| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wie kann ich Daten sichern da MusikTrojaner vermutetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.04.2014, 10:46
| #1 |
 |  Wie kann ich Daten sichern da MusikTrojaner vermutet Hallo liebes Helferteam. Seit einigen Tagen habe ich das folgende Problem: Zwischen 1.00 und 4.00 nachts läuft auf einmal eine (manchmal 2) Werbungen (nur Ton) ab. Selbst wenn ich alles schließe wird diese nicht beendet. Ich hab bereits einen Virenscan gemacht (mit avast free) - jedoch wird nichts gefunden. Nun wollte ich folgendes tun da ich nicht sicher bin ob ich all diese Schritte die in den Foren gepostet werden auch kapiere und weil ich so gar keine Ahnung von Computern habe. Ich wollte meine Daten (Bilder, Musik, Videos, Documente) auf eine externe Festplatte schicken und mir einen neuen Computer kaufen. Jetzt bin ich mir aber nicht sicher ob ich das einfach so machen kann oder ob ich den Virus dann 'mitziehe'. Log Dateien und so hab ich nun nicht erstellt da ich wie gesagt mir total unsicher bin einfach irgendwas zu machen. Kann mir jemand sagen ob meine Idee nach hinten losgehen wird? |
|
01.04.2014, 10:54
| #2 |
| /// the machine /// TB-Ausbilder    | Wie kann ich Daten sichern da MusikTrojaner vermutet Hi,
__________________kommt drauf welche Infektion vorliegt. Schauen wir mal: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
01.04.2014, 12:02
| #3 |
| | Wie kann ich Daten sichern da MusikTrojaner vermutet Hallo ^^
__________________Super, dass Sie so schnell antworten. Hier sind die files: FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Michaela (administrator) on MICHAELA-PC on 01-04-2014 12:51:53
Running from C:\Users\Michaela\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Users\Michaela\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Dropbox, Inc.) C:\Users\Michaela\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [305664 2009-03-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [4119552 2008-12-21] (Dell Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [2115664 2009-03-27] (Dell Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-06-15] (Intel Corporation)
HKLM\...\Run: [sroli] - rundll32.exe ",HrEditPhonebookEntry
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [462848 2009-03-31] (IDT, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation)
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-05] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [405639 2009-01-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [XSECVA] - C:\Users\Michaela\AppData\Roaming\xsecva\xsecva.exe -s
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-19] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-29] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\RunOnce: [DSUpdateLauncher] - "c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [374 2009-03-09] ()
HKLM-x32\...\RunOnce: [Launcher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [165104 2009-07-16] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2157045702-3999625576-2718192899-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2157045702-3999625576-2718192899-1000\...\Run: [UpgradeChecker] - C:\Users\Michaela\AppData\Roaming\Windows Desktop Search\{1F2553B9-2E61-41EA-9F96-0F012DF06884}\UpgradeChecker.exe
HKU\S-1-5-21-2157045702-3999625576-2718192899-1000\...\Run: [abfou.exe] - C:\Users\Michaela\AppData\Roaming\Ykety\abfou.exe
HKU\S-1-5-21-2157045702-3999625576-2718192899-1000\...\Run: [Facebook Update] - C:\Users\Michaela\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-11] (Facebook Inc.)
HKU\S-1-5-21-2157045702-3999625576-2718192899-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Michaela\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2157045702-3999625576-2718192899-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2157045702-3999625576-2718192899-1000\...\MountPoints2: D - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-7-8-83-100027773-100016816-100018398-4245.com j:\
HKU\S-1-5-21-2157045702-3999625576-2718192899-1000\...\MountPoints2: {9429abf0-d689-11de-857b-00256461103c} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-7-8-83-100027773-100016816-100018398-4245.com j:\
HKU\S-1-5-21-2157045702-3999625576-2718192899-1000\...\MountPoints2: {e1b3dd00-cb71-11e2-9a4e-000272d6ac2c} - D:\install.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
ProxyServer: 172.16.10.1:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=ds&q={searchTerms}&installDate=02/06/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=ds&q={searchTerms}&installDate=02/06/2013
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=ds&q={searchTerms}&installDate=02/06/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=ds&q={searchTerms}&installDate=02/06/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
BHO-x32: ProxTube - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\Michaela\AppData\LocalLow\ProxTube\IE\ProxTube.dll (Malte Goetz)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default
FF user.js: detected! => C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\user.js
FF NewTab: about:blank
FF Homepage: about:home
FF Keyword.URL: hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=ds&installDate=02/06/2013&q=
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Michaela\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Michaela\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\Extensions\maltegoetz@proxtube.com [2012-11-08]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-08-17]
FF Extension: Adblock Plus - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-28]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-29]
Chrome:
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=hp&installDate=02/06/2013
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Java(TM) Platform SE 6 U13) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File
CHR Extension: (Boa Mistura) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\alhbnbjlmhkpfeocomgpfkffnbncjjpn [2013-08-08]
CHR Extension: (YouTube) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-10]
CHR Extension: (Adblock Plus) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-28]
CHR Extension: (Google-Suche) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-10]
CHR Extension: (Google+) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2013-08-08]
CHR Extension: (XKit) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-01-11]
CHR Extension: (Vimeo™ Download Videos) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdeg [2013-07-02]
CHR Extension: (avast! Online Security) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-29]
CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-08-17]
CHR Extension: (Google Keep) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-09-20]
CHR Extension: (SeenBlock) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpdbfhoobgcmiffaheiedgepeipfcjpb [2013-09-20]
CHR Extension: (RealDownloader) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-20]
CHR Extension: (Dropbox) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-08-08]
CHR Extension: (Google Wallet) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Youtube Video Downloader) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\obmbipnhbnpicpechoajlkjfdiopnoki [2013-05-19]
CHR Extension: (Tumblr Savior) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2014-01-05]
CHR Extension: (Google Mail) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-10]
CHR HKLM-x32\...\Chrome\Extension: [chakodcglgpacmjpjfaoopegbglbollk] - C:\Users\Michaela\AppData\LocalLow\ProxTube\CHROME\ProxTube.crx [2010-05-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-29]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-29] (AVAST Software)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [3051520 2008-12-21] (Dell Inc.)
R2 yksvc; RUNDLL32.EXE ykx64coinst,serviceStartProc [X]
==================== Drivers (Whitelisted) ====================
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-03-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-29] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-03-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-29] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-08-04] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-04] (Broadcom Corporation.)
R3 OA009Ufd; C:\Windows\System32\DRIVERS\OA009Ufd.sys [159840 2009-03-06] (Creative Technology Ltd.)
R3 OA009Vid; C:\Windows\System32\DRIVERS\OA009Vid.sys [311296 2009-03-19] (Creative Technology Ltd.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-09-04] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-09-04] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-09-04] (LG Electronics Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-01 12:51 - 2014-04-01 12:52 - 00031787 _____ () C:\Users\Michaela\Desktop\FRST.txt
2014-04-01 12:51 - 2014-04-01 12:51 - 00000000 ____D () C:\FRST
2014-04-01 12:33 - 2014-04-01 12:34 - 02157056 _____ (Farbar) C:\Users\Michaela\Desktop\FRST64.exe
2014-03-30 19:18 - 2014-03-30 19:18 - 00000000 ____D () C:\Users\Michaela\Downloads\Download
2014-03-29 21:36 - 2014-03-29 21:36 - 00000000 ____D () C:\Users\Michaela\Documents\Any Video Converter
2014-03-29 15:21 - 2014-03-29 15:21 - 00000296 _____ () C:\Windows\system32\spsys.log
2014-03-29 15:07 - 2014-03-29 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 15:03 - 2013-12-18 22:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-29 15:03 - 2013-12-18 22:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-29 15:03 - 2013-12-18 22:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-29 15:03 - 2013-12-18 22:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-29 15:02 - 2014-03-29 15:03 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-29 14:56 - 2014-03-29 14:56 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Opera Software
2014-03-29 14:56 - 2014-03-29 14:56 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Opera Software
2014-03-29 14:44 - 2014-03-29 14:45 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-29 14:27 - 2014-03-29 14:27 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\AVAST Software
2014-03-29 14:26 - 2014-04-01 11:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-29 14:25 - 2014-03-29 14:25 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-29 14:25 - 2014-03-29 14:25 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-29 14:25 - 2014-03-29 14:25 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-29 14:25 - 2014-03-29 14:25 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-29 14:25 - 2014-03-29 14:25 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-29 14:25 - 2014-03-29 14:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-29 14:25 - 2014-03-29 14:25 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-03-29 14:25 - 2014-03-29 14:25 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-03-29 14:25 - 2014-03-29 14:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-29 14:23 - 2014-03-29 14:23 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-29 14:20 - 2014-03-29 14:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-29 00:50 - 2014-03-29 00:50 - 00000000 ____D () C:\Users\Michaela\Downloads\Doujinshi&Manga
2014-03-19 20:46 - 2014-03-27 22:55 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000
2014-03-19 20:45 - 2014-03-27 22:55 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000
2014-03-16 02:49 - 2014-03-16 02:49 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Skype
2014-03-14 03:20 - 2014-03-26 01:31 - 00000000 ____D () C:\Users\Michaela\Documents\HTML Code
2014-03-13 04:01 - 2014-02-23 09:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 04:01 - 2014-02-23 08:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 04:01 - 2014-02-23 08:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 04:01 - 2014-02-23 08:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 04:01 - 2014-02-23 08:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 04:01 - 2014-02-23 08:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 04:01 - 2014-02-23 08:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-13 04:01 - 2014-02-23 08:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 04:01 - 2014-02-23 08:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 04:01 - 2014-02-23 08:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-13 04:01 - 2014-02-23 08:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 04:01 - 2014-02-23 08:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 04:01 - 2014-02-23 08:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 04:01 - 2014-02-23 08:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 04:01 - 2014-02-23 08:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-13 04:01 - 2014-02-23 08:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 04:01 - 2014-02-23 07:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 04:01 - 2014-02-23 07:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 04:01 - 2014-02-23 07:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 04:01 - 2014-02-23 07:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 04:01 - 2014-02-23 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 04:01 - 2014-02-23 07:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 04:01 - 2014-02-23 07:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-13 04:01 - 2014-02-23 07:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 04:01 - 2014-02-23 07:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 04:01 - 2014-02-23 07:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 04:01 - 2014-02-23 07:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 04:01 - 2014-02-23 07:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 04:01 - 2014-02-23 07:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-13 04:01 - 2014-02-23 07:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 04:01 - 2014-02-23 07:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-13 04:01 - 2014-02-23 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 00:48 - 2014-02-07 14:11 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 00:48 - 2014-02-03 15:20 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 00:48 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 00:48 - 2014-01-30 12:12 - 01111040 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 00:48 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 00:48 - 2013-11-13 03:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-13 00:48 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-10 21:52 - 2014-03-10 21:53 - 00000000 ____D () C:\Users\Michaela\Documents\YuE
2014-03-05 21:41 - 2014-03-05 21:42 - 00274864 _____ () C:\Windows\Minidump\Mini030514-01.dmp
2014-03-04 21:52 - 2014-03-28 23:21 - 00003714 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{784B2923-D700-4DE6-920C-72A8F8621F24}
2014-03-04 12:36 - 2013-08-27 05:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-03-04 12:36 - 2013-08-27 05:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-03-04 12:36 - 2013-08-27 05:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-03-04 12:36 - 2013-08-27 05:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-03-04 12:36 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-03-04 12:36 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-03-04 12:36 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-03-04 12:36 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-03-04 12:36 - 2013-08-27 04:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-04 12:36 - 2013-08-27 04:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-03-04 12:36 - 2013-08-27 04:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-04 12:36 - 2013-08-27 04:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-03-04 12:36 - 2013-08-27 04:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-03-04 12:36 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-04 12:36 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-03-04 12:36 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-04 12:36 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-03-04 12:36 - 2011-03-13 00:52 - 01653760 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-03-04 12:36 - 2011-03-12 23:55 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-03-04 07:35 - 2014-03-04 07:35 - 00000000 ____D () C:\Users\Michaela\Documents\Bluetooth-Exchange-Ordner
2014-03-04 07:34 - 2014-03-04 07:34 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-04 07:32 - 2014-03-04 07:33 - 00000981 _____ () C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-04 07:23 - 2014-03-04 07:23 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-03-04 07:23 - 2014-03-04 07:23 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-03-04 07:20 - 2014-03-04 07:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2014-03-04 07:20 - 2014-03-04 07:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2014-03-04 06:53 - 2009-10-01 03:02 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2014-03-04 06:53 - 2009-10-01 03:02 - 00334848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceApi.dll
2014-03-04 06:53 - 2009-10-01 03:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShServiceObj.dll
2014-03-04 06:53 - 2009-10-01 03:02 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDShextAutoplay.exe
2014-03-04 06:53 - 2009-10-01 03:01 - 00350208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WPDSp.dll
2014-03-04 06:53 - 2009-10-01 03:01 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceWMDRM.dll
2014-03-04 06:53 - 2009-10-01 03:01 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceTypes.dll
2014-03-04 06:53 - 2009-10-01 03:01 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceClassExtension.dll
2014-03-04 06:53 - 2009-10-01 03:01 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PortableDeviceConnectApi.dll
2014-03-04 06:53 - 2009-10-01 02:52 - 02727936 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2014-03-04 06:53 - 2009-10-01 02:52 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2014-03-04 06:53 - 2009-10-01 02:52 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\WPDShextAutoplay.exe
2014-03-04 06:53 - 2009-10-01 02:51 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wpd_ci.dll
2014-03-04 06:53 - 2009-10-01 02:51 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\WPDSp.dll
2014-03-04 06:53 - 2009-10-01 02:51 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtp.dll
2014-03-04 06:53 - 2009-10-01 02:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceWMDRM.dll
2014-03-04 06:53 - 2009-10-01 02:51 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceTypes.dll
2014-03-04 06:53 - 2009-10-01 02:51 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceClassExtension.dll
2014-03-04 06:53 - 2009-10-01 02:51 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\WPDShServiceObj.dll
2014-03-04 06:53 - 2009-10-01 02:51 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-03-04 06:53 - 2009-10-01 02:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceConnectApi.dll
2014-03-04 06:53 - 2009-10-01 02:51 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\WpdMtpUS.dll
2014-03-04 06:53 - 2009-10-01 02:51 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WpdUsb.sys
2014-03-04 06:53 - 2009-10-01 02:51 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\BthMtpContextHandler.dll
2014-03-04 06:53 - 2009-10-01 02:51 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\WpdConns.dll
2014-03-04 06:10 - 2014-03-05 04:08 - 01521640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-04 05:35 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-03-04 05:35 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-03-04 05:35 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-03-04 05:35 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-03-04 05:35 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-03-04 05:35 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-03-04 05:35 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-03-04 05:35 - 2012-06-02 16:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-03-04 05:35 - 2009-07-14 14:19 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2014-03-04 05:35 - 2009-07-14 14:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winusb.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-04 05:25 - 2014-03-04 05:25 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-04 05:25 - 2014-03-04 05:25 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-04 05:25 - 2014-03-04 05:25 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-04 05:25 - 2014-03-04 05:25 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-04 05:25 - 2014-03-04 05:25 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-04 05:25 - 2014-03-04 05:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-04 05:22 - 2014-03-04 05:22 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 03068416 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 01554432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 01075712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 01032192 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2014-03-04 05:22 - 2014-03-04 05:22 - 00979456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00847360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00586240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-03-04 05:22 - 2014-03-04 05:22 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00258048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-03-04 05:22 - 2014-03-04 05:22 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-03-04 05:20 - 2014-03-04 05:20 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe
2014-03-04 05:20 - 2014-03-04 05:20 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
2014-03-04 05:20 - 2014-03-04 05:20 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-03-04 04:37 - 2009-09-10 04:07 - 03815424 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2014-03-04 04:37 - 2009-09-10 04:06 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2014-03-04 04:37 - 2009-09-10 04:05 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-03-04 04:37 - 2009-09-10 04:01 - 03023360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2014-03-04 04:37 - 2009-09-10 04:00 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2014-03-04 04:37 - 2009-09-10 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-03-04 04:35 - 2012-02-29 17:37 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-03-04 04:35 - 2012-02-29 17:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-03-04 04:35 - 2012-02-29 15:52 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-03-03 21:19 - 2013-10-22 11:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-03 21:19 - 2013-10-22 09:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-03-03 21:19 - 2013-10-03 17:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-03 21:19 - 2013-10-03 14:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-03-03 21:19 - 2013-06-27 01:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-03-03 21:19 - 2013-06-27 01:00 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-03-03 21:19 - 2013-06-27 01:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-03-03 21:19 - 2012-11-22 06:22 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2014-03-03 21:19 - 2012-11-22 05:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2014-03-03 21:19 - 2012-06-29 18:20 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-03-03 21:19 - 2012-06-29 18:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-03-03 21:18 - 2013-10-11 06:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-03-03 21:18 - 2013-10-11 06:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-03 21:18 - 2013-10-11 04:29 - 00217074 _____ () C:\Windows\system32\WFP.TMF
2014-03-03 21:18 - 2013-10-11 04:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-03-03 21:18 - 2013-08-02 16:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-03-03 21:18 - 2013-08-02 06:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-03-03 21:18 - 2013-07-09 14:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-03 21:18 - 2013-07-09 14:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-03 21:18 - 2013-07-08 06:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-03 21:18 - 2013-07-08 06:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-03 21:18 - 2013-07-08 06:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-03 21:18 - 2013-07-08 06:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-03 21:18 - 2013-07-08 06:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-03-03 21:18 - 2013-07-08 03:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-03 21:18 - 2013-07-08 03:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-03 21:18 - 2013-07-08 03:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-03 21:18 - 2013-03-09 06:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-03-03 21:18 - 2013-03-09 03:48 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-03-03 21:18 - 2012-05-01 16:29 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-03-03 21:18 - 2011-02-22 16:47 - 00479744 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-03-03 21:18 - 2011-02-22 16:13 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-03-03 21:17 - 2013-03-03 21:13 - 01513320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-03-03 21:17 - 2012-09-25 18:31 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-03-03 21:17 - 2012-09-25 18:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-03-03 21:17 - 2011-12-14 18:38 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-03-03 21:17 - 2011-12-14 18:17 - 00680448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2014-03-03 21:15 - 2013-12-05 06:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-03 21:15 - 2013-12-05 04:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-03 21:15 - 2013-08-01 06:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-03-03 21:15 - 2013-08-01 05:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-03-03 21:15 - 2013-06-15 15:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2014-03-03 21:15 - 2013-06-15 13:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-03-03 21:15 - 2013-04-24 06:09 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-03-03 21:15 - 2013-04-24 06:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-03-03 21:15 - 2013-04-24 04:10 - 01078272 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-03-03 21:15 - 2013-04-24 03:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-03-03 21:15 - 2010-05-04 21:40 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll
2014-03-03 21:15 - 2010-05-04 21:13 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshsq.dll
2014-03-03 21:14 - 2012-02-01 17:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2014-03-03 21:12 - 2012-11-20 06:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-03-03 21:12 - 2012-11-20 06:21 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-03-03 21:12 - 2012-09-28 18:34 - 01210368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-03 21:12 - 2012-09-28 18:13 - 00860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-03 21:12 - 2011-10-25 18:13 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-03-03 21:12 - 2011-10-25 17:58 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-03-03 21:11 - 2013-07-10 11:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-03-03 21:11 - 2013-07-10 11:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-03-03 21:11 - 2013-06-04 06:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-03-03 21:11 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-03-03 21:11 - 2013-06-04 04:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-03-03 21:11 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-03-03 21:11 - 2013-04-17 15:04 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-03-03 21:11 - 2013-04-17 14:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-03-03 21:09 - 2013-10-03 17:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-03 21:09 - 2013-10-03 14:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-03-03 21:09 - 2011-11-16 18:43 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2014-03-03 21:09 - 2011-11-16 18:23 - 00377344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2014-03-03 21:09 - 2011-10-14 19:31 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-03-03 21:09 - 2011-10-14 19:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\mcicda.dll
2014-03-03 21:09 - 2011-10-14 19:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mciwave.dll
2014-03-03 21:09 - 2011-10-14 19:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\mciseq.dll
2014-03-03 21:09 - 2011-10-14 18:03 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-03-03 21:09 - 2011-10-14 18:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciseq.dll
2014-03-03 21:09 - 2011-08-25 18:20 - 00735744 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2014-03-03 21:09 - 2011-08-25 18:19 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-03-03 21:09 - 2011-08-25 18:19 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-03-03 21:09 - 2011-08-25 18:15 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2014-03-03 21:09 - 2011-08-25 18:14 - 00563712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-03-03 21:09 - 2011-08-25 18:14 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-03-03 21:09 - 2011-08-25 15:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\oleaccrc.dll
2014-03-03 21:09 - 2011-08-25 15:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaccrc.dll
2014-03-03 21:09 - 2011-06-15 18:16 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2014-03-03 21:09 - 2011-06-15 18:12 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2014-03-03 21:07 - 2013-07-03 04:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-03-03 21:06 - 2013-07-05 06:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-03 21:06 - 2012-11-02 12:45 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-03-03 21:06 - 2012-11-02 12:45 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2014-03-03 21:06 - 2012-11-02 12:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-03-03 21:06 - 2012-11-02 10:59 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2014-03-03 21:06 - 2012-11-02 10:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2014-03-03 21:06 - 2012-08-21 13:50 - 00267648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-03-03 21:05 - 2011-10-14 19:30 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-03-03 21:05 - 2011-10-14 18:02 - 00429056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-03-03 21:04 - 2011-04-21 16:17 - 00695296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-03-03 21:03 - 2013-10-11 06:27 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-03 21:03 - 2013-10-11 06:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-03 21:03 - 2013-10-11 04:19 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-03-03 21:03 - 2013-10-11 04:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-03 21:03 - 2013-10-11 04:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-03-03 21:03 - 2013-10-11 04:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-03-03 21:03 - 2013-10-11 04:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2014-03-03 21:03 - 2013-10-11 02:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-03-03 21:03 - 2013-10-11 02:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-03-03 21:03 - 2013-07-20 12:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-03-03 21:03 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-03-03 21:03 - 2013-07-16 11:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-03-03 21:03 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2014-03-03 21:03 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-03-03 21:03 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-03-03 21:03 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-03-03 21:03 - 2013-07-08 06:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-03-03 21:03 - 2013-07-08 06:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-03-03 21:03 - 2013-07-08 06:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-03-03 21:03 - 2013-02-12 04:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-03-03 21:03 - 2012-11-02 12:47 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-03-03 21:03 - 2012-11-02 12:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-03-03 21:03 - 2012-06-04 17:29 - 00516480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-03-03 21:03 - 2012-06-02 02:22 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-03 21:03 - 2012-06-02 02:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-03-03 21:03 - 2012-06-02 02:04 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-03-03 21:03 - 2011-11-16 18:42 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-03-03 21:03 - 2011-11-16 18:41 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-03-03 21:03 - 2011-11-16 16:34 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-03-03 21:02 - 2013-09-04 04:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-03 21:02 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-03-03 21:02 - 2013-07-04 06:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-03-03 21:02 - 2013-03-08 06:18 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-03-03 21:02 - 2012-11-08 06:26 - 01570816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-03-03 21:02 - 2012-11-08 05:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-03-03 21:02 - 2012-05-11 18:34 - 00788480 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-03-03 21:02 - 2012-05-11 17:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll
2014-03-03 21:01 - 2013-10-30 06:34 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-03-03 21:01 - 2013-10-30 05:55 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-03-03 21:01 - 2013-10-30 04:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-03 21:01 - 2013-06-29 04:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-03 21:01 - 2013-06-29 04:21 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-03 21:01 - 2013-06-29 04:21 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-03 21:01 - 2013-06-29 04:21 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-03 21:01 - 2013-06-29 04:21 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-03-03 21:01 - 2013-06-29 04:21 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-03 21:01 - 2013-03-08 06:17 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-03 21:01 - 2013-03-08 05:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-03 21:01 - 2012-03-21 01:34 - 00072576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-03-03 21:01 - 2011-11-18 20:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-03-03 21:01 - 2011-11-18 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-03-03 21:00 - 2013-05-02 06:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-03-03 21:00 - 2013-05-02 06:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-03-03 21:00 - 2013-05-02 06:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll
2014-03-03 21:00 - 2012-06-08 19:59 - 12899840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-03 21:00 - 2012-06-08 19:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-03 21:00 - 2011-07-29 18:08 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-03-03 21:00 - 2011-07-29 18:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-03-03 21:00 - 2011-07-29 18:06 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2014-03-03 21:00 - 2011-07-29 18:06 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2014-03-03 21:00 - 2011-07-29 18:01 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-03-03 21:00 - 2011-07-29 18:01 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-03-03 21:00 - 2011-07-29 18:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mpeg2Data.ax
2014-03-03 21:00 - 2011-07-29 18:00 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSDvbNP.ax
2014-03-03 20:19 - 2012-01-09 18:16 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-03-03 20:19 - 2012-01-09 17:54 - 00613376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-03-03 19:44 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-03-03 19:44 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-03-03 19:44 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-03-03 19:44 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-03-03 19:42 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-03-03 19:42 - 2012-06-03 00:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-03-03 19:42 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-03-03 19:42 - 2012-06-03 00:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-03-03 19:42 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-03-03 19:42 - 2012-06-03 00:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-03-03 19:41 - 2012-06-02 16:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-03-03 19:41 - 2012-06-02 16:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-03-03 19:41 - 2012-06-02 16:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-03-03 19:41 - 2012-06-02 16:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-03-03 19:28 - 2014-03-29 14:12 - 00003352 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000
2014-03-03 19:09 - 2014-03-03 19:12 - 00000000 ____D () C:\Windows\SysWOW64\vi-VN
2014-03-03 19:09 - 2014-03-03 19:12 - 00000000 ____D () C:\Windows\SysWOW64\eu-ES
2014-03-03 19:09 - 2014-03-03 19:12 - 00000000 ____D () C:\Windows\SysWOW64\ca-ES
2014-03-03 19:09 - 2014-03-03 19:11 - 00000000 ____D () C:\Windows\system32\ca-ES
2014-03-03 19:09 - 2014-03-03 19:10 - 00000000 ____D () C:\Windows\system32\vi-VN
2014-03-03 19:09 - 2014-03-03 19:10 - 00000000 ____D () C:\Windows\system32\eu-ES
2014-03-03 16:55 - 2014-03-29 14:12 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000
==================== One Month Modified Files and Folders =======
2014-04-01 12:52 - 2014-04-01 12:51 - 00031787 _____ () C:\Users\Michaela\Desktop\FRST.txt
2014-04-01 12:52 - 2009-09-24 22:31 - 01237673 _____ () C:\Windows\WindowsUpdate.log
2014-04-01 12:51 - 2014-04-01 12:51 - 00000000 ____D () C:\FRST
2014-04-01 12:51 - 2013-07-16 23:39 - 00000000 ___RD () C:\Users\Michaela\Dropbox
2014-04-01 12:51 - 2013-07-16 23:35 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Dropbox
2014-04-01 12:51 - 2008-01-21 13:10 - 01566076 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-01 12:51 - 2008-01-21 13:09 - 00673932 _____ () C:\Windows\system32\perfh007.dat
2014-04-01 12:51 - 2008-01-21 13:09 - 00145912 _____ () C:\Windows\system32\perfc007.dat
2014-04-01 12:50 - 2013-03-28 23:50 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Skype
2014-04-01 12:46 - 2012-10-10 20:49 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-01 12:46 - 2009-10-02 19:11 - 00000000 ____D () C:\Users\Michaela\AppData\Local\SoftThinks
2014-04-01 12:44 - 2012-10-10 20:49 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-01 12:44 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-01 12:44 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-01 12:44 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-01 12:43 - 2013-02-12 05:26 - 00003549 _____ () C:\Windows\bthservsdp.dat
2014-04-01 12:43 - 2006-11-02 17:42 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-01 12:40 - 2009-09-25 04:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-01 12:34 - 2014-04-01 12:33 - 02157056 _____ (Farbar) C:\Users\Michaela\Desktop\FRST64.exe
2014-04-01 12:34 - 2012-08-15 22:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-01 12:28 - 2009-10-03 13:07 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Adobe
2014-04-01 12:27 - 2009-09-25 04:05 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-01 12:15 - 2009-10-02 19:12 - 00080160 _____ () C:\Users\Michaela\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-01 12:11 - 2006-11-02 17:21 - 02247192 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-01 12:07 - 2009-09-25 04:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-01 11:12 - 2014-03-29 14:26 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-01 11:08 - 2008-01-21 05:26 - 00783942 _____ () C:\Windows\PFRO.log
2014-04-01 04:05 - 2013-03-11 14:00 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000UA.job
2014-04-01 02:35 - 2013-11-04 21:01 - 00000000 ____D () C:\Users\Michaela\Documents\Togainu no chi
2014-03-31 13:05 - 2013-03-11 14:00 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000Core.job
2014-03-30 19:18 - 2014-03-30 19:18 - 00000000 ____D () C:\Users\Michaela\Downloads\Download
2014-03-29 21:36 - 2014-03-29 21:36 - 00000000 ____D () C:\Users\Michaela\Documents\Any Video Converter
2014-03-29 15:21 - 2014-03-29 15:21 - 00000296 _____ () C:\Windows\system32\spsys.log
2014-03-29 15:21 - 2012-10-11 19:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 15:18 - 2013-06-04 18:00 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-03-29 15:08 - 2014-03-29 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 15:03 - 2014-03-29 15:02 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-29 15:03 - 2009-09-25 03:57 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-29 14:59 - 2012-10-22 15:28 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Opera
2014-03-29 14:59 - 2012-10-22 15:28 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-03-29 14:56 - 2014-03-29 14:56 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Opera Software
2014-03-29 14:56 - 2014-03-29 14:56 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Opera Software
2014-03-29 14:48 - 2013-05-29 23:42 - 00000000 ____D () C:\Users\Michaela\Downloads\00_Programme
2014-03-29 14:45 - 2014-03-29 14:44 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-03-29 14:27 - 2014-03-29 14:27 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\AVAST Software
2014-03-29 14:25 - 2014-03-29 14:25 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-29 14:25 - 2014-03-29 14:25 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-29 14:25 - 2014-03-29 14:25 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-29 14:25 - 2014-03-29 14:25 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-29 14:25 - 2014-03-29 14:25 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-29 14:25 - 2014-03-29 14:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-29 14:25 - 2014-03-29 14:25 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-03-29 14:25 - 2014-03-29 14:25 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2014-03-29 14:25 - 2014-03-29 14:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-29 14:23 - 2014-03-29 14:23 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-29 14:20 - 2014-03-29 14:20 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-29 14:12 - 2014-03-03 19:28 - 00003352 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000
2014-03-29 14:12 - 2014-03-03 16:55 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000
2014-03-29 13:27 - 2013-05-02 22:19 - 00138184 ____H () C:\Windows\SysWOW64\mlfcache.dat
2014-03-29 00:50 - 2014-03-29 00:50 - 00000000 ____D () C:\Users\Michaela\Downloads\Doujinshi&Manga
2014-03-28 23:21 - 2014-03-04 21:52 - 00003714 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{784B2923-D700-4DE6-920C-72A8F8621F24}
2014-03-28 16:29 - 2014-01-12 03:17 - 00000000 ____D () C:\Users\Michaela\Downloads\Shimeji
2014-03-27 22:55 - 2014-03-19 20:46 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000
2014-03-27 22:55 - 2014-03-19 20:45 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000
2014-03-27 15:41 - 2012-10-10 20:49 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 15:41 - 2012-10-10 20:49 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-26 14:46 - 2009-09-25 04:11 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-26 01:31 - 2014-03-14 03:20 - 00000000 ____D () C:\Users\Michaela\Documents\HTML Code
2014-03-19 12:57 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 12:54 - 2006-11-02 14:35 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-16 02:49 - 2014-03-16 02:49 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Skype
2014-03-16 02:49 - 2013-03-28 23:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-16 02:49 - 2013-03-28 23:50 - 00000000 ____D () C:\ProgramData\Skype
2014-03-14 04:33 - 2013-12-21 23:24 - 00000000 ____D () C:\Users\Michaela\Downloads\Facebook
2014-03-13 11:01 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\rescache
2014-03-12 12:34 - 2012-08-15 22:10 - 00003738 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 12:34 - 2012-04-03 21:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 12:34 - 2011-11-06 12:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-10 21:53 - 2014-03-10 21:52 - 00000000 ____D () C:\Users\Michaela\Documents\YuE
2014-03-05 21:42 - 2014-03-05 21:41 - 00274864 _____ () C:\Windows\Minidump\Mini030514-01.dmp
2014-03-05 21:41 - 2012-04-11 22:46 - 00000000 ____D () C:\Windows\Minidump
2014-03-05 21:41 - 2012-04-11 22:45 - 348199467 _____ () C:\Windows\MEMORY.DMP
2014-03-05 04:08 - 2014-03-04 06:10 - 01521640 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-04 07:35 - 2014-03-04 07:35 - 00000000 ____D () C:\Users\Michaela\Documents\Bluetooth-Exchange-Ordner
2014-03-04 07:34 - 2014-03-04 07:34 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-03-04 07:33 - 2014-03-04 07:32 - 00000981 _____ () C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-04 07:33 - 2009-10-02 19:16 - 00000951 _____ () C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-04 07:23 - 2014-03-04 07:23 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-03-04 07:23 - 2014-03-04 07:23 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-03-04 07:22 - 2006-11-02 17:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-03-04 07:22 - 2006-11-02 17:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\uk-UA
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\th-TH
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\he-IL
2014-03-04 07:22 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\et-EE
2014-03-04 07:22 - 2006-11-02 15:33 - 00000000 ___RD () C:\Windows\Offline Web Pages
2014-03-04 07:22 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-03-04 07:22 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-03-04 07:22 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-04 07:21 - 2006-11-02 15:33 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-04 07:20 - 2014-03-04 07:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2014-03-04 07:20 - 2014-03-04 07:20 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_07_00.Wdf
2014-03-04 07:20 - 2006-11-02 17:27 - 00288011 _____ () C:\Windows\setupact.log
2014-03-04 05:26 - 2012-08-10 23:14 - 00020462 _____ () C:\Windows\IE9_main.log
2014-03-04 05:25 - 2014-03-04 05:25 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-04 05:25 - 2014-03-04 05:25 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-04 05:25 - 2014-03-04 05:25 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-04 05:25 - 2014-03-04 05:25 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-04 05:25 - 2014-03-04 05:25 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\advpack.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advpack.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-04 05:25 - 2014-03-04 05:25 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-04 05:25 - 2014-03-04 05:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-04 05:25 - 2014-03-04 05:25 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-03-04 05:25 - 2014-03-04 05:25 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-04 05:25 - 2006-11-02 14:16 - 00008798 _____ () C:\Windows\SysWOW64\icrav03.rat
2014-03-04 05:25 - 2006-11-02 14:16 - 00001988 _____ () C:\Windows\SysWOW64\ticrf.rat
2014-03-04 05:25 - 2006-11-02 08:36 - 00008798 _____ () C:\Windows\system32\icrav03.rat
2014-03-04 05:25 - 2006-11-02 08:36 - 00001988 _____ () C:\Windows\system32\ticrf.rat
2014-03-04 05:22 - 2014-03-04 05:22 - 03548672 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 03068416 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 01554432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\OpcServices.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\MFH264Dec.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 01075712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 01032192 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2014-03-04 05:22 - 2014-03-04 05:22 - 00979456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFH264Dec.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00847360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00586240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\MFHEAACdec.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4src.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-03-04 05:22 - 2014-03-04 05:22 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFHEAACdec.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00302592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4src.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00258048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-03-04 05:22 - 2014-03-04 05:22 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\XpsRasterService.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00135680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2014-03-04 05:22 - 2014-03-04 05:22 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-03-04 05:20 - 2014-03-04 05:20 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\dxdiag.exe
2014-03-04 05:20 - 2014-03-04 05:20 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\dxdiagn.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
2014-03-04 05:20 - 2014-03-04 05:20 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiagn.dll
2014-03-04 05:20 - 2014-03-04 05:20 - 00189440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-03-03 20:45 - 2013-07-27 14:39 - 00000000 ____D () C:\Users\Michaela\Documents\Sonstiges
2014-03-03 19:28 - 2009-10-02 19:16 - 00000917 _____ () C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-03-03 19:14 - 2006-11-02 17:07 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-03-03 19:14 - 2006-11-02 17:07 - 00000000 ____D () C:\Program Files\Windows Photo Gallery
2014-03-03 19:14 - 2006-11-02 17:07 - 00000000 ____D () C:\Program Files\Windows Collaboration
2014-03-03 19:14 - 2006-11-02 17:07 - 00000000 ____D () C:\Program Files\Movie Maker
2014-03-03 19:13 - 2006-11-02 17:07 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-03 19:13 - 2006-11-02 17:07 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-03-03 19:13 - 2006-11-02 17:07 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Gallery
2014-03-03 19:13 - 2006-11-02 17:07 - 00000000 ____D () C:\Program Files (x86)\Windows Calendar
2014-03-03 19:13 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\servicing
2014-03-03 19:12 - 2014-03-03 19:09 - 00000000 ____D () C:\Windows\SysWOW64\vi-VN
2014-03-03 19:12 - 2014-03-03 19:09 - 00000000 ____D () C:\Windows\SysWOW64\eu-ES
2014-03-03 19:12 - 2014-03-03 19:09 - 00000000 ____D () C:\Windows\SysWOW64\ca-ES
2014-03-03 19:12 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\SLUI
2014-03-03 19:12 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-03-03 19:12 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-03-03 19:12 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-03-03 19:12 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore
2014-03-03 19:12 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers
2014-03-03 19:11 - 2014-03-03 19:09 - 00000000 ____D () C:\Windows\system32\ca-ES
2014-03-03 19:11 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\oobe
2014-03-03 19:11 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\IME
2014-03-03 19:10 - 2014-03-03 19:09 - 00000000 ____D () C:\Windows\system32\vi-VN
2014-03-03 19:10 - 2014-03-03 19:09 - 00000000 ____D () C:\Windows\system32\eu-ES
2014-03-03 19:10 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\SLUI
2014-03-03 19:10 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\setup
2014-03-03 19:10 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\migwiz
2014-03-03 19:10 - 2006-11-02 15:34 - 00000000 ____D () C:\Windows\system32\manifeststore
2014-03-03 19:10 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
Some content of TEMP:
====================
C:\Users\Michaela\AppData\Local\Temp\AskSLib.dll
C:\Users\Michaela\AppData\Local\Temp\avgnt.exe
C:\Users\Michaela\AppData\Local\Temp\install_flashplayer11x32_mssd_aih.exe
C:\Users\Michaela\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Michaela\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Michaela\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Michaela\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Michaela\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Michaela\AppData\Local\Temp\sqlite3.exe
C:\Users\Michaela\AppData\Local\Temp\stubhelper.dll
C:\Users\Michaela\AppData\Local\Temp\uninst1.exe
C:\Users\Michaela\AppData\Local\Temp\zsvp2gl_.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-01 12:51
==================== End Of Log ============================
|
|
01.04.2014, 12:03
| #4 |
| | Wie kann ich Daten sichern da MusikTrojaner vermutet Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Michaela at 2014-04-01 12:54:18
Running from C:\Users\Michaela\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Any Video Converter 5.0.5 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.25 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.24 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0029 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.104.115.101 - Alps Electric)
Dell Video Chat (HKLM-x32\...\Dell Video Chat) (Version: 6.1 (6751) - SightSpeed Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.20.10 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Free Audio Converter version 5.0.3.1206 (HKLM-x32\...\Free Audio Converter_is1) (Version: - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Integrated Webcam Driver (1.02.01.0320) (HKLM\...\Creative OA009) (Version: 1.02.01.0320 - Creative Technology Ltd.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Java(TM) 6 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
LG PC Suite II (HKLM-x32\...\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}) (Version: 2.00.0000 - LG PC Suite)
LG PC Suite II (x32 Version: 2.00.0000 - LG PC Suite) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.2 - LG Electronics)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.2303.1 - Creative Technology Ltd)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (HKLM-x32\...\{095B1DCF-5E8B-47EC-9B18-481918A731DB}) (Version: 2.0.69.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Opera Stable 20.0.1387.82 (HKLM-x32\...\Opera 20.0.1387.82) (Version: 20.0.1387.82 - Opera Software ASA)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - Dell Corp.)
Quickset (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.2.18 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synthesia (HKLM-x32\...\Synthesia) (Version: 8.4 - Synthesia LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
WIDCOMM Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.2000 - WIDCOMM, Inc.)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
==================== Restore Points =========================
21-03-2014 11:21:52 Geplanter Prüfpunkt
22-03-2014 05:17:20 Geplanter Prüfpunkt
22-03-2014 20:58:02 Geplanter Prüfpunkt
23-03-2014 16:32:27 Geplanter Prüfpunkt
24-03-2014 09:23:46 Geplanter Prüfpunkt
25-03-2014 08:58:12 Windows Update
26-03-2014 13:37:07 Geplanter Prüfpunkt
27-03-2014 08:31:28 Geplanter Prüfpunkt
28-03-2014 08:01:25 Geplanter Prüfpunkt
29-03-2014 12:23:18 avast! antivirus system restore point
29-03-2014 13:01:14 Installed Java 7 Update 51
30-03-2014 11:30:05 Geplanter Prüfpunkt
31-03-2014 08:45:44 Geplanter Prüfpunkt
01-04-2014 09:20:00 Windows Update
01-04-2014 10:06:47 削除済み 咎狗の血
==================== Hosts content: ==========================
2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {19BCA020-F0B4-4C5B-A57C-CF09E3EF4781} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {2A429D84-C847-4D6B-9502-3D35AC976676} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000UA => C:\Users\Michaela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-11] (Facebook Inc.)
Task: {2EB14C14-2C5F-4626-BA90-D9196121F7AE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {36A56C1C-9BEA-44D8-94FD-62456F325528} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {388C0D7F-DC58-437E-812B-4BE3674FBB6D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {46CD1E8E-C415-4159-AE4E-F1ED803AFE8A} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-21] (Dell Inc.)
Task: {55C81DE2-89F3-4B72-84BD-1B91CA453711} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5ABD53F8-82CF-4CD6-93BC-810C5612C7A7} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7133A15E-30E1-43F9-8C91-1F2CA85D8470} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {87E7CBB4-22BF-4BC1-BEC9-3CF65F0B7BE3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000Core => C:\Users\Michaela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-11] (Facebook Inc.)
Task: {A5EC54B9-100A-4D35-9901-99A32AF722CF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B2E92356-AF15-46C2-9760-3E810CEBBD3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-10] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EB167214-C513-42A7-9F0B-69BE18A83294} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-29] (AVAST Software)
Task: {F5F46528-E855-4E3F-A3B0-5623AE50F8CB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F6BFCBD6-889A-48E7-9943-27C9D6B5854A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-10] (Google Inc.)
Task: {FC41EBBD-8B04-47C7-B2AD-F6C2BEC1A210} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000Core.job => C:\Users\Michaela\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000UA.job => C:\Users\Michaela\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2009-09-25 03:57 - 2008-12-21 20:35 - 00032768 _____ () C:\Windows\System32\WLTRYSVC.EXE
2009-09-25 03:57 - 2008-12-21 20:35 - 00057856 _____ () C:\Windows\System32\bcmwlrmt.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-09-25 04:12 - 2009-04-24 21:52 - 00156912 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
2009-09-25 04:11 - 2009-07-16 18:00 - 00410864 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\Michaela\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2014-03-04 07:50 - 2014-03-04 07:50 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\264c91e0ec39698f61d36c00a26cc16b\VistaBridgeLibrary.ni.dll
2009-07-07 17:23 - 2009-07-07 17:23 - 01779952 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2014-04-01 11:09 - 2014-04-01 11:09 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14040100\algo.dll
2009-09-25 04:11 - 2009-07-16 17:58 - 00115952 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2009-09-25 04:11 - 2009-07-16 17:59 - 00128240 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2009-09-25 04:11 - 2009-07-16 17:58 - 01123568 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2009-09-25 04:11 - 2009-07-16 17:59 - 00079088 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2009-09-25 04:11 - 2009-07-16 17:59 - 00234736 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2009-09-25 04:11 - 2009-07-16 17:59 - 00074992 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2009-09-25 04:11 - 2009-07-16 17:59 - 00111856 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2009-09-25 04:11 - 2009-07-16 17:59 - 00121072 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Michaela\AppData\Roaming\Dropbox\bin\libcef.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00268528 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-07-07 17:23 - 2009-07-07 17:23 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00046320 _____ () C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00369904 _____ () C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00140528 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-07-07 17:23 - 2009-07-07 17:23 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2014-03-29 14:25 - 2014-03-29 14:25 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/01/2014 00:48:34 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/01/2014 00:45:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/01/2014 00:43:09 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (04/01/2014 00:43:03 PM) (Source: MsiInstaller) (User: Michaela-PC)
Description: Product: Adobe Setup -- Error 1719.Auf den Windows Installer-Dienst konnte nicht zugegriffen werden. Dies kann auftreten, wenn der Windows Installer nicht richtig installiert wurde. Wenden Sie sich an den Support, um weitere Unterstützung zu erhalten.
Error: (04/01/2014 00:12:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/01/2014 11:12:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/01/2014 11:12:25 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/01/2014 11:10:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/01/2014 02:32:26 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 28.0.0.5186, Zeitstempel 0x53240e37, fehlerhaftes Modul xul.dll, Version 28.0.0.5186, Zeitstempel 0x53240e04, Ausnahmecode 0xc0000005, Fehleroffset 0x00184729,
Prozess-ID 0xf60, Anwendungsstartzeit firefox.exe0.
Error: (03/31/2014 11:02:25 PM) (Source: Adobe Version Cue CS3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (05/27/2013 11:18:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12395 seconds with 6840 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-03-03 16:35:47.752
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-03 16:35:47.342
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-03 16:35:46.955
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-03 16:35:46.509
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-03-03 16:35:46.007
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-08 17:56:19.425
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-08 17:56:19.052
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-08 17:56:18.656
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-02-08 17:56:18.268
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-09-07 14:52:26.812
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 57%
Total physical RAM: 4055.45 MB
Available physical RAM: 1717.88 MB
Total Pagefile: 8288.18 MB
Available Pagefile: 5410.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:103.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 7F8F3E8E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS)
==================== End Of Log ============================
 |
|
02.04.2014, 11:09
| #5 |
| /// the machine /// TB-Ausbilder | Wie kann ich Daten sichern da MusikTrojaner vermutet Wir können den Rechner bereinigen, oder aber du formatierst oder kaufst dir nen neuen. Wobei ich formatieren, und vor allem nen neuen kaufen, nicht ganz nachvollziehen kann. Seis drum: Daten sichern, solange es keine ausführbaren sind, kannste ganze einfach auf ne Externe schieben und gut ist. Die Externe im Anschluss einmal scannen. Wie entscheidest Du dich?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.04.2014, 12:42
| #6 |
| | Wie kann ich Daten sichern da MusikTrojaner vermutet Hallo ^^ Wenn ich die Daten nun auf die Externe ziehe - muss ich da vorher autorun blockieren? Wenn Sie mir helfen möchten den Laptop zu bereinigen würde ich das natürlich gerne versuchen. Hoffe das ist nicht allzu kompliziert. Wäre nämlich super wenn ich mir einen neuen Laptop erst kaufen kann wenn ich das wirklich möchte und nicht nur weil so eine dumme Sache passiert ist. Sollte ich vor dem bereinigen meine Daten trotzdem sichern? Oder passiert da nichts? Eine dumme Frage hab ich noch: Wie hab ich mir den Trojaner denn eingefangen? Ich bin ja eigentlich nur auf Seiten die ich kenne. Reicht es wenn ich einem Link folge? Oder kann das auch sein, dass ich den von ner CD eines Computergames hab? |
|
03.04.2014, 08:54
| #7 |
| /// the machine /// TB-Ausbilder | Wie kann ich Daten sichern da MusikTrojaner vermutet Wo der her kommt ist nicht nachvollziehbar. Daten sichern ist immer ne gute Idee, kannst Du vorher machen. bilder, Videos, Musik udn Dokumente einfach auf ne Externe ziehen. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.04.2014, 11:13
| #8 |
| | Wie kann ich Daten sichern da MusikTrojaner vermutet So. Ich habe jetzt den ganzen Tag mit Datensicherung verbracht. Mit dem nächsten Schritt mache ich morgen weiter. Nur damit Sie bescheid wissen warum ich nicht geantwortet hatte. Gruß, miasa ^^ Meldungen gab es soweit keine. Nur mein Avast Taskleistensymbol erscheint nicht mehr und Dropbox auch nicht... Soll ich den Laptop neu starten? Code:
ATTFilter ComboFix 14-04-03.01 - Michaela 04.04.2014 11:42:18.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4055.2177 [GMT 2:00]
ausgeführt von:: c:\users\Michaela\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michaela\AppData\Roaming\Help\coredb\storage
E:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-03-04 bis 2014-04-04 ))))))))))))))))))))))))))))))
.
.
2014-04-04 09:58 . 2014-04-04 09:58 -------- d-----w- c:\users\Michaela\AppData\Local\temp
2014-04-04 09:58 . 2014-04-04 09:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-03 22:16 . 2014-04-03 22:20 -------- d-----r- c:\users\Michaela\Bilder nach Datensicherung vom 03.04.14
2014-04-01 10:51 . 2014-04-01 10:57 -------- d-----w- C:\FRST
2014-04-01 09:21 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3B60034-084B-4CF6-8AF3-41C0B06A6D7F}\mpengine.dll
2014-03-29 13:03 . 2013-12-18 20:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-29 12:56 . 2014-03-29 12:56 -------- d-----w- c:\users\Michaela\AppData\Local\Opera Software
2014-03-29 12:56 . 2014-03-29 12:56 -------- d-----w- c:\users\Michaela\AppData\Roaming\Opera Software
2014-03-29 12:45 . 2014-03-29 12:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2014-03-29 12:45 . 2014-03-29 12:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2014-03-29 12:45 . 2014-03-29 12:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2014-03-29 12:45 . 2014-03-29 12:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2014-03-29 12:45 . 2014-03-29 12:45 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2014-03-29 12:44 . 2014-03-29 12:45 -------- d-----w- c:\program files (x86)\QuickTime
2014-03-29 12:27 . 2014-03-29 12:27 -------- d-----w- c:\users\Michaela\AppData\Roaming\AVAST Software
2014-03-29 12:25 . 2014-03-29 12:25 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-03-29 12:25 . 2014-03-29 12:25 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-03-29 12:25 . 2014-03-29 12:25 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-03-29 12:25 . 2014-03-29 12:25 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-03-29 12:25 . 2014-03-29 12:25 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-03-29 12:25 . 2014-03-29 12:25 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-03-29 12:25 . 2014-03-29 12:25 64752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-03-29 12:25 . 2014-03-29 12:25 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-03-29 12:25 . 2014-03-29 12:25 43152 ----a-w- c:\windows\avastSS.scr
2014-03-29 12:23 . 2014-03-29 12:23 -------- d-----w- c:\program files\AVAST Software
2014-03-29 12:20 . 2014-03-29 12:20 -------- d-----w- c:\programdata\AVAST Software
2014-03-16 00:49 . 2014-03-16 00:49 -------- d-----w- c:\users\Michaela\AppData\Local\Skype
2014-03-16 00:49 . 2014-03-16 00:49 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-12 22:48 . 2014-01-30 10:12 1111040 ----a-w- c:\windows\system32\wer.dll
2014-03-12 22:48 . 2014-01-30 07:46 876032 ----a-w- c:\windows\SysWow64\wer.dll
2014-03-12 22:48 . 2013-11-13 01:54 2048 ----a-w- c:\windows\system32\tzres.dll
2014-03-12 22:48 . 2013-11-13 00:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-03-12 22:48 . 2014-02-03 13:20 619008 ----a-w- c:\windows\system32\qedit.dll
2014-03-12 22:48 . 2014-02-03 10:37 505344 ----a-w- c:\windows\SysWow64\qedit.dll
2014-03-12 22:48 . 2014-02-07 12:11 2776064 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-19 10:54 . 2006-11-02 12:35 90015360 ----a-w- c:\windows\system32\mrt.exe
2014-03-12 10:34 . 2012-04-03 19:15 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 10:34 . 2011-11-06 10:37 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 03:25 . 2014-03-04 03:25 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2014-03-04 03:25 . 2014-03-04 03:25 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-03-04 03:25 . 2014-03-04 03:25 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-03-04 03:25 . 2014-03-04 03:25 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-03-04 03:25 . 2014-03-04 03:25 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-03-04 03:25 . 2014-03-04 03:25 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-03-04 03:25 . 2014-03-04 03:25 367104 ----a-w- c:\windows\SysWow64\html.iec
2014-03-04 03:25 . 2014-03-04 03:25 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-04 03:25 . 2014-03-04 03:25 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-03-04 03:25 . 2014-03-04 03:25 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2014-03-04 03:25 . 2014-03-04 03:25 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-03-04 03:25 . 2014-03-04 03:25 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-03-04 03:25 . 2014-03-04 03:25 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2014-03-04 03:25 . 2014-03-04 03:25 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2014-03-04 03:25 . 2014-03-04 03:25 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-03-04 03:25 . 2014-03-04 03:25 222208 ----a-w- c:\windows\system32\msls31.dll
2014-03-04 03:25 . 2014-03-04 03:25 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-04 03:25 . 2014-03-04 03:25 197120 ----a-w- c:\windows\system32\msrating.dll
2014-03-04 03:25 . 2014-03-04 03:25 49664 ----a-w- c:\windows\system32\imgutil.dll
2014-03-04 03:25 . 2014-03-04 03:25 267776 ----a-w- c:\windows\system32\ieaksie.dll
2014-03-04 03:25 . 2014-03-04 03:25 163840 ----a-w- c:\windows\system32\ieakui.dll
2014-03-04 03:25 . 2014-03-04 03:25 145920 ----a-w- c:\windows\system32\iepeers.dll
2014-03-04 03:25 . 2014-03-04 03:25 136192 ----a-w- c:\windows\system32\advpack.dll
2014-03-04 03:25 . 2014-03-04 03:25 12288 ----a-w- c:\windows\system32\mshta.exe
2014-03-04 03:25 . 2014-03-04 03:25 114176 ----a-w- c:\windows\system32\admparse.dll
2014-03-04 03:25 . 2014-03-04 03:25 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-03-04 03:25 . 2014-03-04 03:25 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-04 03:25 . 2014-03-04 03:25 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2014-03-04 03:25 . 2014-03-04 03:25 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-04 03:25 . 2014-03-04 03:25 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-04 03:25 . 2014-03-04 03:25 160256 ----a-w- c:\windows\system32\ieakeng.dll
2014-03-04 03:25 . 2014-03-04 03:25 111616 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-04 03:25 . 2014-03-04 03:25 76800 ----a-w- c:\windows\system32\tdc.ocx
2014-03-04 03:25 . 2014-03-04 03:25 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-04 03:25 . 2014-03-04 03:25 448512 ----a-w- c:\windows\system32\html.iec
2014-03-04 03:25 . 2014-03-04 03:25 282112 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-04 03:25 . 2014-03-04 03:25 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-04 03:25 . 2014-03-04 03:25 85504 ----a-w- c:\windows\system32\iesetup.dll
2014-03-04 03:25 . 2014-03-04 03:25 82432 ----a-w- c:\windows\system32\icardie.dll
2014-03-04 03:25 . 2014-03-04 03:25 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-04 03:25 . 2014-03-04 03:25 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2014-03-04 03:25 . 2014-03-04 03:25 39936 ----a-w- c:\windows\system32\iernonce.dll
2014-03-04 03:25 . 2014-03-04 03:25 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2014-03-04 03:25 . 2014-03-04 03:25 249344 ----a-w- c:\windows\system32\webcheck.dll
2014-03-04 03:25 . 2014-03-04 03:25 30720 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-04 03:25 . 2014-03-04 03:25 165888 ----a-w- c:\windows\system32\iexpress.exe
2014-03-04 03:25 . 2014-03-04 03:25 160256 ----a-w- c:\windows\system32\wextract.exe
2014-03-04 03:25 . 2014-03-04 03:25 103936 ----a-w- c:\windows\system32\inseng.dll
2014-03-04 03:25 . 2014-03-04 03:25 65024 ----a-w- c:\windows\system32\pngfilt.dll
2014-03-04 03:25 . 2014-03-04 03:25 149504 ----a-w- c:\windows\system32\occache.dll
2014-03-04 03:22 . 2014-03-04 03:22 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2014-03-04 03:22 . 2014-03-04 03:22 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
2014-03-04 03:22 . 2014-03-04 03:22 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
2014-03-04 03:22 . 2014-03-04 03:22 377344 ----a-w- c:\windows\system32\mfmp4src.dll
2014-03-04 03:22 . 2014-03-04 03:22 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
2014-03-04 03:22 . 2014-03-04 03:22 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
2014-03-04 03:22 . 2014-03-04 03:22 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2014-03-04 03:22 . 2014-03-04 03:22 3548672 ----a-w- c:\windows\system32\mf.dll
2014-03-04 03:22 . 2014-03-04 03:22 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
2014-03-04 03:22 . 2014-03-04 03:22 34304 ----a-w- c:\windows\system32\mfpmp.exe
2014-03-04 03:22 . 2014-03-04 03:22 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2014-03-04 03:22 . 2014-03-04 03:22 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2014-03-04 03:22 . 2014-03-04 03:22 195072 ----a-w- c:\windows\system32\mfps.dll
2014-03-04 03:22 . 2014-03-04 03:22 278528 ----a-w- c:\windows\system32\mfplat.dll
2014-03-04 03:22 . 2014-03-04 03:22 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2014-03-04 03:22 . 2014-03-04 03:22 1204224 ----a-w- c:\windows\system32\shdocvw.dll
2014-03-04 03:22 . 2014-03-04 03:22 748544 ----a-w- c:\windows\system32\stobject.dll
2014-03-04 03:22 . 2014-03-04 03:22 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2014-03-04 03:22 . 2014-03-04 03:22 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2014-03-04 03:22 . 2014-03-04 03:22 625152 ----a-w- c:\windows\system32\dxgi.dll
2014-03-04 03:22 . 2014-03-04 03:22 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-03-04 03:22 . 2014-03-04 03:22 366592 ----a-w- c:\windows\system32\winspool.drv
2014-03-04 03:22 . 2014-03-04 03:22 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2014-03-04 03:22 . 2014-03-04 03:22 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2014-03-04 03:22 . 2014-03-04 03:22 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2014-03-04 03:22 . 2014-03-04 03:22 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
2014-03-04 03:22 . 2014-03-04 03:22 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2014-03-04 03:22 . 2014-03-04 03:22 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
2014-03-04 03:22 . 2014-03-04 03:22 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2014-03-04 03:22 . 2014-03-04 03:22 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2014-03-04 03:20 . 2014-03-04 03:20 449024 ----a-w- c:\windows\system32\WMPhoto.dll
2014-03-04 03:20 . 2014-03-04 03:20 369664 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-03-04 03:20 . 2014-03-04 03:20 328192 ----a-w- c:\windows\system32\dxdiag.exe
2014-03-04 03:20 . 2014-03-04 03:20 262656 ----a-w- c:\windows\system32\dxdiagn.dll
2014-03-04 03:20 . 2014-03-04 03:20 252928 ----a-w- c:\windows\SysWow64\dxdiag.exe
2014-03-04 03:20 . 2014-03-04 03:20 195584 ----a-w- c:\windows\SysWow64\dxdiagn.dll
2014-03-04 03:20 . 2014-03-04 03:20 792576 ----a-w- c:\windows\system32\d3d11.dll
2014-03-04 03:20 . 2014-03-04 03:20 519680 ----a-w- c:\windows\SysWow64\d3d11.dll
2014-03-04 03:20 . 2014-03-04 03:20 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-03-04 03:20 . 2014-03-04 03:20 974848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-03-04 03:20 . 2014-03-04 03:20 411648 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2014-03-04 03:20 . 2014-03-04 03:20 321024 ----a-w- c:\windows\SysWow64\PhotoMetadataHandler.dll
2014-03-04 03:20 . 2014-03-04 03:20 189440 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-03-04 03:20 . 2014-03-04 03:20 1209856 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-01-31 22:24 . 2014-01-31 22:24 1409 ----a-w- c:\windows\Fonts\OpenSans-Regular.fot
2014-01-31 22:24 . 2014-01-31 22:24 1409 ----a-w- c:\windows\Fonts\OpenSans-Light.fot
2014-01-31 22:24 . 2014-01-31 22:24 1409 ----a-w- c:\windows\Fonts\OpenSans-Bold.fot
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-04-01 1500440]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"AmazonMP3DownloaderHelper"="c:\users\Michaela\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-22 400704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-09-19 295512]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-29 3854640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-07-16 165104]
.
c:\users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
Dropbox.lnk - c:\users\Michaela\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-8-3 1337632]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 19:40 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 10:34]
.
2014-04-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000Core.job
- c:\users\Michaela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-11 12:00]
.
2014-04-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000UA.job
- c:\users\Michaela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-11 12:00]
.
2014-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-10 18:48]
.
2014-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-10 18:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-03-29 12:25 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Michaela\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 305664]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 202264]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DSUpdateLauncher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2009-03-09 374]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 172.16.10.1:8080
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=ds&q={searchTerms}&installDate=02/06/2013
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=ds&installDate=02/06/2013&q=
FF - prefs.js: network.proxy.type - 2
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d85ff6c90000000000000c607621fe5a&q=
FF - user.js: extensions.BabylonToolbar.id - d85ff6c90000000000000c607621fe5a
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15652
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.820:47
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-UpgradeChecker - c:\users\Michaela\AppData\Roaming\Windows Desktop Search\{1F2553B9-2E61-41EA-9F96-0F012DF06884}\UpgradeChecker.exe
Wow6432Node-HKCU-Run-abfou.exe - c:\users\Michaela\AppData\Roaming\Ykety\abfou.exe
Wow6432Node-HKLM-Run-XSECVA - c:\users\Michaela\AppData\Roaming\xsecva\xsecva.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-sroli - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-04-04 12:03:07
ComboFix-quarantined-files.txt 2014-04-04 10:03
.
Vor Suchlauf: 15 Verzeichnis(se), 116.824.059.904 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 122.514.231.296 Bytes frei
.
- - End Of File - - C0985FF1AEBB24C56C86AEDEB0A45B44
CDB4DE4BBD714F152979DA2DCBEF57EB
|
|
05.04.2014, 10:31
| #9 | |
| /// the machine /// TB-Ausbilder | Wie kann ich Daten sichern da MusikTrojaner vermutet Einmal neu starten. Zitat:
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.04.2014, 14:27
| #10 |
| | Wie kann ich Daten sichern da MusikTrojaner vermutet Haha, ok, dann werd ich mal zum 'du' übergehen  Kann/muss ich wenn du ein neues FRST log willst das alte FRST und die alte Addition auf meinem Desktop löschen? Bin gerade dabei die anderen Programme runterzuladen und wollte mal nachfragen bevor ich das FRST nochmal starte. Brauchst du auch die Addition nochmal? So, Scans sind fertig: mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 05.04.2014 Suchlauf-Zeit: 14:29:58 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.05.02 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x64 Dateisystem: NTFS Benutzer: Michaela Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 257304 Verstrichene Zeit: 17 Min, 18 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.DataMngr.A, HKU\S-1-5-21-2157045702-3999625576-2718192899-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [778951afcb35e61a3acc0183867dc040], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 4 PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=ds&q={searchTerms}&installDate=02/06/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=ds&q={searchTerms}&installDate=02/06/2013),Ersetzt,[728e9b65d52b1ee25a6210fa040044bc] PUP.Optional.Snapdo, HKU\S-1-5-21-2157045702-3999625576-2718192899-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=ds&q={searchTerms}&installDate=02/06/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=ds&q={searchTerms}&installDate=02/06/2013),Ersetzt,[ba4631cfaf51af51e0471ef631d3e719] PUP.Optional.Snapdo, HKU\S-1-5-21-2157045702-3999625576-2718192899-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=ds&q={searchTerms}&installDate=02/06/2013, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=ds&q={searchTerms}&installDate=02/06/2013),Ersetzt,[36ca10f08f719a66f038967e3cc88a76] PUP.Optional.SnapDo.A, HKU\S-1-5-21-2157045702-3999625576-2718192899-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=ds&q={searchTerms}&installDate=02/06/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=ds&q={searchTerms}&installDate=02/06/2013),Ersetzt,[34ccb44c54ac0cf41ba2709a877d748c] Ordner: 2 PUP.Optional.OpenCandy, C:\Users\Michaela\AppData\Roaming\OpenCandy, Löschen bei Neustart, [bc44fb058779f60a211682d26f93a957], PUP.Optional.OpenCandy, C:\Users\Michaela\AppData\Roaming\OpenCandy\261AA8E9A19C4B33BED2A99346697424, In Quarantäne, [bc44fb058779f60a211682d26f93a957], Dateien: 24 PUP.Optional.WebSearch.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\searchplugins\Web Search.xml, In Quarantäne, [9e6217e950b00ef2dec84b18e02250b0], PUP.Optional.OpenCandy, C:\Users\Michaela\AppData\Roaming\OpenCandy\261AA8E9A19C4B33BED2A99346697424\3708.ico, In Quarantäne, [bc44fb058779f60a211682d26f93a957], PUP.Optional.OpenCandy, C:\Users\Michaela\AppData\Roaming\OpenCandy\261AA8E9A19C4B33BED2A99346697424\EBB77268-338F-4C6A-8590-AD88FED26F4A, In Quarantäne, [bc44fb058779f60a211682d26f93a957], PUP.Optional.OpenCandy, C:\Users\Michaela\AppData\Roaming\OpenCandy\261AA8E9A19C4B33BED2A99346697424\Installer.exe, In Quarantäne, [bc44fb058779f60a211682d26f93a957], PUP.Optional.OpenCandy, C:\Users\Michaela\AppData\Roaming\OpenCandy\261AA8E9A19C4B33BED2A99346697424\OCBrowserHelper_1.0.6.128.exe, In Quarantäne, [bc44fb058779f60a211682d26f93a957], PUP.Optional.SnapDo.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=ds&installDate=02/06/2013&q=");), Ersetzt,[a95733cdaa567987db37db64ea1aed13] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.admin", false);), Ersetzt,[5da39868639db64a1910a69933d140c0] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.aflt", "babsst");), Ersetzt,[33cd11efd22e57a989a056e9f90b0ef2] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");), Ersetzt,[d32d1ee2f60ae0202efb0a35778d54ac] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.dfltLng", "en");), Ersetzt,[08f8ca3602fee11ff2371f20e91b9967] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.excTlbr", false);), Ersetzt,[03fd000023ddaa56e74276c94fb50000] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.id", "d85ff6c90000000000000c607621fe5a");), Ersetzt,[728e60a012ee2fd11b0eb48b9470ac54] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlDay", "15652");), Ersetzt,[d12f03fdfb05b14f33f6cf700ef644bc] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlRef", "sst");), Ersetzt,[986846ba629eb05066c30a35f2120df3] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");), Ersetzt,[25dbb24e20e0d22e7aafdd62659f4fb1] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prtnrId", "babylon");), Ersetzt,[8779b44c916fe8185dcc91aece364cb4] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrId", "base");), Ersetzt,[e9179967dd2300007dacd966df253ec2] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d85ff6c90000000000000c607621fe5a&q=");), Ersetzt,[bb45e51be7193ec248e1f34c23e13ec2] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");), Ersetzt,[e020c23e13eda957ef3ac47b4fb514ec] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");), Ersetzt,[bc443bc5a45cd52b121773cc17ed768a] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.newTab", true);), Ersetzt,[39c7f60ac73918e8a5847cc3ea1a649c] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109958&tt=4512_7&babsrc=NT_ss&mntrId=d85ff6c90000000000000c607621fe5a");), Ersetzt,[50b0e917817fb24ea0898ab58b79ba46] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), Ersetzt,[db25dd23847cb14f979290afe51f0000] PUP.Optional.Babylon.A, C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.820:47:09");), Ersetzt,[25dbd22ec33d857b93969ba4e81c44bc] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 05/04/2014 um 14:45:58
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : Michaela - MICHAELA-PC
# Gestartet von : C:\Users\Michaela\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
[!] Ordner Gelöscht : C:\ProgramData\Babylon
[!] Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
[!] Ordner Gelöscht : C:\Users\Michaela\AppData\LocalLow\BabylonToolbar
[!] Ordner Gelöscht : C:\Users\Michaela\AppData\Roaming\Babylon
[!] Ordner Gelöscht : C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpdbfhoobgcmiffaheiedgepeipfcjpb
Datei Gelöscht : C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\fedb8fe23abf48
Schlüssel Gelöscht : HKLM\SOFTWARE\fedb8fe23abf48
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16540
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\prefs.js ]
Zeile gelöscht : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=109958&tt=4512_7&babsrc=HP_ss&mntrId=d85ff6c90000000000000c607621fe5a");
Zeile gelöscht : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.LastHiddenTime", 22839576);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", true);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", true);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", true);
Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "snapdoocyb");
Zeile gelöscht : user_pref("extensions.helperbar.installationid", "97c644c5-ac6a-452e-b40f-ec9598ff936e");
Zeile gelöscht : user_pref("extensions.helperbar.installdate", "02/06/2013");
Zeile gelöscht : user_pref("extensions.helperbar.publisher", "snapdoocyb");
-\\ Google Chrome v33.0.1750.154
[ Datei : C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
*************************
AdwCleaner[R0].txt - [6211 octets] - [05/04/2014 14:43:44]
AdwCleaner[S0].txt - [5840 octets] - [05/04/2014 14:45:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5900 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Michaela on 05.04.2014 at 15:01:00,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2157045702-3999625576-2718192899-1000\Software\sweetim
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Michaela\AppData\Roaming\mozilla\firefox\profiles\ighg0d3g.default\minidumps [106 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.04.2014 at 15:19:41,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Eine weitere Frage hab ich noch: Die Programme die ich jetzt auf dem Laptop habe (wie Malwarebytes und AdwCleaner) darf/soll ich die drauflassen und ab und an selber prüfen lassen? Falls ich vorgreife: Ich möchte nicht ungeduldig wirken, hat mich nur interessiert. Geändert von miasa (05.04.2014 um 14:39 Uhr) |
|
06.04.2014, 12:17
| #11 |
| /// the machine /// TB-Ausbilder | Wie kann ich Daten sichern da MusikTrojaner vermutet ne die brauche ich nicht, die alten kannste löschen zu den Programmen gibt es nachher noch Lesestoff. MBAM kannste behalten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.04.2014, 13:23
| #12 |
| | Wie kann ich Daten sichern da MusikTrojaner vermutet Alles klar. Hier noch die neue FRST und Addition. FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Michaela (administrator) on MICHAELA-PC on 06-04-2014 14:10:47 Running from C:\Users\Michaela\Desktop Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe () C:\Windows\System32\WLTRYSVC.EXE (Dell Inc.) C:\Windows\System32\bcmwltry.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dell Inc.) C:\Windows\System32\WLTRAY.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe () C:\Users\Michaela\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (Dropbox, Inc.) C:\Users\Michaela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe (Microsoft Corporation) C:\Windows\system32\conime.exe (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [305664 2009-03-31] (Alps Electric Co., Ltd.) HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [4119552 2008-12-21] (Dell Inc.) HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-06-15] (Intel Corporation) HKLM\...\Run: [sroli] - rundll32.exe ",HrEditPhonebookEntry HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [462848 2009-03-31] (IDT, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] () HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation) HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-05] (CyberLink Corp.) HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [405639 2009-01-09] (Creative Technology Ltd) HKLM-x32\...\Run: [DellSupportCenter] - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-19] (RealNetworks, Inc.) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-29] (AVAST Software) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\RunOnce: [DSUpdateLauncher] - "c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [374 2009-03-09] () HKLM-x32\...\RunOnce: [Launcher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [165104 2009-07-16] (Softthinks) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2157045702-3999625576-2718192899-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-2157045702-3999625576-2718192899-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Michaela\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] () Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== ProxyServer: 172.16.10.1:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: ProxTube - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\Michaela\AppData\LocalLow\ProxTube\IE\ProxTube.dll (Malte Goetz) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default FF NewTab: about:blank FF Homepage: about:home FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Michaela\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Michaela\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\Extensions\maltegoetz@proxtube.com [2012-11-08] FF Extension: ProxMate - Proxy on steroids! - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-08-17] FF Extension: Adblock Plus - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-28] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-29] Chrome: ======= CHR HomePage: hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=hp&installDate=02/06/2013 CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Java(TM) Platform SE 6 U13) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File CHR Extension: (Boa Mistura) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\alhbnbjlmhkpfeocomgpfkffnbncjjpn [2013-08-08] CHR Extension: (YouTube) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-10] CHR Extension: (Adblock Plus) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-28] CHR Extension: (Google-Suche) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-10] CHR Extension: (Google+) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2013-08-08] CHR Extension: (XKit) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-01-11] CHR Extension: (avast! Online Security) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-29] CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-08-17] CHR Extension: (Google Keep) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-09-20] CHR Extension: (RealDownloader) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-20] CHR Extension: (Dropbox) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-08-08] CHR Extension: (Google Wallet) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01] CHR Extension: (Youtube Video Downloader) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\obmbipnhbnpicpechoajlkjfdiopnoki [2013-05-19] CHR Extension: (Tumblr Savior) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2014-01-05] CHR Extension: (Google Mail) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-10] CHR HKLM-x32\...\Chrome\Extension: [chakodcglgpacmjpjfaoopegbglbollk] - C:\Users\Michaela\AppData\LocalLow\ProxTube\CHROME\ProxTube.crx [2010-05-25] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-29] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-29] (AVAST Software) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [3051520 2008-12-21] (Dell Inc.) R2 yksvc; RUNDLL32.EXE ykx64coinst,serviceStartProc [X] ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-29] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-03-29] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-29] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-29] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-29] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-03-29] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-29] () R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-08-04] (Broadcom Corporation.) S1 Beep; No ImagePath R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-04] (Broadcom Corporation.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 OA009Ufd; C:\Windows\System32\DRIVERS\OA009Ufd.sys [159840 2009-03-06] (Creative Technology Ltd.) R3 OA009Vid; C:\Windows\System32\DRIVERS\OA009Vid.sys [311296 2009-03-19] (Creative Technology Ltd.) S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-09-04] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-09-04] (LG Electronics Inc.) S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-09-04] (LG Electronics Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-06 14:10 - 2014-04-06 14:11 - 00028176 _____ () C:\Users\Michaela\Desktop\FRST.txt 2014-04-05 15:19 - 2014-04-05 15:19 - 00001119 _____ () C:\Users\Michaela\Desktop\JRT.txt 2014-04-05 15:00 - 2014-04-05 15:00 - 00000000 ____D () C:\Windows\ERUNT 2014-04-05 14:59 - 2014-04-05 14:59 - 01038974 _____ (Thisisu) C:\Users\Michaela\Desktop\JRT.exe 2014-04-05 14:43 - 2014-04-05 14:46 - 00000000 ____D () C:\AdwCleaner 2014-04-05 14:42 - 2014-04-05 14:42 - 01426178 _____ () C:\Users\Michaela\Desktop\adwcleaner.exe 2014-04-05 14:42 - 2014-04-05 14:42 - 00009461 _____ () C:\Users\Michaela\Desktop\mbam.txt 2014-04-05 14:08 - 2014-04-06 13:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-05 13:51 - 2014-04-05 14:11 - 00000943 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-05 13:51 - 2014-04-05 14:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-05 13:51 - 2014-04-05 13:51 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-05 13:51 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-05 13:51 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-05 13:51 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-04 12:03 - 2014-04-04 12:03 - 00030914 _____ () C:\ComboFix.txt 2014-04-04 11:38 - 2014-04-04 12:03 - 00000000 ____D () C:\Qoobox 2014-04-04 11:38 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-04 11:38 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-04 11:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-04 11:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-04 11:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-04 11:38 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-04 11:38 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-04 11:38 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-04 11:37 - 2014-04-04 12:00 - 00000000 ____D () C:\Windows\erdnt 2014-04-04 11:34 - 2014-04-04 11:34 - 05193944 ____R (Swearware) C:\Users\Michaela\Desktop\ComboFix.exe 2014-04-04 00:16 - 2014-04-06 00:25 - 00000000 ___RD () C:\Users\Michaela\Bilder nach Datensicherung vom 03.04.14 2014-04-03 19:39 - 2014-04-03 19:39 - 00000000 ____D () C:\Users\Michaela\Documents\Bluetooth-Exchange-Ordner 2014-04-03 19:38 - 2014-04-03 19:38 - 00000000 ____D () C:\Users\Michaela\Documents\Amazon MP3 2014-04-03 15:32 - 2014-04-03 15:32 - 00000000 ____D () C:\Users\Michaela\Documents\Tumblr 2014-04-01 12:51 - 2014-04-06 14:10 - 00000000 ____D () C:\FRST 2014-04-01 12:33 - 2014-04-01 12:34 - 02157056 _____ (Farbar) C:\Users\Michaela\Desktop\FRST64.exe 2014-03-29 15:21 - 2014-04-04 11:26 - 00000808 _____ () C:\Windows\system32\spsys.log 2014-03-29 15:07 - 2014-03-29 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 15:03 - 2013-12-18 22:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-03-29 15:03 - 2013-12-18 22:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-03-29 15:03 - 2013-12-18 22:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-03-29 15:03 - 2013-12-18 22:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-03-29 15:02 - 2014-03-29 15:03 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-03-29 14:56 - 2014-03-29 14:56 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Opera Software 2014-03-29 14:56 - 2014-03-29 14:56 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Opera Software 2014-03-29 14:44 - 2014-03-29 14:45 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-03-29 14:27 - 2014-03-29 14:27 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\AVAST Software 2014-03-29 14:26 - 2014-04-05 13:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-03-29 14:25 - 2014-03-29 14:25 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-03-29 14:25 - 2014-03-29 14:25 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-29 14:23 - 2014-03-29 14:23 - 00000000 ____D () C:\Program Files\AVAST Software 2014-03-29 14:20 - 2014-03-29 14:20 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-03-19 20:46 - 2014-03-27 22:55 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000 2014-03-19 20:45 - 2014-03-27 22:55 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 2014-03-16 02:49 - 2014-03-16 02:49 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Skype 2014-03-14 03:20 - 2014-04-03 15:30 - 00000000 ____D () C:\Users\Michaela\Documents\HTML Code 2014-03-13 04:01 - 2014-02-23 09:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 04:01 - 2014-02-23 08:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 04:01 - 2014-02-23 08:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 04:01 - 2014-02-23 08:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 04:01 - 2014-02-23 08:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 04:01 - 2014-02-23 08:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 04:01 - 2014-02-23 08:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-03-13 04:01 - 2014-02-23 08:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 04:01 - 2014-02-23 08:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-13 04:01 - 2014-02-23 08:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-13 04:01 - 2014-02-23 08:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 04:01 - 2014-02-23 08:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 04:01 - 2014-02-23 08:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 04:01 - 2014-02-23 08:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 04:01 - 2014-02-23 08:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-03-13 04:01 - 2014-02-23 08:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 04:01 - 2014-02-23 07:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 04:01 - 2014-02-23 07:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 04:01 - 2014-02-23 07:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 04:01 - 2014-02-23 07:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 04:01 - 2014-02-23 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 04:01 - 2014-02-23 07:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 04:01 - 2014-02-23 07:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-03-13 04:01 - 2014-02-23 07:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 04:01 - 2014-02-23 07:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 04:01 - 2014-02-23 07:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 04:01 - 2014-02-23 07:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-03-13 04:01 - 2014-02-23 07:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 04:01 - 2014-02-23 07:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-03-13 04:01 - 2014-02-23 07:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 04:01 - 2014-02-23 07:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-03-13 04:01 - 2014-02-23 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 00:48 - 2014-02-07 14:11 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 00:48 - 2014-02-03 15:20 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 00:48 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 00:48 - 2014-01-30 12:12 - 01111040 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 00:48 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 00:48 - 2013-11-13 03:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-03-13 00:48 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll ==================== One Month Modified Files and Folders ======= 2014-04-06 14:11 - 2014-04-06 14:10 - 00028176 _____ () C:\Users\Michaela\Desktop\FRST.txt 2014-04-06 14:10 - 2014-04-01 12:51 - 00000000 ____D () C:\FRST 2014-04-06 13:58 - 2009-09-24 22:31 - 01385047 _____ () C:\Windows\WindowsUpdate.log 2014-04-06 13:53 - 2013-07-16 23:39 - 00000000 ___RD () C:\Users\Michaela\Dropbox 2014-04-06 13:53 - 2013-07-16 23:35 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Dropbox 2014-04-06 13:50 - 2014-04-05 14:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-06 13:47 - 2012-10-10 20:49 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-06 13:47 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-06 13:47 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-06 13:47 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-06 02:02 - 2013-03-28 23:50 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Skype 2014-04-06 02:02 - 2013-02-12 05:26 - 00003549 _____ () C:\Windows\bthservsdp.dat 2014-04-06 02:02 - 2006-11-02 17:42 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-06 01:46 - 2012-10-10 20:49 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-06 01:34 - 2012-08-15 22:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-06 01:05 - 2013-03-11 14:00 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000UA.job 2014-04-06 00:25 - 2014-04-04 00:16 - 00000000 ___RD () C:\Users\Michaela\Bilder nach Datensicherung vom 03.04.14 2014-04-05 15:19 - 2014-04-05 15:19 - 00001119 _____ () C:\Users\Michaela\Desktop\JRT.txt 2014-04-05 15:00 - 2014-04-05 15:00 - 00000000 ____D () C:\Windows\ERUNT 2014-04-05 14:59 - 2014-04-05 14:59 - 01038974 _____ (Thisisu) C:\Users\Michaela\Desktop\JRT.exe 2014-04-05 14:47 - 2008-01-21 05:26 - 00787152 _____ () C:\Windows\PFRO.log 2014-04-05 14:46 - 2014-04-05 14:43 - 00000000 ____D () C:\AdwCleaner 2014-04-05 14:42 - 2014-04-05 14:42 - 01426178 _____ () C:\Users\Michaela\Desktop\adwcleaner.exe 2014-04-05 14:42 - 2014-04-05 14:42 - 00009461 _____ () C:\Users\Michaela\Desktop\mbam.txt 2014-04-05 14:35 - 2009-10-02 19:11 - 00000000 ____D () C:\Users\Michaela\AppData\Local\SoftThinks 2014-04-05 14:11 - 2014-04-05 13:51 - 00000943 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-05 14:11 - 2014-04-05 13:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-05 13:51 - 2014-04-05 13:51 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-05 13:24 - 2014-03-29 14:26 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-04 13:05 - 2013-03-11 14:00 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000Core.job 2014-04-04 12:03 - 2014-04-04 12:03 - 00030914 _____ () C:\ComboFix.txt 2014-04-04 12:03 - 2014-04-04 11:38 - 00000000 ____D () C:\Qoobox 2014-04-04 12:03 - 2006-11-02 15:33 - 00000000 __RHD () C:\Users\Default 2014-04-04 12:00 - 2014-04-04 11:37 - 00000000 ____D () C:\Windows\erdnt 2014-04-04 11:59 - 2006-11-02 14:34 - 00000215 _____ () C:\Windows\system.ini 2014-04-04 11:34 - 2014-04-04 11:34 - 05193944 ____R (Swearware) C:\Users\Michaela\Desktop\ComboFix.exe 2014-04-04 11:26 - 2014-03-29 15:21 - 00000808 _____ () C:\Windows\system32\spsys.log 2014-04-04 00:17 - 2009-10-02 19:11 - 00000000 ____D () C:\Users\Michaela 2014-04-04 00:03 - 2008-01-21 13:10 - 01566076 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-04 00:03 - 2008-01-21 13:09 - 00673932 _____ () C:\Windows\system32\perfh007.dat 2014-04-04 00:03 - 2008-01-21 13:09 - 00145912 _____ () C:\Windows\system32\perfc007.dat 2014-04-04 00:00 - 2009-09-25 04:11 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-04-03 23:53 - 2013-11-04 21:01 - 00000000 ____D () C:\Users\Michaela\Documents\Nitro+Chiral 2014-04-03 21:50 - 2009-10-22 16:40 - 00119808 _____ () C:\Users\Michaela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-03 19:39 - 2014-04-03 19:39 - 00000000 ____D () C:\Users\Michaela\Documents\Bluetooth-Exchange-Ordner 2014-04-03 19:38 - 2014-04-03 19:38 - 00000000 ____D () C:\Users\Michaela\Documents\Amazon MP3 2014-04-03 15:32 - 2014-04-03 15:32 - 00000000 ____D () C:\Users\Michaela\Documents\Tumblr 2014-04-03 15:32 - 2013-11-04 21:49 - 00000000 ____D () C:\Users\Michaela\Documents\Durarara!! 2014-04-03 15:30 - 2014-03-14 03:20 - 00000000 ____D () C:\Users\Michaela\Documents\HTML Code 2014-04-03 15:30 - 2012-01-22 18:59 - 00000000 ____D () C:\Users\Michaela\Documents\Nintendo 2014-04-03 15:24 - 2009-10-07 15:42 - 00000000 ____D () C:\Users\Michaela\Documents\Dell WebCam Central 2014-04-03 15:21 - 2013-12-21 23:24 - 00000000 ____D () C:\Users\Michaela\Documents\Facebook 2014-04-03 09:51 - 2014-04-05 13:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-05 13:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-05 13:51 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-01 12:40 - 2009-09-25 04:04 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-04-01 12:34 - 2014-04-01 12:33 - 02157056 _____ (Farbar) C:\Users\Michaela\Desktop\FRST64.exe 2014-04-01 12:28 - 2009-10-03 13:07 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Adobe 2014-04-01 12:27 - 2009-09-25 04:05 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-01 12:15 - 2009-10-02 19:12 - 00080160 _____ () C:\Users\Michaela\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-01 12:11 - 2006-11-02 17:21 - 02247192 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-01 12:07 - 2009-09-25 04:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-29 15:21 - 2012-10-11 19:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-29 15:18 - 2013-06-04 18:00 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-03-29 15:08 - 2014-03-29 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 15:03 - 2014-03-29 15:02 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-03-29 15:03 - 2009-09-25 03:57 - 00000000 ____D () C:\Program Files (x86)\Java 2014-03-29 14:59 - 2012-10-22 15:28 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Opera 2014-03-29 14:59 - 2012-10-22 15:28 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-03-29 14:56 - 2014-03-29 14:56 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Opera Software 2014-03-29 14:56 - 2014-03-29 14:56 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Opera Software 2014-03-29 14:45 - 2014-03-29 14:44 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-03-29 14:27 - 2014-03-29 14:27 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\AVAST Software 2014-03-29 14:25 - 2014-03-29 14:25 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-03-29 14:25 - 2014-03-29 14:25 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-29 14:23 - 2014-03-29 14:23 - 00000000 ____D () C:\Program Files\AVAST Software 2014-03-29 14:20 - 2014-03-29 14:20 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-03-29 14:12 - 2014-03-03 19:28 - 00003352 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 2014-03-29 14:12 - 2014-03-03 16:55 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000 2014-03-29 13:27 - 2013-05-02 22:19 - 00138184 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-03-28 23:21 - 2014-03-04 21:52 - 00003714 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{784B2923-D700-4DE6-920C-72A8F8621F24} 2014-03-27 22:55 - 2014-03-19 20:46 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000 2014-03-27 22:55 - 2014-03-19 20:45 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 2014-03-27 15:41 - 2012-10-10 20:49 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-27 15:41 - 2012-10-10 20:49 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-19 12:57 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-19 12:54 - 2006-11-02 14:35 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-16 02:49 - 2014-03-16 02:49 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Skype 2014-03-16 02:49 - 2013-03-28 23:50 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-16 02:49 - 2013-03-28 23:50 - 00000000 ____D () C:\ProgramData\Skype 2014-03-13 11:01 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\rescache 2014-03-12 12:34 - 2012-08-15 22:10 - 00003738 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-12 12:34 - 2012-04-03 21:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 12:34 - 2011-11-06 12:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\Michaela\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-06 13:59 ==================== End Of Log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Michaela at 2014-04-06 14:11:49
Running from C:\Users\Michaela\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Any Video Converter 5.0.5 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.25 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.24 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0029 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.104.115.101 - Alps Electric)
Dell Video Chat (HKLM-x32\...\Dell Video Chat) (Version: 6.1 (6751) - SightSpeed Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.20.10 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Free Audio Converter version 5.0.3.1206 (HKLM-x32\...\Free Audio Converter_is1) (Version: - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Integrated Webcam Driver (1.02.01.0320) (HKLM\...\Creative OA009) (Version: 1.02.01.0320 - Creative Technology Ltd.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Java(TM) 6 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
LG PC Suite II (HKLM-x32\...\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}) (Version: 2.00.0000 - LG PC Suite)
LG PC Suite II (x32 Version: 2.00.0000 - LG PC Suite) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.2 - LG Electronics)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.2303.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (HKLM-x32\...\{095B1DCF-5E8B-47EC-9B18-481918A731DB}) (Version: 2.0.69.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Opera Stable 20.0.1387.82 (HKLM-x32\...\Opera 20.0.1387.82) (Version: 20.0.1387.82 - Opera Software ASA)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - Dell Corp.)
Quickset (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.2.18 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synthesia (HKLM-x32\...\Synthesia) (Version: 8.4 - Synthesia LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
WIDCOMM Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.2000 - WIDCOMM, Inc.)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
==================== Restore Points =========================
30-03-2014 11:30:05 Geplanter Prüfpunkt
31-03-2014 08:45:44 Geplanter Prüfpunkt
01-04-2014 09:20:00 Windows Update
01-04-2014 10:06:47 削除済み 咎狗の血
02-04-2014 16:47:57 Geplanter Prüfpunkt
04-04-2014 10:54:30 Geplanter Prüfpunkt
04-04-2014 14:40:32 Windows Update
05-04-2014 14:32:27 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 14:34 - 2014-04-04 11:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {19BCA020-F0B4-4C5B-A57C-CF09E3EF4781} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {2A429D84-C847-4D6B-9502-3D35AC976676} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000UA => C:\Users\Michaela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-11] (Facebook Inc.)
Task: {2EB14C14-2C5F-4626-BA90-D9196121F7AE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {36A56C1C-9BEA-44D8-94FD-62456F325528} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {388C0D7F-DC58-437E-812B-4BE3674FBB6D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {46CD1E8E-C415-4159-AE4E-F1ED803AFE8A} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-21] (Dell Inc.)
Task: {55C81DE2-89F3-4B72-84BD-1B91CA453711} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5ABD53F8-82CF-4CD6-93BC-810C5612C7A7} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7133A15E-30E1-43F9-8C91-1F2CA85D8470} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {87E7CBB4-22BF-4BC1-BEC9-3CF65F0B7BE3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000Core => C:\Users\Michaela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-11] (Facebook Inc.)
Task: {A5EC54B9-100A-4D35-9901-99A32AF722CF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B2E92356-AF15-46C2-9760-3E810CEBBD3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-10] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EB167214-C513-42A7-9F0B-69BE18A83294} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-29] (AVAST Software)
Task: {F5F46528-E855-4E3F-A3B0-5623AE50F8CB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F6BFCBD6-889A-48E7-9943-27C9D6B5854A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-10] (Google Inc.)
Task: {FC41EBBD-8B04-47C7-B2AD-F6C2BEC1A210} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000Core.job => C:\Users\Michaela\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000UA.job => C:\Users\Michaela\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2009-09-25 03:57 - 2008-12-21 20:35 - 00032768 _____ () C:\Windows\System32\WLTRYSVC.EXE
2009-09-25 03:57 - 2008-12-21 20:35 - 00057856 _____ () C:\Windows\System32\bcmwlrmt.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\Michaela\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2009-07-07 17:23 - 2009-07-07 17:23 - 01779952 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2014-03-04 07:50 - 2014-03-04 07:50 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\264c91e0ec39698f61d36c00a26cc16b\VistaBridgeLibrary.ni.dll
2014-04-06 13:48 - 2014-04-06 13:48 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040600\algo.dll
2009-09-25 04:11 - 2009-07-16 17:58 - 00115952 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2009-09-25 04:11 - 2009-07-16 17:59 - 00128240 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00268528 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-07-07 17:23 - 2009-07-07 17:23 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00046320 _____ () C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00369904 _____ () C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00140528 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-07-07 17:23 - 2009-07-07 17:23 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Michaela\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-29 14:25 - 2014-03-29 14:25 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/06/2014 01:52:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/06/2014 01:49:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (04/06/2014 01:52:15 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
Error: (04/06/2014 01:50:19 PM) (Source: Service Control Manager) (User: )
Description: Beep
Error: (04/06/2014 01:49:44 PM) (Source: Service Control Manager) (User: )
Description: Bluetooth Service
Error: (04/06/2014 01:49:01 PM) (Source: Service Control Manager) (User: )
Description: Intel(R) PRO/1000 NDIS 6 Adapter Driver%%1058
Error: (04/06/2014 01:49:01 PM) (Source: Service Control Manager) (User: )
Description: Intel(R) PRO/1000 PCI Express-Netzwerkverbindungstreiber%%1058
Error: (04/06/2014 01:49:01 PM) (Source: Service Control Manager) (User: )
Description: Bluetooth-Gerät (PAN)%%1058
Microsoft Office Sessions:
=========================
Error: (05/27/2013 11:18:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12395 seconds with 6840 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-04-06 14:11:43.760
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-06 14:11:43.190
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-06 14:11:42.612
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-06 14:11:42.011
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-06 14:11:41.431
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-06 14:11:40.855
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-06 14:11:40.276
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-06 14:11:39.661
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-06 13:50:30.680
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-06 00:46:13.383
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 51%
Total physical RAM: 4055.45 MB
Available physical RAM: 1979.81 MB
Total Pagefile: 8288.18 MB
Available Pagefile: 5807.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:113.76 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 7F8F3E8E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
07.04.2014, 12:32
| #13 |
| /// the machine /// TB-Ausbilder | Wie kann ich Daten sichern da MusikTrojaner vermutetESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.04.2014, 16:41
| #14 |
| | Wie kann ich Daten sichern da MusikTrojaner vermutet Eset Scan: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=682c9efce0b7f340acc9dc693c7668cb
# engine=17781
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-07 03:10:17
# local_time=2014-04-07 05:10:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=774 16777213 71 76 787467 791129 0 0
# compatibility_mode=5892 16776574 100 100 260937 234407323 0 0
# scanned=310281
# found=1
# cleaned=0
# scan_time=7782
sh=B010384F07052D334887AE50A19116A8FACE1BDF ft=0 fh=0000000000000000 vn="Java/Agent.EX trojan" ac=I fn="C:\Users\Michaela\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\350c3de2-7835edc2"
Deinstalliert hab ich das Eset Programm jetzt schon mal trotzdem. Außerdem meldet avast folgendes (auch schon vor dem scan mit eset): Wir haben auf Ihrem PC Anzeichen für Datenmüll gefunden. 13 Bloatware-Programme haben den Start dieses PC verlangsamt. 11 Optimierungen der Systemregistrierung, die die Geschindigkeit Ihres PCs erhöhen können. 1,6 GB Speicherplatz, der wieder frei wird Nebendran ist eine Schaltfläche PC optimieren (hab ich jetzt noch nicht gemacht weil ich dich erst fragen wollte) Außerdem dauert es wirklich lange bis der PC hochfährt. Nach dem Willkommen-Bildchrim von Windows seh ich erst mal mindestens 5 Minuten lang nur meine Maus die ich auch bewegen kann. Dann kommt so ein Fenster (schwarzer Hintergrund und weiße Pixelschrift). Was genau drinsteht weis ich nicht aber ich könnte versuchen das beim nächsten mal mit der Handykamera zu fotografieren. Vielleicht ist das aber auch normal... Die Musik kam bisher nicht mehr aber mein PC sagt mir ständig dass meine Anzeige (die ich aber wirklich schon immer so benutzt hab, glaube das heisst irgendwas mit Aero) den PC überfordert. Das ist neu. Security Check: Code:
ATTFilter Results of screen317's Security Check version 0.99.80 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java(TM) 6 Update 13 Java 7 Update 51 Adobe Flash Player 12.0.0.77 Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox (28.0) Google Chrome 33.0.1750.146 Google Chrome 33.0.1750.154 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Michaela (administrator) on MICHAELA-PC on 07-04-2014 17:37:27 Running from C:\Users\Michaela\Desktop Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (Microsoft Corporation) C:\Windows\system32\SLsvc.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe () C:\Windows\System32\WLTRYSVC.EXE (Dell Inc.) C:\Windows\System32\bcmwltry.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\system32\conime.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dell Inc.) C:\Windows\System32\WLTRAY.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe () C:\Users\Michaela\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Dropbox, Inc.) C:\Users\Michaela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [305664 2009-03-31] (Alps Electric Co., Ltd.) HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [4119552 2008-12-21] (Dell Inc.) HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-06-15] (Intel Corporation) HKLM\...\Run: [sroli] - rundll32.exe ",HrEditPhonebookEntry HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [462848 2009-03-31] (IDT, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] () HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation) HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-05] (CyberLink Corp.) HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [405639 2009-01-09] (Creative Technology Ltd) HKLM-x32\...\Run: [DellSupportCenter] - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-19] (RealNetworks, Inc.) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-03-29] (AVAST Software) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\RunOnce: [DSUpdateLauncher] - "c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [374 2009-03-09] () HKLM-x32\...\RunOnce: [Launcher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [165104 2009-07-16] (Softthinks) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2157045702-3999625576-2718192899-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-2157045702-3999625576-2718192899-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Michaela\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] () Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Michaela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Michaela\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== ProxyServer: 172.16.10.1:8080 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: ProxTube - {0AA2810A-F009-4BD7-A10A-32F140A1B9F3} - C:\Users\Michaela\AppData\LocalLow\ProxTube\IE\ProxTube.dll (Malte Goetz) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default FF NewTab: about:blank FF Homepage: about:home FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*'))%20%7B%20return%20'PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Michaela\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Michaela\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\Extensions\maltegoetz@proxtube.com [2012-11-08] FF Extension: ProxMate - Proxy on steroids! - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-08-17] FF Extension: Adblock Plus - C:\Users\Michaela\AppData\Roaming\Mozilla\Firefox\Profiles\ighg0d3g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-28] FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-29] Chrome: ======= CHR HomePage: hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=97c644c5-ac6a-452e-b40f-ec9598ff936e&searchtype=hp&installDate=02/06/2013 CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Java(TM) Platform SE 6 U13) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll No File CHR Extension: (Boa Mistura) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\alhbnbjlmhkpfeocomgpfkffnbncjjpn [2013-08-08] CHR Extension: (YouTube) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-10] CHR Extension: (Adblock Plus) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-28] CHR Extension: (Google-Suche) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-10] CHR Extension: (Google+) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2013-08-08] CHR Extension: (XKit) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-01-11] CHR Extension: (avast! Online Security) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-29] CHR Extension: (ProxMate - Proxy on steroids!) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm [2013-08-17] CHR Extension: (Google Keep) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-09-20] CHR Extension: (RealDownloader) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-09-20] CHR Extension: (Dropbox) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2013-08-08] CHR Extension: (Google Wallet) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01] CHR Extension: (Youtube Video Downloader) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\obmbipnhbnpicpechoajlkjfdiopnoki [2013-05-19] CHR Extension: (Tumblr Savior) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2014-01-05] CHR Extension: (Google Mail) - C:\Users\Michaela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-10] CHR HKLM-x32\...\Chrome\Extension: [chakodcglgpacmjpjfaoopegbglbollk] - C:\Users\Michaela\AppData\LocalLow\ProxTube\CHROME\ProxTube.crx [2010-05-25] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-29] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-29] (AVAST Software) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [3051520 2008-12-21] (Dell Inc.) R2 yksvc; RUNDLL32.EXE ykx64coinst,serviceStartProc [X] ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-29] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2014-03-29] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-29] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-29] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-29] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2014-03-29] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-29] () R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [133672 2011-08-04] (Broadcom Corporation.) S1 Beep; No ImagePath R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-04] (Broadcom Corporation.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-07] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 OA009Ufd; C:\Windows\System32\DRIVERS\OA009Ufd.sys [159840 2009-03-06] (Creative Technology Ltd.) R3 OA009Vid; C:\Windows\System32\DRIVERS\OA009Vid.sys [311296 2009-03-19] (Creative Technology Ltd.) S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-09-04] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-09-04] (LG Electronics Inc.) S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-09-04] (LG Electronics Inc.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-07 17:37 - 2014-04-07 17:38 - 00028349 _____ () C:\Users\Michaela\Desktop\FRST.txt 2014-04-07 17:29 - 2014-04-07 17:29 - 00987442 _____ () C:\Users\Michaela\Desktop\SecurityCheck.exe 2014-04-05 15:19 - 2014-04-05 15:19 - 00001119 _____ () C:\Users\Michaela\Desktop\JRT.txt 2014-04-05 15:00 - 2014-04-05 15:00 - 00000000 ____D () C:\Windows\ERUNT 2014-04-05 14:59 - 2014-04-05 14:59 - 01038974 _____ (Thisisu) C:\Users\Michaela\Desktop\JRT.exe 2014-04-05 14:43 - 2014-04-05 14:46 - 00000000 ____D () C:\AdwCleaner 2014-04-05 14:42 - 2014-04-05 14:42 - 01426178 _____ () C:\Users\Michaela\Desktop\adwcleaner.exe 2014-04-05 14:42 - 2014-04-05 14:42 - 00009461 _____ () C:\Users\Michaela\Desktop\mbam.txt 2014-04-05 14:08 - 2014-04-07 17:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-05 13:51 - 2014-04-05 14:11 - 00000943 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-05 13:51 - 2014-04-05 14:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-05 13:51 - 2014-04-05 13:51 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-05 13:51 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-05 13:51 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-05 13:51 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-04 12:03 - 2014-04-04 12:03 - 00030914 _____ () C:\ComboFix.txt 2014-04-04 11:38 - 2014-04-04 12:03 - 00000000 ____D () C:\Qoobox 2014-04-04 11:38 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-04 11:38 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-04 11:38 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-04 11:38 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-04 11:38 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-04 11:38 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-04 11:38 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-04 11:38 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-04 11:37 - 2014-04-04 12:00 - 00000000 ____D () C:\Windows\erdnt 2014-04-04 11:34 - 2014-04-04 11:34 - 05193944 ____R (Swearware) C:\Users\Michaela\Desktop\ComboFix.exe 2014-04-04 00:16 - 2014-04-07 03:32 - 00000000 ___RD () C:\Users\Michaela\Bilder nach Datensicherung vom 03.04.14 2014-04-03 19:39 - 2014-04-03 19:39 - 00000000 ____D () C:\Users\Michaela\Documents\Bluetooth-Exchange-Ordner 2014-04-03 19:38 - 2014-04-03 19:38 - 00000000 ____D () C:\Users\Michaela\Documents\Amazon MP3 2014-04-03 15:32 - 2014-04-03 15:32 - 00000000 ____D () C:\Users\Michaela\Documents\Tumblr 2014-04-01 12:51 - 2014-04-07 17:37 - 00000000 ____D () C:\FRST 2014-04-01 12:33 - 2014-04-01 12:34 - 02157056 _____ (Farbar) C:\Users\Michaela\Desktop\FRST64.exe 2014-03-29 15:21 - 2014-04-04 11:26 - 00000808 _____ () C:\Windows\system32\spsys.log 2014-03-29 15:07 - 2014-03-29 15:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 15:03 - 2013-12-18 22:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-03-29 15:03 - 2013-12-18 22:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-03-29 15:03 - 2013-12-18 22:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-03-29 15:03 - 2013-12-18 22:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-03-29 15:02 - 2014-03-29 15:03 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-03-29 14:56 - 2014-03-29 14:56 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Opera Software 2014-03-29 14:56 - 2014-03-29 14:56 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Opera Software 2014-03-29 14:44 - 2014-03-29 14:45 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-03-29 14:27 - 2014-03-29 14:27 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\AVAST Software 2014-03-29 14:26 - 2014-04-05 13:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-03-29 14:25 - 2014-03-29 14:25 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-03-29 14:25 - 2014-03-29 14:25 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-29 14:23 - 2014-03-29 14:23 - 00000000 ____D () C:\Program Files\AVAST Software 2014-03-29 14:20 - 2014-03-29 14:20 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-03-19 20:46 - 2014-03-27 22:55 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000 2014-03-19 20:45 - 2014-03-27 22:55 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 2014-03-16 02:49 - 2014-03-16 02:49 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Skype 2014-03-14 03:20 - 2014-04-03 15:30 - 00000000 ____D () C:\Users\Michaela\Documents\HTML Code 2014-03-13 04:01 - 2014-02-23 09:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 04:01 - 2014-02-23 08:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 04:01 - 2014-02-23 08:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 04:01 - 2014-02-23 08:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 04:01 - 2014-02-23 08:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 04:01 - 2014-02-23 08:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 04:01 - 2014-02-23 08:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-03-13 04:01 - 2014-02-23 08:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 04:01 - 2014-02-23 08:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-03-13 04:01 - 2014-02-23 08:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-03-13 04:01 - 2014-02-23 08:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 04:01 - 2014-02-23 08:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 04:01 - 2014-02-23 08:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 04:01 - 2014-02-23 08:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 04:01 - 2014-02-23 08:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-03-13 04:01 - 2014-02-23 08:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 04:01 - 2014-02-23 07:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 04:01 - 2014-02-23 07:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 04:01 - 2014-02-23 07:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 04:01 - 2014-02-23 07:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 04:01 - 2014-02-23 07:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 04:01 - 2014-02-23 07:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 04:01 - 2014-02-23 07:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-03-13 04:01 - 2014-02-23 07:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 04:01 - 2014-02-23 07:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 04:01 - 2014-02-23 07:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 04:01 - 2014-02-23 07:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-03-13 04:01 - 2014-02-23 07:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 04:01 - 2014-02-23 07:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-03-13 04:01 - 2014-02-23 07:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 04:01 - 2014-02-23 07:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-03-13 04:01 - 2014-02-23 07:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 00:48 - 2014-02-07 14:11 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 00:48 - 2014-02-03 15:20 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 00:48 - 2014-02-03 12:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 00:48 - 2014-01-30 12:12 - 01111040 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 00:48 - 2014-01-30 09:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 00:48 - 2013-11-13 03:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-03-13 00:48 - 2013-11-13 02:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll ==================== One Month Modified Files and Folders ======= 2014-04-07 17:38 - 2014-04-07 17:37 - 00028349 _____ () C:\Users\Michaela\Desktop\FRST.txt 2014-04-07 17:37 - 2014-04-01 12:51 - 00000000 ____D () C:\FRST 2014-04-07 17:34 - 2012-08-15 22:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-07 17:33 - 2014-04-05 14:08 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-07 17:29 - 2014-04-07 17:29 - 00987442 _____ () C:\Users\Michaela\Desktop\SecurityCheck.exe 2014-04-07 16:46 - 2012-10-10 20:49 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-07 16:05 - 2013-03-11 14:00 - 00000940 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000UA.job 2014-04-07 15:55 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-07 15:55 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-07 14:56 - 2008-01-21 13:10 - 01566076 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-07 14:56 - 2008-01-21 13:09 - 00673932 _____ () C:\Windows\system32\perfh007.dat 2014-04-07 14:56 - 2008-01-21 13:09 - 00145912 _____ () C:\Windows\system32\perfc007.dat 2014-04-07 14:54 - 2009-09-25 04:11 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-04-07 14:53 - 2006-11-02 17:27 - 00288807 _____ () C:\Windows\setupact.log 2014-04-07 14:46 - 2012-10-10 20:49 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-07 14:42 - 2009-09-24 22:31 - 01403690 _____ () C:\Windows\WindowsUpdate.log 2014-04-07 14:01 - 2013-07-16 23:39 - 00000000 ___RD () C:\Users\Michaela\Dropbox 2014-04-07 14:01 - 2013-07-16 23:35 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Dropbox 2014-04-07 13:59 - 2009-10-02 19:11 - 00000000 ____D () C:\Users\Michaela\AppData\Local\SoftThinks 2014-04-07 13:55 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-07 03:58 - 2013-02-12 05:26 - 00003549 _____ () C:\Windows\bthservsdp.dat 2014-04-07 03:58 - 2006-11-02 17:42 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-04-07 03:53 - 2013-03-28 23:50 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Skype 2014-04-07 03:32 - 2014-04-04 00:16 - 00000000 ___RD () C:\Users\Michaela\Bilder nach Datensicherung vom 03.04.14 2014-04-05 15:19 - 2014-04-05 15:19 - 00001119 _____ () C:\Users\Michaela\Desktop\JRT.txt 2014-04-05 15:00 - 2014-04-05 15:00 - 00000000 ____D () C:\Windows\ERUNT 2014-04-05 14:59 - 2014-04-05 14:59 - 01038974 _____ (Thisisu) C:\Users\Michaela\Desktop\JRT.exe 2014-04-05 14:47 - 2008-01-21 05:26 - 00787152 _____ () C:\Windows\PFRO.log 2014-04-05 14:46 - 2014-04-05 14:43 - 00000000 ____D () C:\AdwCleaner 2014-04-05 14:42 - 2014-04-05 14:42 - 01426178 _____ () C:\Users\Michaela\Desktop\adwcleaner.exe 2014-04-05 14:42 - 2014-04-05 14:42 - 00009461 _____ () C:\Users\Michaela\Desktop\mbam.txt 2014-04-05 14:11 - 2014-04-05 13:51 - 00000943 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-05 14:11 - 2014-04-05 13:51 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-05 13:51 - 2014-04-05 13:51 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-05 13:24 - 2014-03-29 14:26 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-04 13:05 - 2013-03-11 14:00 - 00000918 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000Core.job 2014-04-04 12:03 - 2014-04-04 12:03 - 00030914 _____ () C:\ComboFix.txt 2014-04-04 12:03 - 2014-04-04 11:38 - 00000000 ____D () C:\Qoobox 2014-04-04 12:03 - 2006-11-02 15:33 - 00000000 __RHD () C:\Users\Default 2014-04-04 12:00 - 2014-04-04 11:37 - 00000000 ____D () C:\Windows\erdnt 2014-04-04 11:59 - 2006-11-02 14:34 - 00000215 _____ () C:\Windows\system.ini 2014-04-04 11:34 - 2014-04-04 11:34 - 05193944 ____R (Swearware) C:\Users\Michaela\Desktop\ComboFix.exe 2014-04-04 11:26 - 2014-03-29 15:21 - 00000808 _____ () C:\Windows\system32\spsys.log 2014-04-04 00:17 - 2009-10-02 19:11 - 00000000 ____D () C:\Users\Michaela 2014-04-03 23:53 - 2013-11-04 21:01 - 00000000 ____D () C:\Users\Michaela\Documents\Nitro+Chiral 2014-04-03 21:50 - 2009-10-22 16:40 - 00119808 _____ () C:\Users\Michaela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-03 19:39 - 2014-04-03 19:39 - 00000000 ____D () C:\Users\Michaela\Documents\Bluetooth-Exchange-Ordner 2014-04-03 19:38 - 2014-04-03 19:38 - 00000000 ____D () C:\Users\Michaela\Documents\Amazon MP3 2014-04-03 15:32 - 2014-04-03 15:32 - 00000000 ____D () C:\Users\Michaela\Documents\Tumblr 2014-04-03 15:32 - 2013-11-04 21:49 - 00000000 ____D () C:\Users\Michaela\Documents\Durarara!! 2014-04-03 15:30 - 2014-03-14 03:20 - 00000000 ____D () C:\Users\Michaela\Documents\HTML Code 2014-04-03 15:30 - 2012-01-22 18:59 - 00000000 ____D () C:\Users\Michaela\Documents\Nintendo 2014-04-03 15:24 - 2009-10-07 15:42 - 00000000 ____D () C:\Users\Michaela\Documents\Dell WebCam Central 2014-04-03 15:21 - 2013-12-21 23:24 - 00000000 ____D () C:\Users\Michaela\Documents\Facebook 2014-04-03 09:51 - 2014-04-05 13:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-05 13:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-05 13:51 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-01 12:40 - 2009-09-25 04:04 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-04-01 12:34 - 2014-04-01 12:33 - 02157056 _____ (Farbar) C:\Users\Michaela\Desktop\FRST64.exe 2014-04-01 12:28 - 2009-10-03 13:07 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Adobe 2014-04-01 12:27 - 2009-09-25 04:05 - 00000000 ____D () C:\ProgramData\Adobe 2014-04-01 12:15 - 2009-10-02 19:12 - 00080160 _____ () C:\Users\Michaela\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-01 12:11 - 2006-11-02 17:21 - 02247192 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-01 12:07 - 2009-09-25 04:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-29 15:21 - 2012-10-11 19:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-29 15:18 - 2013-06-04 18:00 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-03-29 15:08 - 2014-03-29 15:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-03-29 15:03 - 2014-03-29 15:02 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log 2014-03-29 15:03 - 2009-09-25 03:57 - 00000000 ____D () C:\Program Files (x86)\Java 2014-03-29 14:59 - 2012-10-22 15:28 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Opera 2014-03-29 14:59 - 2012-10-22 15:28 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-03-29 14:56 - 2014-03-29 14:56 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\Opera Software 2014-03-29 14:56 - 2014-03-29 14:56 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Opera Software 2014-03-29 14:45 - 2014-03-29 14:44 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-03-29 14:27 - 2014-03-29 14:27 - 00000000 ____D () C:\Users\Michaela\AppData\Roaming\AVAST Software 2014-03-29 14:25 - 2014-03-29 14:25 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-03-29 14:25 - 2014-03-29 14:25 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2014-03-29 14:25 - 2014-03-29 14:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-03-29 14:23 - 2014-03-29 14:23 - 00000000 ____D () C:\Program Files\AVAST Software 2014-03-29 14:20 - 2014-03-29 14:20 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-03-29 14:12 - 2014-03-03 19:28 - 00003352 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 2014-03-29 14:12 - 2014-03-03 16:55 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000 2014-03-29 13:27 - 2013-05-02 22:19 - 00138184 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-03-28 23:21 - 2014-03-04 21:52 - 00003714 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{784B2923-D700-4DE6-920C-72A8F8621F24} 2014-03-27 22:55 - 2014-03-19 20:46 - 00003246 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000 2014-03-27 22:55 - 2014-03-19 20:45 - 00003374 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 2014-03-27 15:41 - 2012-10-10 20:49 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-27 15:41 - 2012-10-10 20:49 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-19 12:57 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-19 12:54 - 2006-11-02 14:35 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-03-16 02:49 - 2014-03-16 02:49 - 00000000 ____D () C:\Users\Michaela\AppData\Local\Skype 2014-03-16 02:49 - 2013-03-28 23:50 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-16 02:49 - 2013-03-28 23:50 - 00000000 ____D () C:\ProgramData\Skype 2014-03-13 11:01 - 2006-11-02 15:33 - 00000000 ____D () C:\Windows\rescache 2014-03-12 12:34 - 2012-08-15 22:10 - 00003738 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-12 12:34 - 2012-04-03 21:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 12:34 - 2011-11-06 12:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\Michaela\AppData\Local\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-07 14:15 ==================== End Of Log ============================ --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Michaela at 2014-04-07 17:38:32
Running from C:\Users\Michaela\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Any Video Converter 5.0.5 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.25 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.24 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0029 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.104.115.101 - Alps Electric)
Dell Video Chat (HKLM-x32\...\Dell Video Chat) (Version: 6.1 (6751) - SightSpeed Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.20.10 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Free Audio Converter version 5.0.3.1206 (HKLM-x32\...\Free Audio Converter_is1) (Version: - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Integrated Webcam Driver (1.02.01.0320) (HKLM\...\Creative OA009) (Version: 1.02.01.0320 - Creative Technology Ltd.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Java(TM) 6 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
LG PC Suite II (HKLM-x32\...\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}) (Version: 2.00.0000 - LG PC Suite)
LG PC Suite II (x32 Version: 2.00.0000 - LG PC Suite) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: 4.9.2 - LG Electronics)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.2303.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (HKLM-x32\...\{095B1DCF-5E8B-47EC-9B18-481918A731DB}) (Version: 2.0.69.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Opera Stable 20.0.1387.82 (HKLM-x32\...\Opera 20.0.1387.82) (Version: 20.0.1387.82 - Opera Software ASA)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - Dell Corp.)
Quickset (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.2.18 - Dell Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Synthesia (HKLM-x32\...\Synthesia) (Version: 8.4 - Synthesia LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
WIDCOMM Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.2000 - WIDCOMM, Inc.)
Windows Live Anmelde-Assistent (HKLM-x32\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8051.1204 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{8C1E2925-14F8-45AA-B999-1E2A74BF5607}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
==================== Restore Points =========================
31-03-2014 08:45:44 Geplanter Prüfpunkt
01-04-2014 09:20:00 Windows Update
01-04-2014 10:06:47 削除済み 咎狗の血
02-04-2014 16:47:57 Geplanter Prüfpunkt
04-04-2014 10:54:30 Geplanter Prüfpunkt
04-04-2014 14:40:32 Windows Update
05-04-2014 14:32:27 Geplanter Prüfpunkt
06-04-2014 13:04:06 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 14:34 - 2014-04-04 11:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {19BCA020-F0B4-4C5B-A57C-CF09E3EF4781} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {2A429D84-C847-4D6B-9502-3D35AC976676} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000UA => C:\Users\Michaela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-11] (Facebook Inc.)
Task: {2EB14C14-2C5F-4626-BA90-D9196121F7AE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {36A56C1C-9BEA-44D8-94FD-62456F325528} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {388C0D7F-DC58-437E-812B-4BE3674FBB6D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {46CD1E8E-C415-4159-AE4E-F1ED803AFE8A} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-21] (Dell Inc.)
Task: {55C81DE2-89F3-4B72-84BD-1B91CA453711} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5ABD53F8-82CF-4CD6-93BC-810C5612C7A7} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7133A15E-30E1-43F9-8C91-1F2CA85D8470} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {87E7CBB4-22BF-4BC1-BEC9-3CF65F0B7BE3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000Core => C:\Users\Michaela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-11] (Facebook Inc.)
Task: {A5EC54B9-100A-4D35-9901-99A32AF722CF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B2E92356-AF15-46C2-9760-3E810CEBBD3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-10] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EB167214-C513-42A7-9F0B-69BE18A83294} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-29] (AVAST Software)
Task: {F5F46528-E855-4E3F-A3B0-5623AE50F8CB} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F6BFCBD6-889A-48E7-9943-27C9D6B5854A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-10] (Google Inc.)
Task: {FC41EBBD-8B04-47C7-B2AD-F6C2BEC1A210} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2157045702-3999625576-2718192899-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000Core.job => C:\Users\Michaela\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2157045702-3999625576-2718192899-1000UA.job => C:\Users\Michaela\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2009-09-25 03:57 - 2008-12-21 20:35 - 00032768 _____ () C:\Windows\System32\WLTRYSVC.EXE
2009-09-25 03:57 - 2008-12-21 20:35 - 00057856 _____ () C:\Windows\System32\bcmwlrmt.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2009-09-25 04:12 - 2009-04-24 21:52 - 00156912 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
2009-09-25 04:11 - 2009-07-16 18:00 - 00410864 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\Michaela\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2014-03-04 07:50 - 2014-03-04 07:50 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\264c91e0ec39698f61d36c00a26cc16b\VistaBridgeLibrary.ni.dll
2009-07-07 17:23 - 2009-07-07 17:23 - 01779952 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2014-04-07 13:56 - 2014-04-07 13:56 - 02189824 _____ () C:\Program Files\AVAST Software\Avast\defs\14040700\algo.dll
2009-09-25 04:11 - 2009-07-16 17:58 - 00115952 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2009-09-25 04:11 - 2009-07-16 17:59 - 00128240 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2009-09-25 04:11 - 2009-07-16 17:58 - 01123568 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2009-09-25 04:11 - 2009-07-16 17:59 - 00079088 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2009-09-25 04:11 - 2009-07-16 17:59 - 00234736 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2009-09-25 04:11 - 2009-07-16 17:59 - 00074992 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2009-09-25 04:11 - 2009-07-16 17:59 - 00111856 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2009-09-25 04:11 - 2009-07-16 17:59 - 00121072 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00268528 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-07-07 17:23 - 2009-07-07 17:23 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00046320 _____ () C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00369904 _____ () C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll
2009-07-07 17:24 - 2009-07-07 17:24 - 00140528 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-07-07 17:23 - 2009-07-07 17:23 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2014-03-29 14:25 - 2014-03-29 14:25 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Michaela\AppData\Roaming\Dropbox\bin\libcef.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 21:47 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/07/2014 05:27:26 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (04/07/2014 05:11:48 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (04/07/2014 02:56:49 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (04/07/2014 02:56:32 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (04/07/2014 02:56:31 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (04/07/2014 02:50:59 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion.
Die widersprüchlichen Komponenten sind:
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Error: (04/07/2014 01:56:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/06/2014 01:52:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (04/06/2014 01:49:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (04/07/2014 01:59:58 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
Error: (04/07/2014 01:58:12 PM) (Source: Service Control Manager) (User: )
Description: Beep
Error: (04/07/2014 01:57:27 PM) (Source: Service Control Manager) (User: )
Description: Bluetooth Service
Error: (04/07/2014 01:57:00 PM) (Source: Service Control Manager) (User: )
Description: Intel(R) PRO/1000 NDIS 6 Adapter Driver%%1058
Error: (04/07/2014 01:57:00 PM) (Source: Service Control Manager) (User: )
Description: Intel(R) PRO/1000 PCI Express-Netzwerkverbindungstreiber%%1058
Error: (04/07/2014 01:57:00 PM) (Source: Service Control Manager) (User: )
Description: Bluetooth-Gerät (PAN)%%1058
Error: (04/06/2014 01:52:15 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
Error: (04/06/2014 01:50:19 PM) (Source: Service Control Manager) (User: )
Description: Beep
Error: (04/06/2014 01:49:44 PM) (Source: Service Control Manager) (User: )
Description: Bluetooth Service
Error: (04/06/2014 01:49:01 PM) (Source: Service Control Manager) (User: )
Description: Intel(R) PRO/1000 NDIS 6 Adapter Driver%%1058
Microsoft Office Sessions:
=========================
Error: (05/27/2013 11:18:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12395 seconds with 6840 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-04-07 17:38:27.217
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 17:38:26.609
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 17:38:26.000
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 17:38:25.361
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 17:38:24.737
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 17:38:24.128
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 17:38:23.520
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 17:38:22.880
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 17:33:17.217
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-07 17:33:16.469
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 65%
Total physical RAM: 4055.45 MB
Available physical RAM: 1388.38 MB
Total Pagefile: 8286.18 MB
Available Pagefile: 5463.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:118.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.38 GB) NTFS
Drive g: (MyDrive) (Fixed) (Total:931.51 GB) (Free:855.13 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 7F8F3E8E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 1B2BCA31)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
08.04.2014, 11:22
| #15 |
| /// the machine /// TB-Ausbilder | Wie kann ich Daten sichern da MusikTrojaner vermutet Kannst ja die Optimierung mal machen, auch wenn ich persönlich nix davon halte. Adobe updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\...\Run: [sroli] - rundll32.exe ",HrEditPhonebookEntry
ProxyServer: 172.16.10.1:8080
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Wie kann ich Daten sichern da MusikTrojaner vermutet |
| avast, bilder, dateien, daten, datensicherung, einfach, erstellt, externe festplatte, festplatte, folge, folgendes, musik, musik im hintergrund, nichts, problem, pup.optional.babylon.a, pup.optional.datamngr.a, pup.optional.opencandy, pup.optional.snapdo, pup.optional.snapdo.a, pup.optional.websearch.a, trojaner verdacht, virenscan |
WARNUNG an die MITLESER: 
Linear-Darstellung
