|
Plagegeister aller Art und deren Bekämpfung: Link zur eigenen Webseite spinntWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.05.2014, 07:39 | #1 |
| Link zur eigenen Webseite spinnt Hallo Ich habe folgendes Problem. Wenn ich bei Google ein Stichwort eingebe, um meine eigene Webseite zu finden, z. B. lernprogramme, und dann auf den Link zu meiner Webseite klicke, passiert es manchmal, dass sich eine andere Seite öffnet. Dies auch manchmal bei andern PCs. Es öffnet sich machmal dann eine leere Google-Seite, oder eine ganz unbekannte Seite, wo auch schon WinPatrol aufgejault hat. Das ist jedoch erst 1 Mal passiert. Und wenn ich auf den zurück-Pfeil klicke, komme ich nicht mehr auf die Seite davor mit den Links, sondern auf eine leere Google Suchseite. Dies passiert jedoch nur mit meiner Webseite und meinem PC, mit allen anderen Links funktioniert es einwandfrei. Innerhalb meiner Webseite funktioniert auch der zurück-Button, nur wenn ich zurück zu google-seite gehe, kommt die leere Google-Seite. Ich google mit Firefox, benutze Windows7. Vielen Dank für eure Hilfe. Jola |
01.05.2014, 15:29 | #2 |
/// the machine /// TB-Ausbilder | Link zur eigenen Webseite spinnt hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
01.05.2014, 15:50 | #3 |
| Link zur eigenen Webseite spinnt Hi
__________________Vielen Dank, dass du Zeit für mich nimmst. Hier die geforderten Daten: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-05-2014 Ran by Savitri (administrator) on SAVITRI on 01-05-2014 16:44:43 Running from C:\Users\Savitri\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe (hMailServer) C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (AMD) C:\Windows\System32\atieclxx.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (brother) C:\Program Files (x86)\Brownie\BrStsW64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] () HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC7311\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation) HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-05-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-06-22] (EasyBits Software AS) HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [963072 2008-01-08] (brother) HKLM-x32\...\Run: [UpdatePDRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [D-Link D-Link DWA-140] => C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe [1074496 2011-06-29] (D-Link Corp.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-09] (AVAST Software) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-11] (Easybits) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-04-04] (RealNetworks, Inc.) HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard) HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\b5c27391-06b5-4d2b-9bdd-367dc756b430.exe /check [181136 2014-04-29] (AVAST Software) HKU\S-1-5-21-842135949-2711248906-428214252-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-842135949-2711248906-428214252-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-842135949-2711248906-428214252-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-842135949-2711248906-428214252-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.) Startup: C:\Users\Savitri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {71398C2C-687B-4CD9-8A25-501D138F73E6} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcndtie7-de-ch SearchScopes: HKLM - {71398C2C-687B-4CD9-8A25-501D138F73E6} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcndtie7-de-ch SearchScopes: HKCU - DefaultScope {71398C2C-687B-4CD9-8A25-501D138F73E6} URL = BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} DPF: HKLM-x32 {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-09-11] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri FF Homepage: https://www.google.ch/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.6.13 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.6.13 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Savitri\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, hxxp://www.openssl.org/) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, hxxp://www.openssl.org/) FF SearchPlugin: C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri\searchplugins\safeguard-secure-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WOT - C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27] FF Extension: NoScript - C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-01] FF Extension: Web Developer - C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-21] FF Extension: Adblock Plus - C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-01] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-27] FF HKLM-x32\...\Firefox\Extensions: [{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] ==================== Services (Whitelisted) ================= S4 Apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2012-08-18] (Apache Software Foundation) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-09] (AVAST Software) R2 D_Link_DWA-140_WPS; C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-07-12] () R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [167936 2010-04-06] (Brio) R2 hMailServer; C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe [5395968 2010-06-07] (hMailServer) S2 MAGIX StartUp Analyze Service; C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MXSAS.exe [186368 2010-11-04] (MAGIX AG) S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S4 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-02-12] () R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141336 2014-04-04] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-02-14] () R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [247152 2009-04-17] () R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X] ==================== Drivers (Whitelisted) ==================== R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2011-02-21] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-09] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-09] () R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.) S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [602112 2006-11-08] (PixArt Imaging Inc.) S4 ATIXPGAA; \??\C:\Program Files\PC-Doctor for Windows\ATIXPGAA.SYS [X] S4 catchme; \??\C:\ComboFix\catchme.sys [X] U3 DfSdkS; U4 esgiguard; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-01 16:44 - 2014-05-01 16:44 - 00021110 _____ () C:\Users\Savitri\Downloads\FRST.txt 2014-05-01 16:44 - 2014-05-01 16:44 - 00000000 ____D () C:\FRST 2014-05-01 16:43 - 2014-05-01 16:44 - 02061824 _____ (Farbar) C:\Users\Savitri\Downloads\FRST64.exe 2014-04-30 17:37 - 2014-04-06 08:36 - 01016261 _____ (Thisisu) C:\Users\Savitri\Desktop\JRT_NEW.exe 2014-04-27 08:19 - 2014-04-27 08:19 - 00002672 _____ () C:\Windows\System32\Tasks\ReclaimerResumeInstallLogin_Savitri 2014-04-27 08:19 - 2014-04-27 08:19 - 00000382 _____ () C:\Windows\Tasks\ReclaimerResumeInstallLogin_Savitri.job 2014-04-25 16:33 - 2014-04-25 16:33 - 01130024 _____ (BillP Studios) C:\Users\Savitri\Downloads\wpsetup.exe 2014-04-24 10:18 - 2014-04-24 10:18 - 06358130 _____ () C:\Users\Savitri\Documents\Produce.wmv 2014-04-20 07:36 - 2014-04-20 07:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-20 07:36 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-20 07:36 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-20 07:36 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-20 07:36 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-20 07:35 - 2014-04-20 07:36 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-19 16:41 - 2014-04-19 16:41 - 00010123 _____ () C:\Users\Savitri\Desktop\Arbeitsmappe1.xlsx 2014-04-10 20:27 - 2014-04-28 17:11 - 00003342 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-842135949-2711248906-428214252-1000 2014-04-10 20:02 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-10 20:02 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-10 20:02 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-10 20:02 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-10 20:02 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-10 20:02 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-10 20:02 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-10 20:02 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-10 20:02 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-10 20:02 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-10 20:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-10 20:02 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-10 20:02 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-10 20:02 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-10 20:02 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-10 20:02 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-10 20:02 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-10 20:02 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-10 20:02 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-10 20:02 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-10 20:02 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-10 20:02 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-10 20:02 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-10 20:02 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-10 20:02 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-10 20:02 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-10 20:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-10 20:02 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-10 20:02 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-10 20:02 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-10 20:02 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-10 20:02 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-10 20:02 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-10 20:02 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-10 20:02 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-10 20:02 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-10 20:02 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-10 20:02 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-10 20:01 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-10 20:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-10 20:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-10 20:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-10 20:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-10 20:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-10 20:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-10 20:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-10 20:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-10 20:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-09 16:32 - 2014-04-09 16:32 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-09 16:31 - 2014-04-09 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-09 13:56 - 2014-04-26 13:44 - 00000000 ____D () C:\Users\Savitri\Documents\My Podcasts 2014-04-09 08:45 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 08:45 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 08:45 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 08:45 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 08:45 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 08:45 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 08:45 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 08:45 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 08:45 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 08:45 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 08:45 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 08:45 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 08:45 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 08:45 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 08:45 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 08:45 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 08:45 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-08 08:23 - 2014-04-08 08:33 - 00000000 ____D () C:\Users\Savitri\Desktop\CD_OG 2014-04-08 08:11 - 2014-04-14 08:08 - 00000000 ____D () C:\Program Files (x86)\Wahrnehmung Optisches Gedächtnis 2014-04-07 07:51 - 2014-04-07 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KompoZer 2014-04-07 07:51 - 2014-04-07 07:51 - 00000000 ____D () C:\Program Files (x86)\KompoZer 2014-04-07 07:42 - 2014-04-07 07:42 - 00001226 _____ () C:\Users\Savitri\Desktop\Revo Uninstaller.lnk 2014-04-07 07:42 - 2014-04-07 07:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\RealNetworks 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\Program Files (x86)\RealNetworks 2014-04-04 08:12 - 2014-04-04 08:12 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2014-04-04 08:11 - 2014-04-04 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2014-04-04 08:11 - 2014-04-04 08:11 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2014-04-04 08:07 - 2014-04-20 07:37 - 00000000 ____D () C:\ProgramData\Oracle ==================== One Month Modified Files and Folders ======= 2014-05-01 16:44 - 2014-05-01 16:44 - 00021110 _____ () C:\Users\Savitri\Downloads\FRST.txt 2014-05-01 16:44 - 2014-05-01 16:44 - 00000000 ____D () C:\FRST 2014-05-01 16:44 - 2014-05-01 16:43 - 02061824 _____ (Farbar) C:\Users\Savitri\Downloads\FRST64.exe 2014-05-01 16:41 - 2012-12-23 15:12 - 00000000 ____D () C:\mp-os 2014-05-01 16:01 - 2013-03-25 23:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-01 15:48 - 2009-12-13 16:50 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-01 15:44 - 2009-10-07 20:23 - 01412649 _____ () C:\Windows\WindowsUpdate.log 2014-05-01 11:02 - 2012-04-06 14:10 - 00000000 ____D () C:\mp-mathe2 2014-05-01 07:48 - 2009-12-13 16:50 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-01 07:43 - 2013-11-27 17:45 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-05-01 07:43 - 2010-07-03 10:14 - 00184079 _____ () C:\Windows\setupact.log 2014-04-30 17:35 - 2014-02-05 17:04 - 00000000 ____D () C:\Users\Savitri\Desktop\Reinigung 2014-04-30 17:31 - 2013-01-01 15:48 - 00000000 ____D () C:\CD_OS 2014-04-30 17:22 - 2013-04-25 15:35 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\Skype 2014-04-30 15:13 - 2012-08-16 14:06 - 00000000 ____D () C:\mp-rechtschreibung2 2014-04-30 14:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-30 14:11 - 2013-05-29 16:44 - 00000000 ____D () C:\mp-OG 2014-04-30 14:11 - 2009-09-12 05:13 - 00718394 _____ () C:\Windows\system32\perfh007.dat 2014-04-30 14:11 - 2009-09-12 05:13 - 00158028 _____ () C:\Windows\system32\perfc007.dat 2014-04-30 14:11 - 2009-07-14 07:13 - 01672424 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-30 10:41 - 2009-10-31 15:14 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job 2014-04-29 16:01 - 2013-03-25 23:05 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-29 16:01 - 2013-03-25 23:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-29 16:01 - 2013-01-31 20:32 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-29 15:59 - 2013-06-04 07:15 - 00000000 ____D () C:\mp-lega 2014-04-28 17:11 - 2014-04-10 20:27 - 00003342 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-842135949-2711248906-428214252-1000 2014-04-28 14:55 - 2013-05-29 16:44 - 00000000 ____D () C:\CD_OG 2014-04-28 14:50 - 2012-10-08 16:35 - 00000000 ____D () C:\mp-lesen7 2014-04-27 08:19 - 2014-04-27 08:19 - 00002672 _____ () C:\Windows\System32\Tasks\ReclaimerResumeInstallLogin_Savitri 2014-04-27 08:19 - 2014-04-27 08:19 - 00000382 _____ () C:\Windows\Tasks\ReclaimerResumeInstallLogin_Savitri.job 2014-04-26 13:44 - 2014-04-09 13:56 - 00000000 ____D () C:\Users\Savitri\Documents\My Podcasts 2014-04-26 09:43 - 2010-11-27 16:46 - 00013030 _____ () C:\PDOXUSRS.NET 2014-04-26 09:43 - 2009-07-14 04:34 - 00001460 _____ () C:\Windows\win.ini 2014-04-25 18:51 - 2009-10-31 23:28 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\FileZilla 2014-04-25 17:29 - 2013-06-04 07:15 - 00000000 ____D () C:\CD_Lega 2014-04-25 16:34 - 2014-01-29 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol 2014-04-25 16:34 - 2014-01-29 15:15 - 00000000 ____D () C:\ProgramData\InstallMate 2014-04-25 16:33 - 2014-04-25 16:33 - 01130024 _____ (BillP Studios) C:\Users\Savitri\Downloads\wpsetup.exe 2014-04-25 07:56 - 2009-11-01 21:27 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-04-25 07:55 - 2011-11-10 18:10 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-04-24 16:52 - 2013-03-15 17:16 - 00000000 ____D () C:\Users\Savitri\Desktop\Lernprogramme 2014-04-24 16:51 - 2013-04-16 15:50 - 00000000 ____D () C:\Users\Savitri\Desktop\videos für youtube 2014-04-24 16:33 - 2013-10-07 16:36 - 00000000 ____D () C:\Users\Savitri\AppData\Local\Paint.NET 2014-04-24 10:18 - 2014-04-24 10:18 - 06358130 _____ () C:\Users\Savitri\Documents\Produce.wmv 2014-04-24 09:37 - 2012-08-13 15:50 - 00000000 ____D () C:\Users\Savitri\Desktop\video 2014-04-20 07:37 - 2014-04-04 08:07 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-20 07:36 - 2014-04-20 07:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-20 07:36 - 2014-04-20 07:35 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-20 07:36 - 2009-11-05 19:50 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-19 16:41 - 2014-04-19 16:41 - 00010123 _____ () C:\Users\Savitri\Desktop\Arbeitsmappe1.xlsx 2014-04-19 07:40 - 2009-10-31 17:29 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-18 14:50 - 2014-02-18 18:51 - 00000000 ____D () C:\vorlagen februar 2014 2014-04-16 14:15 - 2012-11-10 16:52 - 00000000 ____D () C:\Datenbanken 2014-04-16 08:42 - 2009-07-14 06:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-16 08:42 - 2009-07-14 06:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-16 08:31 - 2012-06-23 07:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-04-14 20:13 - 2014-04-20 07:36 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-14 20:05 - 2014-04-20 07:36 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-14 20:05 - 2014-04-20 07:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-14 20:04 - 2014-04-20 07:36 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-14 08:27 - 2014-01-25 09:59 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\CreateInstall Light 2014-04-14 08:23 - 2014-01-01 16:08 - 00000000 ____D () C:\Program Files (x86)\Aufmerksamkeit 2014-04-14 08:22 - 2013-06-01 14:08 - 00000000 ____D () C:\mp-AS 2014-04-14 08:18 - 2012-10-12 13:31 - 00000000 ____D () C:\mp-mathe5 2014-04-14 08:08 - 2014-04-08 08:11 - 00000000 ____D () C:\Program Files (x86)\Wahrnehmung Optisches Gedächtnis 2014-04-13 20:24 - 2013-05-03 14:49 - 00000440 _____ () C:\Windows\Tasks\PCCT - MAGIX AG.job 2014-04-13 17:29 - 2009-11-09 11:41 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\Audacity 2014-04-10 20:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-10 20:26 - 2009-12-18 15:19 - 00000324 _____ () C:\Windows\Brownie.ini 2014-04-10 20:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-10 20:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-10 11:09 - 2012-10-11 16:27 - 00000000 ____D () C:\mp-lesen9 2014-04-10 09:41 - 2012-08-05 19:32 - 00000000 ____D () C:\Users\Savitri\Desktop\Maerchen 2014-04-09 20:28 - 2010-07-04 08:26 - 00776978 _____ () C:\Windows\PFRO.log 2014-04-09 20:17 - 2012-09-09 19:56 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{10F27B3E-2E9E-47DB-ADB4-4D06C7998B75} 2014-04-09 20:08 - 2013-08-10 19:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 20:04 - 2009-11-01 09:44 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-09 16:32 - 2014-04-09 16:32 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-09 16:32 - 2014-01-04 09:28 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-04-09 16:32 - 2013-11-27 17:45 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-09 16:32 - 2013-11-27 17:45 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-09 16:32 - 2013-11-27 17:45 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-09 16:32 - 2013-11-27 17:45 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-09 16:32 - 2013-11-27 17:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-09 16:32 - 2011-06-09 09:28 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-09 16:31 - 2014-04-09 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-09 16:31 - 2013-11-27 17:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-08 15:28 - 2010-04-08 10:35 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\vlc 2014-04-08 08:33 - 2014-04-08 08:23 - 00000000 ____D () C:\Users\Savitri\Desktop\CD_OG 2014-04-07 15:20 - 2013-04-07 14:48 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-04-07 15:20 - 2013-04-07 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-04-07 07:51 - 2014-04-07 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KompoZer 2014-04-07 07:51 - 2014-04-07 07:51 - 00000000 ____D () C:\Program Files (x86)\KompoZer 2014-04-07 07:50 - 2014-01-14 17:16 - 00000000 ____D () C:\Users\Savitri\Documents\Lernprogramme-Hilfsprogramme 2014-04-07 07:49 - 2014-01-18 17:26 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\KompoZer 2014-04-07 07:42 - 2014-04-07 07:42 - 00001226 _____ () C:\Users\Savitri\Desktop\Revo Uninstaller.lnk 2014-04-07 07:42 - 2014-04-07 07:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-07 07:39 - 2013-05-28 18:46 - 00000000 ____D () C:\CD_OD 2014-04-06 08:36 - 2014-04-30 17:37 - 01016261 _____ (Thisisu) C:\Users\Savitri\Desktop\JRT_NEW.exe 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\RealNetworks 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\Program Files (x86)\RealNetworks 2014-04-04 08:13 - 2014-04-04 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2014-04-04 08:13 - 2009-11-22 18:12 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\Real 2014-04-04 08:13 - 2009-11-22 18:12 - 00000000 ____D () C:\Program Files (x86)\Real 2014-04-04 08:12 - 2014-04-04 08:12 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2014-04-04 08:12 - 2009-11-04 20:29 - 00000000 ____D () C:\ProgramData\Real 2014-04-04 08:12 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-04 08:11 - 2014-04-04 08:11 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2014-04-03 08:22 - 2013-05-28 13:51 - 00000000 ____D () C:\mp-od 2014-04-03 07:43 - 2009-12-13 16:50 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-03 07:43 - 2009-12-13 16:50 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-30 18:09 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-05-2014 Ran by Savitri at 2014-05-01 16:45:36 Running from C:\Users\Savitri\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated) Adobe Download Assistant (x32 Version: 1.2.3 - Adobe Systems Incorporated) Hidden Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated) Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.) AFSS HTML Designer 2.3 (HKLM-x32\...\ST6UNST #1) (Version: - ) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Artweaver 1.0 (HKLM-x32\...\{A025CFB8-64E7-4432-824F-11E7C5ED2ECE}_is1) (Version: 1.0 - Boris Eyrich Software) ATI Catalyst Install Manager (HKLM\...\{F4934901-B3C8-9918-F018-2D68F94B380E}) (Version: 3.0.728.0 - ATI Technologies, Inc.) Audacity 1.3.3 (HKLM-x32\...\Audacity 1.3 Beta_is1) (Version: - Audacity Team) Aufmerksamkeit Version 1.0 (HKLM-x32\...\{D3CFBB9F-99D3-4C24-B693-AEA403F3D566}_is1) (Version: 1.0 - Jolanda Arnold) Aufmerksamkeitsübungen ohne Symbole Version 1.0 (HKLM-x32\...\{3E0E5E58-9F2F-4D1E-BCC6-5C005F7162B2}_is1) (Version: 1.0 - Jolanda Arnold) Aufmerksamkeitsübungen Version 1.0 (HKLM-x32\...\{D3CFBB9F-99D3-4C24-B603-AEA403F3D566}_is1) (Version: 1.0 - Jolanda Arnold) Australian Patience (HKLM-x32\...\280-com.novelgames.flashgames.australianpatience) (Version: 1.1.0 - Novel Games Limited) Australian Patience (x32 Version: 1.1.0 - Novel Games Limited) Hidden avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software) Bilder und Wörter (HKLM-x32\...\Bilder und Wörter) (Version: - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Brother HL-2140 (HKLM-x32\...\{8CF6878C-8BD6-4891-850E-5418D1128B2F}) (Version: 1.00 - Brother) Calcularis (HKLM-x32\...\{ABE44AB4-E1C0-40B4-965C-442CB5BA45F8}) (Version: 1.0.4 - Dybuster) CamStudio (HKLM-x32\...\CamStudio) (Version: - ) CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Core Implementation (x32 Version: 2009.0520.1631.27815 - ATI) Hidden Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0520.1631.27815 - ATI) Hidden Catalyst Control Center Graphics Full New (x32 Version: 2009.0520.1631.27815 - ATI) Hidden Catalyst Control Center Graphics Light (x32 Version: 2009.0520.1631.27815 - ATI) Hidden Catalyst Control Center HydraVision Full (x32 Version: 2009.0520.1631.27815 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2009.0520.1631.27815 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2009.0520.1631.27815 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Czech (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Danish (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Dutch (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help English (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Finnish (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help French (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help German (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Greek (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Hungarian (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Italian (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Japanese (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Korean (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Norwegian (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Polish (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Portuguese (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Russian (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Spanish (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Swedish (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Thai (x32 Version: 2009.0520.1630.27815 - ATI) Hidden CCC Help Turkish (x32 Version: 2009.0520.1630.27815 - ATI) Hidden ccc-core-static (x32 Version: 2009.0520.1631.27815 - Ihr Firmenname) Hidden ccc-utility64 (Version: 2009.0520.1631.27815 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform) Codec Pack für Windows 7 (Full Package) (HKLM-x32\...\{D90A1FED-EFC7-4a3c-B0DD-6ED8CA37954F}) (Version: - thoosje.com) CodecInstaller 2.10.4 (HKLM-x32\...\CodecInstaller) (Version: 2.10.4 - JockerSoft) Common RTP 1.0 (HKLM-x32\...\RPGAdvocates_RTP_1.0) (Version: - ) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CreateInstall Light (HKLM-x32\...\CreateInstall Light) (Version: 6.1.1 - Novostrim, Inc.) CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.) CyberLink DVD Suite Deluxe (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.) CyberLink PhotoNow (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3022 - CyberLink Corp.) CyberLink PowerDirector (x32 Version: 8.0.3022 - CyberLink Corp.) Hidden Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.) D-Link DWA-140 (HKLM-x32\...\{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}) (Version: - D-Link) EasySetup 2.0.4e (HKLM-x32\...\{7CD2DA07-6695-4FFE-A2A6-5F7055F1A8FA}) (Version: - Thorsten Hoeppner) Excelsior Installer 2.1 (HKLM-x32\...\Excelsior_0) (Version: 2.1 - Excelsior) ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - ) FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse) Folder Size for Windows (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.5 - Brio) Free Studio version 4.8 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.) Free Video Flip and Rotate version 2.1.9.822 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.822 - DVDVideoSoft Ltd.) Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version: - Jodix Technologies Ltd.) Galiastro 4.7.3 Light (HKLM-x32\...\{F93E79F2-D76B-4AC7-BCE0-75692B88296C}) (Version: 4.7.3 - Paessler Software) Gigaflat (HKLM-x32\...\{C9E91711-8600-4919-AEF0-D4821F886797}_is1) (Version: - Bitrockers Inc.) GIMP 2.6.8 (HKLM-x32\...\WinGimp-2.0_is1) (Version: - ) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden GPL Ghostscript 8.61 (HKLM-x32\...\GPL Ghostscript 8.61) (Version: - ) GPL Ghostscript Fonts (HKLM-x32\...\GPL Ghostscript Fonts) (Version: - ) Hardwarediagnosetools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5205.31 - PC-Doctor, Inc.) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HiJaak Image Manager Browser 1.5 (HKLM-x32\...\{A8F10BB5-1264-4116-8150-89AB1FB48F20}) (Version: - ) hMailServer 5.3.3-B1879 (HKLM-x32\...\hMailServer_is1) (Version: - ) HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard) HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard) HP MediaSmart DVD (x32 Version: 3.0.3123 - Hewlett-Packard) Hidden HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard) HP MediaSmart Movie Themes (x32 Version: 3.0.3102 - Hewlett-Packard) Hidden HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard) HP MediaSmart Music/Photo/Video (x32 Version: 3.0.3205 - Hewlett-Packard) Hidden HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Remote Solution (x32 Version: 1.1.9.0 - TopSeed) Hidden HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard) HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard) HydraVision (x32 Version: 4.2.98.0 - ATI Technologies Inc.) Hidden iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) IcoFX 1.6.4 (HKLM-x32\...\IcoFX_is1) (Version: - ) Inno Script Studio version 2.1.0.20 (HKLM-x32\...\{7C22BD69-9939-43CE-B16E-437DB2A39492}_is1) (Version: 2.1.0.20 - Kymoto Solutions) Inno Setup Version 5.5.4 (HKLM-x32\...\Inno Setup 5_is1) (Version: 5.5.4 - jrsoftware.org) InnoIDE 1.0.0.78 (HKLM-x32\...\{1E8BAA74-62A9-421D-A61F-164C7C3943E9}_is1) (Version: 1.0.0.78 - Kernow Software) Install Creator (HKLM-x32\...\Install Creator) (Version: - ) InterCasino (HKLM-x32\...\InterCasinoV9GermanEUR) (Version: - ) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Jackie Chan Adventures (HKLM-x32\...\{83B67A53-D457-492F-BF99-C0BADDED0031}_is1) (Version: - ePlaybus.com) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Jurassic Park - Rampage Edition (HKLM-x32\...\Jurassic Park - Rampage Edition_is1) (Version: - GameFabrique) Jurassic Park 2 - The Lost World (HKLM-x32\...\Jurassic Park 2 - The Lost World_is1) (Version: - GameFabrique) Khufus Tomb (HKLM-x32\...\Khufus Tomb_is1) (Version: - ) K-Lite Codec Pack 8.8.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.8.0 - ) KompoZer 0.8b3 (HKLM-x32\...\{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1) (Version: - KompoZer) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.) LabelPrint 1.0 (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden LAME v3.98.2 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - ) Land Grabbers (HKLM-x32\...\Land Grabbers_is1) (Version: de - Boonty) Land Grabbers (nur deinstallation) (HKLM-x32\...\Land Grabbers) (Version: - ) Last Conundrum Of Da Vinci Deluxe (HKLM-x32\...\Last Conundrum Of Da Vinci Deluxe_is1) (Version: - GameHitZone.com) Legend of the Golden Mask (HKLM-x32\...\{E06660DB-957D-4C58-8A5E-E4626B4D182D}_is1) (Version: - ePlaybus.com) Letter Blocks (HKLM-x32\...\90-com.novelgames.flashgames.letterblocks) (Version: 1.9.1 - Novel Games Limited) Letter Blocks (x32 Version: 1.9.1 - Novel Games Limited) Hidden LIDOS7 (HKLM-x32\...\LIDOS7) (Version: 7.1 - Land Software Entwicklung) LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe) Loan Consolidation 1.1.0 (HKLM-x32\...\Loan Consolidation_is1) (Version: 1.1.0 - Novel Games Limited) Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: - EasyBits Software AS) MAGIX PC Check & Tuning Free 2011 (HKLM-x32\...\MAGIX_MSI_PC_Check_Tuning_Free_2011) (Version: 6.0.403.1050 - MAGIX AG) MAGIX PC Check & Tuning Free 2011 (x32 Version: 6.0.403.1050 - MAGIX AG) Hidden MAGIX Screenshare (HKLM-x32\...\{B63DFA23-5C10-44B4-881D-45EFBF4A4761}) (Version: 4.3.6.1987 - MAGIX AG) MAGIX Web Designer 6 Download-Version (HKLM-x32\...\MAGIX_MSI_Web_Designer_6) (Version: 6.0.1.12379 - MAGIX AG) MAGIX Web Designer 6 Download-Version (x32 Version: 6.0.1.12379 - MAGIX AG) Hidden Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Martyrdom Dungeon (HKLM-x32\...\{25EE9B91-7AE6-4499-A25E-CB8C59661AA1}_is1) (Version: - Free Windows Games) MatchWare Mediator 9 (HKLM-x32\...\{E04D74CB-CF0B-46BA-942E-76B926336352}) (Version: 9.0.152 - MatchWare A/S) Media Browser (HKLM-x32\...\{39561278-78E9-4E0D-971F-0F13C7157BC8}) (Version: 2.1.3.0 - Media Browser) Media Manager for WALKMAN 1.2 (HKLM-x32\...\{5A6ED905-D19D-4954-8499-0DAF386460F7}) (Version: 1.2.771 - Sony) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office FrontPage 2003 (HKLM-x32\...\{91170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Web Platform Installer 4.0 (HKLM\...\{50C865A7-6C1E-48EF-BE74-D8066D491810}) (Version: 4.0.1586 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation) Move Media Player (HKCU\...\Move Media Player) (Version: - Move Networks) Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) My Kingdom for the Princess (HKLM-x32\...\{A53FF346-2A12-449F-99A4-7072B0F3CEDC}_is1) (Version: - MyPlayBus.com) My Kingdom for the Princess 3 (HKLM-x32\...\{7E4389E7-DAF4-4ECE-A8D1-2B2DC8822CAE}) (Version: 1.0.0 - Youdagames) No Place Like Home (HKLM-x32\...\{A5ACF80C-C2C6-45C6-906F-5F923BC59CC0}_is1) (Version: - ePlaybus.com) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team) NWZ-B160 WALKMAN Guide (HKLM-x32\...\{B1A8A5D7-0613-4373-BB0C-2AA428C935BD}) (Version: 2.1.0.24141 - Sony Corporation) NWZ-B170 WALKMAN Guide (HKLM-x32\...\{B91B14D5-B817-4C79-BEF6-0A7A23FE6C61}) (Version: 2.1.0.33220 - Sony Corporation) Ozee (HKLM-x32\...\{D957C02C-DF35-4F5C-AB6F-62EE9C7790F8}_is1) (Version: - ePlaybus.com) Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) Patrimonium (HKLM-x32\...\Patrimonium_is1) (Version: - ) PC VGA Camera (HKLM-x32\...\InstallShield_{0082631F-BEA0-4346-8BBC-E9054300E73D}) (Version: 1.0.2.7 - Ihr Firmenname) PC VGA Camera (x32 Version: 1.0.2.7 - Ihr Firmenname) Hidden Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer) Pirates Gold (HKLM-x32\...\Pirates Gold_is1) (Version: - GameFabrique) PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars) PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net) Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.) Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden Private Tax 2009 (HKLM-x32\...\Private Tax 2009) (Version: 1.1.5.543 - Abraxas Informatik AG) Private Tax 2010 (HKLM-x32\...\Private Tax 2010) (Version: 1.1.0.581 - Abraxas Informatik AG) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Quillionär 2009 (HKLM-x32\...\Quillionär) (Version: - ) RealDownloader (x32 Version: 17.0.6 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.6 - RealNetworks) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version: - ) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) RomCenter 3.6.0 (HKLM-x32\...\romcenter_is1) (Version: 3.6.0 - Eric Bole-Feysot) Royal Envoy 2 Free Trial (HKLM-x32\...\Royal Envoy 2 Free Trial_is1) (Version: - Playrix Entertainment) Royal Envoy™ 2 Collector’s Edition (HKLM-x32\...\Royal Envoy™ 2 Collector’s Edition_is1) (Version: - Playrix Entertainment) RPG Maker 2000 1.05 (HKLM-x32\...\RPG Maker 2000 1.05) (Version: - ) RPG Maker 2003 (HKLM-x32\...\RPG Maker 20031.05) (Version: - ) RPG Maker 2003 v1.08 (HKLM-x32\...\RPG Maker 2003_is1) (Version: - Enterbrain, Inc.) RTP 1.32 Add-On for RM2k (HKLM-x32\...\RTP 1.32 Add-On for RM2k) (Version: - ) RTP for RM2K (Png, Wav, Midi, Fonts) (HKLM-x32\...\RTP for RM2K (Png, Wav, Midi, Fonts)) (Version: - ) RTP para RPG Maker 2003 (HKLM-x32\...\RTP para RPG Maker 20031.00) (Version: - ) Rubik's Cube 1.1.0 (HKLM-x32\...\Rubik's Cube_is1) (Version: 1.1.0 - Novel Games Limited) SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital) Setup Generator (HKLM-x32\...\Setup Generator) (Version: - ) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Smart Data Recovery v4.3 (HKLM-x32\...\Smart Data Recovery_is1) (Version: 4.3 - Smart PC Solutions) SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.3.0 - SmartSound Software Inc) SmartSound Quicktracks Plugin (x32 Version: 3.0.3.0 - SmartSound Software Inc) Hidden Softwarenetz Rechnung4 (HKLM-x32\...\Rechnung4) (Version: - Softwarenetz) Speed Solitaire (HKLM-x32\...\{71CD88B5-845B-456B-A564-71DB682B5593}_is1) (Version: - ePlaybus.com) SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC) SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51 (HKLM-x32\...\{B93AFF55-AF57-41DC-9D49-C75C86A6312F}_is1) (Version: v2012.build.51 - eRightSoft) Super Solitaire 1.07 (HKLM-x32\...\Super Solitaire_is1) (Version: - Etiumsoft, Inc.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamViewer 5 (HKLM-x32\...\TeamViewer 5) (Version: 5.1.9385 - TeamViewer GmbH) The Great Bathroom Escape (HKLM-x32\...\{37E2FE01-997B-47A2-B244-321820C2E1B8}_is1) (Version: - ePlaybus.com) The Railway Robot's Road Trip (HKLM-x32\...\{887FF9C0-5CA2-48F3-A69A-D6E525FBE48E}_is1) (Version: - ePlaybus.com) Thieves of Egypt Solitaire (HKLM-x32\...\212-com.novelgames.flashgames.egyptsolitaire) (Version: 1.3.0 - Novel Games Limited) Thieves of Egypt Solitaire (x32 Version: 1.3.0 - Novel Games Limited) Hidden Tibet Quest (HKLM-x32\...\Tibet Quest_is1) (Version: - ) TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software) Trio - The Great Settlement (HKLM-x32\...\Trio - The Great Settlement_is1) (Version: - ) Tuckers Abenteuer (HKCU\...\Tuckers Abenteuer) (Version: - ) UltraISO Premium V9.3 (HKLM-x32\...\UltraISO_is1) (Version: - ) Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - ) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden VC80CRTRedist - 8.0.50727.762 (x32 Version: 1.0.0 - DivX, Inc) Hidden VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN) Voxware Audio decoder 1.6 (HKLM-x32\...\voxware_is1) (Version: 1.6.0 - ) Wahrnehmung Optisches Gedächtnis (HKLM-x32\...\Wahrnehmung Optisches Gedächtnis) (Version: Version 1.0 - Jolanda Arnold) Webocton - Scriptly 0.8.95.6.COM (HKLM-x32\...\Webocton - Scriptly_is1) (Version: 0.8.95.6 - Webocton) Wecker 2.2 2.2 (HKLM-x32\...\Wecker 2.2) (Version: 2.2 - Frederik Trinkmann) Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.9.2014.0 - BillP Studios) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - ) WinZip (HKLM-x32\...\WinZip) (Version: 8.1 (4331g) - WinZip Computing, Inc.) Wordpool 2.7.7 (HKLM-x32\...\Wordpool_is1) (Version: - Thorsten Gottlob) WOW Slider (HKLM-x32\...\WOW Slider) (Version: - ) Zattoo 3.2.0 Beta Technology Preview (HKLM-x32\...\Zattoo) (Version: 3.2.0 Beta Technology Preview - Zattoo Inc.) Zattoo4 4.0.5 (HKLM-x32\...\Zattoo4) (Version: 4.0.5 - Zattoo Inc.) Zelda Forever (HKLM-x32\...\Zelda Forever) (Version: - ) Zeta Uploader (HKCU\...\ZetaUploader) (Version: 2.1.0.57 - Zeta Software GmbH) ==================== Restore Points ========================= 25-02-2014 07:10:39 Windows Update 04-03-2014 07:15:55 Windows Update 07-03-2014 07:27:41 Windows Update 11-03-2014 06:24:24 Windows Update 13-03-2014 19:00:57 Windows Update 24-03-2014 11:14:00 Windows Update 24-03-2014 19:00:11 Windows Update 25-03-2014 16:49:35 Windows Live Essentials 25-03-2014 16:52:30 DirectX wurde installiert 25-03-2014 16:53:28 DirectX wurde installiert 25-03-2014 16:54:59 DirectX wurde installiert 25-03-2014 16:56:56 WLSetup 27-03-2014 16:11:23 Removed Microsoft SQL Server 2005 Compact Edition [ENU] 28-03-2014 05:45:32 Windows Live Essentials 28-03-2014 05:45:59 WLSetup 28-03-2014 08:13:32 TuneUp Utilities 2014 wird entfernt 28-03-2014 08:15:08 TuneUp Utilities 2014 (de-DE) wird entfernt 29-03-2014 06:00:28 Windows Update 04-04-2014 06:02:11 Windows Update 04-04-2014 06:05:16 Installed Java 7 Update 51 05-04-2014 12:19:17 Windows-Sicherung 06-04-2014 07:43:39 Windows-Sicherung 07-04-2014 05:45:37 Revo Uninstaller's restore point - KompoZer 0.8b3 08-04-2014 05:50:27 Windows Update 09-04-2014 14:29:51 avast! antivirus system restore point 09-04-2014 18:01:05 Windows Update 10-04-2014 18:00:40 Windows Update 15-04-2014 05:26:03 Windows Update 18-04-2014 06:06:35 Windows Update 20-04-2014 05:33:48 Installed Java 7 Update 55 22-04-2014 05:58:27 Windows Update 29-04-2014 05:44:37 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-11-28 23:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {03E79A4B-120B-4926-946A-7BD4CE894476} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company) Task: {05B92338-A851-4433-AEBF-F8C0754D8DA7} - \SpyHunter4Startup No Task File <==== ATTENTION Task: {10C8625D-6240-457B-9C60-10D64ED6F741} - System32\Tasks\{8B54BEFF-A36C-46E8-A584-09BF879A73C5} => C:\Users\Savitri\Downloads\Eternal Legends\RPG_RT.EXE Task: {1708DB40-3286-4E23-85A8-7A110C145858} - System32\Tasks\{18FA6C08-2B4F-4CCA-A936-4E06F9BA1354} => C:\Program Files (x86)\MyPlayBus.com\Weather Master\Weather Master.exe Task: {1826D05D-4481-4FF9-BD60-8A0815F5D4EA} - System32\Tasks\{8867E9E9-FE92-4A77-AE2D-C793465794C7} => Firefox.exe hxxp://ui.skype.com/ui/0/6.0.73.126.456/de/eula Task: {189B45AD-0118-4867-90A9-B819125568E0} - System32\Tasks\{3A510E48-7963-489B-A7A2-29CFAA1B5FCD} => C:\Users\Savitri\Downloads\Eternal Legends\RPG_RT.EXE Task: {1CB8D895-24A9-41D7-A8B3-10CB5E10447D} - System32\Tasks\{3E040147-1DD8-4DB4-B164-4B8680E8C6A9} => C:\Program Files (x86)\MyPlayBus.com\Elven Mists\Elven Mists.exe Task: {20887E3C-445D-4CA7-80CF-310B40F0D862} - System32\Tasks\{74322FA9-F3F3-4EFE-A517-07D3CE1EFCF1} => C:\Program Files (x86)\MyPlayBus.com\Land Grabbers\Land Grabbers.exe Task: {25FB0EA9-B985-4BC0-B4CF-F251ADD7F32A} - System32\Tasks\{660F49D7-4F30-4ED0-AD0D-FD7C395A75A1} => C:\Program Files (x86)\MyPlayBus.com\Princess Isabella A Witch's Curse\Princess Isabella A Witch's Curse.exe Task: {26822742-BAB8-444A-ABCE-5978E2055FAC} - System32\Tasks\{1D0B6D7D-FB6A-46C4-BE93-629B59B601C6} => C:\Program Files (x86)\MyPlayBus.com\Weather Master\Weather Master.exe Task: {31AF753B-5F0E-4DA5-ABFE-7D3AC3AA890C} - System32\Tasks\{4B8BFC65-4FC4-4141-A9EB-5524B53A4FC0} => C:\Users\Savitri\Downloads\CRUSHER2.EXE Task: {38BD1145-3EEA-4254-9B50-22E23AF09C01} - System32\Tasks\{719295C1-2170-4EC3-ADE4-13C23D1269DA} => C:\Users\Savitri\Downloads\FruitasticPlus.exe Task: {38D2A825-2F0E-4AF7-987E-0E7415E9DC32} - System32\Tasks\{E02D7EB7-8BC8-4AEE-ACE1-0C516E7C8DCD} => C:\Users\Savitri\Downloads\rpg2003(3).exe Task: {39E696A2-BAB6-429C-B5D7-D2B08A62DC7C} - System32\Tasks\{386EBE5C-300E-44F3-B1A7-A030D5221843} => C:\Program Files (x86)\MyPlayBus.com\World Class Solitaire\World Class Solitaire.exe Task: {44344D81-C751-4EB6-8CB4-CCEF4D1F1BA1} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-842135949-2711248906-428214252-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-14] (RealNetworks, Inc.) Task: {47A22F3B-F43A-4852-B5D5-D6163DC59CC4} - System32\Tasks\{3A4A16B9-0025-4CDD-BA86-565A9AE73AAC} => C:\Users\Savitri\Downloads\CRUSHER2.EXE Task: {48D22EA2-4FA9-40BE-B4BB-E571603C9480} - System32\Tasks\{90FF0556-149F-49A6-AD96-E03386C44F96} => C:\Program Files (x86)\MyPlayBus.com\The Poppit! Show\The Poppit! Show.exe Task: {492B0E14-97DA-4851-BA8B-856EB2377AA0} - System32\Tasks\{705026A9-1121-4C04-B618-B3C5378FB942} => C:\Program Files (x86)\MyPlayBus.com\Weather Master\Weather Master.exe Task: {4B54579C-3D9B-4AFB-BB2B-3552902456EB} - System32\Tasks\{6D186016-9368-43D7-871B-957D7CD66524} => C:\Program Files (x86)\MyPlayBus.com\The Poppit! Show\The Poppit! Show.exe Task: {51AA883B-D6C4-44A4-BCB5-6CA1D7FF8D02} - System32\Tasks\{FFA74089-4706-4158-83E7-A026B7F64B71} => C:\Users\Savitri\Downloads\Eternal Legends\RPG_RT.EXE Task: {54DEB459-A6BF-4C9D-A50F-056FD66DF52C} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.) Task: {5636BD10-55DC-453B-BFED-67EE640917BE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {56A4FB4A-DBAE-4BD1-BA5E-3065D8AE51E2} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink) Task: {5CD26887-8017-40E3-B6C1-7D16118AD1FA} - System32\Tasks\{D77CFDC2-1BDA-40F5-9D1B-2831AEFCA83E} => C:\Users\Savitri\Downloads\CRUSHER2.EXE Task: {5D209EF9-293D-43AA-A4D1-FAEF1BD26C56} - System32\Tasks\{7AB3528A-61A8-464F-81E3-8F37A8522657} => C:\Program Files (x86)\MyPlayBus.com\Clayside\Clayside.exe Task: {5EB30861-7583-46A6-89FD-73C0F975F2EA} - System32\Tasks\{1E689C00-32CB-407C-A420-03EAA58ACFFB} => C:\Program Files (x86)\MyPlayBus.com\Weather Master\Weather Master.exe Task: {64041DBA-260D-4EEB-A9D7-E0DCF1B707E1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-842135949-2711248906-428214252-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-14] (RealNetworks, Inc.) Task: {64AC2146-750B-4436-B9A7-B6F8E45188FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {6E197D0B-D796-4395-B812-708B60903731} - System32\Tasks\{4C102F77-4A8E-4144-A12A-E5E9DAB1C0C3} => C:\Program Files (x86)\MyPlayBus.com\Weather Master\Weather Master.exe Task: {6E9FFB2A-2D1A-462B-9ECE-57F54ACEFB12} - System32\Tasks\{C0DD6C7F-7AEF-4131-8717-68141162D91C} => C:\Users\Savitri\Downloads\FruitasticPlus.exe Task: {70739661-96D9-4E77-9A58-F6F2164C050D} - System32\Tasks\{7AFFC463-EE82-4E84-878F-87CA1939AA35} => C:\Program Files (x86)\MyPlayBus.com\Land Grabbers\Land Grabbers.exe Task: {7292B837-DBE9-423B-BA60-D03C9ACBAFB2} - System32\Tasks\{9535B671-F748-4AD2-8692-AF6E904E36D9} => C:\Program Files (x86)\MyPlayBus.com\Pet Set\Pet Set.exe Task: {746A628D-876C-4C68-B725-4F60ECBB1508} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-09] (AVAST Software) Task: {776C4F19-5B23-4D60-9268-F671839A69F9} - System32\Tasks\{FB1936A0-55DA-43B1-B5D9-42CC69A40D5E} => C:\Users\Savitri\Downloads\FruitasticPlus.exe Task: {79ABC6AC-2B8D-4CBA-8DD8-7B50F87510F2} - System32\Tasks\{FF0B00EC-F959-484B-9F1A-20F21C0D8300} => C:\Users\Savitri\Downloads\CRUSHER2.EXE Task: {83774E24-C10E-44CA-A5C1-5D35D6C2F74F} - System32\Tasks\PCCT - MAGIX AG => C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MxTray.exe [2010-11-08] () Task: {8AC5C122-603B-442A-9BBA-52A2BAC17304} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {8ACDE49F-32BD-430D-94DB-4E6C977CF0C1} - System32\Tasks\{DD8A7014-F761-463C-91C5-489AA49F865F} => C:\Program Files (x86)\MatchWare\Mediator 9.0\medi8or.exe [2010-05-21] (MatchWare A/S) Task: {8ADB2AF4-8F83-47F4-9FA3-81A31AA19859} - System32\Tasks\{34B68BC1-3B36-45C3-A5F3-44A89EFA79DE} => C:\Program Files (x86)\MyPlayBus.com\Land Grabbers\Land Grabbers.exe Task: {8CF702B4-4592-4201-A044-7D2FC87124C6} - System32\Tasks\{1C9C345C-092D-4E42-9BAD-215D6E742CA9} => C:\Users\Savitri\Downloads\FruitasticPlus.exe Task: {8E0BD5BF-8BFF-4AF0-9240-2340BDA7176B} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\iWin Games\iWinGames.exe <==== ATTENTION Task: {8EB11193-80E8-4FA5-B34B-E16A5A7659D3} - System32\Tasks\{966011B3-4969-45E7-889D-E0658A236030} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.) Task: {94C0E264-8C69-45AC-8F30-7407525E6FED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-13] (Google Inc.) Task: {9729F1F0-F099-4B62-9B3B-803032453C7F} - System32\Tasks\{0A3FEDFE-77E1-4A1C-A613-FDBFFF421333} => C:\Program Files (x86)\MyPlayBus.com\Princess Isabella A Witch's Curse\Princess Isabella A Witch's Curse.exe Task: {991675EF-471A-4642-84D7-D1D8F0DAF2CB} - System32\Tasks\{1E3DF1EF-030E-4AB5-9BCA-6FA4B8137F37} => C:\Program Files (x86)\MyPlayBus.com\Shopping Marathon\Shopping Marathon.exe Task: {99BBDC72-7E05-4D55-A049-7B4E38F44CAC} - System32\Tasks\{35EA30DE-1539-40B7-B9BB-8B96828240CB} => C:\Program Files (x86)\MyPlayBus.com\Build-a-lot 5 The Elizabethan Era\Build-a-lot 5 The Elizabethan Era.exe Task: {9C9DEBE8-1EB5-4257-857B-D7B331ABDF9F} - System32\Tasks\{F26F4CEE-39E3-4463-A49F-BD96DEBBD430} => C:\Users\Savitri\Downloads\FruitasticPlus.exe Task: {A25203C4-E046-485E-8106-24D347164784} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {A2C1FF06-405F-46A6-9ACC-CD27ECF30588} - System32\Tasks\{89563CAC-F44C-4D46-9743-6A338B5AE933} => C:\Users\Savitri\Downloads\Eternal Legends\RPG_RT.EXE Task: {AC9E6EF8-DD47-49FB-9872-8B3867BCE7C4} - System32\Tasks\{921DE11E-4910-48AE-B3E9-11ECB0C8E6D3} => C:\Program Files (x86)\MyPlayBus.com\Princess Isabella A Witch's Curse\Princess Isabella A Witch's Curse.exe Task: {AEE27528-74BC-46AB-B52E-0BDC75F3695B} - System32\Tasks\{C0B0DBE3-89C1-46F4-9FA2-D5FE11AD5C64} => C:\Users\Savitri\Downloads\CRUSHER2.EXE Task: {B730DD60-3E05-4307-BEC5-867F995AD2D7} - System32\Tasks\ReclaimerResumeInstallLogin_Savitri => C:\Users\Savitri\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-04-27] (RealNetworks, Inc.) Task: {B747664F-253A-4F09-9099-160A56870094} - System32\Tasks\{64276C5B-29DD-4E84-8087-458F8DA9362C} => C:\Program Files (x86)\MyPlayBus.com\The Poppit! Show\The Poppit! Show.exe Task: {BA7A7CF3-5FBF-47B9-A746-EF3026CF303F} - System32\Tasks\{3AD24082-5260-4349-B55F-A078754E5AFC} => C:\Program Files (x86)\MyPlayBus.com\Weather Master\Weather Master.exe Task: {C2579986-D8E3-4583-897B-301936DA19D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated) Task: {C4AF4FEA-4491-4B85-ACC1-D47D64F53640} - System32\Tasks\{B79A8E17-BFD9-4C5E-A09A-8F02E090CBAB} => C:\Program Files (x86)\MyPlayBus.com\Machi Paco\Machi Paco.exe Task: {C513D9A0-B668-44C3-89D0-1580AC8FBC5A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-842135949-2711248906-428214252-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-14] (RealNetworks, Inc.) Task: {C9955568-996F-4E63-A5B8-597BF46204AF} - System32\Tasks\{43F8BAFB-7C8B-4BFA-ABAF-E1623C04743F} => C:\Program Files (x86)\MyPlayBus.com\Build-a-lot 5 The Elizabethan Era\Build-a-lot 5 The Elizabethan Era.exe Task: {CFEAAFE4-868E-4070-8B59-DCA054C423B4} - System32\Tasks\{043292B9-448F-48DA-884F-5D9CC362FCC1} => C:\Program Files (x86)\MatchWare\Mediator 9.0\medi8or.exe [2010-05-21] (MatchWare A/S) Task: {D5417243-8A3E-4E8B-B596-EC9FFBA8971D} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.) Task: {DE7D9E2B-4721-4D75-B67E-1274C29C0A7E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-13] (Google Inc.) Task: {E36A7AF5-7F21-4B73-ABFA-EDC92C73F33E} - System32\Tasks\{77509447-96D5-40DF-A56E-8C72AAE8EE5B} => C:\Program Files (x86)\MatchWare\Mediator 9.0\medi8or.exe [2010-05-21] (MatchWare A/S) Task: {E3F2E252-0142-48A5-BF6D-04B563FBFD1B} - System32\Tasks\{32F509B6-944A-41C2-836F-07F4C02DE8A3} => C:\Program Files (x86)\MyPlayBus.com\Machi Paco\Machi Paco.exe Task: {E43C2AD2-3FD9-414B-BE92-E66DF411621F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2012-11-24] (Piriform Ltd) Task: {E816465A-05A3-4DDA-AF6F-3B8816CE2197} - System32\Tasks\{FACE236A-21BB-4C81-85DA-16C5429C6568} => C:\Users\Savitri\Downloads\Eternal Legends\RPG_RT.EXE Task: {F360EB6A-7055-4050-B425-CFF9083F8180} - System32\Tasks\{6A5CBF0F-98C5-45E9-8BFB-7426698BE83C} => C:\Program Files (x86)\MyPlayBus.com\Machi Paco\Machi Paco.exe Task: {FF7ECA21-1F5A-4D2B-B04F-35BF90BB889B} - System32\Tasks\{0995F4C9-FAE6-4554-BC96-B72483DED0EA} => C:\Users\Savitri\Downloads\FruitasticPlus.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\PCCT - MAGIX AG.job => C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MxTray.exe Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe Task: C:\Windows\Tasks\ReclaimerResumeInstallLogin_Savitri.job => C:\Users\Savitri\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe ==================== Loaded Modules (whitelisted) ============= 2013-06-18 14:11 - 2010-07-12 14:39 - 00053248 _____ () C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe 2014-02-12 14:42 - 2014-02-12 14:42 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-02-14 12:06 - 2014-02-14 12:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe 2010-07-02 14:22 - 2009-04-17 18:01 - 00247152 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe 2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2014-04-10 11:16 - 2014-04-10 11:16 - 02193408 _____ () C:\Program Files\AVAST Software\Avast\defs\14041000\algo.dll 2014-05-01 07:43 - 2014-05-01 07:43 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14043002\algo.dll 2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-04-04 08:11 - 2014-04-04 08:11 - 00867928 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll 2010-07-02 14:22 - 2009-04-17 18:01 - 00034088 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideops.dll 2013-11-27 17:44 - 2013-11-27 17:44 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll 2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll 2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL 2014-03-29 09:36 - 2014-03-29 09:36 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-04-04 08:11 - 2014-04-04 08:11 - 00571992 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll 2014-01-29 15:15 - 2014-04-22 20:39 - 00645592 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll 2014-04-29 16:01 - 2014-04-29 16:01 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:5C321E34 AlternateDataStreams: C:\Users\Savitri\Cookies:gs5sys AlternateDataStreams: C:\Users\Savitri\Vorlagen:gs5sys AlternateDataStreams: C:\Users\Savitri\AppData\Local\Verlauf:gs5sys ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\Services: AntiVirSchedulerService => 2 MSCONFIG\Services: AntiVirService => 2 MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/01/2014 00:00:04 PM) (Source: Windows Backup) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "J:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Error: (04/29/2014 03:49:59 PM) (Source: Application Hang) (User: ) Description: Programm medi8or.exe, Version 9.0.152.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 20d0 Startzeit: 01cf63b16dbd7542 Endzeit: 24 Anwendungspfad: C:\Program Files (x86)\MatchWare\Mediator 9.0\medi8or.exe Berichts-ID: Error: (04/29/2014 03:46:22 PM) (Source: Application Hang) (User: ) Description: Programm medi8or.exe, Version 9.0.152.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1138 Startzeit: 01cf63acc9cc7559 Endzeit: 32 Anwendungspfad: C:\Program Files (x86)\MatchWare\Mediator 9.0\medi8or.exe Berichts-ID: Error: (04/29/2014 03:13:08 PM) (Source: Application Hang) (User: ) Description: Programm medi8or.exe, Version 9.0.152.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 4cc Startzeit: 01cf63ac203de1e8 Endzeit: 16 Anwendungspfad: C:\Program Files (x86)\MatchWare\Mediator 9.0\medi8or.exe Berichts-ID: Error: (04/29/2014 03:08:28 PM) (Source: Application Hang) (User: ) Description: Programm medi8or.exe, Version 9.0.152.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1eec Startzeit: 01cf63ab6ff911aa Endzeit: 19 Anwendungspfad: C:\Program Files (x86)\MatchWare\Mediator 9.0\medi8or.exe Berichts-ID: Error: (04/29/2014 03:03:33 PM) (Source: Application Hang) (User: ) Description: Programm medi8or.exe, Version 9.0.152.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 21bc Startzeit: 01cf6373e09b3b91 Endzeit: 36 Anwendungspfad: C:\Program Files (x86)\MatchWare\Mediator 9.0\medi8or.exe Berichts-ID: Error: (04/29/2014 08:25:26 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: medi8or.exe, Version: 9.0.152.0, Zeitstempel: 0x4bf52a08 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc015000f Fehleroffset: 0x00084671 ID des fehlerhaften Prozesses: 0x22b8 Startzeit der fehlerhaften Anwendung: 0xmedi8or.exe0 Pfad der fehlerhaften Anwendung: medi8or.exe1 Pfad des fehlerhaften Moduls: medi8or.exe2 Berichtskennung: medi8or.exe3 Error: (04/29/2014 07:50:12 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: medi8or.exe, Version: 9.0.152.0, Zeitstempel: 0x4bf52a08 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0150010 Fehleroffset: 0x0008482b ID des fehlerhaften Prozesses: 0x200c Startzeit der fehlerhaften Anwendung: 0xmedi8or.exe0 Pfad der fehlerhaften Anwendung: medi8or.exe1 Pfad des fehlerhaften Moduls: medi8or.exe2 Berichtskennung: medi8or.exe3 Error: (04/29/2014 07:50:07 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: medi8or.exe, Version: 9.0.152.0, Zeitstempel: 0x4bf52a08 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x200c Startzeit der fehlerhaften Anwendung: 0xmedi8or.exe0 Pfad der fehlerhaften Anwendung: medi8or.exe1 Pfad des fehlerhaften Moduls: medi8or.exe2 Berichtskennung: medi8or.exe3 Error: (04/28/2014 05:20:36 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: medi8or.exe, Version: 9.0.152.0, Zeitstempel: 0x4bf52a08 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0150010 Fehleroffset: 0x0008482b ID des fehlerhaften Prozesses: 0x4e0 Startzeit der fehlerhaften Anwendung: 0xmedi8or.exe0 Pfad der fehlerhaften Anwendung: medi8or.exe1 Pfad des fehlerhaften Moduls: medi8or.exe2 Berichtskennung: medi8or.exe3 System errors: ============= Error: (04/30/2014 03:00:14 PM) (Source: BROWSER) (User: ) Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{4DA92D0C-2BBD-4EBB-B615-15C4B65003A0}" zu oft fehl. Der Sicherungssuchdienst wird beendet. Error: (04/30/2014 02:09:54 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR9 gefunden. Error: (04/28/2014 07:41:39 AM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "VIRENDRA-HP", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4DA92D0C-2BBD-4EBB-B615-15C4B65003A0}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (04/27/2014 10:01:02 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error: (04/27/2014 10:01:02 PM) (Source: DCOM) (User: ) Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56} Error: (04/26/2014 10:21:37 PM) (Source: BROWSER) (User: ) Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{4DA92D0C-2BBD-4EBB-B615-15C4B65003A0}" zu oft fehl. Der Sicherungssuchdienst wird beendet. Error: (04/26/2014 07:32:38 AM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "VIRENDRA-HP", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4DA92D0C-2BBD-4EBB-B615-15C4B65003A0}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (04/23/2014 10:57:42 AM) (Source: BROWSER) (User: ) Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{4DA92D0C-2BBD-4EBB-B615-15C4B65003A0}" zu oft fehl. Der Sicherungssuchdienst wird beendet. Error: (04/22/2014 07:49:49 AM) (Source: bowser) (User: ) Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "VIRENDRA-HP", der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{4DA92D0C-2BBD-4EBB-B615-15C4B65003A0}-Transport zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen. Error: (04/20/2014 03:24:50 PM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.1.36 registriert werden. Der Computer mit IP-Adresse 192.168.1.35 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Microsoft Office Sessions: ========================= Error: (11/11/2012 04:00:36 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash. Error: (11/11/2012 03:58:15 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23 seconds with 0 seconds of active time. This session ended with a crash. Error: (11/11/2012 03:57:41 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash. Error: (11/11/2012 03:56:45 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 2, Application Name: Microsoft Office Access, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/20/2011 08:09:50 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error: (07/15/2010 04:00:05 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 389578 seconds with 1920 seconds of active time. This session ended with a crash. Error: (05/19/2010 00:37:40 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2013-11-28 22:41:11.812 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-11-28 22:41:11.482 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-02-18 18:23:08.957 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Savitri\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-02-18 18:23:08.950 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Savitri\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-02-18 18:23:08.652 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2010-02-18 18:23:08.645 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 49% Total physical RAM: 4095.18 MB Available physical RAM: 2079.43 MB Total Pagefile: 8188.54 MB Available Pagefile: 5424.61 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:916.89 GB) (Free:588.49 GB) NTFS Drive d: (FACTORY_IMAGE) (Fixed) (Total:14.53 GB) (Free:2.53 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=917 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=15 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
02.05.2014, 07:40 | #4 |
/// the machine /// TB-Ausbilder | Link zur eigenen Webseite spinnt Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.05.2014, 12:24 | #5 |
| Link zur eigenen Webseite spinnt Hier das Gewünschte: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 02.05.2014 Suchlauf-Zeit: 10:44:32 Logdatei: mbam.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.02.05 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Savitri Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 315780 Verstrichene Zeit: 19 Min, 29 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 3 PUP.Optional.OpenCandy, C:\Users\Savitri\AppData\Roaming\OpenCandy, In Quarantäne, [1fe18a7641bf54ac36b69ccaf70b31cf], PUP.Optional.OpenCandy, C:\Users\Savitri\AppData\Roaming\OpenCandy\332152DA251540BF8499F80478098121, In Quarantäne, [1fe18a7641bf54ac36b69ccaf70b31cf], PUP.Optional.OpenCandy, C:\Users\Savitri\AppData\Roaming\OpenCandy\E0E7D58CE9254286A26F5D8153072DD3, In Quarantäne, [1fe18a7641bf54ac36b69ccaf70b31cf], Dateien: 2 PUP.Optional.OpenCandy, C:\Users\Savitri\AppData\Roaming\OpenCandy\332152DA251540BF8499F80478098121\Trial-14.0.1000.89_de-DE_1004743_CH-DE-1.exe, In Quarantäne, [1fe18a7641bf54ac36b69ccaf70b31cf], PUP.Optional.OpenCandy, C:\Users\Savitri\AppData\Roaming\OpenCandy\E0E7D58CE9254286A26F5D8153072DD3\pokkiInstaller.exe, In Quarantäne, [1fe18a7641bf54ac36b69ccaf70b31cf], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.205 - Bericht erstellt am 02/05/2014 um 11:06:13 # Aktualisiert 28/04/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Savitri - SAVITRI # Gestartet von : C:\Users\Savitri\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Savitri\AppData\Roaming\SecureSearch Ordner Gelöscht : C:\Users\Savitri\AppData\Roaming\Uniblue Ordner Gelöscht : C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri\adawaretb Datei Gelöscht : C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri\searchplugins\safeguard-secure-search.xml ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole Schlüssel Gelöscht : HKCU\Software\Classes\pokki Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5} Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}] Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5} Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\Trymedia Systems ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v28.0 (de) [ Datei : C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri\prefs.js ] -\\ Google Chrome v ************************* AdwCleaner[R0].txt - [2101 octets] - [02/05/2014 11:04:30] AdwCleaner[S0].txt - [1964 octets] - [02/05/2014 11:06:13] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2024 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 7 Home Premium x64 Ran by Savitri on 02.05.2014 at 11:14:16.86 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Savitri\AppData\Roaming\mozilla\firefox\profiles\psydjhqg.Savitri\minidumps [21 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 02.05.2014 at 11:24:21.71 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014 Ran by Savitri (administrator) on SAVITRI on 02-05-2014 13:19:29 Running from C:\Users\Savitri\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MxTray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe (hMailServer) C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7311\Monitor.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (brother) C:\Program Files (x86)\Brownie\BrStsW64.exe (D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (brother) C:\Program Files (x86)\Brownie\brpjp04a.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] () HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC7311\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation) HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-05-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-06-22] (EasyBits Software AS) HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [963072 2008-01-08] (brother) HKLM-x32\...\Run: [UpdatePDRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [D-Link D-Link DWA-140] => C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe [1074496 2011-06-29] (D-Link Corp.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-09] (AVAST Software) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-11] (Easybits) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-04-04] (RealNetworks, Inc.) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard) HKU\S-1-5-21-842135949-2711248906-428214252-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-842135949-2711248906-428214252-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-842135949-2711248906-428214252-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-842135949-2711248906-428214252-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.) Startup: C:\Users\Savitri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {71398C2C-687B-4CD9-8A25-501D138F73E6} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcndtie7-de-ch SearchScopes: HKLM - {71398C2C-687B-4CD9-8A25-501D138F73E6} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcndtie7-de-ch BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} DPF: HKLM-x32 {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-09-11] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri FF Homepage: https://www.google.ch/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.6.13 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.6.13 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Savitri\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, hxxp://www.openssl.org/) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, hxxp://www.openssl.org/) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WOT - C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27] FF Extension: NoScript - C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-01] FF Extension: Web Developer - C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-21] FF Extension: Adblock Plus - C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-01] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-27] FF HKLM-x32\...\Firefox\Extensions: [{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] ==================== Services (Whitelisted) ================= S4 Apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2012-08-18] (Apache Software Foundation) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-09] (AVAST Software) R2 D_Link_DWA-140_WPS; C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-07-12] () R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [167936 2010-04-06] (Brio) R2 hMailServer; C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe [5395968 2010-06-07] (hMailServer) S2 MAGIX StartUp Analyze Service; C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MXSAS.exe [186368 2010-11-04] (MAGIX AG) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-02-12] () R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141336 2014-04-04] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-02-14] () R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [247152 2009-04-17] () R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X] ==================== Drivers (Whitelisted) ==================== R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2011-02-21] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-09] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-09] () R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-02] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.) S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [602112 2006-11-08] (PixArt Imaging Inc.) S4 ATIXPGAA; \??\C:\Program Files\PC-Doctor for Windows\ATIXPGAA.SYS [X] S4 catchme; \??\C:\ComboFix\catchme.sys [X] R3 cpuz132; \??\C:\Users\Savitri\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X] U3 DfSdkS; U4 esgiguard; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-02 13:19 - 2014-05-02 13:19 - 00000000 ____D () C:\Users\Savitri\Downloads\FRST-OlderVersion 2014-05-02 11:24 - 2014-05-02 11:24 - 00000858 _____ () C:\Users\Savitri\Desktop\JRT.txt 2014-05-02 11:13 - 2014-05-02 11:13 - 01016261 _____ (Thisisu) C:\Users\Savitri\Downloads\JRT.exe 2014-05-02 11:12 - 2014-05-02 11:12 - 00002112 _____ () C:\Users\Savitri\Desktop\AdwCleaner[S0].txt 2014-05-02 11:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-02 11:04 - 2014-05-02 11:06 - 00000000 ____D () C:\AdwCleaner 2014-05-02 11:02 - 2014-05-02 11:02 - 01310621 _____ () C:\Users\Savitri\Downloads\adwcleaner.exe 2014-05-02 11:02 - 2014-05-02 11:02 - 00001885 _____ () C:\Users\Savitri\Desktop\mbam.txt 2014-05-02 10:51 - 2014-05-02 11:08 - 00000384 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Savitri.job 2014-05-02 10:51 - 2014-05-02 11:07 - 00000378 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Savitri.job 2014-05-02 10:51 - 2014-05-02 10:52 - 00002970 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Savitri 2014-05-02 10:51 - 2014-05-02 10:52 - 00002966 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Savitri 2014-05-02 10:51 - 2014-05-02 10:52 - 00002674 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Savitri 2014-05-02 10:51 - 2014-05-02 10:51 - 00003618 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Savitri 2014-05-02 10:50 - 2014-05-02 11:07 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Savitri.job 2014-05-02 10:23 - 2014-05-02 11:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-02 10:23 - 2014-05-02 10:23 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-02 10:23 - 2014-05-02 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-02 10:23 - 2014-05-02 10:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-02 10:23 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-02 10:23 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-02 10:21 - 2014-05-02 10:22 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Savitri\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-01 16:45 - 2014-05-01 16:46 - 00063403 _____ () C:\Users\Savitri\Downloads\Addition.txt 2014-05-01 16:44 - 2014-05-02 13:19 - 00022041 _____ () C:\Users\Savitri\Downloads\FRST.txt 2014-05-01 16:44 - 2014-05-02 13:19 - 00000000 ____D () C:\FRST 2014-05-01 16:43 - 2014-05-02 13:19 - 02062336 _____ (Farbar) C:\Users\Savitri\Downloads\FRST64.exe 2014-04-30 17:37 - 2014-04-06 08:36 - 01016261 _____ (Thisisu) C:\Users\Savitri\Desktop\JRT_NEW.exe 2014-04-25 16:33 - 2014-04-25 16:33 - 01130024 _____ (BillP Studios) C:\Users\Savitri\Downloads\wpsetup.exe 2014-04-24 10:18 - 2014-04-24 10:18 - 06358130 _____ () C:\Users\Savitri\Documents\Produce.wmv 2014-04-20 07:36 - 2014-04-20 07:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-20 07:36 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-20 07:36 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-20 07:36 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-20 07:36 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-20 07:35 - 2014-04-20 07:36 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-19 16:41 - 2014-04-19 16:41 - 00010123 _____ () C:\Users\Savitri\Desktop\Arbeitsmappe1.xlsx 2014-04-10 20:27 - 2014-05-02 11:08 - 00003342 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-842135949-2711248906-428214252-1000 2014-04-10 20:02 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-10 20:02 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-10 20:02 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-10 20:02 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-10 20:02 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-10 20:02 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-10 20:02 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-10 20:02 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-10 20:02 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-10 20:02 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-10 20:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-10 20:02 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-10 20:02 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-10 20:02 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-10 20:02 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-10 20:02 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-10 20:02 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-10 20:02 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-10 20:02 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-10 20:02 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-10 20:02 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-10 20:02 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-10 20:02 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-10 20:02 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-10 20:02 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-10 20:02 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-10 20:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-10 20:02 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-10 20:02 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-10 20:02 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-10 20:02 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-10 20:02 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-10 20:02 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-10 20:02 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-10 20:02 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-10 20:02 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-10 20:02 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-10 20:02 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-10 20:01 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-10 20:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-10 20:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-10 20:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-10 20:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-10 20:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-10 20:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-10 20:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-10 20:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-10 20:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-09 16:32 - 2014-04-09 16:32 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-09 16:31 - 2014-04-09 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-09 13:56 - 2014-04-26 13:44 - 00000000 ____D () C:\Users\Savitri\Documents\My Podcasts 2014-04-09 08:45 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 08:45 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 08:45 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 08:45 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 08:45 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 08:45 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 08:45 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 08:45 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 08:45 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 08:45 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 08:45 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 08:45 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 08:45 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 08:45 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 08:45 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 08:45 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 08:45 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-08 08:23 - 2014-04-08 08:33 - 00000000 ____D () C:\Users\Savitri\Desktop\CD_OG 2014-04-08 08:11 - 2014-04-14 08:08 - 00000000 ____D () C:\Program Files (x86)\Wahrnehmung Optisches Gedächtnis 2014-04-07 07:51 - 2014-04-07 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KompoZer 2014-04-07 07:51 - 2014-04-07 07:51 - 00000000 ____D () C:\Program Files (x86)\KompoZer 2014-04-07 07:42 - 2014-04-07 07:42 - 00001226 _____ () C:\Users\Savitri\Desktop\Revo Uninstaller.lnk 2014-04-07 07:42 - 2014-04-07 07:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\RealNetworks 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\Program Files (x86)\RealNetworks 2014-04-04 08:12 - 2014-04-04 08:12 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2014-04-04 08:11 - 2014-04-04 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2014-04-04 08:11 - 2014-04-04 08:11 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2014-04-04 08:07 - 2014-04-20 07:37 - 00000000 ____D () C:\ProgramData\Oracle ==================== One Month Modified Files and Folders ======= 2014-05-02 13:19 - 2014-05-02 13:19 - 00000000 ____D () C:\Users\Savitri\Downloads\FRST-OlderVersion 2014-05-02 13:19 - 2014-05-01 16:44 - 00022041 _____ () C:\Users\Savitri\Downloads\FRST.txt 2014-05-02 13:19 - 2014-05-01 16:44 - 00000000 ____D () C:\FRST 2014-05-02 13:19 - 2014-05-01 16:43 - 02062336 _____ (Farbar) C:\Users\Savitri\Downloads\FRST64.exe 2014-05-02 13:11 - 2013-04-25 15:35 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\Skype 2014-05-02 13:01 - 2013-03-25 23:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-02 12:48 - 2009-12-13 16:50 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-02 11:48 - 2014-05-02 10:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-02 11:24 - 2014-05-02 11:24 - 00000858 _____ () C:\Users\Savitri\Desktop\JRT.txt 2014-05-02 11:17 - 2009-07-14 06:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-02 11:17 - 2009-07-14 06:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-02 11:14 - 2009-10-07 20:23 - 01485127 _____ () C:\Windows\WindowsUpdate.log 2014-05-02 11:13 - 2014-05-02 11:13 - 01016261 _____ (Thisisu) C:\Users\Savitri\Downloads\JRT.exe 2014-05-02 11:12 - 2014-05-02 11:12 - 00002112 _____ () C:\Users\Savitri\Desktop\AdwCleaner[S0].txt 2014-05-02 11:10 - 2009-12-18 15:19 - 00000324 _____ () C:\Windows\Brownie.ini 2014-05-02 11:09 - 2013-11-27 18:11 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-05-02 11:08 - 2014-05-02 10:51 - 00000384 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Savitri.job 2014-05-02 11:08 - 2014-04-10 20:27 - 00003342 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-842135949-2711248906-428214252-1000 2014-05-02 11:07 - 2014-05-02 10:51 - 00000378 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Savitri.job 2014-05-02 11:07 - 2014-05-02 10:50 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Savitri.job 2014-05-02 11:07 - 2013-05-03 14:49 - 00000440 _____ () C:\Windows\Tasks\PCCT - MAGIX AG.job 2014-05-02 11:07 - 2010-07-04 08:26 - 00779608 _____ () C:\Windows\PFRO.log 2014-05-02 11:07 - 2010-07-03 10:14 - 00184303 _____ () C:\Windows\setupact.log 2014-05-02 11:07 - 2009-12-13 16:50 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-02 11:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-02 11:06 - 2014-05-02 11:04 - 00000000 ____D () C:\AdwCleaner 2014-05-02 11:02 - 2014-05-02 11:02 - 01310621 _____ () C:\Users\Savitri\Downloads\adwcleaner.exe 2014-05-02 11:02 - 2014-05-02 11:02 - 00001885 _____ () C:\Users\Savitri\Desktop\mbam.txt 2014-05-02 10:53 - 2013-11-27 17:45 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-05-02 10:52 - 2014-05-02 10:51 - 00002970 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Savitri 2014-05-02 10:52 - 2014-05-02 10:51 - 00002966 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Savitri 2014-05-02 10:52 - 2014-05-02 10:51 - 00002674 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Savitri 2014-05-02 10:51 - 2014-05-02 10:51 - 00003618 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Savitri 2014-05-02 10:48 - 2010-06-27 15:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-05-02 10:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help 2014-05-02 10:44 - 2012-12-23 15:12 - 00000000 ____D () C:\mp-os 2014-05-02 10:23 - 2014-05-02 10:23 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-02 10:23 - 2014-05-02 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-02 10:23 - 2014-05-02 10:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-02 10:23 - 2010-04-28 12:41 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\Malwarebytes 2014-05-02 10:23 - 2010-04-28 12:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-02 10:22 - 2014-05-02 10:21 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Savitri\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-01 21:46 - 2012-08-03 14:14 - 00000000 ____D () C:\Users\Savitri\Desktop\Mediator 2014-05-01 20:43 - 2011-11-10 18:10 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-05-01 20:43 - 2009-11-01 21:27 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-05-01 16:46 - 2014-05-01 16:45 - 00063403 _____ () C:\Users\Savitri\Downloads\Addition.txt 2014-05-01 11:02 - 2012-04-06 14:10 - 00000000 ____D () C:\mp-mathe2 2014-04-30 17:35 - 2014-02-05 17:04 - 00000000 ____D () C:\Users\Savitri\Desktop\Reinigung 2014-04-30 17:31 - 2013-01-01 15:48 - 00000000 ____D () C:\CD_OS 2014-04-30 15:13 - 2012-08-16 14:06 - 00000000 ____D () C:\mp-rechtschreibung2 2014-04-30 14:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-30 14:11 - 2013-05-29 16:44 - 00000000 ____D () C:\mp-OG 2014-04-30 14:11 - 2009-09-12 05:13 - 00718394 _____ () C:\Windows\system32\perfh007.dat 2014-04-30 14:11 - 2009-09-12 05:13 - 00158028 _____ () C:\Windows\system32\perfc007.dat 2014-04-30 14:11 - 2009-07-14 07:13 - 01672424 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-30 10:41 - 2009-10-31 15:14 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job 2014-04-29 16:01 - 2013-03-25 23:05 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-29 16:01 - 2013-03-25 23:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-29 16:01 - 2013-01-31 20:32 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-29 15:59 - 2013-06-04 07:15 - 00000000 ____D () C:\mp-lega 2014-04-28 14:55 - 2013-05-29 16:44 - 00000000 ____D () C:\CD_OG 2014-04-28 14:50 - 2012-10-08 16:35 - 00000000 ____D () C:\mp-lesen7 2014-04-26 13:44 - 2014-04-09 13:56 - 00000000 ____D () C:\Users\Savitri\Documents\My Podcasts 2014-04-26 09:43 - 2010-11-27 16:46 - 00013030 _____ () C:\PDOXUSRS.NET 2014-04-26 09:43 - 2009-07-14 04:34 - 00001460 _____ () C:\Windows\win.ini 2014-04-25 18:51 - 2009-10-31 23:28 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\FileZilla 2014-04-25 17:29 - 2013-06-04 07:15 - 00000000 ____D () C:\CD_Lega 2014-04-25 16:34 - 2014-01-29 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol 2014-04-25 16:34 - 2014-01-29 15:15 - 00000000 ____D () C:\ProgramData\InstallMate 2014-04-25 16:33 - 2014-04-25 16:33 - 01130024 _____ (BillP Studios) C:\Users\Savitri\Downloads\wpsetup.exe 2014-04-24 16:52 - 2013-03-15 17:16 - 00000000 ____D () C:\Users\Savitri\Desktop\Lernprogramme 2014-04-24 16:51 - 2013-04-16 15:50 - 00000000 ____D () C:\Users\Savitri\Desktop\videos für youtube 2014-04-24 16:33 - 2013-10-07 16:36 - 00000000 ____D () C:\Users\Savitri\AppData\Local\Paint.NET 2014-04-24 10:18 - 2014-04-24 10:18 - 06358130 _____ () C:\Users\Savitri\Documents\Produce.wmv 2014-04-24 09:37 - 2012-08-13 15:50 - 00000000 ____D () C:\Users\Savitri\Desktop\video 2014-04-20 07:37 - 2014-04-04 08:07 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-20 07:36 - 2014-04-20 07:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-20 07:36 - 2014-04-20 07:35 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-20 07:36 - 2009-11-05 19:50 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-19 16:41 - 2014-04-19 16:41 - 00010123 _____ () C:\Users\Savitri\Desktop\Arbeitsmappe1.xlsx 2014-04-19 07:40 - 2009-10-31 17:29 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-18 14:50 - 2014-02-18 18:51 - 00000000 ____D () C:\vorlagen februar 2014 2014-04-16 14:15 - 2012-11-10 16:52 - 00000000 ____D () C:\Datenbanken 2014-04-16 08:31 - 2012-06-23 07:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-04-14 20:13 - 2014-04-20 07:36 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-14 20:05 - 2014-04-20 07:36 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-14 20:05 - 2014-04-20 07:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-14 20:04 - 2014-04-20 07:36 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-14 08:27 - 2014-01-25 09:59 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\CreateInstall Light 2014-04-14 08:23 - 2014-01-01 16:08 - 00000000 ____D () C:\Program Files (x86)\Aufmerksamkeit 2014-04-14 08:22 - 2013-06-01 14:08 - 00000000 ____D () C:\mp-AS 2014-04-14 08:18 - 2012-10-12 13:31 - 00000000 ____D () C:\mp-mathe5 2014-04-14 08:08 - 2014-04-08 08:11 - 00000000 ____D () C:\Program Files (x86)\Wahrnehmung Optisches Gedächtnis 2014-04-13 17:29 - 2009-11-09 11:41 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\Audacity 2014-04-10 20:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-10 20:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-10 11:09 - 2012-10-11 16:27 - 00000000 ____D () C:\mp-lesen9 2014-04-10 09:41 - 2012-08-05 19:32 - 00000000 ____D () C:\Users\Savitri\Desktop\Maerchen 2014-04-09 20:17 - 2012-09-09 19:56 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{10F27B3E-2E9E-47DB-ADB4-4D06C7998B75} 2014-04-09 20:08 - 2013-08-10 19:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 20:04 - 2009-11-01 09:44 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-09 16:32 - 2014-04-09 16:32 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-09 16:32 - 2014-01-04 09:28 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-04-09 16:32 - 2013-11-27 17:45 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-09 16:32 - 2013-11-27 17:45 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-09 16:32 - 2013-11-27 17:45 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-09 16:32 - 2013-11-27 17:45 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-09 16:32 - 2013-11-27 17:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-09 16:32 - 2011-06-09 09:28 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-09 16:31 - 2014-04-09 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-09 16:31 - 2013-11-27 17:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-08 15:28 - 2010-04-08 10:35 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\vlc 2014-04-08 08:33 - 2014-04-08 08:23 - 00000000 ____D () C:\Users\Savitri\Desktop\CD_OG 2014-04-07 15:20 - 2013-04-07 14:48 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-04-07 15:20 - 2013-04-07 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-04-07 07:51 - 2014-04-07 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KompoZer 2014-04-07 07:51 - 2014-04-07 07:51 - 00000000 ____D () C:\Program Files (x86)\KompoZer 2014-04-07 07:50 - 2014-01-14 17:16 - 00000000 ____D () C:\Users\Savitri\Documents\Lernprogramme-Hilfsprogramme 2014-04-07 07:49 - 2014-01-18 17:26 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\KompoZer 2014-04-07 07:42 - 2014-04-07 07:42 - 00001226 _____ () C:\Users\Savitri\Desktop\Revo Uninstaller.lnk 2014-04-07 07:42 - 2014-04-07 07:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-07 07:39 - 2013-05-28 18:46 - 00000000 ____D () C:\CD_OD 2014-04-06 08:36 - 2014-04-30 17:37 - 01016261 _____ (Thisisu) C:\Users\Savitri\Desktop\JRT_NEW.exe 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\RealNetworks 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\Program Files (x86)\RealNetworks 2014-04-04 08:13 - 2014-04-04 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2014-04-04 08:13 - 2009-11-22 18:12 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\Real 2014-04-04 08:13 - 2009-11-22 18:12 - 00000000 ____D () C:\Program Files (x86)\Real 2014-04-04 08:12 - 2014-04-04 08:12 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2014-04-04 08:12 - 2009-11-04 20:29 - 00000000 ____D () C:\ProgramData\Real 2014-04-04 08:12 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-04 08:11 - 2014-04-04 08:11 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2014-04-03 09:51 - 2014-05-02 10:23 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-05-02 10:23 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2013-11-27 19:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-03 08:22 - 2013-05-28 13:51 - 00000000 ____D () C:\mp-od 2014-04-03 07:43 - 2009-12-13 16:50 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-03 07:43 - 2009-12-13 16:50 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP: ==================== C:\Users\Savitri\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-30 18:09 ==================== End Of Log ============================ --- --- --- Gruss Jola |
03.05.2014, 07:33 | #6 |
/// the machine /// TB-Ausbilder | Link zur eigenen Webseite spinntESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Link zur eigenen Webseite spinnt |
04.05.2014, 06:37 | #7 |
| Link zur eigenen Webseite spinnt Habe alles gemäss Anweisung gemacht. Doch das Problem besteht immer noch. Wenn ich von meiner Webseite aus zurück gehe, komme ich nicht auf die vorhergegange Seite, sondern auf eine leere Google-Suchseite. Ausserdem ist nun der Lautsprecher inaktiv. Es heisst: Der Audiodienst wird nicht ausgeführt. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=24953f8c458b3b4db36f7fd60b9f26ee # engine=18120 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-05-03 02:38:58 # local_time=2014-05-03 04:38:58 (+0100, Mitteleuropäische Sommerzeit) # country="Switzerland" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=774 16777213 71 76 2059854 2074031 0 0 # compatibility_mode=5893 16776573 100 94 94727 150757788 0 0 # scanned=475013 # found=0 # cleaned=0 # scan_time=22135 Code:
ATTFilter Results of screen317's Security Check version 0.99.82 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` SpywareBlaster 5.0 Java 7 Update 55 Adobe Flash Player 13.0.0.206 Adobe Reader XI Mozilla Firefox (28.0) ````````Process Check: objlist.exe by Laurent```````` WinPatrol winpatrol.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe system32 AvastSvc.exe -?- AVAST Software Avast AvastUI.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2014 Ran by Savitri (administrator) on SAVITRI on 03-05-2014 17:59:43 Running from C:\Users\Savitri\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MxTray.exe () C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Brio) C:\Program Files\FolderSize\FolderSizeSvc.exe (hMailServer) C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe (CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7311\Monitor.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (brother) C:\Program Files (x86)\Brownie\BrStsW64.exe (D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (brother) C:\Program Files (x86)\Brownie\brpjp04a.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] () HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC7311\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation) HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-05-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-06-22] (EasyBits Software AS) HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [963072 2008-01-08] (brother) HKLM-x32\...\Run: [UpdatePDRShortCut] => c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [D-Link D-Link DWA-140] => C:\Program Files (x86)\D-Link\DWA-140 revB\AirNCFG.exe [1074496 2011-06-29] (D-Link Corp.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3854640 2014-04-09] (AVAST Software) HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft) HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-11] (Easybits) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-04-04] (RealNetworks, Inc.) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard) HKU\S-1-5-21-842135949-2711248906-428214252-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-842135949-2711248906-428214252-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-842135949-2711248906-428214252-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-842135949-2711248906-428214252-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [533568 2014-04-23] (BillP Studios) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.) Startup: C:\Users\Savitri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {71398C2C-687B-4CD9-8A25-501D138F73E6} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcndtie7-de-ch SearchScopes: HKLM - {71398C2C-687B-4CD9-8A25-501D138F73E6} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1452&query={searchTerms}&invocationType=tb50hpcndtie7-de-ch BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} DPF: HKLM-x32 {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-09-11] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri FF Homepage: https://www.google.ch/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=17.0.6.13 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.6 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=17.0.6.13 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Savitri\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll (The OpenSSL Project, hxxp://www.openssl.org/) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll (DivX,Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll (The OpenSSL Project, hxxp://www.openssl.org/) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WOT - C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27] FF Extension: NoScript - C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-01] FF Extension: Web Developer - C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-08-21] FF Extension: Adblock Plus - C:\Users\Savitri\AppData\Roaming\Mozilla\Firefox\Profiles\psydjhqg.Savitri\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-01] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-27] FF HKLM-x32\...\Firefox\Extensions: [{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] ==================== Services (Whitelisted) ================= S4 Apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2012-08-18] (Apache Software Foundation) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-09] (AVAST Software) R2 D_Link_DWA-140_WPS; C:\Program Files (x86)\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-07-12] () R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [167936 2010-04-06] (Brio) R2 hMailServer; C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe [5395968 2010-06-07] (hMailServer) S2 MAGIX StartUp Analyze Service; C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MXSAS.exe [186368 2010-11-04] (MAGIX AG) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-02-12] () R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141336 2014-04-04] (RealNetworks, Inc.) R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-02-14] () R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [247152 2009-04-17] () R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X] ==================== Drivers (Whitelisted) ==================== R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2011-02-21] () U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-09] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-04-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-04-09] () R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [104912 2007-11-07] (EZB Systems, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [1617472 2011-04-28] (Ralink Technology Corp.) S3 PAC7311; C:\Windows\System32\DRIVERS\PA707UCM.SYS [602112 2006-11-08] (PixArt Imaging Inc.) S4 ATIXPGAA; \??\C:\Program Files\PC-Doctor for Windows\ATIXPGAA.SYS [X] S4 catchme; \??\C:\ComboFix\catchme.sys [X] R3 cpuz132; \??\C:\Users\Savitri\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X] U3 DfSdkS; U4 esgiguard; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-03 17:58 - 2014-05-03 17:58 - 00000915 _____ () C:\Users\Savitri\Desktop\checkup.txt 2014-05-03 17:54 - 2014-05-03 17:54 - 00855379 _____ () C:\Users\Savitri\Desktop\SecurityCheck.exe 2014-05-03 17:50 - 2014-05-03 17:50 - 00003342 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-842135949-2711248906-428214252-1000 2014-05-03 17:44 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-03 17:44 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-03 17:44 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-03 17:44 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-03 10:23 - 2014-05-03 10:23 - 02347384 _____ (ESET) C:\Users\Savitri\Desktop\esetsmartinstaller_deu.exe 2014-05-02 13:19 - 2014-05-02 13:19 - 00000000 ____D () C:\Users\Savitri\Downloads\FRST-OlderVersion 2014-05-02 11:13 - 2014-05-02 11:13 - 01016261 _____ (Thisisu) C:\Users\Savitri\Downloads\JRT.exe 2014-05-02 11:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-02 11:04 - 2014-05-02 11:06 - 00000000 ____D () C:\AdwCleaner 2014-05-02 11:02 - 2014-05-02 11:02 - 01310621 _____ () C:\Users\Savitri\Downloads\adwcleaner.exe 2014-05-02 10:51 - 2014-05-03 17:49 - 00000384 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Savitri.job 2014-05-02 10:51 - 2014-05-02 11:07 - 00000378 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Savitri.job 2014-05-02 10:51 - 2014-05-02 10:52 - 00002970 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Savitri 2014-05-02 10:51 - 2014-05-02 10:52 - 00002966 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Savitri 2014-05-02 10:51 - 2014-05-02 10:52 - 00002674 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Savitri 2014-05-02 10:51 - 2014-05-02 10:51 - 00003618 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Savitri 2014-05-02 10:50 - 2014-05-03 10:53 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Savitri.job 2014-05-02 10:23 - 2014-05-03 17:55 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-02 10:23 - 2014-05-02 10:23 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-02 10:23 - 2014-05-02 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-02 10:23 - 2014-05-02 10:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-02 10:23 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-02 10:23 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-02 10:21 - 2014-05-02 10:22 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Savitri\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-01 16:45 - 2014-05-01 16:46 - 00063403 _____ () C:\Users\Savitri\Downloads\Addition.txt 2014-05-01 16:44 - 2014-05-03 17:59 - 00022111 _____ () C:\Users\Savitri\Downloads\FRST.txt 2014-05-01 16:44 - 2014-05-03 17:59 - 00000000 ____D () C:\FRST 2014-05-01 16:43 - 2014-05-02 13:19 - 02062336 _____ (Farbar) C:\Users\Savitri\Downloads\FRST64.exe 2014-04-30 17:37 - 2014-04-06 08:36 - 01016261 _____ (Thisisu) C:\Users\Savitri\Desktop\JRT_NEW.exe 2014-04-25 16:33 - 2014-04-25 16:33 - 01130024 _____ (BillP Studios) C:\Users\Savitri\Downloads\wpsetup.exe 2014-04-24 10:18 - 2014-04-24 10:18 - 06358130 _____ () C:\Users\Savitri\Documents\Produce.wmv 2014-04-20 07:36 - 2014-04-20 07:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-20 07:36 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-20 07:36 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-20 07:36 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-20 07:36 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-20 07:35 - 2014-04-20 07:36 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-19 16:41 - 2014-04-19 16:41 - 00010123 _____ () C:\Users\Savitri\Desktop\Arbeitsmappe1.xlsx 2014-04-10 20:02 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-10 20:02 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-10 20:02 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-10 20:02 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-10 20:02 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-10 20:02 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-10 20:02 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-10 20:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-10 20:02 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-10 20:02 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-10 20:02 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-10 20:02 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-10 20:02 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-10 20:02 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-10 20:02 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-10 20:02 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-10 20:02 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-10 20:02 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-10 20:02 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-10 20:02 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-10 20:02 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-10 20:02 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-10 20:02 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-10 20:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-10 20:02 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-10 20:02 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-10 20:02 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-10 20:02 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-10 20:02 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-10 20:02 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-10 20:02 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-10 20:02 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-10 20:02 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-10 20:02 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-10 20:02 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-10 20:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-10 20:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-10 20:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-10 20:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-10 20:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-10 20:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-10 20:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-10 20:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-10 20:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-09 16:32 - 2014-04-09 16:32 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-09 16:31 - 2014-04-09 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-09 13:56 - 2014-04-26 13:44 - 00000000 ____D () C:\Users\Savitri\Documents\My Podcasts 2014-04-09 08:45 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 08:45 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 08:45 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 08:45 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 08:45 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 08:45 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 08:45 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 08:45 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 08:45 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 08:45 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 08:45 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 08:45 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 08:45 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 08:45 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 08:45 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 08:45 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 08:45 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-08 08:23 - 2014-04-08 08:33 - 00000000 ____D () C:\Users\Savitri\Desktop\CD_OG 2014-04-08 08:11 - 2014-04-14 08:08 - 00000000 ____D () C:\Program Files (x86)\Wahrnehmung Optisches Gedächtnis 2014-04-07 07:51 - 2014-04-07 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KompoZer 2014-04-07 07:51 - 2014-04-07 07:51 - 00000000 ____D () C:\Program Files (x86)\KompoZer 2014-04-07 07:42 - 2014-04-07 07:42 - 00001226 _____ () C:\Users\Savitri\Desktop\Revo Uninstaller.lnk 2014-04-07 07:42 - 2014-04-07 07:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\RealNetworks 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\Program Files (x86)\RealNetworks 2014-04-04 08:12 - 2014-04-04 08:12 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2014-04-04 08:11 - 2014-04-04 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2014-04-04 08:11 - 2014-04-04 08:11 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2014-04-04 08:07 - 2014-04-20 07:37 - 00000000 ____D () C:\ProgramData\Oracle ==================== One Month Modified Files and Folders ======= 2014-05-03 17:59 - 2014-05-01 16:44 - 00022111 _____ () C:\Users\Savitri\Downloads\FRST.txt 2014-05-03 17:59 - 2014-05-01 16:44 - 00000000 ____D () C:\FRST 2014-05-03 17:58 - 2014-05-03 17:58 - 00000915 _____ () C:\Users\Savitri\Desktop\checkup.txt 2014-05-03 17:58 - 2009-07-14 06:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-03 17:58 - 2009-07-14 06:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-03 17:55 - 2014-05-02 10:23 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-03 17:54 - 2014-05-03 17:54 - 00855379 _____ () C:\Users\Savitri\Desktop\SecurityCheck.exe 2014-05-03 17:53 - 2010-07-03 10:14 - 00184527 _____ () C:\Windows\setupact.log 2014-05-03 17:52 - 2013-04-25 15:35 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\Skype 2014-05-03 17:51 - 2013-11-27 17:45 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-05-03 17:51 - 2009-12-18 15:19 - 00000324 _____ () C:\Windows\Brownie.ini 2014-05-03 17:50 - 2014-05-03 17:50 - 00003342 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-842135949-2711248906-428214252-1000 2014-05-03 17:50 - 2013-11-27 18:11 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection 2014-05-03 17:49 - 2014-05-02 10:51 - 00000384 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Savitri.job 2014-05-03 17:48 - 2013-05-03 14:49 - 00000440 _____ () C:\Windows\Tasks\PCCT - MAGIX AG.job 2014-05-03 17:48 - 2009-12-13 16:50 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-03 17:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-03 17:46 - 2010-07-04 08:26 - 00780434 _____ () C:\Windows\PFRO.log 2014-05-03 17:45 - 2009-10-07 20:23 - 01855959 _____ () C:\Windows\WindowsUpdate.log 2014-05-03 17:42 - 2013-01-01 15:48 - 00000000 ____D () C:\CD_OS 2014-05-03 17:42 - 2012-12-23 15:12 - 00000000 ____D () C:\mp-os 2014-05-03 17:42 - 2009-11-09 11:41 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\Audacity 2014-05-03 17:01 - 2013-03-25 23:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-03 16:48 - 2009-12-13 16:50 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-03 10:53 - 2014-05-02 10:50 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Savitri.job 2014-05-03 10:23 - 2014-05-03 10:23 - 02347384 _____ (ESET) C:\Users\Savitri\Desktop\esetsmartinstaller_deu.exe 2014-05-02 14:21 - 2009-09-12 05:13 - 00718394 _____ () C:\Windows\system32\perfh007.dat 2014-05-02 14:21 - 2009-09-12 05:13 - 00158028 _____ () C:\Windows\system32\perfc007.dat 2014-05-02 14:21 - 2009-07-14 07:13 - 01672424 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-02 13:19 - 2014-05-02 13:19 - 00000000 ____D () C:\Users\Savitri\Downloads\FRST-OlderVersion 2014-05-02 13:19 - 2014-05-01 16:43 - 02062336 _____ (Farbar) C:\Users\Savitri\Downloads\FRST64.exe 2014-05-02 11:13 - 2014-05-02 11:13 - 01016261 _____ (Thisisu) C:\Users\Savitri\Downloads\JRT.exe 2014-05-02 11:07 - 2014-05-02 10:51 - 00000378 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Savitri.job 2014-05-02 11:06 - 2014-05-02 11:04 - 00000000 ____D () C:\AdwCleaner 2014-05-02 11:02 - 2014-05-02 11:02 - 01310621 _____ () C:\Users\Savitri\Downloads\adwcleaner.exe 2014-05-02 10:52 - 2014-05-02 10:51 - 00002970 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Savitri 2014-05-02 10:52 - 2014-05-02 10:51 - 00002966 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Savitri 2014-05-02 10:52 - 2014-05-02 10:51 - 00002674 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Savitri 2014-05-02 10:51 - 2014-05-02 10:51 - 00003618 _____ () C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Savitri 2014-05-02 10:48 - 2010-06-27 15:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-05-02 10:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help 2014-05-02 10:23 - 2014-05-02 10:23 - 00001064 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-02 10:23 - 2014-05-02 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-02 10:23 - 2014-05-02 10:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-02 10:23 - 2010-04-28 12:41 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\Malwarebytes 2014-05-02 10:23 - 2010-04-28 12:41 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-02 10:22 - 2014-05-02 10:21 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Savitri\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-01 21:46 - 2012-08-03 14:14 - 00000000 ____D () C:\Users\Savitri\Desktop\Mediator 2014-05-01 20:43 - 2011-11-10 18:10 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-05-01 20:43 - 2009-11-01 21:27 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-05-01 16:46 - 2014-05-01 16:45 - 00063403 _____ () C:\Users\Savitri\Downloads\Addition.txt 2014-05-01 11:02 - 2012-04-06 14:10 - 00000000 ____D () C:\mp-mathe2 2014-04-30 17:35 - 2014-02-05 17:04 - 00000000 ____D () C:\Users\Savitri\Desktop\Reinigung 2014-04-30 15:13 - 2012-08-16 14:06 - 00000000 ____D () C:\mp-rechtschreibung2 2014-04-30 14:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-04-30 14:11 - 2013-05-29 16:44 - 00000000 ____D () C:\mp-OG 2014-04-30 10:41 - 2009-10-31 15:14 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job 2014-04-29 16:01 - 2014-05-03 17:44 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-29 16:01 - 2013-03-25 23:05 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-29 16:01 - 2013-03-25 23:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-29 16:01 - 2013-01-31 20:32 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-29 15:59 - 2013-06-04 07:15 - 00000000 ____D () C:\mp-lega 2014-04-29 15:40 - 2014-05-03 17:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-29 14:48 - 2014-05-03 17:44 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-29 14:34 - 2014-05-03 17:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-28 14:55 - 2013-05-29 16:44 - 00000000 ____D () C:\CD_OG 2014-04-28 14:50 - 2012-10-08 16:35 - 00000000 ____D () C:\mp-lesen7 2014-04-26 13:44 - 2014-04-09 13:56 - 00000000 ____D () C:\Users\Savitri\Documents\My Podcasts 2014-04-26 09:43 - 2010-11-27 16:46 - 00013030 _____ () C:\PDOXUSRS.NET 2014-04-26 09:43 - 2009-07-14 04:34 - 00001460 _____ () C:\Windows\win.ini 2014-04-25 18:51 - 2009-10-31 23:28 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\FileZilla 2014-04-25 17:29 - 2013-06-04 07:15 - 00000000 ____D () C:\CD_Lega 2014-04-25 16:34 - 2014-01-29 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol 2014-04-25 16:34 - 2014-01-29 15:15 - 00000000 ____D () C:\ProgramData\InstallMate 2014-04-25 16:33 - 2014-04-25 16:33 - 01130024 _____ (BillP Studios) C:\Users\Savitri\Downloads\wpsetup.exe 2014-04-24 16:52 - 2013-03-15 17:16 - 00000000 ____D () C:\Users\Savitri\Desktop\Lernprogramme 2014-04-24 16:51 - 2013-04-16 15:50 - 00000000 ____D () C:\Users\Savitri\Desktop\videos für youtube 2014-04-24 16:33 - 2013-10-07 16:36 - 00000000 ____D () C:\Users\Savitri\AppData\Local\Paint.NET 2014-04-24 10:18 - 2014-04-24 10:18 - 06358130 _____ () C:\Users\Savitri\Documents\Produce.wmv 2014-04-24 09:37 - 2012-08-13 15:50 - 00000000 ____D () C:\Users\Savitri\Desktop\video 2014-04-20 07:37 - 2014-04-04 08:07 - 00000000 ____D () C:\ProgramData\Oracle 2014-04-20 07:36 - 2014-04-20 07:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-20 07:36 - 2014-04-20 07:35 - 00004161 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-20 07:36 - 2009-11-05 19:50 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-19 16:41 - 2014-04-19 16:41 - 00010123 _____ () C:\Users\Savitri\Desktop\Arbeitsmappe1.xlsx 2014-04-19 07:40 - 2009-10-31 17:29 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-18 14:50 - 2014-02-18 18:51 - 00000000 ____D () C:\vorlagen februar 2014 2014-04-16 14:15 - 2012-11-10 16:52 - 00000000 ____D () C:\Datenbanken 2014-04-16 08:31 - 2012-06-23 07:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView 2014-04-14 20:13 - 2014-04-20 07:36 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-14 20:05 - 2014-04-20 07:36 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-14 20:05 - 2014-04-20 07:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-14 20:04 - 2014-04-20 07:36 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-14 08:27 - 2014-01-25 09:59 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\CreateInstall Light 2014-04-14 08:23 - 2014-01-01 16:08 - 00000000 ____D () C:\Program Files (x86)\Aufmerksamkeit 2014-04-14 08:22 - 2013-06-01 14:08 - 00000000 ____D () C:\mp-AS 2014-04-14 08:18 - 2012-10-12 13:31 - 00000000 ____D () C:\mp-mathe5 2014-04-14 08:08 - 2014-04-08 08:11 - 00000000 ____D () C:\Program Files (x86)\Wahrnehmung Optisches Gedächtnis 2014-04-10 20:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-10 20:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-10 11:09 - 2012-10-11 16:27 - 00000000 ____D () C:\mp-lesen9 2014-04-10 09:41 - 2012-08-05 19:32 - 00000000 ____D () C:\Users\Savitri\Desktop\Maerchen 2014-04-09 20:17 - 2012-09-09 19:56 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{10F27B3E-2E9E-47DB-ADB4-4D06C7998B75} 2014-04-09 20:08 - 2013-08-10 19:09 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 20:04 - 2009-11-01 09:44 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-09 16:32 - 2014-04-09 16:32 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-09 16:32 - 2014-01-04 09:28 - 00084816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-04-09 16:32 - 2013-11-27 17:45 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-09 16:32 - 2013-11-27 17:45 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-09 16:32 - 2013-11-27 17:45 - 00208928 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-09 16:32 - 2013-11-27 17:45 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-09 16:32 - 2013-11-27 17:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-09 16:32 - 2011-06-09 09:28 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-09 16:31 - 2014-04-09 16:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-09 16:31 - 2013-11-27 17:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-08 15:28 - 2010-04-08 10:35 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\vlc 2014-04-08 08:33 - 2014-04-08 08:23 - 00000000 ____D () C:\Users\Savitri\Desktop\CD_OG 2014-04-07 15:20 - 2013-04-07 14:48 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-04-07 15:20 - 2013-04-07 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-04-07 07:51 - 2014-04-07 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KompoZer 2014-04-07 07:51 - 2014-04-07 07:51 - 00000000 ____D () C:\Program Files (x86)\KompoZer 2014-04-07 07:50 - 2014-01-14 17:16 - 00000000 ____D () C:\Users\Savitri\Documents\Lernprogramme-Hilfsprogramme 2014-04-07 07:49 - 2014-01-18 17:26 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\KompoZer 2014-04-07 07:42 - 2014-04-07 07:42 - 00001226 _____ () C:\Users\Savitri\Desktop\Revo Uninstaller.lnk 2014-04-07 07:42 - 2014-04-07 07:42 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-07 07:39 - 2013-05-28 18:46 - 00000000 ____D () C:\CD_OD 2014-04-06 08:36 - 2014-04-30 17:37 - 01016261 _____ (Thisisu) C:\Users\Savitri\Desktop\JRT_NEW.exe 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\RealNetworks 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-04-04 08:13 - 2014-04-04 08:13 - 00000000 ____D () C:\Program Files (x86)\RealNetworks 2014-04-04 08:13 - 2014-04-04 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2014-04-04 08:13 - 2009-11-22 18:12 - 00000000 ____D () C:\Users\Savitri\AppData\Roaming\Real 2014-04-04 08:13 - 2009-11-22 18:12 - 00000000 ____D () C:\Program Files (x86)\Real 2014-04-04 08:12 - 2014-04-04 08:12 - 00201800 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2014-04-04 08:12 - 2009-11-04 20:29 - 00000000 ____D () C:\ProgramData\Real 2014-04-04 08:12 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-04 08:11 - 2014-04-04 08:11 - 00278600 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2014-04-03 09:51 - 2014-05-02 10:23 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-05-02 10:23 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2013-11-27 19:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-03 08:22 - 2013-05-28 13:51 - 00000000 ____D () C:\mp-od 2014-04-03 07:43 - 2009-12-13 16:50 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-03 07:43 - 2009-12-13 16:50 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore Some content of TEMP: ==================== C:\Users\Savitri\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-30 18:09 ==================== End Of Log ============================ --- --- --- --- --- --- Gruss Jola Der Lautsprecher funktioniert heute morgen wieder. |
04.05.2014, 07:55 | #8 |
/// the machine /// TB-Ausbilder | Link zur eigenen Webseite spinnt schick mir mal bitte den Link zur Seite.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
04.05.2014, 08:23 | #9 |
| Link zur eigenen Webseite spinnt Hier der link von der Google-Seite: https://www.google.ch/#q=lernprogramme Der Link zu meiner Webseite ist der 2. von oben (lern-programme.ch) Gruss Jola |
04.05.2014, 10:54 | #10 |
/// the machine /// TB-Ausbilder | Link zur eigenen Webseite spinnt Ich hab deine Seite jetzt 2mal geöffnet, einmal ging sie normal auf, einmal kam direkt ein download einer Malware-Datei. Deine Seite ist Müll. Komplett löschen, neu hochladen, FTP Passwort ändern.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
05.05.2014, 12:34 | #11 |
| Link zur eigenen Webseite spinnt Ok, habe mir schon gedacht, dass es an der Webseite liegt, da ja alle anderen Links funktionieren. Ich hatte ja vor einiger Zeit mal einen Virus oder Malware, da hattest du mir ja schon geholfen. Seither habe ich alles geschützt, so wie du es mir angeraten hattest. Vielleicht hatte ich aber schon vorher diesen Virus oder Malware hochgeladen, kann das sein? Darf ich dir noch ein paar Fragen stellen? Kann man den Virus oder die Malware auf der Webseite erkennen, wenn z.B. die hochgeladene Datei grösser ist als die auf dem PC? Muss ich auch alle Bilder neu laden? Kann sich auch in einer jpg.-Datei, deren Grösse nicht verändert ist, Malware verstecken? Alle Links werden bei mir von Awast beurteilt, ob sie sicher sind. Mein Link wird auch als sicher eingestuft. Das sollte doch eigentlich nicht sein, ist Awast nicht sicher? Vielen Dank für deine Hilfe Jola Habe die Homepage nun ausser den Bildern alles gelöscht und neu hochgeladen, auch pw geändert. Der Zurück-Button spinnt aber immer noch. Das andere kann ich nicht beurteilen. Ist meine Homepage nun sauber? In der Zwischenzeit habe ich online meine Webseite auf verschiedenen Seiten testen lassen und es scheint alles sauber zu sein. Ich habe auch alle Cookies gelöscht und siehe da, der Zurück-Button funktioniert auch wieder. Sofern ich von dir nichts mehr höre, nehme ich an, dass nun alles in Ordnung ist und danke dir für deine Hilfe. Gruss Jola |
06.05.2014, 09:03 | #12 | |
/// the machine /// TB-Ausbilder | Link zur eigenen Webseite spinntZitat:
Bilder gleicher Größe sollten sicher sein. Sollte jetzt passen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Link zur eigenen Webseite spinnt |
andere, anderen, bekannte, eingebe, firefox, folge, folgendes, funktionier, funktioniert, google, innerhalb, klicke, leere, link, links, nicht mehr, patrol, programme, spinn, spinnt, stichwort, unbekannte, webseite, windows, winpatrol |