| |
| |||||||
Log-Analyse und Auswertung: Posadi17.com/ lässt sich nicht entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.05.2014, 23:13
| #1 |
| |  Posadi17.com/ lässt sich nicht entfernen Hallo Trojaner-Board, nach jedem Systemstart öffnet sich bei mir im Taskmanager der Link posadi17.com/.... Verbraucht relativ viel Ressourcen und zeitweise kommt Werbung über die Lautsprecher. Mein aktuelles Virensystem ist McAffee Internet Security . Ich hab mich schon hier im Forum dazu belesen. Seit der Entdeckung meine Aktionen (haben alle nicht zum Erfolg geführt): Systemscan mit McAffee, Scan mit Malwarebytes, Scan mit HerdProtectScan, Junkware Removal Tool, Adw Cleaner, Deinstallation McAffee (mit Neustart versteht sich), Installation Kaspersky Internet Security (alle Signaturen geupdatet) Scan (überhaupt nichts gefunden  ) , Deinstallation,Neustart, Installation Eset Smart Security (Tiefenscan komplett)Auch probiert mit diesem OTH.scr kann aber irgendwie da nicht die Prozesse killen (also passiert überhaupt nichts) FRST.txt Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014
Ran by Björn (administrator) on SERGEANT on 14-05-2014 23:01:51
Running from E:\
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
() C:\ProgramData\DataCardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(6 Wunderkinder GmbH) C:\Program Files (x86)\Wunderlist2\Wunderlist.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-10-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-10-08] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285680 2013-03-05] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\Run: [Wunderlist] => C:\Program Files (x86)\Wunderlist2\Wunderlist.exe [13021792 2013-12-02] (6 Wunderkinder GmbH)
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\Run: [Spotify Web Helper] => C:\Users\Björn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-02-23] (Spotify Ltd)
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\Run: [InetStat] => C:\Users\Björn\AppData\Roaming\InetStat\inetstat.exe [1259488 2014-05-12] ()
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\MountPoints2: {113cd972-3404-11e3-be7b-70188b2e6122} - "G:\AutoRun.exe"
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\MountPoints2: {f5500f4c-31cd-11e3-be78-70188b2e6122} - "G:\AutoRun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {E17AA11D-ECB4-4203-A2D2-0B3B17498E82} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^man000^YYA^&ptb=F5EF3DAD-FE2D-4139-8051-057392F8CDEB&ind=2014050714&n=780bf99a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {E17AA11D-ECB4-4203-A2D2-0B3B17498E82} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-14]
==================== Services (Whitelisted) =================
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2013-06-25] (Atheros Commnucations)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-29] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-20] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [657504 2012-11-01] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [506880 2013-05-03] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-10-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
R2 SystemUpdatekb70007; C:\WINDOWS\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [605696 2012-11-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 akw8x64; C:\Windows\system32\DRIVERS\akw8x64.sys [3800272 2013-05-03] (Qualcomm Atheros, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-05-03] (Qualcomm Atheros, Inc.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-29] (Intel Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 RL_DJIFIE2_MIDI; C:\Windows\system32\drivers\rldjif2m.sys [41168 2013-01-10] (Ploytec GmbH)
S3 RL_DJIFIE2_USB; C:\Windows\System32\Drivers\rldjif2u.sys [446160 2013-01-10] (Ploytec GmbH)
S3 RL_DJIFIE2_WDM; C:\Windows\system32\drivers\rldjif2a.sys [54992 2013-01-10] (Ploytec GmbH)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [71832 2012-07-14] (STMicroelectronics)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-14 23:01 - 2014-05-14 23:01 - 00000000 ____D () C:\FRST
2014-05-14 22:49 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-14 22:49 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 22:20 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 22:20 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 22:20 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 22:20 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 22:20 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 22:20 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 22:20 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 22:20 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 22:20 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 22:18 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 22:18 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 22:18 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 22:18 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 22:18 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 22:18 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 22:18 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 22:18 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 22:18 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 22:18 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 22:18 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 22:18 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 22:18 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-14 22:18 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 22:18 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 22:18 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 22:18 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 22:18 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 22:18 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 22:18 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 22:18 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 22:18 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 22:18 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 22:18 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 22:18 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 22:18 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 22:18 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 22:18 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 22:18 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 22:18 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 22:18 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 22:15 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-14 22:15 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-14 22:13 - 2014-05-14 22:13 - 00259584 _____ (OldTimer Tools) C:\Users\Björn\Desktop\OTH.scr
2014-05-14 20:05 - 2014-05-14 20:05 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\ESET
2014-05-14 20:05 - 2014-05-14 20:05 - 00000000 ____D () C:\Users\Björn\AppData\Local\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\ProgramData\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\Program Files\ESET
2014-05-14 08:25 - 2014-01-19 09:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-05-14 01:43 - 2014-05-14 01:43 - 00001034 _____ () C:\Users\Björn\Desktop\herdProtectScan.lnk
2014-05-13 22:38 - 2014-05-13 22:38 - 00286528 _____ () C:\WINDOWS\Minidump\051314-24281-01.dmp
2014-05-13 22:34 - 2014-05-13 22:38 - 592643159 _____ () C:\WINDOWS\MEMORY.DMP
2014-05-13 22:34 - 2014-05-13 22:35 - 00286528 _____ () C:\WINDOWS\Minidump\051314-36093-01.dmp
2014-05-13 22:29 - 2014-05-13 22:29 - 00000000 ____D () C:\WINDOWS\usb-audio.deRLDJIF2
2014-05-13 22:29 - 2013-01-10 19:10 - 00446160 _____ (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjif2u.sys
2014-05-13 22:29 - 2013-01-10 19:10 - 00054992 _____ (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjif2a.sys
2014-05-13 22:29 - 2013-01-10 19:10 - 00041168 _____ (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjif2m.sys
2014-05-13 21:28 - 2010-04-29 17:56 - 00402496 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldj2meu.sys
2014-05-13 21:28 - 2010-04-29 17:56 - 00050240 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldj2mea.sys
2014-05-13 21:28 - 2010-04-29 17:56 - 00031296 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldj2mem.sys
2014-05-13 20:45 - 2009-10-30 13:44 - 00460864 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjifu.sys
2014-05-13 20:45 - 2009-10-30 13:44 - 00049728 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjifa.sys
2014-05-13 20:45 - 2009-10-30 13:44 - 00036416 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjifm.sys
2014-05-13 16:32 - 2014-05-13 16:32 - 00000000 ____D () C:\Program Files\Reason
2014-05-13 16:04 - 2014-05-13 16:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-13 15:59 - 2014-05-13 15:59 - 00000000 ____D () C:\Users\Björn\Desktop\Old Pale Moon Data
2014-05-13 15:42 - 2014-05-14 22:00 - 00000000 ____D () C:\AdwCleaner
2014-05-13 14:59 - 2014-05-14 22:22 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-13 14:58 - 2014-05-14 22:22 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-13 14:58 - 2014-05-14 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-13 14:58 - 2014-05-14 22:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-13 14:58 - 2014-05-13 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-13 14:58 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-13 14:58 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-13 14:58 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-12 01:04 - 2014-05-12 01:05 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-12 00:54 - 2014-05-12 00:54 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\InetStat
2014-05-12 00:53 - 2014-05-13 15:32 - 00000000 ____D () C:\Users\Björn\AppData\Local\17483
2014-05-12 00:53 - 2014-05-12 00:53 - 00000415 _____ () C:\Users\Björn\AppData\Roaming\WinInstallFlashLog.ini
2014-05-11 23:50 - 2014-05-13 22:24 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-05-11 23:50 - 2014-05-13 22:24 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-05-11 22:37 - 2014-05-14 22:48 - 00049736 _____ () C:\WINDOWS\PFRO.log
2014-05-11 21:18 - 2014-05-11 21:18 - 00001008 _____ () C:\Users\Public\Desktop\Traktor.lnk
2014-05-11 21:18 - 2014-05-11 21:18 - 00000000 __HDC () C:\ProgramData\{2ED18044-7049-4E7A-A58D-4017348FCDB7}
2014-05-11 21:17 - 2014-05-11 21:17 - 00006930 _____ () C:\WINDOWS\DPINST.LOG
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 __HDC () C:\ProgramData\{A215474F-E448-48A8-97F1-14D1C09A4235}
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 __HDC () C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718}
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\Program Files\Native Instruments
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\Program Files (x86)\Native Instruments
2014-05-11 16:25 - 2014-05-13 22:31 - 00001906 _____ () C:\WINDOWS\setupact.log
2014-05-11 16:25 - 2014-05-11 16:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-11 15:19 - 2014-05-11 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-05-11 15:00 - 2014-05-11 15:00 - 00000861 _____ () C:\Users\Björn\Desktop\µTorrent.lnk
2014-05-11 14:59 - 2014-05-11 22:36 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\uTorrent
2014-05-10 02:08 - 2014-05-14 22:46 - 01105500 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-02 17:34 - 2014-05-02 17:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 17:34 - 2014-05-02 17:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-24 21:38 - 2014-04-24 21:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe
2014-04-21 16:08 - 2014-04-21 16:08 - 00035352 _____ (Connectify) C:\WINDOWS\system32\Drivers\cnnctfy3.sys
2014-04-15 02:34 - 2014-04-15 02:34 - 01070232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
==================== One Month Modified Files and Folders =======
2014-05-14 23:01 - 2014-05-14 23:01 - 00000000 ____D () C:\FRST
2014-05-14 23:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-14 22:59 - 2013-09-21 02:14 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-14 22:56 - 2013-09-12 21:53 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-05-14 22:55 - 2013-09-20 17:08 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1316370417-1465485672-2193434078-1001
2014-05-14 22:51 - 2014-03-04 15:12 - 00000000 __RDO () C:\Users\Björn\SkyDrive
2014-05-14 22:49 - 2013-09-23 16:03 - 00000000 ___RD () C:\Users\Björn\Podcasts
2014-05-14 22:49 - 2013-09-20 14:54 - 00000000 ___RD () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 22:49 - 2013-09-20 14:54 - 00000000 ___RD () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 22:48 - 2014-05-11 22:37 - 00049736 _____ () C:\WINDOWS\PFRO.log
2014-05-14 22:48 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-14 22:46 - 2014-05-10 02:08 - 01105500 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 22:40 - 2013-10-22 16:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 22:36 - 2013-09-20 23:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 22:34 - 2013-09-20 23:58 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-14 22:22 - 2014-05-13 14:59 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 22:22 - 2014-05-13 14:58 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 22:22 - 2014-05-13 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-14 22:22 - 2014-05-13 14:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-14 22:13 - 2014-05-14 22:13 - 00259584 _____ (OldTimer Tools) C:\Users\Björn\Desktop\OTH.scr
2014-05-14 22:00 - 2014-05-13 15:42 - 00000000 ____D () C:\AdwCleaner
2014-05-14 21:49 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-14 20:05 - 2014-05-14 20:05 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\ESET
2014-05-14 20:05 - 2014-05-14 20:05 - 00000000 ____D () C:\Users\Björn\AppData\Local\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\ProgramData\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\Program Files\ESET
2014-05-14 19:56 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-05-14 19:55 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-14 08:31 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-14 08:20 - 2013-09-12 21:58 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-14 08:15 - 2012-07-26 07:37 - 00000000 ____D () C:\Users\Default.migrated
2014-05-14 02:35 - 2013-10-18 17:48 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Spotify
2014-05-14 01:43 - 2014-05-14 01:43 - 00001034 _____ () C:\Users\Björn\Desktop\herdProtectScan.lnk
2014-05-14 01:03 - 2013-09-21 01:16 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-05-14 01:03 - 2013-09-21 01:16 - 00001123 _____ () C:\Users\Björn\Desktop\KeePass 2.lnk
2014-05-14 01:03 - 2013-09-21 01:16 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-05-14 01:01 - 2013-09-21 01:17 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\KeePass
2014-05-14 00:23 - 2013-09-30 06:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-14 00:23 - 2013-09-30 05:56 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-05-14 00:23 - 2013-09-30 05:56 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-05-13 22:38 - 2014-05-13 22:38 - 00286528 _____ () C:\WINDOWS\Minidump\051314-24281-01.dmp
2014-05-13 22:38 - 2014-05-13 22:34 - 592643159 _____ () C:\WINDOWS\MEMORY.DMP
2014-05-13 22:38 - 2013-11-25 11:29 - 00000000 ____D () C:\WINDOWS\Minidump
2014-05-13 22:38 - 2013-10-18 03:25 - 00000000 ____D () C:\Users\Björn
2014-05-13 22:35 - 2014-05-13 22:34 - 00286528 _____ () C:\WINDOWS\Minidump\051314-36093-01.dmp
2014-05-13 22:31 - 2014-05-11 16:25 - 00001906 _____ () C:\WINDOWS\setupact.log
2014-05-13 22:29 - 2014-05-13 22:29 - 00000000 ____D () C:\WINDOWS\usb-audio.deRLDJIF2
2014-05-13 22:24 - 2014-05-11 23:50 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-05-13 22:24 - 2014-05-11 23:50 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-05-13 20:59 - 2013-09-21 02:14 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-13 16:32 - 2014-05-13 16:32 - 00000000 ____D () C:\Program Files\Reason
2014-05-13 16:04 - 2014-05-13 16:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-13 15:59 - 2014-05-13 15:59 - 00000000 ____D () C:\Users\Björn\Desktop\Old Pale Moon Data
2014-05-13 15:43 - 2013-10-18 08:28 - 00001009 _____ () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-13 15:32 - 2014-05-12 00:53 - 00000000 ____D () C:\Users\Björn\AppData\Local\17483
2014-05-13 14:58 - 2014-05-13 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-12 01:05 - 2014-05-12 01:04 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-12 00:54 - 2014-05-12 00:54 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\InetStat
2014-05-12 00:53 - 2014-05-12 00:53 - 00000415 _____ () C:\Users\Björn\AppData\Roaming\WinInstallFlashLog.ini
2014-05-11 22:36 - 2014-05-11 14:59 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\uTorrent
2014-05-11 21:18 - 2014-05-11 21:18 - 00001008 _____ () C:\Users\Public\Desktop\Traktor.lnk
2014-05-11 21:18 - 2014-05-11 21:18 - 00000000 __HDC () C:\ProgramData\{2ED18044-7049-4E7A-A58D-4017348FCDB7}
2014-05-11 21:17 - 2014-05-11 21:17 - 00006930 _____ () C:\WINDOWS\DPINST.LOG
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 __HDC () C:\ProgramData\{A215474F-E448-48A8-97F1-14D1C09A4235}
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 __HDC () C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718}
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\Program Files\Native Instruments
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\Program Files (x86)\Native Instruments
2014-05-11 21:17 - 2013-09-23 13:31 - 00000000 ____D () C:\ProgramData\Native Instruments
2014-05-11 18:01 - 2013-10-23 00:19 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Mp3tag
2014-05-11 16:25 - 2014-05-11 16:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-11 15:19 - 2014-05-11 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-05-11 15:19 - 2013-10-23 00:19 - 00000997 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-05-11 15:19 - 2013-10-23 00:19 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-05-11 15:00 - 2014-05-11 15:00 - 00000861 _____ () C:\Users\Björn\Desktop\µTorrent.lnk
2014-05-10 11:08 - 2013-09-21 01:40 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-06 06:40 - 2014-05-14 22:18 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-14 22:18 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-14 22:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 22:18 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-06 01:57 - 2013-10-18 17:48 - 00000000 ____D () C:\Users\Björn\AppData\Local\Spotify
2014-05-03 12:16 - 2013-09-21 00:04 - 00000000 ____D () C:\Program Files\Pale Moon
2014-05-03 10:01 - 2013-11-25 19:18 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-02 17:34 - 2014-05-02 17:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 17:34 - 2014-05-02 17:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 22:30 - 2014-05-14 22:49 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2014-05-14 22:49 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 20:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-04-24 21:38 - 2014-04-24 21:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe
2014-04-21 21:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-04-21 16:08 - 2014-04-21 16:08 - 00035352 _____ (Connectify) C:\WINDOWS\system32\Drivers\cnnctfy3.sys
2014-04-15 02:34 - 2014-04-15 02:34 - 01070232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
Some content of TEMP:
====================
C:\Users\Björn\AppData\Local\Temp\InstHelper.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-08 16:20
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2014
Ran by Björn at 2014-05-14 23:02:20
Running from E:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal Firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.5187 - DsNET Corp)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3200 series Benutzerregistrierung (HKLM-x32\...\Canon MG3200 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
Digital Jockey - IE2 (HKLM\...\USB_AUDIO_DEusb-audio.deRLDJIF2) (Version: - )
DSC/AA Factory Installer (Version: 3.3.6261.27 - PC-Doctor, Inc.) Hidden
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESET Smart Security (HKLM\...\{F5A3E880-A737-48F2-A124-6F5D4CEA6AB4}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
InetStat (HKCU\...\InetStat) (Version: 0.4 - InetStat)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.4.1001 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (HKLM-x32\...\MAGIX_{B332E15B-243F-4F40-8530-1524F84230A0}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Music Maker 2013 Trial Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 23.009.05.03.1014 - Huawei Technologies Co.,Ltd)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mp3tag v2.59a (HKLM-x32\...\Mp3tag) (Version: v2.59a - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Native Instruments Audio 4 DJ Driver (HKLM-x32\...\Native Instruments Audio 4 DJ Driver) (Version: - Native Instruments)
Native Instruments Audio 4 DJ Driver (Version: 2.0.12.001 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Service Center (x32 Version: 2.0.6.001 - Native Instruments) Hidden
Native Instruments Traktor (HKLM-x32\...\Native Instruments Traktor) (Version: - Native Instruments)
Native Instruments Traktor (Version: 1.1.2.004 - Native Instruments) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 21.0.1432.57 (HKLM-x32\...\Opera 21.0.1432.57) (Version: 21.0.1432.57 - Opera Software ASA)
Pale Moon 24.5.0 (x64 en-US) (HKLM\...\Pale Moon 24.5.0 (x64 en-US)) (Version: 24.5.0 - Mozilla)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications)
Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.590 - Qualcomm Atheros)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.590 - Qualcomm Atheros) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
SRWare Iron Version SRWare Iron 33.0.1800.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 33.0.1800.0 - SRWare)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0028 - ST Microelectronics)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Update kb70007 (x32 Version: 1.0.0 - MSR) Hidden
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
VirtualDJ Home FREE (HKLM-x32\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wunderlist (HKLM-x32\...\{1ca68332-4ba1-4943-9010-eaa1aa45b492}) (Version: 2.3.0.31 - 6 Wunderkinder GmbH)
Wunderlist (x32 Version: 2.3.0.31 - 6 Wunderkinder GmbH) Hidden
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
==================== Restore Points =========================
06-05-2014 16:03:06 Windows Update
11-05-2014 22:54:09 Uniblue SpeedUpMyPC installation
14-05-2014 18:00:15 ESET Smart Security wurde installiert
==================== Hosts content: ==========================
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3A9C1E3C-8EE1-427E-B1F9-5E09BF40821B} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3D648E46-6DF1-4EE0-9430-D1D2952A35C4} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {690069CB-BBAD-4815-8E52-2882C5A3F471} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-14] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8A79F2C3-BE7A-4B9A-8E1A-7865ACDE4425} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8DD6202A-B12D-4F38-9FBC-6281230F87BE} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {9DCB4B09-873B-4068-A595-08BA17C08FDB} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {9EBBD788-B7E2-47E3-98EF-F561863D5940} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-29] (Intel)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A62F74F0-B515-4789-B9BC-367BB99839B6} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C3CE314D-C5F6-4AD2-A62B-3CCD5713170A} - \SpeedUpMyPC Startup No Task File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E2A73E8D-663B-4A71-AB0C-C47318E25631} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {ED855D90-656F-4301-A125-485EDAA23F38} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {F04C1182-40A0-4D41-806A-DB3A66BBB50C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {F072CE07-6EF8-414E-AD30-A8FD5AF6919A} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {F8AC5A2B-31F4-457B-8B81-CA5FC168D044} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {FF8FAE82-DE5F-45A3-9470-F0361B996110} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-10-13 00:40 - 2012-11-01 12:49 - 00657504 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
2013-05-03 17:21 - 2013-05-03 17:21 - 00506880 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
2011-05-09 20:46 - 2011-05-09 20:46 - 02760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll
2011-05-09 20:56 - 2011-05-09 20:56 - 09856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll
2011-05-09 20:47 - 2011-05-09 20:47 - 00416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll
2013-05-03 17:21 - 2013-05-03 17:21 - 00217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll
2011-05-09 20:48 - 2011-05-09 20:48 - 00990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll
2011-05-10 12:32 - 2011-05-10 12:32 - 00731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll
2014-05-12 01:05 - 2014-05-08 11:45 - 00018944 _____ () C:\WINDOWS\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
2013-09-12 21:54 - 2013-04-19 15:51 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2013-09-12 21:54 - 2013-04-19 15:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2013-09-12 21:54 - 2013-04-19 15:51 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-09-12 21:54 - 2013-04-19 15:51 - 00034080 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-04-13 12:13 - 2014-04-13 12:13 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-09-13 06:34 - 2013-01-17 12:03 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-04-08 23:11 - 2014-04-08 23:11 - 01627648 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\ReactiveUI\b1fa105785517ea37e4d9adeabf97af9\ReactiveUI.ni.dll
2014-04-08 23:11 - 2014-04-08 23:11 - 00045056 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Wunderkinded9c6edae#\91698b1622289e40cf732bb8ef21faf8\Wunderkinder.Wunderlist.Presentation.ni.dll
2014-04-08 23:16 - 2014-04-08 23:16 - 00033280 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Wunderkinde6f42a4a9#\c05ab565b531aeabe0fc7669cb81f7a0\Wunderkinder.Wunderlist.Data.Realtime.ni.dll
2014-04-08 23:11 - 2014-04-08 23:11 - 00510464 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Akavache.Portable\38baa1fe1c18c8c4a3d53711497f522d\Akavache.Portable.ni.dll
2014-04-08 23:11 - 2014-04-08 23:11 - 00877568 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\AutoMapper\d9b768bf622e797cc688fcb1e3c510ff\AutoMapper.ni.dll
2013-10-01 14:33 - 2013-10-01 14:33 - 00028160 _____ () C:\Program Files (x86)\Wunderlist2\AutoMapper.Net4.dll
2013-09-12 21:54 - 2013-04-19 15:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-10-13 00:40 - 2009-01-10 12:32 - 00011362 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\mingwm10.dll
2013-10-13 00:40 - 2009-06-22 20:42 - 00043008 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\libgcc_s_dw2-1.dll
2013-10-13 00:40 - 2010-05-10 04:51 - 02415104 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtCore4.dll
2013-10-13 00:40 - 2010-02-10 16:10 - 01148416 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtNetwork4.dll
2013-10-13 00:40 - 2012-11-01 12:26 - 00843264 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QueryStrategy.dll
2013-10-13 00:40 - 2010-02-10 16:06 - 00398336 _____ () C:\ProgramData\Mobile Partner\OnlineUpdate\QtXml4.dll
2014-05-12 01:05 - 2014-05-08 11:45 - 00061952 _____ () C:\WINDOWS\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll
2014-05-12 01:05 - 2014-05-08 11:45 - 00016896 _____ () C:\WINDOWS\Microsoft\SystemUpdatekb70007\Installer.dll
2014-05-12 01:05 - 2014-05-14 22:49 - 00086528 _____ () C:\Program Files (x86)\MSR\Privoxy\mgwz.dll
2013-11-12 11:04 - 2013-11-12 11:04 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-04-08 23:07 - 2014-04-08 23:07 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\1fceb61c74da5319e32a62bab117f9ad\PSIClient.ni.dll
2013-09-12 21:47 - 2012-07-20 20:04 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-31 10:41 - 2014-02-24 17:00 - 00046080 _____ () C:\Program Files (x86)\SRWare Iron\chrome_elf.dll
2013-09-21 00:09 - 2014-01-29 23:38 - 00902144 _____ () C:\Program Files (x86)\SRWare Iron\libglesv2.dll
2013-09-21 00:09 - 2014-02-24 16:51 - 00102912 _____ () C:\Program Files (x86)\SRWare Iron\libegl.dll
2013-09-21 00:08 - 2014-02-24 16:51 - 00888832 _____ () C:\Program Files (x86)\SRWare Iron\ffmpegsumo.dll
2013-09-12 21:54 - 2013-05-02 16:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Björn\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Björn\SkyDrive.old:ms-properties
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/14/2014 10:40:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f7c
Startzeit: 01cf6fb40b007ae4
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: fefbbadb-dba7-11e3-beb7-f01faf3c1368
Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (05/14/2014 10:40:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20461 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 155c
Startzeit: 01cf6fb40b03fded
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: fefb93cb-dba7-11e3-beb7-f01faf3c1368
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/14/2014 10:40:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 178
Startzeit: 01cf6fb40afc0d52
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe
Berichts-ID: fede69d5-dba7-11e3-beb7-f01faf3c1368
Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_2.8.0.1001_x86__kzf8qxf38zg5c
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (05/14/2014 10:10:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 10d8
Startzeit: 01cf6fafda724f83
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: ce572dcf-dba3-11e3-beb7-f01faf3c1368
Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (05/14/2014 10:10:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1520
Startzeit: 01cf6fafda585a7a
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe
Berichts-ID: ceb986f4-dba3-11e3-beb7-f01faf3c1368
Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_2.8.0.1001_x86__kzf8qxf38zg5c
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (05/14/2014 09:18:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 13fc
Startzeit: 01cf6fa881c50f64
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe
Berichts-ID: 762cc817-db9c-11e3-beb6-f01faf3c1368
Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_2.8.0.1001_x86__kzf8qxf38zg5c
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (05/14/2014 09:18:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20461 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f40
Startzeit: 01cf6fa508c06e41
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 7657b303-db9c-11e3-beb6-f01faf3c1368
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/14/2014 09:03:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1420
Startzeit: 01cf6fa668deef6f
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: 5cfa88e8-db9a-11e3-beb6-f01faf3c1368
Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (05/14/2014 08:50:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20461 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 774
Startzeit: 01cf6f9f5039739a
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 44af1c63-db98-11e3-beb6-f01faf3c1368
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (05/14/2014 08:48:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 14a0
Startzeit: 01cf6fa450730851
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: 44af4373-db98-11e3-beb6-f01faf3c1368
Vollständiger Name des fehlerhaften Pakets: Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
System errors:
=============
Error: (05/14/2014 10:48:57 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "O2BOX" zum Namen "SERGEANT" auf Transport "NetBT_Tcpip_{659B2DDB-A39E-469D-882F-CE99FFADDFB6}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (05/14/2014 10:48:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/14/2014 10:48:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (05/14/2014 10:46:07 PM) (Source: DCOM) (EventID: 10010) (User: SERGEANT)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (05/14/2014 09:50:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/14/2014 09:50:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (05/14/2014 08:03:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (05/14/2014 07:57:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/14/2014 07:57:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mobile Partner. OUC erreicht.
Error: (05/14/2014 07:50:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (05/14/2014 10:40:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384f7c01cf6fb40b007ae44294967295C:\WINDOWS\system32\backgroundTaskHost.exefefbbadb-dba7-11e3-beb7-f01faf3c1368Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nntApp
Error: (05/14/2014 10:40:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20461155c01cf6fb40b03fded4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exefefb93cb-dba7-11e3-beb7-f01faf3c1368microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (05/14/2014 10:40:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1703117801cf6fb40afc0d524294967295C:\WINDOWS\syswow64\wwahost.exefede69d5-dba7-11e3-beb7-f01faf3c1368Microsoft.SkypeApp_2.8.0.1001_x86__kzf8qxf38zg5cApp
Error: (05/14/2014 10:10:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1638410d801cf6fafda724f834294967295C:\WINDOWS\system32\backgroundTaskHost.exece572dcf-dba3-11e3-beb7-f01faf3c1368Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nntApp
Error: (05/14/2014 10:10:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031152001cf6fafda585a7a4294967295C:\WINDOWS\syswow64\wwahost.execeb986f4-dba3-11e3-beb7-f01faf3c1368Microsoft.SkypeApp_2.8.0.1001_x86__kzf8qxf38zg5cApp
Error: (05/14/2014 09:18:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1703113fc01cf6fa881c50f644294967295C:\WINDOWS\syswow64\wwahost.exe762cc817-db9c-11e3-beb6-f01faf3c1368Microsoft.SkypeApp_2.8.0.1001_x86__kzf8qxf38zg5cApp
Error: (05/14/2014 09:18:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20461f4001cf6fa508c06e414294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe7657b303-db9c-11e3-beb6-f01faf3c1368microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (05/14/2014 09:03:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384142001cf6fa668deef6f4294967295C:\WINDOWS\system32\backgroundTaskHost.exe5cfa88e8-db9a-11e3-beb6-f01faf3c1368Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nntApp
Error: (05/14/2014 08:50:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2046177401cf6f9f5039739a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe44af1c63-db98-11e3-beb6-f01faf3c1368microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (05/14/2014 08:48:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1638414a001cf6fa4507308514294967295C:\WINDOWS\system32\backgroundTaskHost.exe44af4373-db98-11e3-beb6-f01faf3c1368Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nntApp
==================== Memory info ===========================
Percentage of memory in use: 53%
Total physical RAM: 3973.75 MB
Available physical RAM: 1838.48 MB
Total Pagefile: 8069.75 MB
Available Pagefile: 5854 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:89.09 GB) (Free:39.83 GB) NTFS
Drive d: (Dokumente) (Fixed) (Total:11.72 GB) (Free:10.72 GB) NTFS
Drive e: (Downloads) (Fixed) (Total:39.06 GB) (Free:32.87 GB) NTFS
Drive f: (Multimedia) (Fixed) (Total:310.55 GB) (Free:284.01 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 97129363)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 15995966)
Partition: GPT Partition Type.
==================== End Of Log ============================
Jetzt bin ich mit meinem Latein am Ende und hoffe auf eure Unterstützung  Achja GMer (Anleitung hab ich befolgt) "C:\windows\system32\config\system: kann nicht auf Datei zu greifen, da sie vom anderen Prozess verwendet wird" Defogger hab ich nicht benutzt, weil ich Cd-Emulatoren noch nie benutzt habe und die genannten Programme bei mir auch nicht installiert sind. Dank im Voraus |
|
15.05.2014, 06:56
| #2 |
| /// the machine /// TB-Ausbilder    | Posadi17.com/ lässt sich nicht entfernen hi,
__________________Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
15.05.2014, 12:54
| #3 |
| | Posadi17.com/ lässt sich nicht entfernen Danke für die Antwort.
__________________adwcleaner: Code:
ATTFilter # AdwCleaner v3.208 - Bericht erstellt am 15/05/2014 um 12:28:16
# Aktualisiert 11/05/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Björn - SERGEANT
# Gestartet von : E:\adwcleaner_3.208.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17037
*************************
AdwCleaner[R0].txt - [4165 octets] - [13/05/2014 15:42:23]
AdwCleaner[R1].txt - [747 octets] - [14/05/2014 21:59:53]
AdwCleaner[R2].txt - [810 octets] - [15/05/2014 12:27:40]
AdwCleaner[S0].txt - [3328 octets] - [13/05/2014 15:43:26]
AdwCleaner[S1].txt - [732 octets] - [15/05/2014 12:28:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [791 octets] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014
Ran by Björn (administrator) on SERGEANT on 15-05-2014 13:41:33
Running from E:\
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
() C:\ProgramData\DataCardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(6 Wunderkinder GmbH) C:\Program Files (x86)\Wunderlist2\Wunderlist.exe
(Spotify Ltd) C:\Users\Björn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Users\Björn\AppData\Roaming\InetStat\inetstat.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-10-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-10-08] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285680 2013-03-05] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\Run: [Wunderlist] => C:\Program Files (x86)\Wunderlist2\Wunderlist.exe [13021792 2013-12-02] (6 Wunderkinder GmbH)
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\Run: [Spotify Web Helper] => C:\Users\Björn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-02-23] (Spotify Ltd)
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\Run: [InetStat] => C:\Users\Björn\AppData\Roaming\InetStat\inetstat.exe [1259488 2014-05-12] ()
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\MountPoints2: {113cd972-3404-11e3-be7b-70188b2e6122} - "G:\AutoRun.exe"
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\MountPoints2: {f5500f4c-31cd-11e3-be78-70188b2e6122} - "G:\AutoRun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {E17AA11D-ECB4-4203-A2D2-0B3B17498E82} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^man000^YYA^&ptb=F5EF3DAD-FE2D-4139-8051-057392F8CDEB&ind=2014050714&n=780bf99a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {E17AA11D-ECB4-4203-A2D2-0B3B17498E82} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 141.20.2.3 141.20.1.3
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-14]
==================== Services (Whitelisted) =================
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2013-06-25] (Atheros Commnucations)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-29] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-20] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [657504 2012-11-01] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [506880 2013-05-03] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-10-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
R2 SystemUpdatekb70007; C:\WINDOWS\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [605696 2012-11-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 akw8x64; C:\Windows\system32\DRIVERS\akw8x64.sys [3800272 2013-05-03] (Qualcomm Atheros, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-05-03] (Qualcomm Atheros, Inc.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-29] (Intel Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 RL_DJIFIE2_MIDI; C:\Windows\system32\drivers\rldjif2m.sys [41168 2013-01-10] (Ploytec GmbH)
S3 RL_DJIFIE2_USB; C:\Windows\System32\Drivers\rldjif2u.sys [446160 2013-01-10] (Ploytec GmbH)
S3 RL_DJIFIE2_WDM; C:\Windows\system32\drivers\rldjif2a.sys [54992 2013-01-10] (Ploytec GmbH)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [71832 2012-07-14] (STMicroelectronics)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-15 13:02 - 2014-05-15 12:37 - 01016261 _____ (Thisisu) C:\Users\Björn\Desktop\JRT.exe
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-14 23:01 - 2014-05-15 13:41 - 00000000 ____D () C:\FRST
2014-05-14 22:49 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-14 22:49 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 22:20 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 22:20 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 22:20 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 22:20 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 22:20 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 22:20 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 22:20 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 22:20 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 22:20 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 22:18 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 22:18 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 22:18 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 22:18 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 22:18 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 22:18 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 22:18 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 22:18 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 22:18 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 22:18 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 22:18 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 22:18 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 22:18 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-14 22:18 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 22:18 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 22:18 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 22:18 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 22:18 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 22:18 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 22:18 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 22:18 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 22:18 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 22:18 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 22:18 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 22:18 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 22:18 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 22:18 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 22:18 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 22:18 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 22:18 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 22:18 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 22:15 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-14 22:15 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-14 22:13 - 2014-05-14 22:13 - 00259584 _____ (OldTimer Tools) C:\Users\Björn\Desktop\OTH.scr
2014-05-14 20:05 - 2014-05-14 20:05 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\ESET
2014-05-14 20:05 - 2014-05-14 20:05 - 00000000 ____D () C:\Users\Björn\AppData\Local\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\ProgramData\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\Program Files\ESET
2014-05-14 08:25 - 2014-01-19 09:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-05-14 01:43 - 2014-05-14 01:43 - 00001034 _____ () C:\Users\Björn\Desktop\herdProtectScan.lnk
2014-05-13 22:38 - 2014-05-13 22:38 - 00286528 _____ () C:\WINDOWS\Minidump\051314-24281-01.dmp
2014-05-13 22:34 - 2014-05-13 22:38 - 592643159 _____ () C:\WINDOWS\MEMORY.DMP
2014-05-13 22:34 - 2014-05-13 22:35 - 00286528 _____ () C:\WINDOWS\Minidump\051314-36093-01.dmp
2014-05-13 22:29 - 2014-05-13 22:29 - 00000000 ____D () C:\WINDOWS\usb-audio.deRLDJIF2
2014-05-13 22:29 - 2013-01-10 19:10 - 00446160 _____ (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjif2u.sys
2014-05-13 22:29 - 2013-01-10 19:10 - 00054992 _____ (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjif2a.sys
2014-05-13 22:29 - 2013-01-10 19:10 - 00041168 _____ (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjif2m.sys
2014-05-13 21:28 - 2010-04-29 17:56 - 00402496 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldj2meu.sys
2014-05-13 21:28 - 2010-04-29 17:56 - 00050240 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldj2mea.sys
2014-05-13 21:28 - 2010-04-29 17:56 - 00031296 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldj2mem.sys
2014-05-13 20:45 - 2009-10-30 13:44 - 00460864 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjifu.sys
2014-05-13 20:45 - 2009-10-30 13:44 - 00049728 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjifa.sys
2014-05-13 20:45 - 2009-10-30 13:44 - 00036416 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjifm.sys
2014-05-13 16:32 - 2014-05-13 16:32 - 00000000 ____D () C:\Program Files\Reason
2014-05-13 16:04 - 2014-05-13 16:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-13 15:59 - 2014-05-13 15:59 - 00000000 ____D () C:\Users\Björn\Desktop\Old Pale Moon Data
2014-05-13 15:42 - 2014-05-15 12:28 - 00000000 ____D () C:\AdwCleaner
2014-05-13 14:59 - 2014-05-14 23:23 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-13 14:58 - 2014-05-14 22:22 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-13 14:58 - 2014-05-14 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-13 14:58 - 2014-05-14 22:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-13 14:58 - 2014-05-13 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-13 14:58 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-13 14:58 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-13 14:58 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-12 01:04 - 2014-05-12 01:05 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-12 00:54 - 2014-05-12 00:54 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\InetStat
2014-05-12 00:53 - 2014-05-13 15:32 - 00000000 ____D () C:\Users\Björn\AppData\Local\17483
2014-05-12 00:53 - 2014-05-12 00:53 - 00000415 _____ () C:\Users\Björn\AppData\Roaming\WinInstallFlashLog.ini
2014-05-11 23:50 - 2014-05-13 22:24 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-05-11 23:50 - 2014-05-13 22:24 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-05-11 22:37 - 2014-05-15 12:31 - 00050046 _____ () C:\WINDOWS\PFRO.log
2014-05-11 21:18 - 2014-05-11 21:18 - 00001008 _____ () C:\Users\Public\Desktop\Traktor.lnk
2014-05-11 21:18 - 2014-05-11 21:18 - 00000000 __HDC () C:\ProgramData\{2ED18044-7049-4E7A-A58D-4017348FCDB7}
2014-05-11 21:17 - 2014-05-11 21:17 - 00006930 _____ () C:\WINDOWS\DPINST.LOG
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 __HDC () C:\ProgramData\{A215474F-E448-48A8-97F1-14D1C09A4235}
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 __HDC () C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718}
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\Program Files\Native Instruments
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\Program Files (x86)\Native Instruments
2014-05-11 16:25 - 2014-05-13 22:31 - 00001906 _____ () C:\WINDOWS\setupact.log
2014-05-11 16:25 - 2014-05-11 16:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-11 15:19 - 2014-05-11 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-05-11 15:00 - 2014-05-11 15:00 - 00000861 _____ () C:\Users\Björn\Desktop\µTorrent.lnk
2014-05-11 14:59 - 2014-05-11 22:36 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\uTorrent
2014-05-10 02:08 - 2014-05-15 13:33 - 01185956 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-02 17:34 - 2014-05-02 17:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 17:34 - 2014-05-02 17:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-24 21:38 - 2014-04-24 21:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe
2014-04-21 16:08 - 2014-04-21 16:08 - 00035352 _____ (Connectify) C:\WINDOWS\system32\Drivers\cnnctfy3.sys
2014-04-15 02:34 - 2014-04-15 02:34 - 01070232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
==================== One Month Modified Files and Folders =======
2014-05-15 13:41 - 2014-05-14 23:01 - 00000000 ____D () C:\FRST
2014-05-15 13:40 - 2013-09-12 21:53 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-05-15 13:39 - 2014-03-04 15:12 - 00000000 __RDO () C:\Users\Björn\SkyDrive
2014-05-15 13:38 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-15 13:33 - 2014-05-10 02:08 - 01185956 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-15 13:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-15 13:18 - 2013-09-20 17:08 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1316370417-1465485672-2193434078-1001
2014-05-15 12:59 - 2013-09-21 02:14 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-15 12:40 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-15 12:37 - 2014-05-15 13:02 - 01016261 _____ (Thisisu) C:\Users\Björn\Desktop\JRT.exe
2014-05-15 12:36 - 2013-09-30 06:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-15 12:36 - 2013-09-30 05:56 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-05-15 12:36 - 2013-09-30 05:56 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-05-15 12:31 - 2014-05-11 22:37 - 00050046 _____ () C:\WINDOWS\PFRO.log
2014-05-15 12:28 - 2014-05-13 15:42 - 00000000 ____D () C:\AdwCleaner
2014-05-15 01:22 - 2013-10-18 17:48 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Spotify
2014-05-15 00:28 - 2013-09-21 01:17 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\KeePass
2014-05-14 23:23 - 2014-05-13 14:59 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 22:49 - 2013-09-23 16:03 - 00000000 ___RD () C:\Users\Björn\Podcasts
2014-05-14 22:49 - 2013-09-20 14:54 - 00000000 ___RD () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 22:49 - 2013-09-20 14:54 - 00000000 ___RD () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 22:40 - 2013-10-22 16:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 22:36 - 2013-09-20 23:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 22:34 - 2013-09-20 23:58 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-14 22:22 - 2014-05-13 14:58 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 22:22 - 2014-05-13 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-14 22:22 - 2014-05-13 14:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-14 22:13 - 2014-05-14 22:13 - 00259584 _____ (OldTimer Tools) C:\Users\Björn\Desktop\OTH.scr
2014-05-14 20:05 - 2014-05-14 20:05 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\ESET
2014-05-14 20:05 - 2014-05-14 20:05 - 00000000 ____D () C:\Users\Björn\AppData\Local\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\ProgramData\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\Program Files\ESET
2014-05-14 19:56 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-05-14 19:55 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-14 08:31 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-14 08:20 - 2013-09-12 21:58 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-14 08:15 - 2012-07-26 07:37 - 00000000 ____D () C:\Users\Default.migrated
2014-05-14 01:43 - 2014-05-14 01:43 - 00001034 _____ () C:\Users\Björn\Desktop\herdProtectScan.lnk
2014-05-14 01:03 - 2013-09-21 01:16 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-05-14 01:03 - 2013-09-21 01:16 - 00001123 _____ () C:\Users\Björn\Desktop\KeePass 2.lnk
2014-05-14 01:03 - 2013-09-21 01:16 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-05-13 22:38 - 2014-05-13 22:38 - 00286528 _____ () C:\WINDOWS\Minidump\051314-24281-01.dmp
2014-05-13 22:38 - 2014-05-13 22:34 - 592643159 _____ () C:\WINDOWS\MEMORY.DMP
2014-05-13 22:38 - 2013-11-25 11:29 - 00000000 ____D () C:\WINDOWS\Minidump
2014-05-13 22:38 - 2013-10-18 03:25 - 00000000 ____D () C:\Users\Björn
2014-05-13 22:35 - 2014-05-13 22:34 - 00286528 _____ () C:\WINDOWS\Minidump\051314-36093-01.dmp
2014-05-13 22:31 - 2014-05-11 16:25 - 00001906 _____ () C:\WINDOWS\setupact.log
2014-05-13 22:29 - 2014-05-13 22:29 - 00000000 ____D () C:\WINDOWS\usb-audio.deRLDJIF2
2014-05-13 22:24 - 2014-05-11 23:50 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-05-13 22:24 - 2014-05-11 23:50 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-05-13 20:59 - 2013-09-21 02:14 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-13 16:32 - 2014-05-13 16:32 - 00000000 ____D () C:\Program Files\Reason
2014-05-13 16:04 - 2014-05-13 16:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-13 15:59 - 2014-05-13 15:59 - 00000000 ____D () C:\Users\Björn\Desktop\Old Pale Moon Data
2014-05-13 15:43 - 2013-10-18 08:28 - 00001009 _____ () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-13 15:32 - 2014-05-12 00:53 - 00000000 ____D () C:\Users\Björn\AppData\Local\17483
2014-05-13 14:58 - 2014-05-13 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-12 01:05 - 2014-05-12 01:04 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-12 00:54 - 2014-05-12 00:54 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\InetStat
2014-05-12 00:53 - 2014-05-12 00:53 - 00000415 _____ () C:\Users\Björn\AppData\Roaming\WinInstallFlashLog.ini
2014-05-11 22:36 - 2014-05-11 14:59 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\uTorrent
2014-05-11 21:18 - 2014-05-11 21:18 - 00001008 _____ () C:\Users\Public\Desktop\Traktor.lnk
2014-05-11 21:18 - 2014-05-11 21:18 - 00000000 __HDC () C:\ProgramData\{2ED18044-7049-4E7A-A58D-4017348FCDB7}
2014-05-11 21:17 - 2014-05-11 21:17 - 00006930 _____ () C:\WINDOWS\DPINST.LOG
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 __HDC () C:\ProgramData\{A215474F-E448-48A8-97F1-14D1C09A4235}
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 __HDC () C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718}
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\Program Files\Native Instruments
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\Program Files (x86)\Native Instruments
2014-05-11 21:17 - 2013-09-23 13:31 - 00000000 ____D () C:\ProgramData\Native Instruments
2014-05-11 18:01 - 2013-10-23 00:19 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Mp3tag
2014-05-11 16:25 - 2014-05-11 16:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-11 15:19 - 2014-05-11 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-05-11 15:19 - 2013-10-23 00:19 - 00000997 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-05-11 15:19 - 2013-10-23 00:19 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-05-11 15:00 - 2014-05-11 15:00 - 00000861 _____ () C:\Users\Björn\Desktop\µTorrent.lnk
2014-05-10 11:08 - 2013-09-21 01:40 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-06 06:40 - 2014-05-14 22:18 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-14 22:18 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-14 22:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 22:18 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-06 01:57 - 2013-10-18 17:48 - 00000000 ____D () C:\Users\Björn\AppData\Local\Spotify
2014-05-03 12:16 - 2013-09-21 00:04 - 00000000 ____D () C:\Program Files\Pale Moon
2014-05-03 10:01 - 2013-11-25 19:18 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-02 17:34 - 2014-05-02 17:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 17:34 - 2014-05-02 17:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 22:30 - 2014-05-14 22:49 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2014-05-14 22:49 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 20:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-04-24 21:38 - 2014-04-24 21:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe
2014-04-21 21:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-04-21 16:08 - 2014-04-21 16:08 - 00035352 _____ (Connectify) C:\WINDOWS\system32\Drivers\cnnctfy3.sys
2014-04-15 02:34 - 2014-04-15 02:34 - 01070232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
Some content of TEMP:
====================
C:\Users\Björn\AppData\Local\Temp\InstHelper.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-08 16:20
==================== End Of Log ============================
Bei Junkware Removal Tool kam die Fehlermeldung nach dem Neustart das der Pfad nicht gefunden werden konnte. Davor hatte ich Virenschutz und Firewall deaktiviert, sowie Wlan deaktiviert. Mir ist aufgefallen, dass sich Eset aber nach Neustart wieder selbst startet. Kann das damit zusammenhängen? Oder in dem Verzeichnis steht ja mein Name "Björn". Hängt das mit dem Umlaut zusammen? Ich kann das aber in der Benutzerkontensteuerung nicht ändern, weil der Account mit Windows Live verbunden ist. |
|
16.05.2014, 11:08
| #4 |
| /// the machine /// TB-Ausbilder | Posadi17.com/ lässt sich nicht entfernen JRT hat manchmal Schluckauf. Bitte mit ESET einen Vollscan machen. Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.05.2014, 22:59
| #5 |
| | Posadi17.com/ lässt sich nicht entfernen Immer noch da :/ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014
Ran by Björn (administrator) on SERGEANT on 16-05-2014 23:56:16
Running from E:\
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\ProgramData\DataCardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DataCardService\DCSHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(6 Wunderkinder GmbH) C:\Program Files (x86)\Wunderlist2\Wunderlist.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\Björn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Users\Björn\AppData\Roaming\InetStat\inetstat.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-10-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-10-08] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285680 2013-03-05] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\Run: [Wunderlist] => C:\Program Files (x86)\Wunderlist2\Wunderlist.exe [13021792 2013-12-02] (6 Wunderkinder GmbH)
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\Run: [Spotify Web Helper] => C:\Users\Björn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-02-23] (Spotify Ltd)
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\Run: [InetStat] => C:\Users\Björn\AppData\Roaming\InetStat\inetstat.exe [1259488 2014-05-12] ()
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\MountPoints2: {113cd972-3404-11e3-be7b-70188b2e6122} - "G:\AutoRun.exe"
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\MountPoints2: {f5500f4c-31cd-11e3-be78-70188b2e6122} - "G:\AutoRun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {E17AA11D-ECB4-4203-A2D2-0B3B17498E82} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^man000^YYA^&ptb=F5EF3DAD-FE2D-4139-8051-057392F8CDEB&ind=2014050714&n=780bf99a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {E17AA11D-ECB4-4203-A2D2-0B3B17498E82} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-05-14]
==================== Services (Whitelisted) =================
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2013-06-25] (Atheros Commnucations)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-29] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-20] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [657504 2012-11-01] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [506880 2013-05-03] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-10-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
R2 SystemUpdatekb70007; C:\WINDOWS\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [605696 2012-11-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 akw8x64; C:\Windows\system32\DRIVERS\akw8x64.sys [3800272 2013-05-03] (Qualcomm Atheros, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-05-03] (Qualcomm Atheros, Inc.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-29] (Intel Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 RL_DJIFIE2_MIDI; C:\Windows\system32\drivers\rldjif2m.sys [41168 2013-01-10] (Ploytec GmbH)
S3 RL_DJIFIE2_USB; C:\Windows\System32\Drivers\rldjif2u.sys [446160 2013-01-10] (Ploytec GmbH)
S3 RL_DJIFIE2_WDM; C:\Windows\system32\drivers\rldjif2a.sys [54992 2013-01-10] (Ploytec GmbH)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [71832 2012-07-14] (STMicroelectronics)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-15 18:32 - 2014-05-15 18:32 - 00001458 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-05-15 18:32 - 2014-05-15 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-15 18:32 - 2014-05-15 18:32 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-05-15 18:31 - 2014-05-15 18:32 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\DVDVideoSoft
2014-05-15 18:29 - 2014-05-15 18:29 - 00000000 ____D () C:\Program Files (x86)\GreenTree Applications
2014-05-15 18:25 - 2014-05-15 18:25 - 00000000 ____D () C:\Users\Björn\aTubeCatcher
2014-05-15 13:02 - 2014-05-15 12:37 - 01016261 _____ (Thisisu) C:\Users\Björn\Desktop\JRT.exe
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-14 23:01 - 2014-05-16 23:56 - 00000000 ____D () C:\FRST
2014-05-14 22:49 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-14 22:49 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 22:20 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 22:20 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 22:20 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 22:20 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 22:20 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 22:20 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 22:20 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 22:20 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 22:20 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 22:18 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 22:18 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 22:18 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 22:18 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 22:18 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 22:18 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 22:18 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 22:18 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 22:18 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 22:18 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 22:18 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 22:18 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 22:18 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-14 22:18 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 22:18 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 22:18 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 22:18 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 22:18 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 22:18 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 22:18 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 22:18 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 22:18 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 22:18 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 22:18 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 22:18 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 22:18 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 22:18 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 22:18 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 22:18 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 22:18 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 22:18 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 22:15 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-14 22:15 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-14 22:13 - 2014-05-14 22:13 - 00259584 _____ (OldTimer Tools) C:\Users\Björn\Desktop\OTH.scr
2014-05-14 20:05 - 2014-05-14 20:05 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\ESET
2014-05-14 20:05 - 2014-05-14 20:05 - 00000000 ____D () C:\Users\Björn\AppData\Local\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\ProgramData\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\Program Files\ESET
2014-05-14 08:25 - 2014-01-19 09:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-05-14 01:43 - 2014-05-14 01:43 - 00001034 _____ () C:\Users\Björn\Desktop\herdProtectScan.lnk
2014-05-13 22:38 - 2014-05-13 22:38 - 00286528 _____ () C:\WINDOWS\Minidump\051314-24281-01.dmp
2014-05-13 22:34 - 2014-05-13 22:38 - 592643159 _____ () C:\WINDOWS\MEMORY.DMP
2014-05-13 22:34 - 2014-05-13 22:35 - 00286528 _____ () C:\WINDOWS\Minidump\051314-36093-01.dmp
2014-05-13 22:29 - 2014-05-13 22:29 - 00000000 ____D () C:\WINDOWS\usb-audio.deRLDJIF2
2014-05-13 22:29 - 2013-01-10 19:10 - 00446160 _____ (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjif2u.sys
2014-05-13 22:29 - 2013-01-10 19:10 - 00054992 _____ (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjif2a.sys
2014-05-13 22:29 - 2013-01-10 19:10 - 00041168 _____ (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjif2m.sys
2014-05-13 21:28 - 2010-04-29 17:56 - 00402496 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldj2meu.sys
2014-05-13 21:28 - 2010-04-29 17:56 - 00050240 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldj2mea.sys
2014-05-13 21:28 - 2010-04-29 17:56 - 00031296 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldj2mem.sys
2014-05-13 20:45 - 2009-10-30 13:44 - 00460864 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjifu.sys
2014-05-13 20:45 - 2009-10-30 13:44 - 00049728 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjifa.sys
2014-05-13 20:45 - 2009-10-30 13:44 - 00036416 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjifm.sys
2014-05-13 16:32 - 2014-05-13 16:32 - 00000000 ____D () C:\Program Files\Reason
2014-05-13 16:04 - 2014-05-13 16:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-13 15:59 - 2014-05-13 15:59 - 00000000 ____D () C:\Users\Björn\Desktop\Old Pale Moon Data
2014-05-13 15:42 - 2014-05-15 12:28 - 00000000 ____D () C:\AdwCleaner
2014-05-13 14:59 - 2014-05-14 23:23 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-13 14:58 - 2014-05-14 22:22 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-13 14:58 - 2014-05-14 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-13 14:58 - 2014-05-14 22:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-13 14:58 - 2014-05-13 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-13 14:58 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-13 14:58 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-13 14:58 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-12 01:04 - 2014-05-12 01:05 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-12 00:54 - 2014-05-12 00:54 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\InetStat
2014-05-12 00:53 - 2014-05-13 15:32 - 00000000 ____D () C:\Users\Björn\AppData\Local\17483
2014-05-12 00:53 - 2014-05-12 00:53 - 00000415 _____ () C:\Users\Björn\AppData\Roaming\WinInstallFlashLog.ini
2014-05-11 23:50 - 2014-05-13 22:24 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-05-11 23:50 - 2014-05-13 22:24 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-05-11 22:37 - 2014-05-16 22:51 - 00051400 _____ () C:\WINDOWS\PFRO.log
2014-05-11 21:18 - 2014-05-11 21:18 - 00001008 _____ () C:\Users\Public\Desktop\Traktor.lnk
2014-05-11 21:18 - 2014-05-11 21:18 - 00000000 __HDC () C:\ProgramData\{2ED18044-7049-4E7A-A58D-4017348FCDB7}
2014-05-11 21:17 - 2014-05-11 21:17 - 00006930 _____ () C:\WINDOWS\DPINST.LOG
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 __HDC () C:\ProgramData\{A215474F-E448-48A8-97F1-14D1C09A4235}
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 __HDC () C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718}
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\Program Files\Native Instruments
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\Program Files (x86)\Native Instruments
2014-05-11 16:25 - 2014-05-13 22:31 - 00001906 _____ () C:\WINDOWS\setupact.log
2014-05-11 16:25 - 2014-05-11 16:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-11 15:19 - 2014-05-11 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-05-11 15:00 - 2014-05-11 15:00 - 00000861 _____ () C:\Users\Björn\Desktop\µTorrent.lnk
2014-05-11 14:59 - 2014-05-11 22:36 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\uTorrent
2014-05-10 02:08 - 2014-05-16 23:53 - 01324749 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-02 17:34 - 2014-05-02 17:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 17:34 - 2014-05-02 17:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-24 21:38 - 2014-04-24 21:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe
2014-04-21 16:08 - 2014-04-21 16:08 - 00035352 _____ (Connectify) C:\WINDOWS\system32\Drivers\cnnctfy3.sys
==================== One Month Modified Files and Folders =======
2014-05-16 23:56 - 2014-05-14 23:01 - 00000000 ____D () C:\FRST
2014-05-16 23:53 - 2014-05-10 02:08 - 01324749 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-16 23:38 - 2013-09-20 17:08 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1316370417-1465485672-2193434078-1001
2014-05-16 23:38 - 2013-09-12 21:53 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-05-16 23:35 - 2014-03-04 15:12 - 00000000 __RDO () C:\Users\Björn\SkyDrive
2014-05-16 23:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-16 22:59 - 2013-09-21 02:14 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-16 22:51 - 2014-05-11 22:37 - 00051400 _____ () C:\WINDOWS\PFRO.log
2014-05-16 22:51 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-16 22:50 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-16 22:02 - 2013-09-30 06:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-16 22:02 - 2013-09-30 05:56 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-05-16 22:02 - 2013-09-30 05:56 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-05-16 20:29 - 2013-10-18 17:48 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Spotify
2014-05-15 18:32 - 2014-05-15 18:32 - 00001458 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-05-15 18:32 - 2014-05-15 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-15 18:32 - 2014-05-15 18:32 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-05-15 18:32 - 2014-05-15 18:31 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\DVDVideoSoft
2014-05-15 18:29 - 2014-05-15 18:29 - 00000000 ____D () C:\Program Files (x86)\GreenTree Applications
2014-05-15 18:25 - 2014-05-15 18:25 - 00000000 ____D () C:\Users\Björn\aTubeCatcher
2014-05-15 18:25 - 2013-10-18 03:25 - 00000000 ____D () C:\Users\Björn
2014-05-15 17:15 - 2013-09-21 01:17 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\KeePass
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-15 12:37 - 2014-05-15 13:02 - 01016261 _____ (Thisisu) C:\Users\Björn\Desktop\JRT.exe
2014-05-15 12:28 - 2014-05-13 15:42 - 00000000 ____D () C:\AdwCleaner
2014-05-14 23:23 - 2014-05-13 14:59 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 22:49 - 2013-09-23 16:03 - 00000000 ___RD () C:\Users\Björn\Podcasts
2014-05-14 22:49 - 2013-09-20 14:54 - 00000000 ___RD () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 22:49 - 2013-09-20 14:54 - 00000000 ___RD () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 22:40 - 2013-10-22 16:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 22:36 - 2013-09-20 23:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 22:34 - 2013-09-20 23:58 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-14 22:22 - 2014-05-13 14:58 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 22:22 - 2014-05-13 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-14 22:22 - 2014-05-13 14:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-14 22:13 - 2014-05-14 22:13 - 00259584 _____ (OldTimer Tools) C:\Users\Björn\Desktop\OTH.scr
2014-05-14 20:05 - 2014-05-14 20:05 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\ESET
2014-05-14 20:05 - 2014-05-14 20:05 - 00000000 ____D () C:\Users\Björn\AppData\Local\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\ProgramData\ESET
2014-05-14 20:02 - 2014-05-14 20:02 - 00000000 ____D () C:\Program Files\ESET
2014-05-14 19:56 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-05-14 19:55 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-14 08:31 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-14 08:20 - 2013-09-12 21:58 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-14 08:15 - 2012-07-26 07:37 - 00000000 ____D () C:\Users\Default.migrated
2014-05-14 01:43 - 2014-05-14 01:43 - 00001034 _____ () C:\Users\Björn\Desktop\herdProtectScan.lnk
2014-05-14 01:03 - 2013-09-21 01:16 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-05-14 01:03 - 2013-09-21 01:16 - 00001123 _____ () C:\Users\Björn\Desktop\KeePass 2.lnk
2014-05-14 01:03 - 2013-09-21 01:16 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-05-13 22:38 - 2014-05-13 22:38 - 00286528 _____ () C:\WINDOWS\Minidump\051314-24281-01.dmp
2014-05-13 22:38 - 2014-05-13 22:34 - 592643159 _____ () C:\WINDOWS\MEMORY.DMP
2014-05-13 22:38 - 2013-11-25 11:29 - 00000000 ____D () C:\WINDOWS\Minidump
2014-05-13 22:35 - 2014-05-13 22:34 - 00286528 _____ () C:\WINDOWS\Minidump\051314-36093-01.dmp
2014-05-13 22:31 - 2014-05-11 16:25 - 00001906 _____ () C:\WINDOWS\setupact.log
2014-05-13 22:29 - 2014-05-13 22:29 - 00000000 ____D () C:\WINDOWS\usb-audio.deRLDJIF2
2014-05-13 22:24 - 2014-05-11 23:50 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-05-13 22:24 - 2014-05-11 23:50 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-05-13 20:59 - 2013-09-21 02:14 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-13 16:32 - 2014-05-13 16:32 - 00000000 ____D () C:\Program Files\Reason
2014-05-13 16:04 - 2014-05-13 16:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-13 15:59 - 2014-05-13 15:59 - 00000000 ____D () C:\Users\Björn\Desktop\Old Pale Moon Data
2014-05-13 15:43 - 2013-10-18 08:28 - 00001009 _____ () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-13 15:32 - 2014-05-12 00:53 - 00000000 ____D () C:\Users\Björn\AppData\Local\17483
2014-05-13 14:58 - 2014-05-13 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-12 01:05 - 2014-05-12 01:04 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-12 00:54 - 2014-05-12 00:54 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\InetStat
2014-05-12 00:53 - 2014-05-12 00:53 - 00000415 _____ () C:\Users\Björn\AppData\Roaming\WinInstallFlashLog.ini
2014-05-11 22:36 - 2014-05-11 14:59 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\uTorrent
2014-05-11 21:18 - 2014-05-11 21:18 - 00001008 _____ () C:\Users\Public\Desktop\Traktor.lnk
2014-05-11 21:18 - 2014-05-11 21:18 - 00000000 __HDC () C:\ProgramData\{2ED18044-7049-4E7A-A58D-4017348FCDB7}
2014-05-11 21:17 - 2014-05-11 21:17 - 00006930 _____ () C:\WINDOWS\DPINST.LOG
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 __HDC () C:\ProgramData\{A215474F-E448-48A8-97F1-14D1C09A4235}
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 __HDC () C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718}
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\Program Files\Native Instruments
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\Program Files (x86)\Native Instruments
2014-05-11 21:17 - 2013-09-23 13:31 - 00000000 ____D () C:\ProgramData\Native Instruments
2014-05-11 18:01 - 2013-10-23 00:19 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Mp3tag
2014-05-11 16:25 - 2014-05-11 16:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-11 15:19 - 2014-05-11 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-05-11 15:19 - 2013-10-23 00:19 - 00000997 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-05-11 15:19 - 2013-10-23 00:19 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-05-11 15:00 - 2014-05-11 15:00 - 00000861 _____ () C:\Users\Björn\Desktop\µTorrent.lnk
2014-05-10 11:08 - 2013-09-21 01:40 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-06 06:40 - 2014-05-14 22:18 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-14 22:18 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-14 22:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 22:18 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-06 01:57 - 2013-10-18 17:48 - 00000000 ____D () C:\Users\Björn\AppData\Local\Spotify
2014-05-03 12:16 - 2013-09-21 00:04 - 00000000 ____D () C:\Program Files\Pale Moon
2014-05-03 10:01 - 2013-11-25 19:18 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-02 17:34 - 2014-05-02 17:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 17:34 - 2014-05-02 17:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 22:30 - 2014-05-14 22:49 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2014-05-14 22:49 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 20:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-04-24 21:38 - 2014-04-24 21:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe
2014-04-21 21:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-04-21 16:08 - 2014-04-21 16:08 - 00035352 _____ (Connectify) C:\WINDOWS\system32\Drivers\cnnctfy3.sys
Some content of TEMP:
====================
C:\Users\Björn\AppData\Local\Temp\InstHelper.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-08 16:20
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Results of screen317's Security Check version 0.99.82
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
ESET Smart Security 7.0
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 13.0.0.214
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
|
|
17.05.2014, 20:01
| #6 |
| /// the machine /// TB-Ausbilder | Posadi17.com/ lässt sich nicht entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\Run: [InetStat] => C:\Users\Björn\AppData\Roaming\InetStat\inetstat.exe [1259488 2014-05-12] ()
C:\Users\Björn\AppData\Roaming\InetStat
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ --> Posadi17.com/ lässt sich nicht entfernen |
|
17.05.2014, 23:17
| #7 |
| | Posadi17.com/ lässt sich nicht entfernenCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
Ran by Björn at 2014-05-18 00:16:10 Run:1
Running from E:\
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\Run: [InetStat] => C:\Users\Björn\AppData\Roaming\InetStat\inetstat.exe [1259488 2014-05-12] ()
C:\Users\Björn\AppData\Roaming\InetStat
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
*****************
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\Software\Microsoft\Windows\CurrentVersion\Run\\InetStat => Value deleted successfully.
C:\Users\Björn\AppData\Roaming\InetStat => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
==== End of Fixlog ====
|
|
18.05.2014, 19:23
| #8 |
| /// the machine /// TB-Ausbilder | Posadi17.com/ lässt sich nicht entfernen noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.05.2014, 17:51
| #9 |
| | Posadi17.com/ lässt sich nicht entfernen Also posadi17.com/.. ist jetzt nicht mehr im Task-Manager. Nach wie vor hab ich im Browser ziemlich viel Werbung, die sich selber öffnet. Im Task-Manager braucht der "WindowsUpdater (32-bit)->SystemUpdateKb70007 immer um die 38% an CPU Leistung. Anfangs dachte ich, dass wäre von Windows, aber mittlerweile glaube ich, gehört das auch zu der Geschichte dazu. Ich hab es mal einfach im Task Manager geschlossen und jetzt auch nach mehrmaligen Neustarten hat es sich nicht wieder geöffnet. Also wäre jetzt eigentlich alles gelöst. Kann ich jetzt diese Fixlist vom Desktop löschen oder muss die dableiben? Und was genau hast du damit bewirkt? So wie ich das lese wurde durch diese Fixlist der Registry Eintrag von diesem Posadi17 gelöscht richtig? |
|
20.05.2014, 11:58
| #10 |
| /// the machine /// TB-Ausbilder | Posadi17.com/ lässt sich nicht entfernen Poste mal bitte ein frisches Frst Log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.05.2014, 21:42
| #11 |
| | Posadi17.com/ lässt sich nicht entfernenFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Björn (administrator) on SERGEANT on 20-05-2014 22:36:35
Running from E:\
Platform: Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
() C:\ProgramData\DataCardService\HWDeviceService64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(6 Wunderkinder GmbH) C:\Program Files (x86)\Wunderlist2\Wunderlist.exe
(Spotify Ltd) C:\Users\Björn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-10-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-10-08] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285680 2013-03-05] (Intel Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\Run: [Wunderlist] => C:\Program Files (x86)\Wunderlist2\Wunderlist.exe [13021792 2013-12-02] (6 Wunderkinder GmbH)
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\Run: [Spotify Web Helper] => C:\Users\Björn\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-02-23] (Spotify Ltd)
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\MountPoints2: {113cd972-3404-11e3-be7b-70188b2e6122} - "G:\AutoRun.exe"
HKU\S-1-5-21-1316370417-1465485672-2193434078-1001\...\MountPoints2: {f5500f4c-31cd-11e3-be78-70188b2e6122} - "G:\AutoRun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {E17AA11D-ECB4-4203-A2D2-0B3B17498E82} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^man000^YYA^&ptb=F5EF3DAD-FE2D-4139-8051-057392F8CDEB&ind=2014050714&n=780bf99a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {E17AA11D-ECB4-4203-A2D2-0B3B17498E82} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
==================== Services (Whitelisted) =================
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2013-06-25] (Atheros Commnucations)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2723400 2014-03-25] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-29] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-20] (Intel Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [657504 2012-11-01] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [506880 2013-05-03] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-10-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
S2 SystemUpdatekb70007; C:\WINDOWS\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 wifimansvc; C:\Program Files (x86)\Mobile Partner\eap\wifimansvc.exe [605696 2012-11-10] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 akw8x64; C:\Windows\system32\DRIVERS\akw8x64.sys [3800272 2013-05-03] (Qualcomm Atheros, Inc.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-05-03] (Qualcomm Atheros, Inc.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-05-18] (G Data Software AG)
R3 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [22016 2014-05-18] (G Data Software AG)
R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [135168 2014-05-18] (G Data Software AG)
R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [71168 2014-05-18] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [67584 2014-05-18] (G Data Software AG)
R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [106272 2014-05-18] (G Data Software)
R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [65024 2014-05-18] (G Data Software AG)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-29] (Intel Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.)
S3 NPF; C:\Windows\SysWOW64\drivers\NPF.sys [35344 2012-09-22] (CACE Technologies, Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 RL_DJIFIE2_MIDI; C:\Windows\system32\drivers\rldjif2m.sys [41168 2013-01-10] (Ploytec GmbH)
S3 RL_DJIFIE2_USB; C:\Windows\System32\Drivers\rldjif2u.sys [446160 2013-01-10] (Ploytec GmbH)
S3 RL_DJIFIE2_WDM; C:\Windows\system32\drivers\rldjif2a.sys [54992 2013-01-10] (Ploytec GmbH)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [71832 2012-07-14] (STMicroelectronics)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-19 17:13 - 2014-05-19 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-19 17:12 - 2014-05-19 17:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-19 17:12 - 2014-05-19 17:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-18 22:22 - 2014-05-18 22:22 - 00000000 ____D () C:\Users\Björn\AppData\Local\Macromedia
2014-05-18 22:21 - 2014-05-18 22:21 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Mozilla
2014-05-18 22:20 - 2014-05-18 22:20 - 00001142 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
2014-05-18 22:20 - 2014-05-18 22:20 - 00001130 _____ () C:\Users\Public\Desktop\Pale Moon.lnk
2014-05-18 22:20 - 2014-05-18 22:20 - 00000000 ____D () C:\Program Files (x86)\Pale Moon
2014-05-18 21:27 - 2014-05-18 21:27 - 00001022 _____ () C:\Users\Public\Desktop\SRWare Iron.lnk
2014-05-18 21:27 - 2014-05-18 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2014-05-18 20:38 - 2014-04-18 11:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-05-18 20:38 - 2014-04-14 11:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-05-18 20:38 - 2014-04-14 10:01 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-05-18 20:38 - 2014-04-11 06:51 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-05-18 20:38 - 2014-04-11 06:23 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-05-18 20:38 - 2014-04-11 05:30 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-05-18 20:38 - 2014-04-09 08:39 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-05-18 20:38 - 2014-04-09 07:44 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-05-18 20:38 - 2014-04-09 05:33 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-05-18 20:38 - 2014-04-06 18:32 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-05-18 20:38 - 2014-04-06 18:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-05-18 20:38 - 2014-04-06 18:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-05-18 20:38 - 2014-04-06 17:23 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-05-18 20:38 - 2014-04-06 17:16 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-05-18 20:38 - 2014-04-06 14:33 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-05-18 20:38 - 2014-04-06 14:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-05-18 20:38 - 2014-04-06 13:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-05-18 20:38 - 2014-04-03 04:23 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2014-05-18 20:38 - 2014-04-03 04:22 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-05-18 20:38 - 2014-03-27 08:16 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-05-18 20:38 - 2014-03-27 07:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-05-18 20:38 - 2014-03-27 06:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2014-05-18 20:38 - 2014-03-27 05:46 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-05-18 20:38 - 2014-03-27 05:10 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-05-18 20:38 - 2014-03-19 10:15 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-05-18 20:38 - 2014-03-19 09:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-05-18 20:38 - 2014-03-19 09:17 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-05-18 20:38 - 2014-03-18 10:19 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-05-18 20:37 - 2014-04-18 16:57 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-05-18 20:37 - 2014-04-18 16:44 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-05-18 20:37 - 2014-04-18 15:29 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-05-18 20:37 - 2014-04-18 11:32 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-18 20:37 - 2014-04-18 10:58 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-18 20:37 - 2014-04-18 10:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-05-18 20:37 - 2014-04-18 10:21 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-05-18 20:37 - 2014-04-18 10:09 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-05-18 20:37 - 2014-04-18 09:51 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-05-18 20:37 - 2014-04-18 09:49 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-05-18 20:37 - 2014-04-11 08:13 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-05-18 20:37 - 2014-04-09 13:53 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-05-18 20:37 - 2014-04-09 06:35 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-05-18 20:37 - 2014-04-08 04:01 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-05-18 20:37 - 2014-04-06 18:34 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-05-18 20:37 - 2014-04-06 18:34 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-05-18 20:37 - 2014-04-06 18:31 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-18 20:37 - 2014-04-06 18:30 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-05-18 20:37 - 2014-04-06 18:24 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-05-18 20:37 - 2014-04-06 18:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-05-18 20:37 - 2014-04-06 18:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-05-18 20:37 - 2014-04-06 18:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-05-18 20:37 - 2014-04-06 18:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-05-18 20:37 - 2014-04-06 18:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-05-18 20:37 - 2014-04-06 18:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-05-18 20:37 - 2014-04-06 18:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-05-18 20:37 - 2014-04-06 18:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-05-18 20:37 - 2014-04-06 18:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-05-18 20:37 - 2014-04-06 18:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-05-18 20:37 - 2014-04-06 18:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-05-18 20:37 - 2014-04-06 17:22 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-18 20:37 - 2014-04-06 17:22 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2014-05-18 20:37 - 2014-04-06 17:16 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-05-18 20:37 - 2014-04-06 17:16 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-05-18 20:37 - 2014-04-06 17:16 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-05-18 20:37 - 2014-04-06 17:16 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-05-18 20:37 - 2014-04-06 17:16 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-05-18 20:37 - 2014-04-06 17:16 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-05-18 20:37 - 2014-04-06 17:16 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-05-18 20:37 - 2014-04-06 17:16 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-05-18 20:37 - 2014-04-06 16:10 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-05-18 20:37 - 2014-04-06 14:58 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-05-18 20:37 - 2014-04-06 14:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-05-18 20:37 - 2014-04-06 14:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-05-18 20:37 - 2014-04-06 13:55 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-05-18 20:37 - 2014-04-06 13:54 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-05-18 20:37 - 2014-04-06 13:26 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-05-18 20:37 - 2014-04-06 13:01 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-05-18 20:37 - 2014-04-06 12:52 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-05-18 20:37 - 2014-04-06 12:51 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-05-18 20:37 - 2014-04-06 12:37 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-05-18 20:37 - 2014-04-06 12:36 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-05-18 20:37 - 2014-04-06 12:05 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-05-18 20:37 - 2014-04-06 11:59 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-05-18 20:37 - 2014-04-03 10:12 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-05-18 20:37 - 2014-04-03 10:12 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-05-18 20:37 - 2014-04-03 10:12 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-05-18 20:37 - 2014-04-03 06:03 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-05-18 20:37 - 2014-04-03 06:03 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2014-05-18 20:37 - 2014-04-03 05:53 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-05-18 20:37 - 2014-04-03 04:53 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-05-18 20:37 - 2014-04-03 04:53 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-05-18 20:37 - 2014-04-03 04:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-05-18 20:37 - 2014-04-03 04:23 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-05-18 20:37 - 2014-04-03 04:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-05-18 20:37 - 2014-04-03 04:22 - 03359744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-05-18 20:37 - 2014-04-01 08:23 - 00384856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-05-18 20:37 - 2014-03-31 07:42 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-05-18 20:37 - 2014-03-31 07:35 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-05-18 20:37 - 2014-03-31 07:35 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-05-18 20:37 - 2014-03-31 02:41 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-05-18 20:37 - 2014-03-31 02:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-05-18 20:37 - 2014-03-31 01:43 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-05-18 20:37 - 2014-03-31 00:54 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-05-18 20:37 - 2014-03-31 00:49 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-05-18 20:37 - 2014-03-31 00:35 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-05-18 20:37 - 2014-03-31 00:11 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-05-18 20:37 - 2014-03-30 23:47 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-05-18 20:37 - 2014-03-28 17:58 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-05-18 20:37 - 2014-03-27 06:59 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-05-18 20:37 - 2014-03-27 06:19 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-05-18 20:37 - 2014-03-27 05:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-05-18 20:37 - 2014-03-25 00:58 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-05-18 20:37 - 2014-03-20 05:48 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-05-18 20:37 - 2014-03-20 02:44 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-05-18 20:37 - 2014-03-20 01:33 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-05-18 20:37 - 2014-03-19 10:07 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-05-18 20:37 - 2014-03-19 08:36 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-05-18 20:37 - 2014-03-19 07:56 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-05-18 20:37 - 2014-03-19 07:45 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-05-18 20:37 - 2014-03-19 07:19 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-05-18 20:37 - 2014-03-19 07:07 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-05-18 20:37 - 2014-03-19 07:02 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-05-18 20:37 - 2014-03-19 07:00 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-05-18 20:37 - 2014-03-19 06:51 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-05-18 20:37 - 2014-03-19 06:31 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-05-18 20:37 - 2014-03-19 06:18 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-05-18 20:37 - 2014-03-18 07:00 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-05-18 20:37 - 2014-03-18 06:52 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-05-18 20:37 - 2014-03-17 07:09 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-05-18 20:37 - 2014-03-17 06:11 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-05-18 20:37 - 2014-03-17 05:01 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-05-18 20:37 - 2014-03-17 04:47 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-05-18 20:37 - 2014-03-17 04:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-05-18 20:37 - 2014-03-14 08:26 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-05-18 20:37 - 2014-03-14 08:10 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2014-05-18 20:37 - 2014-03-06 14:42 - 00310616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-05-18 20:24 - 2014-05-18 20:24 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-05-18 02:44 - 2014-05-18 02:44 - 00106272 _____ (G Data Software) C:\WINDOWS\system32\Drivers\GRD.sys
2014-05-18 02:37 - 2014-05-18 02:37 - 00071168 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\PktIcpt.sys
2014-05-18 02:37 - 2014-05-18 02:37 - 00022016 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDKBFlt64.sys
2014-05-18 02:37 - 2014-05-18 02:37 - 00002076 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-05-18 02:37 - 2014-05-18 02:37 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2014-05-18 02:37 - 2014-05-18 02:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-05-18 02:36 - 2014-05-18 02:36 - 00135168 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\MiniIcpt.sys
2014-05-18 02:36 - 2014-05-18 02:36 - 00067584 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\gdwfpcd64.sys
2014-05-18 02:36 - 2014-05-18 02:36 - 00065024 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\HookCentre.sys
2014-05-18 02:36 - 2014-05-18 02:36 - 00057344 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDBehave.sys
2014-05-18 02:36 - 2014-05-18 02:36 - 00000779 _____ () C:\Users\Björn\AppData\Roaming\gdscan.log
2014-05-18 02:36 - 2014-05-18 02:36 - 00000000 _____ () C:\Users\Björn\AppData\Roaming\gdfw.log
2014-05-18 02:33 - 2014-05-18 02:33 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-05-18 02:32 - 2014-05-18 20:14 - 00000000 ____D () C:\ProgramData\G Data
2014-05-18 01:02 - 2014-05-18 01:02 - 00001554 _____ () C:\Users\Björn\Desktop\Cloud Downloader.lnk
2014-05-18 00:25 - 2014-05-19 23:30 - 00000000 ____D () C:\Program Files (x86)\ChrisPC Free VideoTube Downloader
2014-05-18 00:25 - 2014-05-18 00:25 - 00000000 ____D () C:\Program Files (x86)\FFMPEG Addon
2014-05-18 00:14 - 2014-05-18 00:14 - 00000296 _____ () C:\Users\Björn\Desktop\Fixlist.txt
2014-05-15 18:32 - 2014-05-15 18:32 - 00001458 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-05-15 18:32 - 2014-05-15 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-15 18:32 - 2014-05-15 18:32 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-05-15 18:31 - 2014-05-15 18:32 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\DVDVideoSoft
2014-05-15 18:29 - 2014-05-15 18:29 - 00000000 ____D () C:\Program Files (x86)\GreenTree Applications
2014-05-15 18:25 - 2014-05-15 18:25 - 00000000 ____D () C:\Users\Björn\aTubeCatcher
2014-05-15 13:02 - 2014-05-15 12:37 - 01016261 _____ (Thisisu) C:\Users\Björn\Desktop\JRT.exe
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-14 23:01 - 2014-05-20 22:36 - 00000000 ____D () C:\FRST
2014-05-14 22:49 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-14 22:49 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 22:20 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 22:20 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 22:20 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 22:20 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 22:20 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 22:20 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 22:20 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 22:20 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 22:20 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 22:18 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 22:18 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 22:18 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 22:18 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 22:18 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 22:18 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 22:18 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 22:18 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 22:18 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 22:18 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 22:18 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 22:18 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 22:18 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 22:18 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 22:18 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 22:18 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 22:18 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 22:18 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 22:18 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 22:18 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 22:18 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 22:18 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 22:18 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 22:18 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 22:18 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 22:18 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 22:18 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 22:18 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 22:18 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 22:13 - 2014-05-14 22:13 - 00259584 _____ (OldTimer Tools) C:\Users\Björn\Desktop\OTH.scr
2014-05-14 20:05 - 2014-05-14 20:05 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\ESET
2014-05-14 20:05 - 2014-05-14 20:05 - 00000000 ____D () C:\Users\Björn\AppData\Local\ESET
2014-05-14 08:25 - 2014-01-19 09:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-05-14 01:43 - 2014-05-14 01:43 - 00001034 _____ () C:\Users\Björn\Desktop\herdProtectScan.lnk
2014-05-13 22:38 - 2014-05-13 22:38 - 00286528 _____ () C:\WINDOWS\Minidump\051314-24281-01.dmp
2014-05-13 22:34 - 2014-05-13 22:38 - 592643159 _____ () C:\WINDOWS\MEMORY.DMP
2014-05-13 22:34 - 2014-05-13 22:35 - 00286528 _____ () C:\WINDOWS\Minidump\051314-36093-01.dmp
2014-05-13 22:29 - 2014-05-13 22:29 - 00000000 ____D () C:\WINDOWS\usb-audio.deRLDJIF2
2014-05-13 22:29 - 2013-01-10 19:10 - 00446160 _____ (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjif2u.sys
2014-05-13 22:29 - 2013-01-10 19:10 - 00054992 _____ (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjif2a.sys
2014-05-13 22:29 - 2013-01-10 19:10 - 00041168 _____ (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjif2m.sys
2014-05-13 21:28 - 2010-04-29 17:56 - 00402496 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldj2meu.sys
2014-05-13 21:28 - 2010-04-29 17:56 - 00050240 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldj2mea.sys
2014-05-13 21:28 - 2010-04-29 17:56 - 00031296 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldj2mem.sys
2014-05-13 20:45 - 2009-10-30 13:44 - 00460864 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjifu.sys
2014-05-13 20:45 - 2009-10-30 13:44 - 00049728 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjifa.sys
2014-05-13 20:45 - 2009-10-30 13:44 - 00036416 ____N (Ploytec GmbH) C:\WINDOWS\system32\Drivers\rldjifm.sys
2014-05-13 16:32 - 2014-05-13 16:32 - 00000000 ____D () C:\Program Files\Reason
2014-05-13 16:04 - 2014-05-13 16:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-13 15:59 - 2014-05-13 15:59 - 00000000 ____D () C:\Users\Björn\Desktop\Old Pale Moon Data
2014-05-13 15:42 - 2014-05-15 12:28 - 00000000 ____D () C:\AdwCleaner
2014-05-13 14:59 - 2014-05-14 23:23 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-13 14:58 - 2014-05-14 22:22 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-13 14:58 - 2014-05-14 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-13 14:58 - 2014-05-14 22:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-13 14:58 - 2014-05-13 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-13 14:58 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-13 14:58 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-13 14:58 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-12 01:04 - 2014-05-12 01:05 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-12 00:53 - 2014-05-13 15:32 - 00000000 ____D () C:\Users\Björn\AppData\Local\17483
2014-05-12 00:53 - 2014-05-12 00:53 - 00000415 _____ () C:\Users\Björn\AppData\Roaming\WinInstallFlashLog.ini
2014-05-11 23:50 - 2014-05-13 22:24 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-05-11 23:50 - 2014-05-13 22:24 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-05-11 22:37 - 2014-05-16 22:51 - 00051400 _____ () C:\WINDOWS\PFRO.log
2014-05-11 21:18 - 2014-05-11 21:18 - 00001008 _____ () C:\Users\Public\Desktop\Traktor.lnk
2014-05-11 21:18 - 2014-05-11 21:18 - 00000000 __HDC () C:\ProgramData\{2ED18044-7049-4E7A-A58D-4017348FCDB7}
2014-05-11 21:17 - 2014-05-18 02:35 - 00023160 _____ () C:\WINDOWS\DPINST.LOG
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 __HDC () C:\ProgramData\{A215474F-E448-48A8-97F1-14D1C09A4235}
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 __HDC () C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718}
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\Program Files\Native Instruments
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\Program Files (x86)\Native Instruments
2014-05-11 16:25 - 2014-05-18 02:37 - 00002565 _____ () C:\WINDOWS\setupact.log
2014-05-11 16:25 - 2014-05-11 16:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-11 15:19 - 2014-05-11 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-05-11 15:00 - 2014-05-11 15:00 - 00000861 _____ () C:\Users\Björn\Desktop\µTorrent.lnk
2014-05-11 14:59 - 2014-05-11 22:36 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\uTorrent
2014-05-10 02:08 - 2014-05-20 22:12 - 01592440 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-02 17:34 - 2014-05-02 17:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 17:34 - 2014-05-02 17:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-24 21:38 - 2014-04-24 21:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe
2014-04-21 16:08 - 2014-04-21 16:08 - 00035352 _____ (Connectify) C:\WINDOWS\system32\Drivers\cnnctfy3.sys
==================== One Month Modified Files and Folders =======
2014-05-20 22:36 - 2014-05-14 23:01 - 00000000 ____D () C:\FRST
2014-05-20 22:29 - 2013-09-21 01:17 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\KeePass
2014-05-20 22:12 - 2014-05-10 02:08 - 01592440 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-20 22:04 - 2013-09-12 21:53 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-05-20 22:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-20 21:59 - 2014-03-04 15:12 - 00000000 __RDO () C:\Users\Björn\SkyDrive
2014-05-20 21:59 - 2013-09-21 02:14 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-20 15:53 - 2013-10-18 17:48 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Spotify
2014-05-20 14:06 - 2013-10-18 17:48 - 00000000 ____D () C:\Users\Björn\AppData\Local\Spotify
2014-05-20 08:46 - 2013-09-30 06:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-20 08:46 - 2013-09-30 05:56 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-05-20 08:46 - 2013-09-30 05:56 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-05-19 23:43 - 2013-09-20 17:08 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1316370417-1465485672-2193434078-1001
2014-05-19 23:30 - 2014-05-18 00:25 - 00000000 ____D () C:\Program Files (x86)\ChrisPC Free VideoTube Downloader
2014-05-19 17:13 - 2014-05-19 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-19 17:12 - 2014-05-19 17:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-19 17:12 - 2014-05-19 17:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-18 22:22 - 2014-05-18 22:22 - 00000000 ____D () C:\Users\Björn\AppData\Local\Macromedia
2014-05-18 22:21 - 2014-05-18 22:21 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Mozilla
2014-05-18 22:21 - 2013-09-21 00:04 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Moonchild Productions
2014-05-18 22:20 - 2014-05-18 22:20 - 00001142 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
2014-05-18 22:20 - 2014-05-18 22:20 - 00001130 _____ () C:\Users\Public\Desktop\Pale Moon.lnk
2014-05-18 22:20 - 2014-05-18 22:20 - 00000000 ____D () C:\Program Files (x86)\Pale Moon
2014-05-18 21:27 - 2014-05-18 21:27 - 00001022 _____ () C:\Users\Public\Desktop\SRWare Iron.lnk
2014-05-18 21:27 - 2014-05-18 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2014-05-18 21:27 - 2013-09-21 00:08 - 00000000 ____D () C:\Program Files (x86)\SRWare Iron
2014-05-18 21:12 - 2013-09-23 16:03 - 00000000 ___RD () C:\Users\Björn\Podcasts
2014-05-18 21:12 - 2013-09-20 14:54 - 00000000 ___RD () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-18 21:12 - 2013-09-20 14:54 - 00000000 ___RD () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 21:11 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-18 21:10 - 2013-08-22 16:44 - 05197968 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-18 21:09 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-18 21:07 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-18 21:07 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-05-18 21:07 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-05-18 21:06 - 2013-09-21 00:04 - 00000000 ____D () C:\Program Files\Pale Moon
2014-05-18 20:24 - 2014-05-18 20:24 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-05-18 20:14 - 2014-05-18 02:32 - 00000000 ____D () C:\ProgramData\G Data
2014-05-18 02:44 - 2014-05-18 02:44 - 00106272 _____ (G Data Software) C:\WINDOWS\system32\Drivers\GRD.sys
2014-05-18 02:37 - 2014-05-18 02:37 - 00071168 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\PktIcpt.sys
2014-05-18 02:37 - 2014-05-18 02:37 - 00022016 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDKBFlt64.sys
2014-05-18 02:37 - 2014-05-18 02:37 - 00002076 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-05-18 02:37 - 2014-05-18 02:37 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2014-05-18 02:37 - 2014-05-18 02:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-05-18 02:37 - 2014-05-11 16:25 - 00002565 _____ () C:\WINDOWS\setupact.log
2014-05-18 02:36 - 2014-05-18 02:36 - 00135168 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\MiniIcpt.sys
2014-05-18 02:36 - 2014-05-18 02:36 - 00067584 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\gdwfpcd64.sys
2014-05-18 02:36 - 2014-05-18 02:36 - 00065024 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\HookCentre.sys
2014-05-18 02:36 - 2014-05-18 02:36 - 00057344 _____ (G Data Software AG) C:\WINDOWS\system32\Drivers\GDBehave.sys
2014-05-18 02:36 - 2014-05-18 02:36 - 00000779 _____ () C:\Users\Björn\AppData\Roaming\gdscan.log
2014-05-18 02:36 - 2014-05-18 02:36 - 00000000 _____ () C:\Users\Björn\AppData\Roaming\gdfw.log
2014-05-18 02:35 - 2014-05-11 21:17 - 00023160 _____ () C:\WINDOWS\DPINST.LOG
2014-05-18 02:33 - 2014-05-18 02:33 - 00000000 ____D () C:\Program Files (x86)\G Data
2014-05-18 02:16 - 2013-10-23 00:19 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Mp3tag
2014-05-18 01:02 - 2014-05-18 01:02 - 00001554 _____ () C:\Users\Björn\Desktop\Cloud Downloader.lnk
2014-05-18 00:25 - 2014-05-18 00:25 - 00000000 ____D () C:\Program Files (x86)\FFMPEG Addon
2014-05-18 00:14 - 2014-05-18 00:14 - 00000296 _____ () C:\Users\Björn\Desktop\Fixlist.txt
2014-05-16 22:51 - 2014-05-11 22:37 - 00051400 _____ () C:\WINDOWS\PFRO.log
2014-05-15 18:32 - 2014-05-15 18:32 - 00001458 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-05-15 18:32 - 2014-05-15 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-15 18:32 - 2014-05-15 18:32 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-05-15 18:32 - 2014-05-15 18:31 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\DVDVideoSoft
2014-05-15 18:29 - 2014-05-15 18:29 - 00000000 ____D () C:\Program Files (x86)\GreenTree Applications
2014-05-15 18:25 - 2014-05-15 18:25 - 00000000 ____D () C:\Users\Björn\aTubeCatcher
2014-05-15 18:25 - 2013-10-18 03:25 - 00000000 ____D () C:\Users\Björn
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-15 12:37 - 2014-05-15 13:02 - 01016261 _____ (Thisisu) C:\Users\Björn\Desktop\JRT.exe
2014-05-15 12:28 - 2014-05-13 15:42 - 00000000 ____D () C:\AdwCleaner
2014-05-14 23:23 - 2014-05-13 14:59 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-14 22:46 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 22:40 - 2013-10-22 16:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 22:36 - 2013-09-20 23:58 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 22:34 - 2013-09-20 23:58 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-14 22:22 - 2014-05-13 14:58 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 22:22 - 2014-05-13 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-14 22:22 - 2014-05-13 14:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-14 22:13 - 2014-05-14 22:13 - 00259584 _____ (OldTimer Tools) C:\Users\Björn\Desktop\OTH.scr
2014-05-14 20:05 - 2014-05-14 20:05 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\ESET
2014-05-14 20:05 - 2014-05-14 20:05 - 00000000 ____D () C:\Users\Björn\AppData\Local\ESET
2014-05-14 19:56 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-05-14 19:55 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-14 08:31 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-14 08:20 - 2013-09-12 21:58 - 00000000 ____D () C:\ProgramData\McAfee
2014-05-14 08:15 - 2012-07-26 07:37 - 00000000 ____D () C:\Users\Default.migrated
2014-05-14 01:43 - 2014-05-14 01:43 - 00001034 _____ () C:\Users\Björn\Desktop\herdProtectScan.lnk
2014-05-14 01:03 - 2013-09-21 01:16 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-05-14 01:03 - 2013-09-21 01:16 - 00001123 _____ () C:\Users\Björn\Desktop\KeePass 2.lnk
2014-05-14 01:03 - 2013-09-21 01:16 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-05-13 22:38 - 2014-05-13 22:38 - 00286528 _____ () C:\WINDOWS\Minidump\051314-24281-01.dmp
2014-05-13 22:38 - 2014-05-13 22:34 - 592643159 _____ () C:\WINDOWS\MEMORY.DMP
2014-05-13 22:38 - 2013-11-25 11:29 - 00000000 ____D () C:\WINDOWS\Minidump
2014-05-13 22:35 - 2014-05-13 22:34 - 00286528 _____ () C:\WINDOWS\Minidump\051314-36093-01.dmp
2014-05-13 22:29 - 2014-05-13 22:29 - 00000000 ____D () C:\WINDOWS\usb-audio.deRLDJIF2
2014-05-13 22:24 - 2014-05-11 23:50 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-05-13 22:24 - 2014-05-11 23:50 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-05-13 20:59 - 2013-09-21 02:14 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-13 16:32 - 2014-05-13 16:32 - 00000000 ____D () C:\Program Files\Reason
2014-05-13 16:04 - 2014-05-13 16:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-13 15:59 - 2014-05-13 15:59 - 00000000 ____D () C:\Users\Björn\Desktop\Old Pale Moon Data
2014-05-13 15:43 - 2013-10-18 08:28 - 00001009 _____ () C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-13 15:32 - 2014-05-12 00:53 - 00000000 ____D () C:\Users\Björn\AppData\Local\17483
2014-05-13 14:58 - 2014-05-13 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-12 01:05 - 2014-05-12 01:04 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-12 00:53 - 2014-05-12 00:53 - 00000415 _____ () C:\Users\Björn\AppData\Roaming\WinInstallFlashLog.ini
2014-05-11 22:36 - 2014-05-11 14:59 - 00000000 ____D () C:\Users\Björn\AppData\Roaming\uTorrent
2014-05-11 21:18 - 2014-05-11 21:18 - 00001008 _____ () C:\Users\Public\Desktop\Traktor.lnk
2014-05-11 21:18 - 2014-05-11 21:18 - 00000000 __HDC () C:\ProgramData\{2ED18044-7049-4E7A-A58D-4017348FCDB7}
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 __HDC () C:\ProgramData\{A215474F-E448-48A8-97F1-14D1C09A4235}
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 __HDC () C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718}
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\Program Files\Native Instruments
2014-05-11 21:17 - 2014-05-11 21:17 - 00000000 ____D () C:\Program Files (x86)\Native Instruments
2014-05-11 21:17 - 2013-09-23 13:31 - 00000000 ____D () C:\ProgramData\Native Instruments
2014-05-11 16:25 - 2014-05-11 16:25 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-11 15:19 - 2014-05-11 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-05-11 15:19 - 2013-10-23 00:19 - 00000997 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-05-11 15:19 - 2013-10-23 00:19 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-05-11 15:00 - 2014-05-11 15:00 - 00000861 _____ () C:\Users\Björn\Desktop\µTorrent.lnk
2014-05-10 11:08 - 2013-09-21 01:40 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-05-06 06:40 - 2014-05-14 22:18 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-14 22:18 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-14 22:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 22:18 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-03 10:01 - 2013-11-25 19:18 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-02 17:34 - 2014-05-02 17:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 17:34 - 2014-05-02 17:34 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 22:30 - 2014-05-14 22:49 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2014-05-14 22:49 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 20:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-04-24 21:38 - 2014-04-24 21:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe
2014-04-21 21:14 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-04-21 16:08 - 2014-04-21 16:08 - 00035352 _____ (Connectify) C:\WINDOWS\system32\Drivers\cnnctfy3.sys
Some content of TEMP:
====================
C:\Users\Björn\AppData\Local\Temp\InstHelper.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2014-05-18 20:37] - [2014-03-28 17:58] - 0407016 ____A (Microsoft Corporation) 067CB90C277DB4A737D5DEABA3055972
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-05-18 20:37] - [2014-03-06 14:42] - 0310616 ____A (Microsoft Corporation) 4BB9BC49DEE1A319EC58274A7BBED663
LastRegBack: 2014-05-18 23:28
==================== End Of Log ============================
Jetzt läuft eigentlich alles rund. Ich hab den Prozess mal beendet und er hat sich seit den vergangenen Tagen auch nicht mehr gemeldet  Kann ich diese Fixlist auf dem Desktop jetzt löschen oder muss die dableiben? Mit diesem Fix haben wir jetzt am Ende den Registry-Eintrag gelöscht, der diesen posadi17 gestartet hat, oder? Warum hat eigentlich kein einziges Virensystem den erkannt? |
|
21.05.2014, 10:43
| #12 |
| /// the machine /// TB-Ausbilder | Posadi17.com/ lässt sich nicht entfernen Genau. Die erkennen das nicht weil es ziemlich neu ist und sich stündlich ändert. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [657504 2012-11-01] ()
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.05.2014, 20:04
| #13 |
| | Posadi17.com/ lässt sich nicht entfernenCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
Ran by Björn at 2014-05-21 20:54:00 Run:2
Running from E:\
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [657504 2012-11-01] ()
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
Mobile Partner. RunOuc => Service deleted successfully.
==== End of Fixlog ====
 |
|
22.05.2014, 13:25
| #14 |
| /// the machine /// TB-Ausbilder | Posadi17.com/ lässt sich nicht entfernen Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.05.2014, 22:32
| #15 |
| | Posadi17.com/ lässt sich nicht entfernen Für die Hilfe geb ich auch eine kleine Spende  |
|
| Themen zu Posadi17.com/ lässt sich nicht entfernen |
| association, browser, canon, desktop, entfernen, error, excel, flash player, home, iexplore.exe, inetstat, internet, internet explorer, junkware, kaspersky, mozilla, mp3, posadi17, programm, prozesse, realtek, registry, remotecomputer, rundll, security, services.exe, software, spotify web helper, svchost.exe, task manager, taskmanager, tracker, usb, virus, werbung, windows, windowsapps |
Linear-Darstellung
