27 22:47 - 2014-03-27 22:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive 2014-03-27 22:45 - 2014-03-27 22:45 - 01245376 _____ (Microsoft Corporation) C:\Users\irmhov1\Downloads\wlsetup-web.exe 2014-03-27 21:55 - 2014-03-27 21:55 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Ulead Systems 2014-03-27 21:49 - 2014-03-27 21:52 - 00000000 ____D () C:\ProgramData\Ulead Systems 2014-03-27 21:49 - 2014-03-27 21:49 - 00000000 ____D () C:\Program Files (x86)\Corel 2014-03-27 21:29 - 2014-03-27 21:29 - 00000000 ____D () C:\Users\Public\Documents\Poser 9 Content 2014-03-27 20:35 - 2014-03-27 20:35 - 15948351 _____ () C:\Users\irmhov1\Downloads\wings-x64-1.5.2.exe 2014-03-27 20:27 - 2014-03-27 20:27 - 05290664 _____ (Canneverbe Limited ) C:\Users\irmhov1\Downloads\cdbxp_setup_4.5.3.4643.exe 2014-03-27 20:23 - 2014-03-27 20:23 - 01950720 _____ () C:\Users\irmhov1\Downloads\adwcleaner.exe 2014-03-27 20:19 - 2014-03-27 20:19 - 01110476 _____ () C:\Users\irmhov1\Downloads\7z920.exe 2014-03-27 20:11 - 2014-03-28 22:40 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-03-27 20:11 - 2014-03-27 20:11 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-03-27 20:11 - 2014-03-27 20:11 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-03-27 20:11 - 2014-03-27 20:11 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-03-27 20:11 - 2014-03-27 20:11 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-03-27 20:11 - 2014-03-27 20:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-03-27 20:11 - 2014-03-27 20:11 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-03-27 20:11 - 2014-03-27 20:11 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-03-27 20:11 - 2014-03-27 20:11 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-03-27 20:11 - 2014-03-27 20:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-27 20:11 - 2014-03-27 20:11 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVAST Software 2014-03-27 20:11 - 2014-03-27 20:11 - 00000000 ____D () C:\Program Files\AVAST Software 2014-03-27 19:53 - 2014-03-27 19:54 - 88551496 _____ (AVAST Software) C:\Users\irmhov1\Downloads\avast_free_antivirus_setup_9.0.2016.exe 2014-03-27 17:59 - 2014-03-27 18:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-27 17:58 - 2014-03-27 17:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-27 17:58 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-27 17:58 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-27 17:54 - 2014-03-27 17:55 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\irmhov1\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-26 17:01 - 2014-03-26 17:00 - 00700980 _____ () C:\Users\irmhov1\Downloads\adblock_edge-2.0.7-sm+an+tb+fx-windows.xpi 2014-03-26 16:58 - 2014-03-26 16:58 - 00526323 _____ () C:\Users\irmhov1\Downloads\web_of_trust_wot-20131118-fx.zip 2014-03-26 16:54 - 2014-03-26 16:54 - 00536595 _____ () C:\Users\irmhov1\Downloads\noscript-2.6.8.18.zip 2014-03-26 12:52 - 2014-03-26 13:03 - 00000000 ____D () C:\AdwCleaner 2014-03-26 09:47 - 2014-03-26 09:47 - 24361353 _____ () C:\Users\irmhov1\Downloads\MicrosoftSecurityEssentials-4.4.zip 2014-03-25 23:15 - 2014-03-27 20:31 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2014-03-25 23:15 - 2014-03-25 23:15 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Canneverbe Limited 2014-03-25 23:15 - 2014-03-25 23:15 - 00000000 ____D () C:\ProgramData\Canneverbe Limited 2014-03-25 21:43 - 2014-03-25 21:43 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Wings3D 2014-03-25 21:40 - 2014-03-27 20:39 - 00000000 ____D () C:\Program Files\wings3d_1.5.2 2014-03-25 21:20 - 2014-03-25 21:20 - 00000000 ____D () C:\ProgramData\Poser 2014-03-25 21:14 - 2014-03-25 21:14 - 00000000 ____D () C:\Users\irmhov1\Documents\Poser 9 Content 2014-03-25 20:51 - 2014-03-25 20:51 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Poser 2014-03-25 20:41 - 2014-03-27 21:29 - 00000000 ____D () C:\Users\irmhov1\Documents\Progis 2014-03-25 20:23 - 2014-03-25 20:23 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services 2014-03-25 20:23 - 2014-03-25 20:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2014-03-25 19:25 - 2014-03-25 19:25 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework 2014-03-24 22:48 - 2014-03-24 22:48 - 07131335 _____ () C:\Users\irmhov1\Downloads\XnView-win.zip 2014-03-24 21:54 - 2014-03-27 20:24 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-03-23 20:29 - 2014-03-23 20:29 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-23 20:27 - 2014-03-23 20:29 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Adobe 2014-03-23 12:35 - 2014-03-23 13:03 - 00000000 ____D () C:\Users\irmhov1\Desktop\Daten_irmhov 2014-03-21 20:42 - 2014-03-21 20:42 - 00000000 ____D () C:\Users\irmhov1\Documents\Tools 2014-03-21 20:16 - 2014-03-27 17:44 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-21 20:16 - 2014-03-23 20:10 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-03-21 20:16 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX 2014-03-21 20:16 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL 2014-03-21 19:56 - 2014-03-27 17:41 - 00000000 ____D () C:\ProgramData\InstallMate 2014-03-21 19:56 - 2014-03-21 19:56 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\WinPatrol 2014-03-21 19:56 - 2014-03-21 19:56 - 00000000 ____D () C:\Program Files (x86)\BillP Studios 2014-03-21 19:27 - 2014-03-21 19:27 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Avg2014 2014-03-21 17:33 - 2014-03-28 23:57 - 00000000 ____D () C:\FRST 2014-03-21 16:32 - 2014-03-21 16:32 - 01066536 _____ (BillP Studios) C:\Users\irmhov1\Downloads\wpsetup.exe 2014-03-21 16:10 - 2014-03-21 16:10 - 04095448 _____ (BrightFort LLC ) C:\Users\irmhov1\Downloads\spywareblastersetup50.exe 2014-03-21 16:07 - 2014-03-21 16:07 - 00448512 _____ (OldTimer Tools) C:\Users\irmhov1\Downloads\TFC.exe 2014-03-21 10:03 - 2014-03-21 10:03 - 00000241 _____ () C:\Windows\Brpfx04a.ini 2014-03-21 10:03 - 2014-03-21 10:03 - 00000093 _____ () C:\Windows\brpcfx.ini 2014-03-21 10:02 - 2014-03-21 10:02 - 00000050 _____ () C:\Windows\system32\bridf08b.dat 2014-03-21 10:01 - 2014-03-21 10:01 - 00000000 ____D () C:\Program Files (x86)\Brother 2014-03-21 10:01 - 2008-10-17 20:04 - 00179712 ____N (Brother Industries, Ltd.) C:\Windows\system32\BrfxDA5b.dll 2014-03-21 10:01 - 2008-06-17 15:33 - 00167936 ____N (brother) C:\Windows\SysWOW64\NSSearch.dll 2014-03-21 10:01 - 2007-12-13 22:16 - 00073728 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2.dll 2014-03-21 10:01 - 2007-12-13 22:16 - 00005632 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2L.dll 2014-03-21 10:01 - 2007-12-13 22:16 - 00003072 ____N (Brother Industries Ltd.) C:\Windows\SysWOW64\BrDctF2S.dll 2014-03-21 10:01 - 2006-12-28 13:39 - 00176128 ____N (Brother Industries, Ltd.) C:\Windows\SysWOW64\BroSNMP.dll 2014-03-21 10:01 - 2003-11-28 18:57 - 00000000 _____ () C:\Windows\brdfxspd.dat 2014-03-21 10:00 - 2014-03-21 10:00 - 00000000 ____D () C:\Users\irmhov1\Downloads\mflpro 2014-03-21 10:00 - 2014-03-21 10:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\InstallShield 2014-03-21 09:59 - 2014-03-21 10:00 - 45949032 _____ (A.I.SOFT,INC.) C:\Users\irmhov1\Downloads\MFC-250C-inst-win8-A1.EXE 2014-03-21 09:51 - 2014-03-21 09:51 - 00000000 ____D () C:\ProgramData\Brother 2014-03-20 21:26 - 2014-03-20 21:27 - 53904525 _____ () C:\Users\irmhov1\Downloads\blender-2.70-windows64.exe 2014-03-20 19:25 - 2014-03-21 07:17 - 00000000 ____D () C:\Users\irmhov1\Downloads\Drucker_Treiber_Win 8 2014-03-20 19:10 - 2014-03-20 19:10 - 00000000 ____D () C:\Program Files (x86)\Lenovo 2014-03-19 00:22 - 2014-03-19 00:22 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-19 00:22 - 2014-03-19 00:22 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Skype 2014-03-18 23:57 - 2014-03-18 23:57 - 21987424 _____ (Mozilla) C:\Users\irmhov1\Downloads\Thunderbird Setup 24.4.0.exe 2014-03-16 19:30 - 2014-03-16 19:30 - 00000000 ___RD () C:\Users\irmhov1\AppData\Roaming\Brother 2014-03-15 23:11 - 2014-03-19 11:04 - 00000000 ____D () C:\Windows\ERUNT 2014-03-14 15:09 - 2014-03-28 18:41 - 00429392 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-13 13:29 - 2014-02-23 09:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 13:29 - 2014-02-23 09:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 13:29 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 13:29 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 13:29 - 2013-10-25 08:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-03-13 13:29 - 2013-10-24 23:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-03-13 13:28 - 2014-02-23 09:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 13:28 - 2014-02-23 09:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 13:28 - 2014-02-23 09:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-03-13 13:28 - 2014-02-23 09:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-03-13 13:28 - 2014-02-23 09:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 13:28 - 2014-02-23 09:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 13:28 - 2014-02-23 09:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 13:28 - 2014-02-23 09:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 13:28 - 2014-02-23 09:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 13:28 - 2014-02-23 09:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-13 13:28 - 2014-02-23 09:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-03-13 13:28 - 2014-02-23 09:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 13:28 - 2014-02-23 09:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 13:28 - 2014-02-23 09:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 13:28 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 13:28 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 13:28 - 2014-02-23 07:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-03-13 13:28 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 13:28 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 13:28 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-03-13 13:28 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 13:28 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 13:28 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-03-13 13:28 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 13:28 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 13:28 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 13:28 - 2014-02-23 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 13:28 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 13:28 - 2014-02-23 05:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-03-13 13:28 - 2014-02-08 05:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 13:28 - 2013-12-07 07:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-03-13 13:28 - 2013-12-07 06:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-03-13 13:27 - 2014-02-06 00:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 13:27 - 2014-02-06 00:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 13:27 - 2014-01-31 01:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-13 13:27 - 2014-01-31 01:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-12 15:56 - 2014-03-27 17:59 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Malwarebytes 2014-03-12 15:55 - 2014-03-27 17:59 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-12 15:55 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\TuneUp Software 2014-03-12 11:42 - 2014-03-21 19:27 - 00000000 ____D () C:\ProgramData\MFAData 2014-03-12 11:42 - 2014-03-12 11:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\MFAData 2014-03-11 19:04 - 2014-03-28 19:53 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-03-11 19:04 - 2014-03-11 19:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-03-11 19:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2014-03-11 19:02 - 2014-03-11 19:02 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\irmhov1\Downloads\spybot-2.2.exe 2014-03-11 18:47 - 2014-03-11 18:47 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Downloaded Installations 2014-03-11 15:02 - 2014-03-27 21:55 - 00000000 ____D () C:\Users\irmhov1\Desktop\Verknüpfungen 2014-03-11 14:12 - 2014-03-11 14:12 - 00002708 _____ () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Restore.lnk 2014-03-11 13:36 - 2014-03-11 13:36 - 02002656 _____ (Driver Restore) C:\Users\irmhov1\Downloads\DriverRestore.exe 2014-03-11 11:39 - 2014-03-11 11:39 - 24490112 _____ (Mozilla) C:\Users\irmhov1\Downloads\Firefox_Setup_27.0.1.exe 2014-03-11 00:44 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-03-11 00:44 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-03-11 00:44 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-03-11 00:44 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-03-11 00:44 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-03-11 00:44 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-03-11 00:44 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-03-11 00:44 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-03-11 00:41 - 2014-03-21 10:02 - 00000425 _____ () C:\Windows\BRWMARK.INI 2014-03-11 00:41 - 2014-03-21 10:02 - 00000027 _____ () C:\Windows\BRPP2KA.INI 2014-03-09 23:07 - 2014-03-09 23:07 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Macromedia 2014-03-09 21:19 - 2014-03-24 20:10 - 00000000 ____D () C:\Users\irmhov1\dwhelper 2014-03-09 20:03 - 2014-03-26 23:36 - 00000000 ____D () C:\Users\irmhov1\Documents\Loads 2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Mozilla 2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Mozilla 2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\ProgramData\Mozilla 2014-03-09 17:58 - 2014-03-09 17:58 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Google 2014-03-09 17:15 - 2014-03-09 17:15 - 00000000 ____D () C:\ProgramData\Google 2014-03-09 11:01 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-03-09 11:01 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-09 11:01 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-03-09 11:01 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-03-09 11:01 - 2013-11-27 01:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml 2014-03-09 11:01 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2014-03-09 11:01 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-03-09 11:00 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-03-09 11:00 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-03-09 11:00 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll 2014-03-09 11:00 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll 2014-03-09 11:00 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll 2014-03-09 11:00 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys 2014-03-09 11:00 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2014-03-09 11:00 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2014-03-09 11:00 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys 2014-03-09 11:00 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2014-03-09 11:00 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2014-03-09 11:00 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2014-03-09 11:00 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll ==================== One Month Modified Files and Folders ======= 2014-03-28 23:57 - 2014-03-28 23:57 - 00011650 _____ () C:\Users\irmhov1\Desktop\FRST.txt 2014-03-28 23:57 - 2014-03-21 17:33 - 00000000 ____D () C:\FRST 2014-03-28 23:35 - 2013-03-27 17:18 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Skype 2014-03-28 23:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru 2014-03-28 22:41 - 2013-06-27 19:16 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Google 2014-03-28 22:41 - 2013-06-27 19:16 - 00000000 ____D () C:\Program Files (x86)\Google 2014-03-28 22:40 - 2014-03-28 18:44 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-03-28 22:40 - 2014-03-27 20:11 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-03-28 22:40 - 2012-11-08 14:34 - 00751892 _____ () C:\Windows\system32\perfh007.dat 2014-03-28 22:40 - 2012-11-08 14:34 - 00155620 _____ () C:\Windows\system32\perfc007.dat 2014-03-28 22:40 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-28 22:39 - 2013-02-19 11:49 - 00003588 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-5302519-908166271-969323471-1002 2014-03-28 22:34 - 2014-01-26 16:01 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-03-28 22:34 - 2013-02-22 18:23 - 00000288 _____ () C:\Windows\Tasks\AutoKMS.job 2014-03-28 22:34 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-28 21:49 - 2014-03-28 21:49 - 02157056 _____ (Farbar) C:\Users\irmhov1\Desktop\FRST64.exe 2014-03-28 21:12 - 2013-02-19 11:42 - 00000000 ____D () C:\Users\irmhov1 2014-03-28 19:53 - 2014-03-11 19:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-03-28 19:06 - 2014-03-28 19:06 - 04864896 _____ (Gougelet Pierre-e ) C:\Users\irmhov1\Downloads\XnView-win.exe 2014-03-28 19:05 - 2014-03-28 19:04 - 31429160 _____ (Any-Video-Converter.com ) C:\Users\irmhov1\Downloads\avc-free.exe 2014-03-28 19:04 - 2014-03-28 19:04 - 11617048 _____ () C:\Users\irmhov1\Downloads\YTD471Setup.exe 2014-03-28 18:43 - 2014-03-27 23:37 - 00000204 _____ () C:\Windows\ulead32.ini 2014-03-28 18:41 - 2014-03-14 15:09 - 00429392 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-28 18:07 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\registration 2014-03-28 17:58 - 2013-02-19 11:42 - 01496093 _____ () C:\Windows\WindowsUpdate.log 2014-03-28 16:33 - 2013-02-23 10:03 - 00000000 ____D () C:\Users\irmhov1\Documents\Outlook-Dateien 2014-03-28 16:24 - 2014-03-28 16:24 - 00000000 _____ () C:\Users\irmhov1\Sti_Trace.log 2014-03-28 09:30 - 2012-11-08 13:51 - 01492356 _____ () C:\Windows\PFRO.log 2014-03-27 23:39 - 2013-02-19 11:43 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\VirtualStore 2014-03-27 23:33 - 2014-03-27 23:33 - 00000000 ____D () C:\Program Files (x86)\Ulead Systems 2014-03-27 23:33 - 2012-11-09 09:22 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-27 23:29 - 2014-03-27 22:47 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Windows Live 2014-03-27 23:21 - 2014-03-27 23:21 - 00000000 ____D () C:\Windows\de 2014-03-27 23:20 - 2014-03-27 23:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-03-27 23:20 - 2012-11-09 10:08 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-03-27 23:19 - 2012-11-09 10:07 - 00001726 _____ () C:\Windows\DirectX.log 2014-03-27 23:02 - 2013-02-22 17:42 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-27 23:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-03-27 22:47 - 2014-03-27 22:47 - 00000000 ___RD () C:\Users\irmhov1\OneDrive 2014-03-27 22:47 - 2014-03-27 22:47 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive 2014-03-27 22:47 - 2014-03-27 22:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive 2014-03-27 22:45 - 2014-03-27 22:45 - 01245376 _____ (Microsoft Corporation) C:\Users\irmhov1\Downloads\wlsetup-web.exe 2014-03-27 21:55 - 2014-03-27 21:55 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Ulead Systems 2014-03-27 21:55 - 2014-03-11 15:02 - 00000000 ____D () C:\Users\irmhov1\Desktop\Verknüpfungen 2014-03-27 21:52 - 2014-03-27 21:49 - 00000000 ____D () C:\ProgramData\Ulead Systems 2014-03-27 21:49 - 2014-03-27 21:49 - 00000000 ____D () C:\Program Files (x86)\Corel 2014-03-27 21:29 - 2014-03-27 21:29 - 00000000 ____D () C:\Users\Public\Documents\Poser 9 Content 2014-03-27 21:29 - 2014-03-25 20:41 - 00000000 ____D () C:\Users\irmhov1\Documents\Progis 2014-03-27 20:39 - 2014-03-25 21:40 - 00000000 ____D () C:\Program Files\wings3d_1.5.2 2014-03-27 20:35 - 2014-03-27 20:35 - 15948351 _____ () C:\Users\irmhov1\Downloads\wings-x64-1.5.2.exe 2014-03-27 20:33 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-03-27 20:31 - 2014-03-25 23:15 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP 2014-03-27 20:27 - 2014-03-27 20:27 - 05290664 _____ (Canneverbe Limited ) C:\Users\irmhov1\Downloads\cdbxp_setup_4.5.3.4643.exe 2014-03-27 20:24 - 2014-03-24 21:54 - 00000000 ____D () C:\Program Files (x86)\7-Zip 2014-03-27 20:23 - 2014-03-27 20:23 - 01950720 _____ () C:\Users\irmhov1\Downloads\adwcleaner.exe 2014-03-27 20:19 - 2014-03-27 20:19 - 01110476 _____ () C:\Users\irmhov1\Downloads\7z920.exe 2014-03-27 20:11 - 2014-03-27 20:11 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-03-27 20:11 - 2014-03-27 20:11 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-03-27 20:11 - 2014-03-27 20:11 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-03-27 20:11 - 2014-03-27 20:11 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-03-27 20:11 - 2014-03-27 20:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-03-27 20:11 - 2014-03-27 20:11 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-03-27 20:11 - 2014-03-27 20:11 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-03-27 20:11 - 2014-03-27 20:11 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-03-27 20:11 - 2014-03-27 20:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-27 20:11 - 2014-03-27 20:11 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\AVAST Software 2014-03-27 20:11 - 2014-03-27 20:11 - 00000000 ____D () C:\Program Files\AVAST Software 2014-03-27 20:09 - 2013-06-27 20:05 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-03-27 19:54 - 2014-03-27 19:53 - 88551496 _____ (AVAST Software) C:\Users\irmhov1\Downloads\avast_free_antivirus_setup_9.0.2016.exe 2014-03-27 19:23 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore 2014-03-27 19:22 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI(15) 2014-03-27 19:22 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-03-27 18:00 - 2014-03-27 17:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-27 17:59 - 2014-03-27 17:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-27 17:59 - 2014-03-12 15:56 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Malwarebytes 2014-03-27 17:59 - 2014-03-12 15:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-27 17:55 - 2014-03-27 17:54 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\irmhov1\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-27 17:49 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-03-27 17:44 - 2014-03-21 20:16 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-27 17:44 - 2013-03-27 21:12 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\vlc 2014-03-27 17:41 - 2014-03-21 19:56 - 00000000 ____D () C:\ProgramData\InstallMate 2014-03-27 17:41 - 2013-02-22 18:02 - 00000000 ____D () C:\Program Files\Microsoft Office 2014-03-26 23:36 - 2014-03-09 20:03 - 00000000 ____D () C:\Users\irmhov1\Documents\Loads 2014-03-26 17:00 - 2014-03-26 17:01 - 00700980 _____ () C:\Users\irmhov1\Downloads\adblock_edge-2.0.7-sm+an+tb+fx-windows.xpi 2014-03-26 16:58 - 2014-03-26 16:58 - 00526323 _____ () C:\Users\irmhov1\Downloads\web_of_trust_wot-20131118-fx.zip 2014-03-26 16:54 - 2014-03-26 16:54 - 00536595 _____ () C:\Users\irmhov1\Downloads\noscript-2.6.8.18.zip 2014-03-26 13:03 - 2014-03-26 12:52 - 00000000 ____D () C:\AdwCleaner 2014-03-26 09:47 - 2014-03-26 09:47 - 24361353 _____ () C:\Users\irmhov1\Downloads\MicrosoftSecurityEssentials-4.4.zip 2014-03-25 23:15 - 2014-03-25 23:15 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Canneverbe Limited 2014-03-25 23:15 - 2014-03-25 23:15 - 00000000 ____D () C:\ProgramData\Canneverbe Limited 2014-03-25 21:43 - 2014-03-25 21:43 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Wings3D 2014-03-25 21:20 - 2014-03-25 21:20 - 00000000 ____D () C:\ProgramData\Poser 2014-03-25 21:14 - 2014-03-25 21:14 - 00000000 ____D () C:\Users\irmhov1\Documents\Poser 9 Content 2014-03-25 20:51 - 2014-03-25 20:51 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Poser 2014-03-25 20:23 - 2014-03-25 20:23 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services 2014-03-25 20:23 - 2014-03-25 20:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services 2014-03-25 19:25 - 2014-03-25 19:25 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework 2014-03-24 22:48 - 2014-03-24 22:48 - 07131335 _____ () C:\Users\irmhov1\Downloads\XnView-win.zip 2014-03-24 20:10 - 2014-03-09 21:19 - 00000000 ____D () C:\Users\irmhov1\dwhelper 2014-03-23 20:29 - 2014-03-23 20:29 - 00000000 ____D () C:\ProgramData\McAfee 2014-03-23 20:29 - 2014-03-23 20:27 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Adobe 2014-03-23 20:10 - 2014-03-21 20:16 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-03-23 13:03 - 2014-03-23 12:35 - 00000000 ____D () C:\Users\irmhov1\Desktop\Daten_irmhov 2014-03-21 20:42 - 2014-03-21 20:42 - 00000000 ____D () C:\Users\irmhov1\Documents\Tools 2014-03-21 19:56 - 2014-03-21 19:56 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\WinPatrol 2014-03-21 19:56 - 2014-03-21 19:56 - 00000000 ____D () C:\Program Files (x86)\BillP Studios 2014-03-21 19:27 - 2014-03-21 19:27 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Avg2014 2014-03-21 19:27 - 2014-03-12 11:42 - 00000000 ____D () C:\ProgramData\MFAData 2014-03-21 16:32 - 2014-03-21 16:32 - 01066536 _____ (BillP Studios) C:\Users\irmhov1\Downloads\wpsetup.exe 2014-03-21 16:10 - 2014-03-21 16:10 - 04095448 _____ (BrightFort LLC ) C:\Users\irmhov1\Downloads\spywareblastersetup50.exe 2014-03-21 16:07 - 2014-03-21 16:07 - 00448512 _____ (OldTimer Tools) C:\Users\irmhov1\Downloads\TFC.exe 2014-03-21 10:03 - 2014-03-21 10:03 - 00000241 _____ () C:\Windows\Brpfx04a.ini 2014-03-21 10:03 - 2014-03-21 10:03 - 00000093 _____ () C:\Windows\brpcfx.ini 2014-03-21 10:02 - 2014-03-21 10:02 - 00000050 _____ () C:\Windows\system32\bridf08b.dat 2014-03-21 10:02 - 2014-03-11 00:41 - 00000425 _____ () C:\Windows\BRWMARK.INI 2014-03-21 10:02 - 2014-03-11 00:41 - 00000027 _____ () C:\Windows\BRPP2KA.INI 2014-03-21 10:02 - 2012-07-26 08:21 - 00032876 _____ () C:\Windows\setupact.log 2014-03-21 10:01 - 2014-03-21 10:01 - 00000000 ____D () C:\Program Files (x86)\Brother 2014-03-21 10:00 - 2014-03-21 10:00 - 00000000 ____D () C:\Users\irmhov1\Downloads\mflpro 2014-03-21 10:00 - 2014-03-21 10:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\InstallShield 2014-03-21 10:00 - 2014-03-21 09:59 - 45949032 _____ (A.I.SOFT,INC.) C:\Users\irmhov1\Downloads\MFC-250C-inst-win8-A1.EXE 2014-03-21 09:51 - 2014-03-21 09:51 - 00000000 ____D () C:\ProgramData\Brother 2014-03-21 07:17 - 2014-03-20 19:25 - 00000000 ____D () C:\Users\irmhov1\Downloads\Drucker_Treiber_Win 8 2014-03-20 21:27 - 2014-03-20 21:26 - 53904525 _____ () C:\Users\irmhov1\Downloads\blender-2.70-windows64.exe 2014-03-20 19:10 - 2014-03-20 19:10 - 00000000 ____D () C:\Program Files (x86)\Lenovo 2014-03-20 19:10 - 2013-02-19 11:58 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Lenovo 2014-03-19 11:04 - 2014-03-15 23:11 - 00000000 ____D () C:\Windows\ERUNT 2014-03-19 00:22 - 2014-03-19 00:22 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-19 00:22 - 2014-03-19 00:22 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Skype 2014-03-19 00:22 - 2013-03-27 17:18 - 00000000 ____D () C:\ProgramData\Skype 2014-03-19 00:19 - 2012-07-26 09:12 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-03-18 23:57 - 2014-03-18 23:57 - 21987424 _____ (Mozilla) C:\Users\irmhov1\Downloads\Thunderbird Setup 24.4.0.exe 2014-03-18 22:01 - 2013-11-22 17:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-18 21:59 - 2012-11-09 09:35 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-17 15:20 - 2013-02-22 17:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Microsoft Help 2014-03-16 19:30 - 2014-03-16 19:30 - 00000000 ___RD () C:\Users\irmhov1\AppData\Roaming\Brother 2014-03-15 02:13 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache 2014-03-14 12:27 - 2013-02-19 11:44 - 00000000 ___RD () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-14 12:27 - 2013-02-19 11:44 - 00000000 ___RD () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-14 12:21 - 2013-03-17 09:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 12:21 - 2013-03-17 09:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-03-14 11:35 - 2012-07-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-03-14 11:34 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData 2014-03-12 12:08 - 2013-02-22 18:23 - 00000000 ____D () C:\Windows\AutoKMS 2014-03-12 11:43 - 2014-03-12 11:43 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\TuneUp Software 2014-03-12 11:42 - 2014-03-12 11:42 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\MFAData 2014-03-12 10:46 - 2013-02-22 18:23 - 00002898 _____ () C:\Windows\System32\Tasks\AutoKMS 2014-03-11 19:17 - 2014-03-11 19:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-03-11 19:04 - 2014-03-11 19:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking 2014-03-11 19:02 - 2014-03-11 19:02 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\irmhov1\Downloads\spybot-2.2.exe 2014-03-11 18:47 - 2014-03-11 18:47 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Downloaded Installations 2014-03-11 14:12 - 2014-03-11 14:12 - 00002708 _____ () C:\Users\irmhov1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Restore.lnk 2014-03-11 13:41 - 2013-02-19 18:04 - 00000000 ____D () C:\ProgramData\UAB 2014-03-11 13:36 - 2014-03-11 13:36 - 02002656 _____ (Driver Restore) C:\Users\irmhov1\Downloads\DriverRestore.exe 2014-03-11 11:41 - 2013-09-13 20:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-11 11:39 - 2014-03-11 11:39 - 24490112 _____ (Mozilla) C:\Users\irmhov1\Downloads\Firefox_Setup_27.0.1.exe 2014-03-11 10:26 - 2012-07-26 06:26 - 00000167 _____ () C:\Windows\win.ini 2014-03-11 00:26 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\SysWOW64\MSDRM 2014-03-11 00:26 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\MSDRM 2014-03-11 00:24 - 2012-07-26 06:38 - 00000000 ____D () C:\Windows\system32\Sysprep 2014-03-10 18:11 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF 2014-03-09 23:07 - 2014-03-09 23:07 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Macromedia 2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Mozilla 2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\Users\irmhov1\AppData\Local\Mozilla 2014-03-09 20:00 - 2014-03-09 20:00 - 00000000 ____D () C:\ProgramData\Mozilla 2014-03-09 17:58 - 2014-03-09 17:58 - 00000000 ____D () C:\Users\irmhov1\AppData\Roaming\Google 2014-03-09 17:15 - 2014-03-09 17:15 - 00000000 ____D () C:\ProgramData\Google 2014-03-05 09:26 - 2014-03-27 17:58 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-03-27 17:58 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2014-03-12 15:55 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-04 23:52 - 2013-02-27 23:03 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-04 23:52 - 2013-02-27 23:03 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\irmhov1\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-28 10:14 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by irmhov1 at 2014-03-28 23:58:17 Running from C:\Users\irmhov1\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{1AB4D394-B72C-86E8-4D58-27147BC4071E}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden AMD VISION Engine Control Center (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden Ashampoo AppLauncher (Medion) v.1.0.0 (HKLM-x32\...\Ashampoo AppLauncher (Medion)_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software) Brother MFL-Pro Suite MFC-250C (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 2.0.0.0 - Brother Industries, Ltd.) Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0806.1155.19437 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP) CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3111_44883 - CyberLink Corp.) Hidden CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3124 - CyberLink Corp.) CyberLink PhotoDirector 3 (x32 Version: 3.0.3124 - CyberLink Corp.) Hidden CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.) CyberLink PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden CyberLink Power2Go 8 (x32 Version: 8.0.0.1920 - CyberLink Corp.) Hidden CyberLink PowerDirector (Version: 9.0.0.3815c - CyberLink Corp.) Hidden CyberLink PowerDVD 10 (x32 Version: 10.0.4125.02 - CyberLink Corp.) Hidden CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.2715b - CyberLink Corp.) Hidden CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.) CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version: - Microsoft) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) Driver Restore (HKLM-x32\...\{273130E8-117C-4237-A0FA-83EBBF11E051}) (Version: 8.1 - Driver Restore) Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Google Earth (HKLM-x32\...\{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}) (Version: 7.1.1.1580 - Google) Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation) Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion) Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) Medion Home Cinema 10 (x32 Version: 10.1924 - CyberLink Corp.) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Poser 9 (HKLM-x32\...\Poser 9_is1) (Version: 9.0.0 - Smith Micro Software, Inc.) QuickLaunch (HKLM-x32\...\{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}) (Version: 1.00.0019 - Lenovo Group Limited) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6710 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) Ulead PhotoImpact 11 (HKLM-x32\...\{C8550C86-A712-4219-AD4C-038C9FD1D149}) (Version: 11.0 - Ulead System) Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel) Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2878227) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{04DED3FB-DDB2-4C1E-A057-2A1FB97BE42D}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version: - Microsoft) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN) Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden Wings 3D 1.5.2 (HKLM-x32\...\Wings 3D 1.5.2) (Version: - ) WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.5.2014 - BillP Studios) ==================== Restore Points ========================= 19-03-2014 10:04:48 Ende der Bereinigung 19-03-2014 22:43:43 Wiederherstellungsvorgang 21-03-2014 09:01:17 Installiert MFL-Pro Suite 23-03-2014 19:42:05 Nach Installation von Flashplayer 25-03-2014 18:15:40 Vor Installation von Programmen 25-03-2014 19:28:05 Nach Installation von MS Office 2010 27-03-2014 16:37:26 Wiederherstellungsvorgang 27-03-2014 19:42:10 Nach Install 7zip, cdburner xp, wings 3d 27-03-2014 20:59:04 Nach Install Poser 9, Photoimpact x3 27-03-2014 22:40:56 Nach Install MovieMaker, GifAnimator 28-03-2014 16:52:40 Wiederherstellungsvorgang ==================== Hosts content: ========================== 2012-07-26 06:26 - 2014-03-28 19:56 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {0161B12A-62C8-4BB9-AD73-F01819F3A096} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2EF21996-DDA0-4389-ACB5-87ACC9F5E2F1} - System32\Tasks\Driver Restore-RTMRules => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [2013-09-19] (PC Drivers Headquarters) Task: {34512CA5-478D-4A44-86CA-73AB0D72C44F} - System32\Tasks\Driver Restore-RTMUpdater => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [2013-09-19] (PC Drivers Headquarters) Task: {5FE25911-673F-4BE7-A378-307F8CEE59DE} - System32\Tasks\Driver Restore-RTMScan => C:\Program Files (x86)\Driver Restore\Driver Restore\DriverRestore.exe [2013-09-19] (PC Drivers Headquarters) Task: {6FBD2DB8-0ED2-489E-BFC9-AEB6EDACC291} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-27] (AVAST Software) Task: {86AC3A12-D548-429B-B2EB-A1BE11B4C690} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {AADFCB49-0F35-46BC-B302-3A597F6510CF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {AE8D75F3-525B-4D43-9856-9BDD49013223} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {CBABF4B4-16C2-4828-BB38-81FBC5692A2E} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-06 13:09 - 2012-08-06 13:09 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2012-11-09 15:36 - 2010-08-19 18:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2014-03-13 18:53 - 2014-03-13 18:53 - 00208384 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\XPBurnComponent\1f2a69606066f6659f281e39acb384a3\XPBurnComponent.ni.dll 2013-09-19 10:10 - 2013-09-19 10:10 - 00653704 _____ () C:\Program Files (x86)\Driver Restore\Driver Restore\ThemePack.DriverRestore.dll 2013-09-19 09:31 - 2013-09-19 09:31 - 00412064 _____ () C:\Program Files (x86)\Driver Restore\Driver Restore\Agent.Communication.XmlSerializers.dll 2014-03-21 10:01 - 2012-09-25 11:26 - 01163264 ____N () C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe 2012-08-06 13:08 - 2012-08-06 13:08 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2012-08-06 12:54 - 2012-08-06 12:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-03-28 21:52 - 2014-03-28 21:52 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14032801\algo.dll 2014-03-11 19:04 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-03-11 19:04 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-03-11 19:04 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-03-11 19:04 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-03-11 19:04 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-03-21 19:56 - 2014-02-18 04:46 - 00643948 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll 2012-11-09 15:34 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-03-21 10:01 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2014-03-27 20:11 - 2014-03-27 20:11 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-03-27 21:52 - 2005-01-04 17:05 - 00028672 ____N () C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll 2014-03-11 11:41 - 2014-02-13 01:36 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:5C321E34 AlternateDataStreams: C:\ProgramData\Temp:E79D0966 ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: VGA Single Chip Description: VGA Single Chip Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/28/2014 07:00:00 PM) (Source: ESENT) (User: ) Description: svchost (1640) SRUJet: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Windows\system32\SRU\SRU0000B.log. Error: (03/28/2014 06:43:34 PM) (Source: System Restore) (User: ) Description: Unbekannter Fehler bei der Systemwiederherstellung: (Nach Install MovieMaker, GifAnimator). Zusätzliche Informationen: 0xc0000022. Error: (03/28/2014 05:22:44 PM) (Source: MsiInstaller) (User: irmhov) Description: Produkt: Google Earth -- Fehler 1730.Sie benötigen Administratorrechte, um diese Anwendung zu entfernen. Melden Sie sich zum Entfernen der Anwendung als Administrator an oder wenden Sie sich an den technischen Support. Error: (03/27/2014 11:41:08 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary ihkjktiz. System Error: Das System kann die angegebene Datei nicht finden. . Error: (03/27/2014 09:59:16 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary ihkjktiz. System Error: Das System kann die angegebene Datei nicht finden. . Error: (03/27/2014 09:43:19 PM) (Source: MsiInstaller) (User: irmhov) Description: Produkt: Ulead PhotoImpact X3 -- Diese Installation kann nicht durch direktes Laden des MSI-Pakets ausgeführt werden. Sie müssen Setup.exe ausführen. Error: (03/27/2014 08:42:24 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary ihkjktiz. System Error: Das System kann die angegebene Datei nicht finden. . Error: (03/27/2014 06:00:00 PM) (Source: ESENT) (User: ) Description: svchost (1632) SRUJet: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Windows\system32\SRU\SRU00027.log. Error: (03/26/2014 09:51:39 AM) (Source: Microsoft Security Client Setup) (User: irmhov) Description: HRESULT:0x8004FF6F Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F. Error: (03/25/2014 08:56:51 PM) (Source: Application Hang) (User: ) Description: Programm Explorer.EXE, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 5b0 Startzeit: 01cf485f487345d5 Endzeit: 0 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: 97216024-b457-11e3-8044-d43d7e2fdc19 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: System errors: ============= Error: (03/28/2014 10:34:58 PM) (Source: ipnathlp) (User: ) Description: 192.168.178.54192.168.137.0255.255.255.0 Error: (03/28/2014 10:34:58 PM) (Source: ipnathlp) (User: ) Description: Error: (03/28/2014 10:34:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\Rtlihvs.dll Fehlercode: 126 Error: (03/28/2014 10:34:22 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 28.03.2014 um 22:02:05 unerwartet heruntergefahren. Error: (03/28/2014 10:34:11 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0xc000014d0 Error: (03/28/2014 06:43:19 PM) (Source: ipnathlp) (User: ) Description: 192.168.178.54192.168.137.0255.255.255.0 Error: (03/28/2014 06:43:19 PM) (Source: ipnathlp) (User: ) Description: Error: (03/28/2014 06:42:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad: C:\Windows\system32\Rtlihvs.dll Fehlercode: 126 Error: (03/28/2014 06:41:23 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0xc000014d0 Error: (03/28/2014 05:58:20 PM) (Source: DCOM) (User: irmhov) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Microsoft Office Sessions: ========================= Error: (03/28/2014 07:00:00 PM) (Source: ESENT)(User: ) Description: svchost1640SRUJet: C:\Windows\system32\SRU\SRU0000B.log-1811 (0xfffff8ed) Error: (03/28/2014 06:43:34 PM) (Source: System Restore)(User: ) Description: Nach Install MovieMaker, GifAnimator0xc0000022 Error: (03/28/2014 05:22:44 PM) (Source: MsiInstaller)(User: irmhov) Description: Produkt: Google Earth -- Fehler 1730.Sie benötigen Administratorrechte, um diese Anwendung zu entfernen. Melden Sie sich zum Entfernen der Anwendung als Administrator an oder wenden Sie sich an den technischen Support.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (03/27/2014 11:41:08 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary ihkjktiz. System Error: Das System kann die angegebene Datei nicht finden. Error: (03/27/2014 09:59:16 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary ihkjktiz. System Error: Das System kann die angegebene Datei nicht finden. Error: (03/27/2014 09:43:19 PM) (Source: MsiInstaller)(User: irmhov) Description: Produkt: Ulead PhotoImpact X3 -- Diese Installation kann nicht durch direktes Laden des MSI-Pakets ausgeführt werden. Sie müssen Setup.exe ausführen.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (03/27/2014 08:42:24 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary ihkjktiz. System Error: Das System kann die angegebene Datei nicht finden. Error: (03/27/2014 06:00:00 PM) (Source: ESENT)(User: ) Description: svchost1632SRUJet: C:\Windows\system32\SRU\SRU00027.log-1811 (0xfffff8ed) Error: (03/26/2014 09:51:39 AM) (Source: Microsoft Security Client Setup)(User: irmhov) Description: HRESULT:0x8004FF6F Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F. Error: (03/25/2014 08:56:51 PM) (Source: Application Hang)(User: ) Description: Explorer.EXE6.2.9200.166285b001cf485f487345d50C:\Windows\Explorer.EXE97216024-b457-11e3-8044-d43d7e2fdc19 ==================== Memory info =========================== Percentage of memory in use: 70% Total physical RAM: 3542.76 MB Available physical RAM: 1035.22 MB Total Pagefile: 4182.76 MB Available Pagefile: 1463.05 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:678.49 GB) NTFS Drive d: (Recover) (Fixed) (Total:60 GB) (Free:43.61 GB) NTFS Drive k: (Maxtor) (Fixed) (Total:596.17 GB) (Free:141.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ======================================================== Disk: 4 (MBR Code: Windows XP) (Size: 596 GB) (Disk ID: 12C9FF20) Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Freundliche Grüße xenofex |
29.03.2014, 07:28 | #2 |
/// the machine /// TB-Ausbilder | PC kürzlich bereinigt und schon wieder Malware hi
__________________1) ist Spybot total fürn Arsch 2) sind das 2 inaktive Registry-Reste, einfach löschen und gut is
__________________ |
29.03.2014, 09:10 | #3 |
| PC kürzlich bereinigt und schon wieder Malware Hallo Schrauber,
__________________vielen Dank für deine schnelle und beruhigende Antwort. Wenn ich das richtig sehe, gibst du Entwarnung (Plumps = Stein vom Herzen gefallen). Zu 1: Search & Destroy wird umgehend deinstalliert. Zu 2: Bisher habe ich einen großen Bogen um die Registry gemacht, weil ich mich dort nicht auskenne. Wo kann ich diese inaktiven Registry-Einträge finden, damit ich sie löschen kann? Danke im Voraus für deine Antwort. Freundliche Grüße und ein schönes Wochenende, xenofex |
29.03.2014, 10:15 | #4 |
/// the machine /// TB-Ausbilder | PC kürzlich bereinigt und schon wieder Malware Kann Spybot sie nicht entfernen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.03.2014, 21:11 | #5 |
| PC kürzlich bereinigt und schon wieder Malware Hallo Schrauber, zwischenzeitlich habe ich mit Search & Destroy einen Tiefenscan gemacht und es wurde nichts mehr gefunden. Code:
ATTFilter // info: Rootkit removal help file // copyright: (c) 2008-2014 Safer-Networking Ltd. All rights reserved. :: RootAlyzer Results File:"Unknown ADS","C:\Users\irmhov1\Desktop\Daten_irmhov\Documents\Scanned Documents\Begrüßungsscan.jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA" RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8" RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SYSTEM\ControlSet001\Control\Nsi\{eb004a11-9b1a-11d4-9123-0050047759bc}\","8" RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Wow6432Node\Microsoft\Security Center\","Svc" Code:
ATTFilter Search results from Spybot - Search & Destroy 29.03.2014 20:22:12 Scan took 00:24:34. 8 items found. MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-21-5302519-908166271-969323471-1002\Software\Microsoft\DirectInput\MostRecentApplication\Name MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done) HKEY_USERS\S-1-5-21-5302519-908166271-969323471-1002\Software\Microsoft\DirectInput\MostRecentApplication\Id Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-5302519-908166271-969323471-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done) Cache: [SBI $49804B54] Browser: Cache (23) (Browser: Cache, nothing done) Verlauf: [SBI $49804B54] Browser: History (9) (Browser: History, nothing done) --- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) --- 2013-09-20 blindman.exe (2.2.18.151) 2013-09-20 explorer.exe (2.2.18.177) 2013-09-20 SDBootCD.exe (2.2.18.109) 2013-09-20 SDCleaner.exe (2.2.18.110) 2013-09-20 SDDelFile.exe (2.2.18.94) 2013-06-18 SDDisableProxy.exe 2013-09-20 SDFiles.exe (2.2.18.135) 2013-09-20 SDFileScanHelper.exe (2.2.16.1) 2013-10-15 SDFSSvc.exe (2.2.25.211) 2013-10-10 SDHookHelper.exe (2.3.30.2) 2013-10-10 SDHookInst32.exe (2.3.30.2) 2013-10-10 SDHookInst64.exe (2.3.30.2) 2013-09-20 SDImmunize.exe (2.2.18.130) 2013-05-16 SDLogReport.exe (2.1.18.107) 2013-10-14 SDOnAccess.exe (2.2.25.4) 2013-09-20 SDPESetup.exe (2.2.18.3) 2013-09-20 SDPEStart.exe (2.2.18.86) 2013-09-20 SDPhoneScan.exe (2.2.18.28) 2013-09-20 SDPRE.exe (2.2.18.22) 2013-09-20 SDPrepPos.exe (2.2.18.10) 2013-09-20 SDQuarantine.exe (2.2.18.103) 2013-09-20 SDRootAlyzer.exe (2.2.18.116) 2013-09-20 SDSBIEdit.exe (2.2.18.39) 2013-09-20 SDScan.exe (2.2.18.177) 2013-09-20 SDScript.exe (2.2.18.53) 2013-10-15 SDSettings.exe (2.2.25.138) 2013-09-20 SDShell.exe (2.2.18.2) 2013-09-20 SDShred.exe (2.2.18.107) 2013-09-20 SDSysRepair.exe (2.2.18.101) 2013-09-20 SDTools.exe (2.2.18.150) 2013-07-25 SDTray.exe (2.1.21.129) 2013-09-20 SDUpdate.exe (2.2.18.91) 2013-09-20 SDUpdSvc.exe (2.2.18.76) 2013-09-20 SDWelcome.exe (2.2.21.129) 2013-09-13 SDWSCSvc.exe (2.2.22.2) 2013-06-19 spybotsd2-translation-frx.exe 2014-03-29 unins000.exe (51.1052.0.0) 1999-12-02 xcacls.exe 2012-08-23 borlndmm.dll (10.0.2288.42451) 2012-09-05 DelZip190.dll (1.9.0.107) 2012-09-10 libeay32.dll (1.0.0.4) 2012-09-10 libssl32.dll (1.0.0.4) 2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98) 2013-05-16 SDAV.dll 2013-05-16 SDECon32.dll (2.1.18.113) 2013-05-16 SDECon64.dll (2.1.18.113) 2013-04-05 SDEvents.dll (2.1.16.2) 2013-10-14 SDFileScanLibrary.dll (2.2.25.14) 2013-10-10 SDHook32.dll (2.3.30.2) 2013-10-10 SDHook64.dll (2.3.30.2) 2013-05-16 SDImmunizeLibrary.dll (2.1.18.2) 2013-05-16 SDLicense.dll (2.1.18.0) 2013-05-16 SDLists.dll (2.1.18.4) 2013-05-16 SDResources.dll (2.1.18.7) 2013-05-16 SDScanLibrary.dll (2.1.18.131) 2013-05-16 SDTasks.dll (2.1.18.15) 2013-05-16 SDWinLogon.dll (2.1.18.0) 2012-08-23 sqlite3.dll 2012-09-10 ssleay32.dll (1.0.0.4) 2013-05-16 Tools.dll (2.1.18.36) 2014-03-05 Includes\Adware-000.sbi (*) 2014-01-08 Includes\Adware-001.sbi (*) 2014-03-26 Includes\Adware-C.sbi (*) 2014-01-13 Includes\Adware.sbi (*) 2014-01-13 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2014-01-08 Includes\Dialer-000.sbi (*) 2014-01-08 Includes\Dialer-001.sbi (*) 2014-01-08 Includes\Dialer-C.sbi (*) 2014-01-13 Includes\Dialer.sbi (*) 2014-01-13 Includes\DialerC.sbi (*) 2012-11-14 Includes\HeavyDuty.sbi (*) 2014-01-08 Includes\Hijackers-000.sbi (*) 2014-01-08 Includes\Hijackers-001.sbi (*) 2014-01-08 Includes\Hijackers-C.sbi (*) 2014-01-13 Includes\Hijackers.sbi (*) 2014-01-13 Includes\HijackersC.sbi (*) 2014-01-08 Includes\iPhone-000.sbi (*) 2014-01-08 Includes\iPhone.sbi (*) 2014-01-08 Includes\Keyloggers-000.sbi (*) 2014-03-19 Includes\Keyloggers-C.sbi (*) 2014-01-13 Includes\Keyloggers.sbi (*) 2014-01-13 Includes\KeyloggersC.sbi (*) 2014-01-09 Includes\Malware-001.sbi (*) 2014-01-09 Includes\Malware-002.sbi (*) 2014-02-05 Includes\Malware-003.sbi (*) 2014-01-28 Includes\Malware-004.sbi (*) 2014-01-09 Includes\Malware-005.sbi (*) 2014-02-26 Includes\Malware-006.sbi (*) 2014-01-09 Includes\Malware-007.sbi (*) 2014-03-19 Includes\Malware-C.sbi (*) 2014-01-13 Includes\Malware.sbi (*) 2013-12-23 Includes\MalwareC.sbi (*) 2014-01-15 Includes\PUPS-000.sbi (*) 2014-01-15 Includes\PUPS-001.sbi (*) 2014-01-15 Includes\PUPS-002.sbi (*) 2014-03-26 Includes\PUPS-C.sbi (*) 2012-11-14 Includes\PUPS.sbi (*) 2014-01-07 Includes\PUPSC.sbi (*) 2014-01-08 Includes\Security-000.sbi (*) 2014-01-08 Includes\Security-C.sbi (*) 2014-01-21 Includes\Security.sbi (*) 2014-01-21 Includes\SecurityC.sbi (*) 2014-01-08 Includes\Spyware-000.sbi (*) 2014-01-08 Includes\Spyware-001.sbi (*) 2014-01-08 Includes\Spyware-C.sbi (*) 2014-01-21 Includes\Spyware.sbi (*) 2014-01-21 Includes\SpywareC.sbi (*) 2011-06-07 Includes\Tracks.sbi (*) 2012-11-19 Includes\Tracks.uti (*) 2014-01-15 Includes\Trojans-000.sbi (*) 2014-01-15 Includes\Trojans-001.sbi (*) 2014-01-15 Includes\Trojans-002.sbi (*) 2014-01-15 Includes\Trojans-003.sbi (*) 2014-01-15 Includes\Trojans-004.sbi (*) 2014-03-19 Includes\Trojans-005.sbi (*) 2014-01-15 Includes\Trojans-006.sbi (*) 2014-01-15 Includes\Trojans-007.sbi (*) 2014-01-15 Includes\Trojans-008.sbi (*) 2014-01-15 Includes\Trojans-009.sbi (*) 2014-03-26 Includes\Trojans-C.sbi (*) 2014-01-15 Includes\Trojans-OG-000.sbi (*) 2014-01-15 Includes\Trojans-TD-000.sbi (*) 2014-01-15 Includes\Trojans-VM-000.sbi (*) 2014-01-15 Includes\Trojans-VM-001.sbi (*) 2014-01-15 Includes\Trojans-VM-002.sbi (*) 2014-01-15 Includes\Trojans-VM-003.sbi (*) 2014-01-15 Includes\Trojans-VM-004.sbi (*) 2014-01-15 Includes\Trojans-VM-005.sbi (*) 2014-01-15 Includes\Trojans-VM-006.sbi (*) 2014-01-15 Includes\Trojans-VM-007.sbi (*) 2014-01-15 Includes\Trojans-VM-008.sbi (*) 2014-01-15 Includes\Trojans-VM-009.sbi (*) 2014-01-15 Includes\Trojans-VM-010.sbi (*) 2014-01-15 Includes\Trojans-VM-011.sbi (*) 2014-01-15 Includes\Trojans-VM-012.sbi (*) 2014-01-15 Includes\Trojans-VM-013.sbi (*) 2014-01-15 Includes\Trojans-VM-014.sbi (*) 2014-01-15 Includes\Trojans-VM-015.sbi (*) 2014-01-15 Includes\Trojans-VM-016.sbi (*) 2014-01-15 Includes\Trojans-VM-017.sbi (*) 2014-01-15 Includes\Trojans-VM-018.sbi (*) 2014-01-15 Includes\Trojans-VM-019.sbi (*) 2014-01-15 Includes\Trojans-VM-020.sbi (*) 2014-01-15 Includes\Trojans-VM-021.sbi (*) 2014-01-15 Includes\Trojans-VM-022.sbi (*) 2014-01-15 Includes\Trojans-VM-023.sbi (*) 2014-01-15 Includes\Trojans-VM-024.sbi (*) 2014-01-15 Includes\Trojans-ZB-000.sbi (*) 2014-01-15 Includes\Trojans-ZL-000.sbi (*) 2014-01-09 Includes\Trojans.sbi (*) 2014-01-16 Includes\TrojansC-01.sbi (*) 2014-01-16 Includes\TrojansC-02.sbi (*) 2014-01-16 Includes\TrojansC-03.sbi (*) 2014-01-16 Includes\TrojansC-04.sbi (*) 2014-01-16 Includes\TrojansC-05.sbi (*) 2014-01-09 Includes\TrojansC.sbi (*) Freundliche Grüße, xenofex |
30.03.2014, 12:46 | #6 |
/// the machine /// TB-Ausbilder | PC kürzlich bereinigt und schon wieder Malware ja
__________________ --> PC kürzlich bereinigt und schon wieder Malware |
30.03.2014, 16:00 | #7 |
| PC kürzlich bereinigt und schon wieder Malware Hallo Schrauber, ganz lieben Dank für deine Hilfe. Ich bin froh, dass alles okay ist. Liebe Grüße, xenofex |
31.03.2014, 11:47 | #8 |
/// the machine /// TB-Ausbilder | PC kürzlich bereinigt und schon wieder Malware Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu PC kürzlich bereinigt und schon wieder Malware |
adobe, antivirus, avast, avg, browser, computer, defender, error, excel, fehler, firefox, flash player, helper.exe, home, installation, malware, mozilla, msiinstaller, realtek, refresh, registry, registry key, rundll, safer networking, scan, services.exe, software, svchost.exe, system, windows xp |