| |
| |||||||
Log-Analyse und Auswertung: Virus oder MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.07.2014, 13:16
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Virus oder Malware AVG findet Viren schreibst, postest mir aber jetzt ein Logfile von Malwarebytes? 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.07.2014, 18:12
| #17 |
 | Virus oder Malware Hey, war kurzfristig im Urlaub sry..
__________________Ich finde die Logfiles leider nicht und das Internet kann mir dazu auch nichts bieten grade. |
|
15.07.2014, 23:42
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus oder Malware Aha. Hättest du denn mal die Güte zu erläutern was noch an Problemen offen wär?
__________________Irgendwelche Virenfunde? Keine? Oder doch welche?
__________________ |
|
16.07.2014, 12:37
| #19 |
| | Virus oder Malware Ja gestern wurde noch ein Virus gefunden DataManager. Hab ihn sofort gelöscht. Das komische ich habe keine Logfiles von irgendwelchen Viren die gefunden wurden. Ich vermute auch weitere undbemerkte viren auf meinem Rechner. http://www.trojaner-board.de/137341-...-firewall.html Dies war mein Problem einige Jahre zuvor vllt kannst du ein zusammenhang erkennen oder auch nicht. |
|
16.07.2014, 12:49
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus oder Malware Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.07.2014, 16:39
| #21 |
| | Virus oder MalwareCode:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mr.Smith on 16.07.2014 at 17:19:49,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskToolbarNRO3_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskToolbarNRO3_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskToolbarNRO3_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskToolbarNRO3_RASMANCS
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.07.2014 at 17:25:54,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v3.215 - Bericht erstellt am 16/07/2014 um 15:33:17
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Mr.Smith - JOHAN-HP
# Gestartet von : C:\Users\Johan\Desktop\adwcleaner_3.215.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : SystemStoreService
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\hotspot shield
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\fbwuser\AppData\Local\torch
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\Johan\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\Johan\AppData\Local\Software_Updater
Ordner Gelöscht : C:\Users\Johan\AppData\Local\SoftwareUpdater
Ordner Gelöscht : C:\Users\Johan\AppData\Local\torch
Ordner Gelöscht : C:\Users\Johan\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Johan\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Johan\AppData\Roaming\hotspot shield
Ordner Gelöscht : C:\Users\Johan\AppData\Roaming\kuaiyong
Ordner Gelöscht : C:\Users\Mr.Smith\AppData\Local\SoftwareUpdater
Ordner Gelöscht : C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\staged\software@loadtubes.com
Datei Gelöscht : C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
Datei Gelöscht : C:\Users\Johan\AppData\Roaming\Mozilla\Firefox\Profiles\toolbar@ask.com\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater Ui
Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaabfjnbeinlpljodiajipidiompfl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\5ce8a8ae03ae512
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cinema-4d_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cinema-4d_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_absolute-uninstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_absolute-uninstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_arcsoft-webcam-companion[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_arcsoft-webcam-companion[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_cyberlink-youcam_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_cyberlink-youcam_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-flv-converter_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-flv-converter_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hamster-free-video-converter_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hamster-free-video-converter_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_jdownloader_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_jdownloader_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_jlcs-internet-tv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_jlcs-internet-tv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_meboy_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_meboy_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_reason_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_reason_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_revo-uninstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_revo-uninstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_river-past-video-cleaner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_river-past-video-cleaner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_truespace_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_truespace_RASMANCS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\GoforFiles
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Vittalia
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17207
*************************
AdwCleaner[R0].txt - [8195 octets] - [16/07/2014 14:50:05]
AdwCleaner[S0].txt - [7930 octets] - [16/07/2014 15:33:17]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [7990 octets] ##########
Code:
ATTFilter # AdwCleaner v3.215 - Bericht erstellt am 16/07/2014 um 16:22:23
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Mr.Smith - JOHAN-HP
# Gestartet von : C:\Users\Johan\Desktop\adwcleaner_3.215.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17207
*************************
AdwCleaner[R0].txt - [8195 octets] - [16/07/2014 14:50:05]
AdwCleaner[R1].txt - [797 octets] - [16/07/2014 16:08:50]
AdwCleaner[S0].txt - [8080 octets] - [16/07/2014 15:33:17]
AdwCleaner[S1].txt - [721 octets] - [16/07/2014 16:22:23]
########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [780 octets] ##########
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01 Ran by Mr.Smith (administrator) on JOHAN-HP on 16-07-2014 17:36:11 Running from C:\Users\Johan\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Akamai Technologies, Inc.) C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.213\deploy\LoLLauncher.exe (Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [DisableChangePassword] 0 HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2478615884-895137908-1883612811-1014\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2478615884-895137908-1883612811-1014\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () GroupPolicyUsers\S-1-5-21-2478615884-895137908-1883612811-1011\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQDSK/4 HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE10DEDE/WOL_WCP HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQDSK/4 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {12063E56-B000-4E34-AB0F-F240CEFB0419} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {68EC1921-C837-408A-8431-BB316D5AC3EA} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {68EC1921-C837-408A-8431-BB316D5AC3EA} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF SearchScopes: HKCU - {12063E56-B000-4E34-AB0F-F240CEFB0419} URL = BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: HKLM-x32 {8768D5EA-5412-4810-A032-09AD2A726C69} hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab DPF: HKLM-x32 {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} hxxp://dl.pmang.com/common/pmangctl/pmangax.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @pmang.com/npPMangFX - C:\Windows\system32\npPMangFX.dll No File FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Mr.Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-16] CHR Extension: (Google Drive) - C:\Users\Mr.Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-16] CHR Extension: (YouTube) - C:\Users\Mr.Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-16] CHR Extension: (Google-Suche) - C:\Users\Mr.Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-16] CHR Extension: (Google Wallet) - C:\Users\Mr.Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-16] CHR Extension: (Google Mail) - C:\Users\Mr.Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-16] CHR HKLM-x32\...\Chrome\Extension: [bjninacglmmmbabmlkaegnanopeoiong] - C:\Users\Johan\AppData\Local\CRE\bjninacglmmmbabmlkaegnanopeoiong.crx [2014-07-16] CHR HKLM-x32\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Johan\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2014-07-16] CHR HKLM-x32\...\Chrome\Extension: [mdomagjabmmppgcpbmkjojjkhonolopp] - C:\ProgramData\Download and Sa\mdomagjabmmppgcpbmkjojjkhonolopp.crx [2014-07-16] CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Johan\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [2014-07-16] CHR StartMenuInternet: Google Chrome - C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-04-07] (ArcSoft Inc.) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.) R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [281440 2012-06-26] (BullGuard Ltd.) S2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [199520 2012-06-05] (BullGuard Ltd.) R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [379744 2012-06-18] (BullGuard Ltd.) R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4159984 2010-12-08] (INCA Internet Co., Ltd.) [File not signed] R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-15] (PDF Complete Inc) S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X] S4 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X] ==================== Drivers (Whitelisted) ==================== S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 arcvad_ds2dhw; C:\Windows\System32\drivers\ArcVad.sys [27136 2008-10-28] (ArcSoft, Inc.) S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2011-06-11] () R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [66272 2012-07-03] (BullGuard Ltd.) U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.) R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-08-13] (AnchorFree Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2011-06-11] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-04] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed] S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation) S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation) S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation) S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation) S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation) S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation) S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation) S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-05-11] (Duplex Secure Ltd.) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [290376 2012-07-03] (BitDefender S.R.L.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 clwvd; system32\DRIVERS\clwvd.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 dump_wmimmc; \??\C:\Neowiz\Pmang\S4League\GameGuard\dump_wmimmc.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X] S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X] S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X] S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-16 17:36 - 2014-07-16 17:36 - 00000000 ____D () C:\Users\Johan\Desktop\FRST-OlderVersion 2014-07-16 17:27 - 2014-07-16 17:27 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\Google 2014-07-16 17:25 - 2014-07-16 17:25 - 00001156 _____ () C:\Users\Mr.Smith\Desktop\JRT.txt 2014-07-16 14:28 - 2014-07-16 16:22 - 00000000 ____D () C:\AdwCleaner 2014-07-16 14:25 - 2014-07-16 14:25 - 01016261 _____ (Thisisu) C:\Users\Johan\Desktop\JRT.exe 2014-07-16 14:23 - 2014-07-16 14:23 - 01348263 _____ () C:\Users\Johan\Desktop\adwcleaner_3.215.exe 2014-07-16 13:30 - 2014-07-16 13:30 - 00000902 _____ () C:\Users\Johan\Desktop\fghfghfgh.txt 2014-07-16 13:30 - 2014-07-16 13:30 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-16 13:26 - 2014-07-16 13:26 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk 2014-07-16 13:26 - 2014-07-16 13:26 - 00000000 ____D () C:\Riot Games 2014-07-16 13:26 - 2014-07-16 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2014-07-16 13:23 - 2014-07-16 17:37 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\PMB Files 2014-07-16 13:23 - 2014-07-16 13:23 - 00000000 ____D () C:\ProgramData\PMB Files 2014-07-16 13:17 - 2014-07-16 13:17 - 34888568 _____ (Riot Games) C:\Users\Johan\Desktop\LeagueofLegends_EUW_Installer_06_12_13.exe 2014-07-15 20:07 - 2014-07-15 20:07 - 00352395 _____ () C:\Users\Johan\Desktop\res_full.dmp 2014-07-15 14:29 - 2014-07-15 14:29 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\Apple 2014-07-15 01:31 - 2014-07-15 01:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johan\Desktop\revosetup95 (1).exe 2014-07-14 21:37 - 2014-07-14 21:38 - 72947382 _____ () C:\Users\Johan\Desktop\#HQ28.m4a 2014-07-14 15:16 - 2014-07-14 15:16 - 00000694 _____ () C:\Users\Johan\Desktop\antimalware14.07.txt 2014-07-13 18:44 - 2014-07-13 18:44 - 00001636 _____ () C:\Users\Public\Desktop\Combat Arms EU.lnk 2014-07-13 18:30 - 2014-07-13 18:30 - 00000000 ____D () C:\Nexon 2014-07-13 18:29 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-13 18:29 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-13 18:29 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-13 18:29 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-13 18:29 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-13 18:29 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-13 18:29 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-13 18:29 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-13 18:29 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-13 18:29 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-13 18:29 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-13 18:29 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-13 18:29 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-13 18:29 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-13 18:29 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-13 18:29 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-13 18:29 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-13 18:29 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-13 18:29 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-13 18:29 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-13 18:29 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-13 18:29 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-13 18:29 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-13 18:29 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-13 18:29 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-13 18:29 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-13 18:29 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-13 18:29 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-13 18:29 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-13 18:29 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-13 18:29 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-13 18:29 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-13 18:29 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-13 18:29 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-13 18:29 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-13 18:29 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-13 18:29 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-13 18:29 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-13 18:29 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-13 18:29 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-13 18:29 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-13 18:29 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-13 18:29 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-13 18:29 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-13 18:29 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-13 18:29 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-13 18:29 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-13 18:29 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-13 18:29 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-13 18:29 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-13 18:29 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-13 18:29 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-13 18:29 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-13 18:29 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-13 18:29 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-13 18:29 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-13 18:29 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-13 18:29 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-13 18:24 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-13 18:24 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-13 18:24 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-13 18:24 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-13 18:24 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-13 18:24 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-13 18:23 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-13 18:23 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-13 18:23 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-13 18:23 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-13 18:23 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-13 18:23 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-13 18:23 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-13 18:23 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-13 18:23 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-13 18:23 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-13 18:23 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-13 18:23 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-13 18:23 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-13 18:23 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-13 18:22 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-13 18:22 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-13 18:22 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-13 17:53 - 2014-07-13 18:27 - 2040242157 _____ (Nexon) C:\Users\Johan\Documents\Combatarms_eu.exe 2014-07-13 17:49 - 2014-07-13 17:51 - 00000000 ____D () C:\Users\Johan\AppData\Local\Akamai 2014-07-07 13:20 - 2014-07-07 13:20 - 00003710 _____ () C:\Users\Johan\Desktop\7.7.2014 malware scan.txt 2014-07-06 22:03 - 2014-07-06 22:03 - 00001622 _____ () C:\Users\Johan\Desktop\07_psyko_punkz_-_dreamer.aup 2014-07-06 22:03 - 2014-07-06 22:03 - 00000000 ____D () C:\Users\Johan\Desktop\07_psyko_punkz_-_dreamer_data 2014-07-06 21:57 - 2014-07-06 21:57 - 00527423 _____ ( ) C:\Users\Johan\Desktop\Lame_v3.99.3_for_Windows.exe 2014-07-06 21:18 - 2014-07-06 21:18 - 22180353 _____ (Audacity Team ) C:\Users\Johan\Desktop\audacity-win-2.0.5 (1).exe 2014-07-06 20:14 - 2014-07-06 20:14 - 00000000 ____D () C:\Users\Mr.Smith\Documents\Native Instruments 2014-07-06 16:20 - 2014-07-06 17:03 - 00000000 ____D () C:\Users\Johan\Documents\Native Instruments 2014-07-06 16:17 - 2014-07-15 14:49 - 00000000 ____D () C:\Program Files\Native Instruments 2014-07-06 16:17 - 2014-07-06 16:17 - 00000000 ____D () C:\Program Files\Common Files\Avid 2014-07-05 09:14 - 2014-07-16 16:24 - 00000728 _____ () C:\Windows\setupact.log 2014-07-05 09:14 - 2014-07-16 16:23 - 00005042 _____ () C:\Windows\PFRO.log 2014-07-04 22:42 - 2014-07-04 22:42 - 00000000 ____D () C:\OETemp 2014-07-04 16:19 - 2014-07-04 17:11 - 00033679 _____ () C:\Users\Johan\Desktop\Addition.txt 2014-07-04 15:27 - 2014-07-04 15:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-04 15:27 - 2014-07-04 15:27 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-04 15:27 - 2014-07-04 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-04 15:27 - 2014-07-04 15:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-04 15:27 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-04 15:27 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-04 15:27 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-04 15:14 - 2014-07-04 15:14 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\AVG2014 2014-07-04 15:14 - 2014-07-04 15:14 - 00000000 ____D () C:\Users\Johan\AppData\Local\Avg2014 2014-07-04 15:13 - 2014-07-04 15:13 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\AVG2014 2014-07-04 15:12 - 2014-07-04 15:12 - 00000947 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\TuneUp Software 2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-07-04 15:11 - 2014-07-15 01:53 - 00000000 ____D () C:\ProgramData\AVG2014 2014-07-04 15:11 - 2014-07-04 15:11 - 00000000 ___HD () C:\$AVG 2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-07-04 15:08 - 2014-07-16 13:15 - 00000000 ____D () C:\ProgramData\MFAData 2014-07-04 15:08 - 2014-07-04 15:13 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\Avg2014 2014-07-04 15:08 - 2014-07-04 15:08 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\MFAData 2014-07-04 14:19 - 2014-07-04 14:19 - 00000680 __RSH () C:\Users\Johan\ntuser.pol 2014-07-04 14:08 - 2014-07-04 14:09 - 00000680 __RSH () C:\Users\Mr.Smith\ntuser.pol 2014-07-04 13:51 - 2014-07-04 13:52 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\ArcSoft 2014-07-04 13:51 - 2014-07-04 13:51 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\ArcSoft 2014-07-04 13:15 - 2014-07-15 19:13 - 00001280 _____ () C:\Users\Mr.Smith\Desktop\Revo Uninstaller.lnk 2014-07-04 13:15 - 2014-07-15 19:13 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-07-04 13:15 - 2014-07-04 13:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johan\Desktop\revosetup95.exe 2014-07-03 17:33 - 2014-07-03 17:33 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\ATI 2014-07-03 17:33 - 2014-07-03 17:33 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\ATI 2014-07-03 17:32 - 2014-07-03 17:32 - 00001387 _____ () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\Apple Computer 2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\VirtualStore 2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\PDFC 2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 __SHD () C:\Users\Mr.Smith\AppData\Local\EmieUserList 2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 __SHD () C:\Users\Mr.Smith\AppData\Local\EmieSiteList 2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\Adobe 2014-07-03 16:43 - 2014-07-03 16:43 - 00098840 _____ () C:\Users\Mr.Smith\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-03 16:41 - 2014-07-15 19:17 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\CrashDumps 2014-07-03 16:40 - 2014-07-14 00:31 - 00000000 ____D () C:\Users\Mr.Smith 2014-07-03 16:40 - 2014-07-03 16:40 - 00000020 ___SH () C:\Users\Mr.Smith\ntuser.ini 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Vorlagen 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Startmenü 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Netzwerkumgebung 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Lokale Einstellungen 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Eigene Dateien 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Druckumgebung 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Documents\Eigene Musik 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Documents\Eigene Bilder 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Local\Verlauf 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Local\Anwendungsdaten 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Anwendungsdaten 2014-07-03 16:40 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-03 16:40 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-03 16:15 - 2014-07-03 16:16 - 00652353 _____ () C:\Users\Johan\Desktop\OTL+Extras 3.07.14.txt 2014-07-03 15:56 - 2014-07-03 15:57 - 00000000 ____D () C:\Windows\pss 2014-07-02 22:28 - 2014-07-02 22:44 - 00186014 _____ () C:\Users\Johan\Desktop\Trojaner Board.txt 2014-07-02 22:00 - 2014-07-16 17:36 - 00017084 _____ () C:\Users\Johan\Desktop\FRST.txt 2014-07-02 21:56 - 2014-07-16 17:36 - 02086912 _____ (Farbar) C:\Users\Johan\Desktop\FRST64.exe 2014-07-02 21:46 - 2014-07-03 16:12 - 00059458 _____ () C:\Users\Johan\Desktop\Extras.Txt 2014-07-02 21:45 - 2014-07-04 16:34 - 00119416 _____ () C:\Users\Johan\Desktop\OTL.Txt 2014-07-02 16:50 - 2014-07-02 16:50 - 00018976 _____ () C:\Users\Johan\Desktop\dds.txt 2014-07-02 16:50 - 2014-07-02 16:50 - 00005258 _____ () C:\Users\Johan\Desktop\attach.txt 2014-07-02 16:44 - 2014-07-02 16:44 - 00602112 _____ (OldTimer Tools) C:\Users\Johan\Desktop\OTL.exe 2014-07-02 16:43 - 2014-07-02 16:43 - 00688992 ____R (Swearware) C:\Users\Johan\Desktop\dds.scr 2014-07-02 00:16 - 2014-07-02 00:16 - 00001749 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iTunes 2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iPod 2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-07-02 00:16 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2014-07-01 12:57 - 2014-07-01 13:00 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\TS3Client 2014-06-30 16:13 - 2014-07-16 17:28 - 00000000 ____D () C:\Users\Johan\Desktop\Daten 2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieUserList 2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieSiteList 2014-06-29 01:57 - 2014-06-29 01:57 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\CrashDumps 2014-06-29 01:39 - 2014-06-29 01:39 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Win7codecs 2014-06-28 14:46 - 2014-06-28 14:46 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Apple 2014-06-28 14:41 - 2014-06-28 14:41 - 00098840 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-28 14:40 - 2014-06-28 14:41 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ArcSoft 2014-06-28 14:40 - 2014-06-28 14:40 - 00001387 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ATI 2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Apple Computer 2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Adobe 2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\PDFC 2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ATI 2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ArcSoft 2014-06-28 14:39 - 2014-06-28 14:39 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\VirtualStore 2014-06-28 14:37 - 2014-07-03 16:30 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345 2014-06-28 14:37 - 2014-06-28 14:37 - 00000020 ___SH () C:\Users\Mr.SmitchFuckof12345\ntuser.ini 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Vorlagen 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Startmenü 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Netzwerkumgebung 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Lokale Einstellungen 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Eigene Dateien 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Druckumgebung 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Musik 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Bilder 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Verlauf 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Anwendungsdaten 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Anwendungsdaten 2014-06-28 14:37 - 2012-05-28 13:15 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\Documents\Visual Studio 2010 2014-06-28 14:37 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-06-28 14:37 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-06-22 16:38 - 2014-06-22 16:38 - 00000000 ____D () C:\Program Files\VirtualDJ 2014-06-22 15:53 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-22 15:53 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-22 15:53 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-22 15:53 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-22 15:53 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-22 15:53 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-22 15:53 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-22 15:53 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-22 15:53 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-22 15:53 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-22 15:53 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-22 15:53 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00269080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys ==================== One Month Modified Files and Folders ======= 2014-07-16 17:37 - 2014-07-16 13:23 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\PMB Files 2014-07-16 17:37 - 2014-07-02 22:00 - 00017084 _____ () C:\Users\Johan\Desktop\FRST.txt 2014-07-16 17:36 - 2014-07-16 17:36 - 00000000 ____D () C:\Users\Johan\Desktop\FRST-OlderVersion 2014-07-16 17:36 - 2014-07-02 21:56 - 02086912 _____ (Farbar) C:\Users\Johan\Desktop\FRST64.exe 2014-07-16 17:36 - 2013-06-28 21:40 - 00000000 ____D () C:\FRST 2014-07-16 17:28 - 2014-06-30 16:13 - 00000000 ____D () C:\Users\Johan\Desktop\Daten 2014-07-16 17:27 - 2014-07-16 17:27 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\Google 2014-07-16 17:25 - 2014-07-16 17:25 - 00001156 _____ () C:\Users\Mr.Smith\Desktop\JRT.txt 2014-07-16 17:23 - 2011-02-24 21:32 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-16 17:17 - 2011-10-22 19:06 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA.job 2014-07-16 17:17 - 2011-02-24 21:32 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-16 16:53 - 2012-07-23 07:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-16 16:31 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-16 16:31 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-16 16:28 - 2011-02-21 21:24 - 02018626 _____ () C:\Windows\WindowsUpdate.log 2014-07-16 16:24 - 2014-07-05 09:14 - 00000728 _____ () C:\Windows\setupact.log 2014-07-16 16:24 - 2011-11-07 22:32 - 00065536 _____ () C:\Windows\system32\Ikeext.etl 2014-07-16 16:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-16 16:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-07-16 16:23 - 2014-07-05 09:14 - 00005042 _____ () C:\Windows\PFRO.log 2014-07-16 16:22 - 2014-07-16 14:28 - 00000000 ____D () C:\AdwCleaner 2014-07-16 14:25 - 2014-07-16 14:25 - 01016261 _____ (Thisisu) C:\Users\Johan\Desktop\JRT.exe 2014-07-16 14:23 - 2014-07-16 14:23 - 01348263 _____ () C:\Users\Johan\Desktop\adwcleaner_3.215.exe 2014-07-16 14:18 - 2012-07-31 23:18 - 00000000 ____D () C:\Users\Johan\AppData\Local\CRE 2014-07-16 13:30 - 2014-07-16 13:30 - 00000902 _____ () C:\Users\Johan\Desktop\fghfghfgh.txt 2014-07-16 13:30 - 2014-07-16 13:30 - 00000000 ____D () C:\ProgramData\Riot Games 2014-07-16 13:26 - 2014-07-16 13:26 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk 2014-07-16 13:26 - 2014-07-16 13:26 - 00000000 ____D () C:\Riot Games 2014-07-16 13:26 - 2014-07-16 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2014-07-16 13:23 - 2014-07-16 13:23 - 00000000 ____D () C:\ProgramData\PMB Files 2014-07-16 13:22 - 2014-02-09 17:45 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Riot Games 2014-07-16 13:17 - 2014-07-16 13:17 - 34888568 _____ (Riot Games) C:\Users\Johan\Desktop\LeagueofLegends_EUW_Installer_06_12_13.exe 2014-07-16 13:15 - 2014-07-04 15:08 - 00000000 ____D () C:\ProgramData\MFAData 2014-07-15 20:07 - 2014-07-15 20:07 - 00352395 _____ () C:\Users\Johan\Desktop\res_full.dmp 2014-07-15 19:28 - 2013-11-24 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LMMS 0.4.15 2014-07-15 19:17 - 2014-07-03 16:41 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\CrashDumps 2014-07-15 19:17 - 2013-04-02 17:29 - 00000000 ____D () C:\Program Files (x86)\alaplaya 2014-07-15 19:13 - 2014-07-04 13:15 - 00001280 _____ () C:\Users\Mr.Smith\Desktop\Revo Uninstaller.lnk 2014-07-15 19:13 - 2014-07-04 13:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-07-15 16:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-07-15 15:04 - 2013-03-30 17:44 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\vlc 2014-07-15 14:49 - 2014-07-06 16:17 - 00000000 ____D () C:\Program Files\Native Instruments 2014-07-15 14:29 - 2014-07-15 14:29 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\Apple 2014-07-15 14:24 - 2014-06-01 18:29 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments 2014-07-15 01:53 - 2014-07-04 15:11 - 00000000 ____D () C:\ProgramData\AVG2014 2014-07-15 01:53 - 2012-07-23 07:20 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-15 01:53 - 2012-05-15 12:31 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-15 01:53 - 2011-05-15 09:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-15 01:31 - 2014-07-15 01:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johan\Desktop\revosetup95 (1).exe 2014-07-14 21:57 - 2011-10-22 19:06 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core.job 2014-07-14 21:38 - 2014-07-14 21:37 - 72947382 _____ () C:\Users\Johan\Desktop\#HQ28.m4a 2014-07-14 15:16 - 2014-07-14 15:16 - 00000694 _____ () C:\Users\Johan\Desktop\antimalware14.07.txt 2014-07-14 14:55 - 2013-03-07 21:35 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Azureus 2014-07-14 00:31 - 2014-07-03 16:40 - 00000000 ____D () C:\Users\Mr.Smith 2014-07-14 00:26 - 2013-04-29 20:30 - 00351032 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-14 00:23 - 2014-04-30 14:57 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-14 00:23 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-14 00:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-14 00:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-14 00:06 - 2013-08-27 23:37 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-14 00:03 - 2011-02-22 18:34 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-13 18:44 - 2014-07-13 18:44 - 00001636 _____ () C:\Users\Public\Desktop\Combat Arms EU.lnk 2014-07-13 18:44 - 2011-02-21 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon 2014-07-13 18:30 - 2014-07-13 18:30 - 00000000 ____D () C:\Nexon 2014-07-13 18:27 - 2014-07-13 17:53 - 2040242157 _____ (Nexon) C:\Users\Johan\Documents\Combatarms_eu.exe 2014-07-13 17:51 - 2014-07-13 17:49 - 00000000 ____D () C:\Users\Johan\AppData\Local\Akamai 2014-07-07 13:20 - 2014-07-07 13:20 - 00003710 _____ () C:\Users\Johan\Desktop\7.7.2014 malware scan.txt 2014-07-06 22:03 - 2014-07-06 22:03 - 00001622 _____ () C:\Users\Johan\Desktop\07_psyko_punkz_-_dreamer.aup 2014-07-06 22:03 - 2014-07-06 22:03 - 00000000 ____D () C:\Users\Johan\Desktop\07_psyko_punkz_-_dreamer_data 2014-07-06 22:03 - 2011-03-02 20:40 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Audacity 2014-07-06 21:57 - 2014-07-06 21:57 - 00527423 _____ ( ) C:\Users\Johan\Desktop\Lame_v3.99.3_for_Windows.exe 2014-07-06 21:18 - 2014-07-06 21:18 - 22180353 _____ (Audacity Team ) C:\Users\Johan\Desktop\audacity-win-2.0.5 (1).exe 2014-07-06 20:14 - 2014-07-06 20:14 - 00000000 ____D () C:\Users\Mr.Smith\Documents\Native Instruments 2014-07-06 17:03 - 2014-07-06 16:20 - 00000000 ____D () C:\Users\Johan\Documents\Native Instruments 2014-07-06 16:17 - 2014-07-06 16:17 - 00000000 ____D () C:\Program Files\Common Files\Avid 2014-07-05 09:14 - 2012-11-18 21:08 - 00000000 ____D () C:\ProgramData\Avira 2014-07-05 09:14 - 2012-11-18 21:08 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-07-04 22:43 - 2013-05-15 10:37 - 00000000 ____D () C:\ProgramData\Package Cache 2014-07-04 22:42 - 2014-07-04 22:42 - 00000000 ____D () C:\OETemp 2014-07-04 17:38 - 2011-02-22 16:16 - 00000000 ____D () C:\Users\Johan\AppData\Local\CrashDumps 2014-07-04 17:27 - 2014-02-12 17:50 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\TuneUp Software 2014-07-04 17:11 - 2014-07-04 16:19 - 00033679 _____ () C:\Users\Johan\Desktop\Addition.txt 2014-07-04 16:34 - 2014-07-02 21:45 - 00119416 _____ () C:\Users\Johan\Desktop\OTL.Txt 2014-07-04 15:27 - 2014-07-04 15:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-04 15:27 - 2014-07-04 15:27 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-04 15:27 - 2014-07-04 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-04 15:27 - 2014-07-04 15:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-04 15:14 - 2014-07-04 15:14 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\AVG2014 2014-07-04 15:14 - 2014-07-04 15:14 - 00000000 ____D () C:\Users\Johan\AppData\Local\Avg2014 2014-07-04 15:13 - 2014-07-04 15:13 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\AVG2014 2014-07-04 15:13 - 2014-07-04 15:08 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\Avg2014 2014-07-04 15:12 - 2014-07-04 15:12 - 00000947 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\TuneUp Software 2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-07-04 15:11 - 2014-07-04 15:11 - 00000000 ___HD () C:\$AVG 2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-07-04 15:08 - 2014-07-04 15:08 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\MFAData 2014-07-04 14:19 - 2014-07-04 14:19 - 00000680 __RSH () C:\Users\Johan\ntuser.pol 2014-07-04 14:19 - 2011-02-21 21:28 - 00000000 ____D () C:\Users\Johan 2014-07-04 14:09 - 2014-07-04 14:08 - 00000680 __RSH () C:\Users\Mr.Smith\ntuser.pol 2014-07-04 14:08 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-07-04 13:52 - 2014-07-04 13:51 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\ArcSoft 2014-07-04 13:51 - 2014-07-04 13:51 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\ArcSoft 2014-07-04 13:15 - 2014-07-04 13:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johan\Desktop\revosetup95.exe 2014-07-03 17:33 - 2014-07-03 17:33 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\ATI 2014-07-03 17:33 - 2014-07-03 17:33 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\ATI 2014-07-03 17:32 - 2014-07-03 17:32 - 00001387 _____ () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\Apple Computer 2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\VirtualStore 2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\PDFC 2014-07-03 17:10 - 2014-04-25 14:54 - 00000000 ____D () C:\Program Files (x86)\Mp3tag 2014-07-03 17:10 - 2013-04-28 21:17 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-07-03 17:10 - 2011-10-06 09:39 - 00000000 ____D () C:\ProgramData\Shark007 2014-07-03 17:10 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 __SHD () C:\Users\Mr.Smith\AppData\Local\EmieUserList 2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 __SHD () C:\Users\Mr.Smith\AppData\Local\EmieSiteList 2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\Adobe 2014-07-03 16:43 - 2014-07-03 16:43 - 00098840 _____ () C:\Users\Mr.Smith\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-03 16:40 - 2014-07-03 16:40 - 00000020 ___SH () C:\Users\Mr.Smith\ntuser.ini 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Vorlagen 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Startmenü 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Netzwerkumgebung 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Lokale Einstellungen 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Eigene Dateien 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Druckumgebung 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Documents\Eigene Musik 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Documents\Eigene Bilder 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Local\Verlauf 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Local\Anwendungsdaten 2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Anwendungsdaten 2014-07-03 16:30 - 2014-06-28 14:37 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345 2014-07-03 16:30 - 2013-11-24 03:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line 2014-07-03 16:30 - 2013-11-24 03:36 - 00000000 ____D () C:\Program Files\Image-Line 2014-07-03 16:16 - 2014-07-03 16:15 - 00652353 _____ () C:\Users\Johan\Desktop\OTL+Extras 3.07.14.txt 2014-07-03 16:12 - 2014-07-02 21:46 - 00059458 _____ () C:\Users\Johan\Desktop\Extras.Txt 2014-07-03 15:57 - 2014-07-03 15:56 - 00000000 ____D () C:\Windows\pss 2014-07-03 12:43 - 2011-02-21 21:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Skype 2014-07-02 23:10 - 2011-03-14 22:31 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\SoftGrid Client 2014-07-02 22:44 - 2014-07-02 22:28 - 00186014 _____ () C:\Users\Johan\Desktop\Trojaner Board.txt 2014-07-02 16:50 - 2014-07-02 16:50 - 00018976 _____ () C:\Users\Johan\Desktop\dds.txt 2014-07-02 16:50 - 2014-07-02 16:50 - 00005258 _____ () C:\Users\Johan\Desktop\attach.txt 2014-07-02 16:44 - 2014-07-02 16:44 - 00602112 _____ (OldTimer Tools) C:\Users\Johan\Desktop\OTL.exe 2014-07-02 16:43 - 2014-07-02 16:43 - 00688992 ____R (Swearware) C:\Users\Johan\Desktop\dds.scr 2014-07-02 00:16 - 2014-07-02 00:16 - 00001749 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iTunes 2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files\iPod 2014-07-02 00:16 - 2014-07-02 00:16 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-07-01 13:00 - 2014-07-01 12:57 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\TS3Client 2014-06-30 09:34 - 2014-04-26 02:20 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-06-30 09:34 - 2014-04-26 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google 2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo 2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast 2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\Google 2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\Comodo 2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator 2014-06-30 09:34 - 2013-12-15 23:05 - 00000000 __RHD () C:\Users\Public\Libraries 2014-06-30 09:34 - 2012-10-12 14:47 - 00000000 ____D () C:\Users\Johan\.android 2014-06-30 09:34 - 2012-08-30 17:03 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-06-30 09:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-06-30 09:33 - 2011-04-20 09:27 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Mozilla 2014-06-30 09:33 - 2011-04-17 08:40 - 00000000 ____D () C:\Users\Johan\AppData\Local\Mozilla 2014-06-30 09:33 - 2011-02-21 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya 2014-06-30 09:32 - 2013-06-27 11:13 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-30 09:32 - 2011-09-08 13:42 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-06-30 04:09 - 2014-07-13 18:29 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-30 04:04 - 2014-07-13 18:29 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieUserList 2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieSiteList 2014-06-29 01:57 - 2014-06-29 01:57 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\CrashDumps 2014-06-29 01:57 - 2014-02-12 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX 2014-06-29 01:39 - 2014-06-29 01:39 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Win7codecs 2014-06-29 01:39 - 2011-10-06 19:42 - 00000000 ____D () C:\ProgramData\Win7codecs 2014-06-28 18:34 - 2011-10-09 13:39 - 00000000 ____D () C:\Users\Johan\AppData\Local\Deployment 2014-06-28 14:46 - 2014-06-28 14:46 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Apple 2014-06-28 14:41 - 2014-06-28 14:41 - 00098840 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-28 14:41 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ArcSoft 2014-06-28 14:40 - 2014-06-28 14:40 - 00001387 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ATI 2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Apple Computer 2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Adobe 2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\PDFC 2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ATI 2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ArcSoft 2014-06-28 14:39 - 2014-06-28 14:39 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\VirtualStore 2014-06-28 14:37 - 2014-06-28 14:37 - 00000020 ___SH () C:\Users\Mr.SmitchFuckof12345\ntuser.ini 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Vorlagen 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Startmenü 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Netzwerkumgebung 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Lokale Einstellungen 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Eigene Dateien 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Druckumgebung 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Musik 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Bilder 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Verlauf 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Anwendungsdaten 2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Anwendungsdaten 2014-06-27 19:07 - 2011-01-11 02:27 - 00699868 _____ () C:\Windows\system32\perfh007.dat 2014-06-27 19:07 - 2011-01-11 02:27 - 00149750 _____ () C:\Windows\system32\perfc007.dat 2014-06-27 19:07 - 2009-07-14 07:13 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-27 13:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization 2014-06-27 12:25 - 2013-04-29 20:31 - 00098840 _____ () C:\Users\Johan\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-27 12:23 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-27 11:43 - 2013-03-30 19:34 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Malwarebytes 2014-06-27 11:43 - 2013-03-30 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-27 11:43 - 2013-03-30 19:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-06-25 21:52 - 2011-10-22 19:06 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA 2014-06-25 21:52 - 2011-10-22 19:06 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core 2014-06-25 21:18 - 2011-02-24 21:32 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-25 21:18 - 2011-02-24 21:32 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-25 11:38 - 2011-04-15 19:28 - 00000000 ____D () C:\Users\Johan\AppData\Local\PMB Files 2014-06-22 16:38 - 2014-06-22 16:38 - 00000000 ____D () C:\Program Files\VirtualDJ 2014-06-21 22:28 - 2011-10-13 17:14 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\ArcSoft 2014-06-21 17:05 - 2013-11-24 03:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\FlowStone 2014-06-20 22:14 - 2014-07-13 18:29 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-06-20 21:39 - 2014-07-13 18:29 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-06-19 03:39 - 2014-07-13 18:29 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-19 03:06 - 2014-07-13 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-19 03:06 - 2014-07-13 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-19 02:48 - 2014-07-13 18:29 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-19 02:42 - 2014-07-13 18:29 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-19 02:42 - 2014-07-13 18:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-19 02:41 - 2014-07-13 18:29 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-06-19 02:41 - 2014-07-13 18:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-19 02:32 - 2014-07-13 18:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-19 02:31 - 2014-07-13 18:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-19 02:26 - 2014-07-13 18:29 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-19 02:24 - 2014-07-13 18:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-19 02:24 - 2014-07-13 18:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-19 02:23 - 2014-07-13 18:29 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-19 02:16 - 2014-07-13 18:29 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-19 02:14 - 2014-07-13 18:29 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-19 02:09 - 2014-07-13 18:29 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-19 01:59 - 2014-07-13 18:29 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-19 01:56 - 2014-07-13 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-19 01:53 - 2014-07-13 18:29 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-19 01:51 - 2014-07-13 18:29 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-19 01:50 - 2014-07-13 18:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-19 01:48 - 2014-07-13 18:29 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-19 01:39 - 2014-07-13 18:29 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-19 01:38 - 2014-07-13 18:29 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-19 01:37 - 2014-07-13 18:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-19 01:36 - 2014-07-13 18:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-19 01:35 - 2014-07-13 18:29 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-06-19 01:33 - 2014-07-13 18:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-19 01:32 - 2014-07-13 18:29 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-19 01:28 - 2014-07-13 18:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-19 01:28 - 2014-07-13 18:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-19 01:27 - 2014-07-13 18:29 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-19 01:27 - 2014-07-13 18:29 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-19 01:25 - 2014-07-13 18:29 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-19 01:23 - 2014-07-13 18:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-19 01:22 - 2014-07-13 18:29 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-19 01:12 - 2014-07-13 18:29 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-19 01:06 - 2014-07-13 18:29 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-19 01:01 - 2014-07-13 18:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-19 00:59 - 2014-07-13 18:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-19 00:58 - 2014-07-13 18:29 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-19 00:58 - 2014-07-13 18:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-19 00:52 - 2014-07-13 18:29 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-19 00:51 - 2014-07-13 18:29 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-19 00:49 - 2014-07-13 18:29 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-19 00:46 - 2014-07-13 18:29 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-19 00:45 - 2014-07-13 18:29 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-19 00:35 - 2014-07-13 18:29 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-19 00:34 - 2014-07-13 18:29 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-19 00:15 - 2014-07-13 18:29 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-19 00:13 - 2014-07-13 18:29 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-19 00:09 - 2014-07-13 18:29 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-19 00:07 - 2014-07-13 18:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-18 04:18 - 2014-07-13 18:24 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-06-18 03:51 - 2014-07-13 18:24 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-06-18 03:10 - 2014-07-13 18:24 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00269080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2014-06-16 00:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared Some content of TEMP: ==================== C:\Users\Johan\AppData\Local\temp\avgnt.exe C:\Users\Johan\AppData\Local\temp\bassmod.dll C:\Users\Johan\AppData\Local\temp\dsp_ipp.dll C:\Users\Johan\AppData\Local\temp\HssInstaller.exe C:\Users\Johan\AppData\Local\temp\hsspk.exe C:\Users\Johan\AppData\Local\temp\ildownloader_install.exe C:\Users\Johan\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe C:\Users\Johan\AppData\Local\temp\jre-7u60-windows-i586-iftw.exe C:\Users\Johan\AppData\Local\temp\MusicStationUninstall.exe C:\Users\Johan\AppData\Local\temp\NGMSetup.exe C:\Users\Johan\AppData\Local\temp\PCSpeedMaximizer.exe C:\Users\Johan\AppData\Local\temp\SkypeSetup.exe C:\Users\Johan\AppData\Local\temp\Tsu8B9F2206.dll C:\Users\Johan\AppData\Local\temp\TUUUninstallHelper.exe C:\Users\Johan\AppData\Local\temp\uninst1.exe C:\Users\Johan\AppData\Local\temp\vlc-2.1.1-win64.exe C:\Users\Johan\AppData\Local\temp\vlc-2.1.3-win64.exe C:\Users\Mr.SmitchFuckof12345\AppData\Local\temp\avgnt.exe C:\Users\Mr.Smith\AppData\Local\temp\avgnt.exe C:\Users\Mr.Smith\AppData\Local\temp\NGMDll.dll C:\Users\Mr.Smith\AppData\Local\temp\NGMResource.dll C:\Users\Mr.Smith\AppData\Local\temp\Quarantine.exe C:\Users\Mr.Smith\AppData\Local\temp\swt-win32-3349.dll C:\Users\Mr.Smith\AppData\Local\temp\unicows.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-15 16:05 ==================== End Of Log ============================ --- --- --- Und es kam die meldung heute von AVG das ein Fake Flash Player auf meinem Rechner drauf "war", ist. |
|
16.07.2014, 19:51
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus oder Malware Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken. 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.07.2014, 00:16
| #23 |
| | Virus oder Malware hey kannst du mir auch sagen wie man eine Logfile Datei von AVG macht, denn er fand heute 14 Adware Dateien.. das Adittion file kommt gleich. und nochwas seit heute nachdem ich einen scan gemacht habe den Adw Cleaner sind alle meine daten fotos musik die auf dem desktop waren weg. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by Mr.Smith at 2014-07-17 01:08:43
Running from C:\Users\Johan\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
AM Usb Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 8.1460.6366.1401 - Alcor)
AM Usb Card Reader Driver (x32 Version: 8.1460.6366.1401 - Alcor) Hidden
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0825.2146.37182 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0202.2335.42270 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0825.2146.37182 - ATI Technologies, Inc.) Hidden
CCC Help English (x32 Version: 2010.0825.2145.37182 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0825.2146.37182 - Ihr Firmenname) Hidden
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2926 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2926 - CyberLink Corp.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{249d5ca2-4555-41b5-a112-d45aec69dffa}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30117 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2829 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 3.0.9 - Shark007)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
x64 Components v3.0.9 (HKLM\...\x64 Components_is1) (Version: 3.0.9 - Shark007)
==================== Restore Points =========================
13-07-2014 22:00:57 Windows Update
15-07-2014 12:11:16 Revo Uninstaller's restore point - Visual Studio 2012 x86 Redistributables
15-07-2014 12:16:02 Revo Uninstaller's restore point - Native Instruments Traktor 2
15-07-2014 12:23:42 Revo Uninstaller's restore point - Native Instruments Controller Editor
15-07-2014 12:28:00 Revo Uninstaller's restore point - LAME v3.99.3 (for Windows)
15-07-2014 12:28:44 Revo Uninstaller's restore point - Apple Software Update
15-07-2014 12:36:01 Revo Uninstaller's restore point - Native Instruments Service Center
15-07-2014 12:48:34 Revo Uninstaller's restore point - Native Instruments Reaktor 5
15-07-2014 17:13:27 Revo Uninstaller's restore point - Audacity 2.0.5
15-07-2014 17:16:57 Revo Uninstaller's restore point - S4 League_EU
15-07-2014 17:18:00 Revo Uninstaller's restore point - WinRAR 4.20 (32-Bit)
15-07-2014 17:21:51 Revo Uninstaller's restore point - WinRAR 4.20 (32-Bit)
16-07-2014 11:23:55 Installed League of Legends
16-07-2014 11:27:05 DirectX wurde installiert
16-07-2014 15:44:50 Adobe Reader 8.1.0 - Deutsch wird entfernt
16-07-2014 15:58:05 Removed iTunes
16-07-2014 22:48:46 Revo Uninstaller's restore point - Pando Media Booster
16-07-2014 22:54:54 Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 2.0.2.1012
16-07-2014 22:59:56 Windows Modules Installer
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-06-30 19:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {089CBD7F-CC0D-4B47-9BCD-CE1D2E96BFFA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core => C:\Users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22] (Google Inc.)
Task: {0C051BA2-B6D6-4D87-9088-739CB48EF607} - System32\Tasks\{FE17B7D3-48CE-434E-BC57-3BC8951B8C43} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/abandoninstall?page=tsProgressBar
Task: {12D9E4A3-4864-4C10-9894-10ACF7250B70} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24] (Google Inc.)
Task: {188B415F-655F-4222-8BC6-CC2BCAE36BFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24] (Google Inc.)
Task: {2236CBE0-6A68-4E86-8F38-FFF2CF1F9C43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {23DBFB05-41B8-4085-9402-557E685D524F} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {2B2E54B4-E522-4A47-866A-43DB5983C2EE} - \Software Updater Ui No Task File <==== ATTENTION
Task: {2C941380-53E5-40DD-A65A-FFC604F55FF9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {442E1823-CBBD-4AD9-A854-DDC6D66A91D6} - System32\Tasks\Windows Update Check - 0x05B00174 => C:\ProgramData\Chrome
Task: {56EBD6C1-6325-48FB-9D94-4C800135CA84} - System32\Tasks\Express Files Updater => C:\Program Files (x86)\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {61AE60CE-BC28-4252-AEA8-9A0932B4F7D2} - System32\Tasks\{EE9E28EF-3ECF-4A00-B7DC-4C146F7E2330} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.123/de/abandoninstall?page=tsProgressBar
Task: {8B8D9280-2353-4CB6-A0FA-2E8E30332A54} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {C3D0B2E2-1965-4891-9733-AA1A4E3DDA09} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2478615884-895137908-1883612811-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C47539DC-F0BF-4DF2-87B1-749A354EC5C2} - \Software Updater No Task File <==== ATTENTION
Task: {C6B8ACE0-769B-42AD-89E2-042DF6C521F2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2478615884-895137908-1883612811-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C6BBBAE1-4913-479E-B265-5A556956D1DD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D234C94D-C19B-4A4C-8E03-F9B3DCF1EB99} - System32\Tasks\{CA8D8AF3-6A4F-4028-A05D-A5284F57379B} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.9.0.115.161/de/abandoninstall?page=tsBing
Task: {DF9A9FA5-1D4D-49B5-B75F-B1D00FC408A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA => C:\Users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core.job => C:\Users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA.job => C:\Users\Johan\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-06-18 14:31 - 2012-06-18 14:31 - 00084320 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2011-07-19 19:02 - 2011-07-19 19:02 - 00547160 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2011-07-19 19:02 - 2011-07-19 19:02 - 00065368 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2012-06-18 14:31 - 2012-06-18 14:31 - 00084320 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2011-07-19 19:02 - 2011-07-19 19:02 - 00547160 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2013-06-12 18:11 - 2014-07-16 13:29 - 01294336 _____ () C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
2011-10-06 09:39 - 2009-08-11 18:22 - 00580096 _____ () C:\Windows\system32\ac3filter.acm
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:AD022376
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\Services: AntiVirSchedulerService => 2
MSCONFIG\Services: AntiVirService => 2
MSCONFIG\Services: AntiVirWebService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SystemStoreService => 2
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Johan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Johan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
Name: hp CDDVDW TS-H653R SATA CdRom Device
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
Name: Programmierbarer Interruptcontroller
Description: Programmierbarer Interruptcontroller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Hochpräzisionsereigniszeitgeber
Description: Hochpräzisionsereigniszeitgeber
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardsystemgeräte)
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/16/2014 08:16:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm League of Legends.exe, Version 4.12.0.356 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1b8
Startzeit: 01cfa121e026410b
Endzeit: 34
Anwendungspfad: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.48\deploy\League of Legends.exe
Berichts-ID:
System errors:
=============
Error: (07/16/2014 08:19:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/16/2014 08:01:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (07/16/2014 05:28:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793}
Microsoft Office Sessions:
=========================
Error: (07/16/2014 08:16:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: League of Legends.exe4.12.0.3561b801cfa121e026410b34C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.48\deploy\League of Legends.exe
CodeIntegrity Errors:
===================================
Date: 2013-06-30 19:14:40.461
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-30 19:14:40.051
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-30 19:14:39.641
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-30 19:14:39.220
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-03 15:42:39.680
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-03 15:42:39.290
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-03 15:42:38.910
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-03 15:42:38.525
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-03 14:28:35.347
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-03 14:28:34.957
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 73%
Total physical RAM: 2815.29 MB
Available physical RAM: 747.83 MB
Total Pagefile: 5628.75 MB
Available Pagefile: 3700.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (COMPAQ) (Fixed) (Total:455.71 GB) (Free:320.21 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.95 GB) (Free:1.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 3F1E2205)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Mr.Smith (administrator) on JOHAN-HP on 17-07-2014 01:07:19
Running from C:\Users\Johan\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Akamai Technologies, Inc.) C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Johan\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2478615884-895137908-1883612811-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2478615884-895137908-1883612811-1014\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2478615884-895137908-1883612811-1014\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
GroupPolicyUsers\S-1-5-21-2478615884-895137908-1883612811-1011\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQDSK/4
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE10DEDE/WOL_WCP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQDSK/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {12063E56-B000-4E34-AB0F-F240CEFB0419} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {68EC1921-C837-408A-8431-BB316D5AC3EA} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {68EC1921-C837-408A-8431-BB316D5AC3EA} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKCU - {12063E56-B000-4E34-AB0F-F240CEFB0419} URL =
SearchScopes: HKCU - {555BB94F-6762-4164-8A24-37F8C0023A6B} URL =
SearchScopes: HKCU - {68EC1921-C837-408A-8431-BB316D5AC3EA} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {93C449FA-ECFB-402F-A8C7-37E4F8D60E49} hxxp://dl.pmang.com/common/pmangctl/pmangax.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @pmang.com/npPMangFX - C:\Windows\system32\npPMangFX.dll No File
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Mr.Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-16]
CHR Extension: (Google Drive) - C:\Users\Mr.Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-16]
CHR Extension: (YouTube) - C:\Users\Mr.Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-16]
CHR Extension: (Google-Suche) - C:\Users\Mr.Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-16]
CHR Extension: (Totoro Rainy Day) - C:\Users\Mr.Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff [2014-07-16]
CHR Extension: (Google Wallet) - C:\Users\Mr.Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-16]
CHR Extension: (Google Mail) - C:\Users\Mr.Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [bjninacglmmmbabmlkaegnanopeoiong] - C:\Users\Johan\AppData\Local\CRE\bjninacglmmmbabmlkaegnanopeoiong.crx [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\Johan\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [mdomagjabmmppgcpbmkjojjkhonolopp] - C:\ProgramData\Download and Sa\mdomagjabmmppgcpbmkjojjkhonolopp.crx [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\Johan\AppData\Local\CRE\ngnjhfpfhadncgafgbneeljaginimmmk.crx [2014-07-16]
CHR StartMenuInternet: Google Chrome - C:\Users\Johan\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-04-07] (ArcSoft Inc.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [281440 2012-06-26] (BullGuard Ltd.)
S2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [199520 2012-06-05] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [379744 2012-06-18] (BullGuard Ltd.)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4159984 2010-12-08] (INCA Internet Co., Ltd.) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-15] (PDF Complete Inc)
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
S4 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
==================== Drivers (Whitelisted) ====================
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 arcvad_ds2dhw; C:\Windows\System32\drivers\ArcVad.sys [27136 2008-10-28] (ArcSoft, Inc.)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2011-06-11] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [66272 2012-07-03] (BullGuard Ltd.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-08-13] (AnchorFree Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2011-06-11] ()
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-04] (INCA Internet Co., Ltd.) [File not signed]
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [19496 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [158760 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [34344 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-05-11] (Duplex Secure Ltd.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [290376 2012-07-03] (BitDefender S.R.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 dump_wmimmc; \??\C:\Neowiz\Pmang\S4League\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va013; \??\C:\Windows\SysWOW64\Drivers\X6va013 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-17 00:27 - 2014-07-17 00:27 - 02086912 _____ (Farbar) C:\Users\Mr.Smith\Downloads\FRST64 (2).exe
2014-07-17 00:18 - 2014-07-17 00:18 - 02086912 _____ (Farbar) C:\Users\Mr.Smith\Downloads\FRST64 (1).exe
2014-07-17 00:08 - 2014-07-17 00:08 - 02086912 _____ (Farbar) C:\Users\Mr.Smith\Downloads\FRST64.exe
2014-07-16 20:02 - 2014-07-16 20:02 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\Macromedia
2014-07-16 20:02 - 2014-07-16 20:02 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\LolClient
2014-07-16 17:36 - 2014-07-16 17:36 - 00000000 ____D () C:\Users\Johan\Desktop\FRST-OlderVersion
2014-07-16 17:27 - 2014-07-16 17:27 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\Google
2014-07-16 17:25 - 2014-07-16 17:25 - 00001156 _____ () C:\Users\Mr.Smith\Desktop\JRT.txt
2014-07-16 14:28 - 2014-07-16 16:22 - 00000000 ____D () C:\AdwCleaner
2014-07-16 14:25 - 2014-07-16 14:25 - 01016261 _____ (Thisisu) C:\Users\Johan\Desktop\JRT.exe
2014-07-16 14:23 - 2014-07-16 14:23 - 01348263 _____ () C:\Users\Johan\Desktop\adwcleaner_3.215.exe
2014-07-16 13:30 - 2014-07-16 13:30 - 00000902 _____ () C:\Users\Johan\Desktop\fghfghfgh.txt
2014-07-16 13:30 - 2014-07-16 13:30 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 13:26 - 2014-07-16 13:26 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-07-16 13:26 - 2014-07-16 13:26 - 00000000 ____D () C:\Riot Games
2014-07-16 13:26 - 2014-07-16 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-07-16 13:17 - 2014-07-16 13:17 - 34888568 _____ (Riot Games) C:\Users\Johan\Desktop\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-07-15 20:07 - 2014-07-15 20:07 - 00352395 _____ () C:\Users\Johan\Desktop\res_full.dmp
2014-07-15 14:29 - 2014-07-15 14:29 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\Apple
2014-07-15 01:31 - 2014-07-15 01:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johan\Desktop\revosetup95 (1).exe
2014-07-14 21:37 - 2014-07-14 21:38 - 72947382 _____ () C:\Users\Johan\Desktop\#HQ28.m4a
2014-07-14 15:16 - 2014-07-14 15:16 - 00000694 _____ () C:\Users\Johan\Desktop\antimalware14.07.txt
2014-07-13 18:44 - 2014-07-13 18:44 - 00001636 _____ () C:\Users\Public\Desktop\Combat Arms EU.lnk
2014-07-13 18:30 - 2014-07-13 18:30 - 00000000 ____D () C:\Nexon
2014-07-13 18:29 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-13 18:29 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-13 18:29 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-13 18:29 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-13 18:29 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-13 18:29 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-13 18:29 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-13 18:29 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-13 18:29 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-13 18:29 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-13 18:29 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-13 18:29 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-13 18:29 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-13 18:29 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-13 18:29 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-13 18:29 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-13 18:29 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-13 18:29 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-13 18:29 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-13 18:29 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-13 18:29 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-13 18:29 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-13 18:29 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-13 18:29 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-13 18:29 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-13 18:29 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-13 18:29 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-13 18:29 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-13 18:29 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-13 18:29 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-13 18:29 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-13 18:29 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-13 18:29 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-13 18:29 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-13 18:29 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-13 18:29 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-13 18:29 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-13 18:29 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-13 18:29 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-13 18:29 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-13 18:29 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-13 18:29 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-13 18:29 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-13 18:29 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-13 18:29 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-13 18:29 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-13 18:29 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-13 18:29 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-13 18:29 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-13 18:29 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-13 18:29 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-13 18:29 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-13 18:29 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-13 18:29 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-13 18:29 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-13 18:29 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-13 18:29 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-13 18:29 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-13 18:24 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-13 18:24 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-13 18:24 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-13 18:24 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-13 18:24 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-13 18:24 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-13 18:23 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-13 18:23 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-13 18:23 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-13 18:23 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-13 18:23 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-13 18:23 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-13 18:23 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-13 18:23 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-13 18:23 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-13 18:23 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-13 18:23 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-13 18:23 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-13 18:23 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-13 18:23 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-13 18:22 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-13 18:22 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-13 18:22 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-13 17:53 - 2014-07-13 18:27 - 2040242157 _____ (Nexon) C:\Users\Johan\Documents\Combatarms_eu.exe
2014-07-13 17:49 - 2014-07-13 17:51 - 00000000 ____D () C:\Users\Johan\AppData\Local\Akamai
2014-07-07 13:20 - 2014-07-07 13:20 - 00003710 _____ () C:\Users\Johan\Desktop\7.7.2014 malware scan.txt
2014-07-06 22:03 - 2014-07-06 22:03 - 00001622 _____ () C:\Users\Johan\Desktop\07_psyko_punkz_-_dreamer.aup
2014-07-06 22:03 - 2014-07-06 22:03 - 00000000 ____D () C:\Users\Johan\Desktop\07_psyko_punkz_-_dreamer_data
2014-07-06 21:57 - 2014-07-06 21:57 - 00527423 _____ ( ) C:\Users\Johan\Desktop\Lame_v3.99.3_for_Windows.exe
2014-07-06 21:18 - 2014-07-06 21:18 - 22180353 _____ (Audacity Team ) C:\Users\Johan\Desktop\audacity-win-2.0.5 (1).exe
2014-07-06 20:14 - 2014-07-06 20:14 - 00000000 ____D () C:\Users\Mr.Smith\Documents\Native Instruments
2014-07-06 16:20 - 2014-07-06 17:03 - 00000000 ____D () C:\Users\Johan\Documents\Native Instruments
2014-07-06 16:17 - 2014-07-15 14:49 - 00000000 ____D () C:\Program Files\Native Instruments
2014-07-06 16:17 - 2014-07-06 16:17 - 00000000 ____D () C:\Program Files\Common Files\Avid
2014-07-05 09:14 - 2014-07-16 16:24 - 00000728 _____ () C:\Windows\setupact.log
2014-07-05 09:14 - 2014-07-16 16:23 - 00005042 _____ () C:\Windows\PFRO.log
2014-07-04 22:42 - 2014-07-04 22:42 - 00000000 ____D () C:\OETemp
2014-07-04 16:19 - 2014-07-17 01:01 - 00026174 _____ () C:\Users\Johan\Desktop\Addition.txt
2014-07-04 15:14 - 2014-07-04 15:14 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\AVG2014
2014-07-04 15:14 - 2014-07-04 15:14 - 00000000 ____D () C:\Users\Johan\AppData\Local\Avg2014
2014-07-04 15:13 - 2014-07-04 15:13 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\AVG2014
2014-07-04 15:12 - 2014-07-04 15:12 - 00000947 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\TuneUp Software
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-04 15:11 - 2014-07-15 01:53 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-04 15:11 - 2014-07-04 15:11 - 00000000 ___HD () C:\$AVG
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-07-04 15:08 - 2014-07-17 00:49 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\Avg2014
2014-07-04 15:08 - 2014-07-16 20:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-04 15:08 - 2014-07-04 15:08 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\MFAData
2014-07-04 14:19 - 2014-07-04 14:19 - 00000680 __RSH () C:\Users\Johan\ntuser.pol
2014-07-04 14:08 - 2014-07-04 14:09 - 00000680 __RSH () C:\Users\Mr.Smith\ntuser.pol
2014-07-04 13:51 - 2014-07-04 13:52 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\ArcSoft
2014-07-04 13:51 - 2014-07-04 13:51 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\ArcSoft
2014-07-04 13:15 - 2014-07-15 19:13 - 00001280 _____ () C:\Users\Mr.Smith\Desktop\Revo Uninstaller.lnk
2014-07-04 13:15 - 2014-07-15 19:13 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-04 13:15 - 2014-07-04 13:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johan\Desktop\revosetup95.exe
2014-07-03 17:33 - 2014-07-03 17:33 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\ATI
2014-07-03 17:33 - 2014-07-03 17:33 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\ATI
2014-07-03 17:32 - 2014-07-03 17:32 - 00001387 _____ () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\Apple Computer
2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\VirtualStore
2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\PDFC
2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 __SHD () C:\Users\Mr.Smith\AppData\Local\EmieUserList
2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 __SHD () C:\Users\Mr.Smith\AppData\Local\EmieSiteList
2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\Adobe
2014-07-03 16:43 - 2014-07-03 16:43 - 00098840 _____ () C:\Users\Mr.Smith\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-03 16:41 - 2014-07-15 19:17 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\CrashDumps
2014-07-03 16:40 - 2014-07-14 00:31 - 00000000 ____D () C:\Users\Mr.Smith
2014-07-03 16:40 - 2014-07-03 16:40 - 00000020 ___SH () C:\Users\Mr.Smith\ntuser.ini
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Vorlagen
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Startmenü
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Netzwerkumgebung
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Lokale Einstellungen
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Eigene Dateien
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Druckumgebung
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Documents\Eigene Musik
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Documents\Eigene Bilder
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Local\Verlauf
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Local\Anwendungsdaten
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Anwendungsdaten
2014-07-03 16:40 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-03 16:40 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-03 16:15 - 2014-07-03 16:16 - 00652353 _____ () C:\Users\Johan\Desktop\OTL+Extras 3.07.14.txt
2014-07-03 15:56 - 2014-07-03 15:57 - 00000000 ____D () C:\Windows\pss
2014-07-02 22:28 - 2014-07-02 22:44 - 00186014 _____ () C:\Users\Johan\Desktop\Trojaner Board.txt
2014-07-02 22:00 - 2014-07-17 01:08 - 00015923 _____ () C:\Users\Johan\Desktop\FRST.txt
2014-07-02 21:56 - 2014-07-16 17:36 - 02086912 _____ (Farbar) C:\Users\Johan\Desktop\FRST64.exe
2014-07-02 21:46 - 2014-07-03 16:12 - 00059458 _____ () C:\Users\Johan\Desktop\Extras.Txt
2014-07-02 21:45 - 2014-07-04 16:34 - 00119416 _____ () C:\Users\Johan\Desktop\OTL.Txt
2014-07-02 16:50 - 2014-07-02 16:50 - 00018976 _____ () C:\Users\Johan\Desktop\dds.txt
2014-07-02 16:50 - 2014-07-02 16:50 - 00005258 _____ () C:\Users\Johan\Desktop\attach.txt
2014-07-02 16:44 - 2014-07-02 16:44 - 00602112 _____ (OldTimer Tools) C:\Users\Johan\Desktop\OTL.exe
2014-07-02 16:43 - 2014-07-02 16:43 - 00688992 ____R (Swearware) C:\Users\Johan\Desktop\dds.scr
2014-07-02 00:16 - 2014-07-16 18:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-01 12:57 - 2014-07-01 13:00 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\TS3Client
2014-06-30 16:13 - 2014-07-16 17:28 - 00000000 ____D () C:\Users\Johan\Desktop\Daten
2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieUserList
2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieSiteList
2014-06-29 01:57 - 2014-06-29 01:57 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\CrashDumps
2014-06-29 01:39 - 2014-06-29 01:39 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Win7codecs
2014-06-28 14:46 - 2014-06-28 14:46 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Apple
2014-06-28 14:41 - 2014-06-28 14:41 - 00098840 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-28 14:40 - 2014-06-28 14:41 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ArcSoft
2014-06-28 14:40 - 2014-06-28 14:40 - 00001387 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ATI
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Apple Computer
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Adobe
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\PDFC
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ATI
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ArcSoft
2014-06-28 14:39 - 2014-06-28 14:39 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\VirtualStore
2014-06-28 14:37 - 2014-07-03 16:30 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345
2014-06-28 14:37 - 2014-06-28 14:37 - 00000020 ___SH () C:\Users\Mr.SmitchFuckof12345\ntuser.ini
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Vorlagen
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Startmenü
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Netzwerkumgebung
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Lokale Einstellungen
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Eigene Dateien
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Druckumgebung
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Musik
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Bilder
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Verlauf
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Anwendungsdaten
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Anwendungsdaten
2014-06-28 14:37 - 2012-05-28 13:15 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\Documents\Visual Studio 2010
2014-06-28 14:37 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-28 14:37 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-06-22 16:38 - 2014-06-22 16:38 - 00000000 ____D () C:\Program Files\VirtualDJ
2014-06-22 15:53 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-22 15:53 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-22 15:53 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-22 15:53 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-22 15:53 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-22 15:53 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-22 15:53 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-22 15:53 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-22 15:53 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-22 15:53 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-22 15:53 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-22 15:53 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00269080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
==================== One Month Modified Files and Folders =======
2014-07-17 01:08 - 2014-07-02 22:00 - 00015923 _____ () C:\Users\Johan\Desktop\FRST.txt
2014-07-17 01:07 - 2013-06-28 21:40 - 00000000 ____D () C:\FRST
2014-07-17 01:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-07-17 01:01 - 2014-07-04 16:19 - 00026174 _____ () C:\Users\Johan\Desktop\Addition.txt
2014-07-17 00:57 - 2011-10-22 19:06 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA.job
2014-07-17 00:53 - 2011-04-15 19:28 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-07-17 00:49 - 2014-07-04 15:08 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\Avg2014
2014-07-17 00:48 - 2011-04-06 17:36 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-07-17 00:30 - 2011-02-21 21:24 - 02019725 _____ () C:\Windows\WindowsUpdate.log
2014-07-17 00:27 - 2014-07-17 00:27 - 02086912 _____ (Farbar) C:\Users\Mr.Smith\Downloads\FRST64 (2).exe
2014-07-17 00:26 - 2011-02-21 21:28 - 00000000 ____D () C:\Users\Johan
2014-07-17 00:23 - 2011-02-24 21:32 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-17 00:18 - 2014-07-17 00:18 - 02086912 _____ (Farbar) C:\Users\Mr.Smith\Downloads\FRST64 (1).exe
2014-07-17 00:12 - 2011-10-22 19:06 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core.job
2014-07-17 00:08 - 2014-07-17 00:08 - 02086912 _____ (Farbar) C:\Users\Mr.Smith\Downloads\FRST64.exe
2014-07-16 21:23 - 2011-02-24 21:32 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 20:19 - 2014-07-04 15:08 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-16 20:02 - 2014-07-16 20:02 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\Macromedia
2014-07-16 20:02 - 2014-07-16 20:02 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\LolClient
2014-07-16 19:01 - 2011-06-16 07:58 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\DVDVideoSoft
2014-07-16 18:02 - 2014-07-02 00:16 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 17:47 - 2012-08-22 14:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-16 17:46 - 2013-05-13 16:57 - 00000000 ____D () C:\Users\Johan\AppData\Local\Adobe
2014-07-16 17:36 - 2014-07-16 17:36 - 00000000 ____D () C:\Users\Johan\Desktop\FRST-OlderVersion
2014-07-16 17:36 - 2014-07-02 21:56 - 02086912 _____ (Farbar) C:\Users\Johan\Desktop\FRST64.exe
2014-07-16 17:28 - 2014-06-30 16:13 - 00000000 ____D () C:\Users\Johan\Desktop\Daten
2014-07-16 17:27 - 2014-07-16 17:27 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\Google
2014-07-16 17:25 - 2014-07-16 17:25 - 00001156 _____ () C:\Users\Mr.Smith\Desktop\JRT.txt
2014-07-16 16:31 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 16:31 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 16:24 - 2014-07-05 09:14 - 00000728 _____ () C:\Windows\setupact.log
2014-07-16 16:24 - 2011-11-07 22:32 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-16 16:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 16:23 - 2014-07-05 09:14 - 00005042 _____ () C:\Windows\PFRO.log
2014-07-16 16:22 - 2014-07-16 14:28 - 00000000 ____D () C:\AdwCleaner
2014-07-16 14:25 - 2014-07-16 14:25 - 01016261 _____ (Thisisu) C:\Users\Johan\Desktop\JRT.exe
2014-07-16 14:23 - 2014-07-16 14:23 - 01348263 _____ () C:\Users\Johan\Desktop\adwcleaner_3.215.exe
2014-07-16 14:18 - 2012-07-31 23:18 - 00000000 ____D () C:\Users\Johan\AppData\Local\CRE
2014-07-16 13:30 - 2014-07-16 13:30 - 00000902 _____ () C:\Users\Johan\Desktop\fghfghfgh.txt
2014-07-16 13:30 - 2014-07-16 13:30 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 13:26 - 2014-07-16 13:26 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-07-16 13:26 - 2014-07-16 13:26 - 00000000 ____D () C:\Riot Games
2014-07-16 13:26 - 2014-07-16 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2014-07-16 13:22 - 2014-02-09 17:45 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Riot Games
2014-07-16 13:17 - 2014-07-16 13:17 - 34888568 _____ (Riot Games) C:\Users\Johan\Desktop\LeagueofLegends_EUW_Installer_06_12_13.exe
2014-07-15 20:07 - 2014-07-15 20:07 - 00352395 _____ () C:\Users\Johan\Desktop\res_full.dmp
2014-07-15 19:28 - 2013-11-24 03:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LMMS 0.4.15
2014-07-15 19:17 - 2014-07-03 16:41 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\CrashDumps
2014-07-15 19:17 - 2013-04-02 17:29 - 00000000 ____D () C:\Program Files (x86)\alaplaya
2014-07-15 19:13 - 2014-07-04 13:15 - 00001280 _____ () C:\Users\Mr.Smith\Desktop\Revo Uninstaller.lnk
2014-07-15 19:13 - 2014-07-04 13:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-15 16:13 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-15 15:04 - 2013-03-30 17:44 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\vlc
2014-07-15 14:49 - 2014-07-06 16:17 - 00000000 ____D () C:\Program Files\Native Instruments
2014-07-15 14:29 - 2014-07-15 14:29 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\Apple
2014-07-15 14:24 - 2014-06-01 18:29 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2014-07-15 01:53 - 2014-07-04 15:11 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-15 01:31 - 2014-07-15 01:31 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johan\Desktop\revosetup95 (1).exe
2014-07-14 21:38 - 2014-07-14 21:37 - 72947382 _____ () C:\Users\Johan\Desktop\#HQ28.m4a
2014-07-14 15:16 - 2014-07-14 15:16 - 00000694 _____ () C:\Users\Johan\Desktop\antimalware14.07.txt
2014-07-14 14:55 - 2013-03-07 21:35 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Azureus
2014-07-14 00:31 - 2014-07-03 16:40 - 00000000 ____D () C:\Users\Mr.Smith
2014-07-14 00:26 - 2013-04-29 20:30 - 00351032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 00:23 - 2014-04-30 14:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-14 00:23 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-14 00:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-14 00:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-14 00:06 - 2013-08-27 23:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-14 00:03 - 2011-02-22 18:34 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-13 18:44 - 2014-07-13 18:44 - 00001636 _____ () C:\Users\Public\Desktop\Combat Arms EU.lnk
2014-07-13 18:44 - 2011-02-21 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2014-07-13 18:30 - 2014-07-13 18:30 - 00000000 ____D () C:\Nexon
2014-07-13 18:27 - 2014-07-13 17:53 - 2040242157 _____ (Nexon) C:\Users\Johan\Documents\Combatarms_eu.exe
2014-07-13 17:51 - 2014-07-13 17:49 - 00000000 ____D () C:\Users\Johan\AppData\Local\Akamai
2014-07-07 13:20 - 2014-07-07 13:20 - 00003710 _____ () C:\Users\Johan\Desktop\7.7.2014 malware scan.txt
2014-07-06 22:03 - 2014-07-06 22:03 - 00001622 _____ () C:\Users\Johan\Desktop\07_psyko_punkz_-_dreamer.aup
2014-07-06 22:03 - 2014-07-06 22:03 - 00000000 ____D () C:\Users\Johan\Desktop\07_psyko_punkz_-_dreamer_data
2014-07-06 22:03 - 2011-03-02 20:40 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Audacity
2014-07-06 21:57 - 2014-07-06 21:57 - 00527423 _____ ( ) C:\Users\Johan\Desktop\Lame_v3.99.3_for_Windows.exe
2014-07-06 21:18 - 2014-07-06 21:18 - 22180353 _____ (Audacity Team ) C:\Users\Johan\Desktop\audacity-win-2.0.5 (1).exe
2014-07-06 20:14 - 2014-07-06 20:14 - 00000000 ____D () C:\Users\Mr.Smith\Documents\Native Instruments
2014-07-06 17:03 - 2014-07-06 16:20 - 00000000 ____D () C:\Users\Johan\Documents\Native Instruments
2014-07-06 16:17 - 2014-07-06 16:17 - 00000000 ____D () C:\Program Files\Common Files\Avid
2014-07-05 09:14 - 2012-11-18 21:08 - 00000000 ____D () C:\ProgramData\Avira
2014-07-05 09:14 - 2012-11-18 21:08 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 22:43 - 2013-05-15 10:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-04 22:42 - 2014-07-04 22:42 - 00000000 ____D () C:\OETemp
2014-07-04 17:38 - 2011-02-22 16:16 - 00000000 ____D () C:\Users\Johan\AppData\Local\CrashDumps
2014-07-04 17:27 - 2014-02-12 17:50 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\TuneUp Software
2014-07-04 16:34 - 2014-07-02 21:45 - 00119416 _____ () C:\Users\Johan\Desktop\OTL.Txt
2014-07-04 15:14 - 2014-07-04 15:14 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\AVG2014
2014-07-04 15:14 - 2014-07-04 15:14 - 00000000 ____D () C:\Users\Johan\AppData\Local\Avg2014
2014-07-04 15:13 - 2014-07-04 15:13 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\AVG2014
2014-07-04 15:12 - 2014-07-04 15:12 - 00000947 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\TuneUp Software
2014-07-04 15:12 - 2014-07-04 15:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-04 15:11 - 2014-07-04 15:11 - 00000000 ___HD () C:\$AVG
2014-07-04 15:10 - 2014-07-04 15:10 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-07-04 15:08 - 2014-07-04 15:08 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\MFAData
2014-07-04 14:19 - 2014-07-04 14:19 - 00000680 __RSH () C:\Users\Johan\ntuser.pol
2014-07-04 14:09 - 2014-07-04 14:08 - 00000680 __RSH () C:\Users\Mr.Smith\ntuser.pol
2014-07-04 14:08 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-04 13:52 - 2014-07-04 13:51 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\ArcSoft
2014-07-04 13:51 - 2014-07-04 13:51 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\ArcSoft
2014-07-04 13:15 - 2014-07-04 13:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Johan\Desktop\revosetup95.exe
2014-07-03 17:33 - 2014-07-03 17:33 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\ATI
2014-07-03 17:33 - 2014-07-03 17:33 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\ATI
2014-07-03 17:32 - 2014-07-03 17:32 - 00001387 _____ () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\Apple Computer
2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\VirtualStore
2014-07-03 17:32 - 2014-07-03 17:32 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Local\PDFC
2014-07-03 17:10 - 2014-04-25 14:54 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-07-03 17:10 - 2013-04-28 21:17 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-07-03 17:10 - 2011-10-06 09:39 - 00000000 ____D () C:\ProgramData\Shark007
2014-07-03 17:10 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 __SHD () C:\Users\Mr.Smith\AppData\Local\EmieUserList
2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 __SHD () C:\Users\Mr.Smith\AppData\Local\EmieSiteList
2014-07-03 16:57 - 2014-07-03 16:57 - 00000000 ____D () C:\Users\Mr.Smith\AppData\Roaming\Adobe
2014-07-03 16:43 - 2014-07-03 16:43 - 00098840 _____ () C:\Users\Mr.Smith\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-03 16:40 - 2014-07-03 16:40 - 00000020 ___SH () C:\Users\Mr.Smith\ntuser.ini
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Vorlagen
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Startmenü
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Netzwerkumgebung
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Lokale Einstellungen
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Eigene Dateien
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Druckumgebung
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Documents\Eigene Musik
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Documents\Eigene Bilder
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Local\Verlauf
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\AppData\Local\Anwendungsdaten
2014-07-03 16:40 - 2014-07-03 16:40 - 00000000 _SHDL () C:\Users\Mr.Smith\Anwendungsdaten
2014-07-03 16:30 - 2014-06-28 14:37 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345
2014-07-03 16:30 - 2013-11-24 03:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-07-03 16:30 - 2013-11-24 03:36 - 00000000 ____D () C:\Program Files\Image-Line
2014-07-03 16:16 - 2014-07-03 16:15 - 00652353 _____ () C:\Users\Johan\Desktop\OTL+Extras 3.07.14.txt
2014-07-03 16:12 - 2014-07-02 21:46 - 00059458 _____ () C:\Users\Johan\Desktop\Extras.Txt
2014-07-03 15:57 - 2014-07-03 15:56 - 00000000 ____D () C:\Windows\pss
2014-07-03 12:43 - 2011-02-21 21:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Skype
2014-07-02 23:10 - 2011-03-14 22:31 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\SoftGrid Client
2014-07-02 22:44 - 2014-07-02 22:28 - 00186014 _____ () C:\Users\Johan\Desktop\Trojaner Board.txt
2014-07-02 16:50 - 2014-07-02 16:50 - 00018976 _____ () C:\Users\Johan\Desktop\dds.txt
2014-07-02 16:50 - 2014-07-02 16:50 - 00005258 _____ () C:\Users\Johan\Desktop\attach.txt
2014-07-02 16:44 - 2014-07-02 16:44 - 00602112 _____ (OldTimer Tools) C:\Users\Johan\Desktop\OTL.exe
2014-07-02 16:43 - 2014-07-02 16:43 - 00688992 ____R (Swearware) C:\Users\Johan\Desktop\dds.scr
2014-07-01 13:00 - 2014-07-01 12:57 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\TS3Client
2014-06-30 09:34 - 2014-04-26 02:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-30 09:34 - 2014-04-26 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Gast
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\Google
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\fbwuser\AppData\Local\Comodo
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-06-30 09:34 - 2014-01-17 13:51 - 00000000 ____D () C:\Users\Administrator
2014-06-30 09:34 - 2013-12-15 23:05 - 00000000 __RHD () C:\Users\Public\Libraries
2014-06-30 09:34 - 2012-08-30 17:03 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-30 09:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-30 09:33 - 2011-04-20 09:27 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Mozilla
2014-06-30 09:33 - 2011-04-17 08:40 - 00000000 ____D () C:\Users\Johan\AppData\Local\Mozilla
2014-06-30 09:33 - 2011-02-21 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
2014-06-30 09:32 - 2013-06-27 11:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-30 09:32 - 2011-09-08 13:42 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-06-30 04:09 - 2014-07-13 18:29 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-13 18:29 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieUserList
2014-06-29 01:59 - 2014-06-29 01:59 - 00000000 __SHD () C:\Users\Mr.SmitchFuckof12345\AppData\Local\EmieSiteList
2014-06-29 01:57 - 2014-06-29 01:57 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\CrashDumps
2014-06-29 01:57 - 2014-02-12 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2014-06-29 01:39 - 2014-06-29 01:39 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Win7codecs
2014-06-29 01:39 - 2011-10-06 19:42 - 00000000 ____D () C:\ProgramData\Win7codecs
2014-06-28 18:34 - 2011-10-09 13:39 - 00000000 ____D () C:\Users\Johan\AppData\Local\Deployment
2014-06-28 14:46 - 2014-06-28 14:46 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Apple
2014-06-28 14:41 - 2014-06-28 14:41 - 00098840 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-28 14:41 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ArcSoft
2014-06-28 14:40 - 2014-06-28 14:40 - 00001387 _____ () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\ATI
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Apple Computer
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Adobe
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\PDFC
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ATI
2014-06-28 14:40 - 2014-06-28 14:40 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\ArcSoft
2014-06-28 14:39 - 2014-06-28 14:39 - 00000000 ____D () C:\Users\Mr.SmitchFuckof12345\AppData\Local\VirtualStore
2014-06-28 14:37 - 2014-06-28 14:37 - 00000020 ___SH () C:\Users\Mr.SmitchFuckof12345\ntuser.ini
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Vorlagen
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Startmenü
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Netzwerkumgebung
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Lokale Einstellungen
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Eigene Dateien
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Druckumgebung
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Musik
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Documents\Eigene Bilder
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Verlauf
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\AppData\Local\Anwendungsdaten
2014-06-28 14:37 - 2014-06-28 14:37 - 00000000 _SHDL () C:\Users\Mr.SmitchFuckof12345\Anwendungsdaten
2014-06-27 19:07 - 2011-01-11 02:27 - 00699868 _____ () C:\Windows\system32\perfh007.dat
2014-06-27 19:07 - 2011-01-11 02:27 - 00149750 _____ () C:\Windows\system32\perfc007.dat
2014-06-27 19:07 - 2009-07-14 07:13 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-27 13:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2014-06-27 12:25 - 2013-04-29 20:31 - 00098840 _____ () C:\Users\Johan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-27 12:23 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-27 11:43 - 2013-03-30 19:34 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\Malwarebytes
2014-06-27 11:43 - 2013-03-30 19:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-27 11:43 - 2013-03-30 19:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-25 21:52 - 2011-10-22 19:06 - 00004090 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001UA
2014-06-25 21:52 - 2011-10-22 19:06 - 00003694 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2478615884-895137908-1883612811-1001Core
2014-06-25 21:18 - 2011-02-24 21:32 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 21:18 - 2011-02-24 21:32 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-25 11:38 - 2011-04-15 19:28 - 00000000 ____D () C:\Users\Johan\AppData\Local\PMB Files
2014-06-22 16:38 - 2014-06-22 16:38 - 00000000 ____D () C:\Program Files\VirtualDJ
2014-06-21 22:28 - 2011-10-13 17:14 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\ArcSoft
2014-06-21 17:05 - 2013-11-24 03:36 - 00000000 ____D () C:\Users\Johan\AppData\Roaming\FlowStone
2014-06-20 22:14 - 2014-07-13 18:29 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 21:39 - 2014-07-13 18:29 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 03:39 - 2014-07-13 18:29 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 03:06 - 2014-07-13 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 03:06 - 2014-07-13 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-19 02:48 - 2014-07-13 18:29 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 02:42 - 2014-07-13 18:29 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-19 02:42 - 2014-07-13 18:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 02:41 - 2014-07-13 18:29 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-19 02:41 - 2014-07-13 18:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-19 02:32 - 2014-07-13 18:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 02:31 - 2014-07-13 18:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 02:26 - 2014-07-13 18:29 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-19 02:24 - 2014-07-13 18:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-19 02:24 - 2014-07-13 18:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-19 02:23 - 2014-07-13 18:29 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-19 02:16 - 2014-07-13 18:29 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:14 - 2014-07-13 18:29 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-19 02:09 - 2014-07-13 18:29 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 01:59 - 2014-07-13 18:29 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-19 01:56 - 2014-07-13 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-07-13 18:29 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 01:51 - 2014-07-13 18:29 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 01:50 - 2014-07-13 18:29 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 01:48 - 2014-07-13 18:29 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 01:39 - 2014-07-13 18:29 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 01:38 - 2014-07-13 18:29 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-19 01:37 - 2014-07-13 18:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 01:36 - 2014-07-13 18:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-19 01:35 - 2014-07-13 18:29 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-19 01:33 - 2014-07-13 18:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 01:32 - 2014-07-13 18:29 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 01:28 - 2014-07-13 18:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 01:28 - 2014-07-13 18:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 01:27 - 2014-07-13 18:29 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 01:27 - 2014-07-13 18:29 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-19 01:25 - 2014-07-13 18:29 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-19 01:23 - 2014-07-13 18:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-19 01:22 - 2014-07-13 18:29 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-19 01:12 - 2014-07-13 18:29 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 01:06 - 2014-07-13 18:29 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-19 01:01 - 2014-07-13 18:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 00:59 - 2014-07-13 18:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 00:58 - 2014-07-13 18:29 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 00:58 - 2014-07-13 18:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 00:52 - 2014-07-13 18:29 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 00:51 - 2014-07-13 18:29 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 00:49 - 2014-07-13 18:29 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 00:46 - 2014-07-13 18:29 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-19 00:45 - 2014-07-13 18:29 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 00:35 - 2014-07-13 18:29 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 00:34 - 2014-07-13 18:29 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 00:15 - 2014-07-13 18:29 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-19 00:13 - 2014-07-13 18:29 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 00:09 - 2014-07-13 18:29 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 00:07 - 2014-07-13 18:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-18 04:18 - 2014-07-13 18:24 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-18 03:51 - 2014-07-13 18:24 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 03:10 - 2014-07-13 18:24 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00269080 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
Some content of TEMP:
====================
C:\Users\Johan\AppData\Local\temp\avgnt.exe
C:\Users\Johan\AppData\Local\temp\bassmod.dll
C:\Users\Johan\AppData\Local\temp\dsp_ipp.dll
C:\Users\Johan\AppData\Local\temp\HssInstaller.exe
C:\Users\Johan\AppData\Local\temp\hsspk.exe
C:\Users\Johan\AppData\Local\temp\ildownloader_install.exe
C:\Users\Johan\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Johan\AppData\Local\temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Johan\AppData\Local\temp\MusicStationUninstall.exe
C:\Users\Johan\AppData\Local\temp\NGMSetup.exe
C:\Users\Johan\AppData\Local\temp\PCSpeedMaximizer.exe
C:\Users\Johan\AppData\Local\temp\SkypeSetup.exe
C:\Users\Johan\AppData\Local\temp\Tsu8B9F2206.dll
C:\Users\Johan\AppData\Local\temp\TUUUninstallHelper.exe
C:\Users\Johan\AppData\Local\temp\uninst1.exe
C:\Users\Johan\AppData\Local\temp\vlc-2.1.1-win64.exe
C:\Users\Johan\AppData\Local\temp\vlc-2.1.3-win64.exe
C:\Users\Mr.SmitchFuckof12345\AppData\Local\temp\avgnt.exe
C:\Users\Mr.Smith\AppData\Local\temp\avgnt.exe
C:\Users\Mr.Smith\AppData\Local\temp\NGMDll.dll
C:\Users\Mr.Smith\AppData\Local\temp\NGMResource.dll
C:\Users\Mr.Smith\AppData\Local\temp\Quarantine.exe
C:\Users\Mr.Smith\AppData\Local\temp\swt-win32-3349.dll
C:\Users\Mr.Smith\AppData\Local\temp\unicows.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-15 16:05
==================== End Of Log ============================
--- --- --- |
|
17.07.2014, 20:35
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus oder Malware Dem letzten Log vom adwCleaner kann ich nichts entnehmen, was darauf hindeutet, dass Fotos gelöscht wurden.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.07.2014, 17:15
| #25 |
| | Virus oder Malware Ja was soll ich denn jetz machen ich hab keine Ahnung von sowas. |
|
18.07.2014, 21:32
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus oder Malware Ja du stellst einfach irgendeine Behauptung auf, die nach Betrachtung der Logs in meinen Augen falsch ist. Da ich nicht direkt vor deinen Rechner sitze und nicht sehen konnte was du da auch sonst so noch gemacht hast kannst du nun nicht wirklich erwarten, dass ich das wissen soll was mit deinen Bildern passiert ist. Probier dein Glück über die Schattenkopien => http://www.trojaner-board.de/115496-...erstellen.html Damit lässt sich vieles versehentlich gelöschtes retten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.07.2014, 19:26
| #27 |
| | Virus oder Malware Aso, das Programm zeigt mir was anderes genau wie alle anderen Programme ^^ Code:
ATTFilter Search results from Spybot - Search & Destroy
22.07.2014 20:24:20
Scan took 00:54:44.
55 items found.
Delta.Toolbar: [SBI $85F92549] User settings (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\BabSolution
Delta.Toolbar: [SBI $44F06F05] User settings (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Internet Explorer\Protect Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}
Delta.Toolbar: [SBI $4FE1D2EF] User settings (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Delta.Toolbar: [SBI $04AEAE14] User settings (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow
Delta.Toolbar: [SBI $0760E887] User settings (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome
ConstaSurf: [SBI $953BCF27] User settings (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Win32.Agent.qvo: [SBI $E30D556E] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Wpm
Win32.Agent.qvo: [SBI $E30D556E] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Wpm
Win32.Agent.qvo: [SBI $3937A24F] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Wpm
Win32.Agent.qvo: [SBI $3937A24F] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Wpm
Somoto.BetterInstaller: [SBI $B8A7F4F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp
Somoto.BetterInstaller: [SBI $B8A7F4F7] Root class (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\sdp
Systweak.RegCleanPro: [SBI $EA6CE3BF] User settings (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Distromatic
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1014\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1014\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS DirectInput: [SBI $6533916A] Last mapped application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\DirectInput\MostRecentMapperApplication\ID
MS DirectInput: [SBI $31B11F6A] Last mapped application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\DirectInput\MostRecentMapperApplication\Name
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources
Windows.OpenWith: [SBI $787DC1A1] Open with list - .001 extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.001\OpenWithList
Windows.OpenWith: [SBI $09B2DC6B] Open with list - .002 extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002\OpenWithList
Windows.OpenWith: [SBI $9BE3FA35] Open with list - .007 extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.007\OpenWithList
Windows.OpenWith: [SBI $F6619696] Open with list - .008 extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.008\OpenWithList
Windows.OpenWith: [SBI $B2FD6109] Open with list - .3DS extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3DS\OpenWithList
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $691C1B44] Open with list - .BIN extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList
Windows.OpenWith: [SBI $A16D50FA] Open with list - .CHT extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CHT\OpenWithList
Windows.OpenWith: [SBI $F1129B32] Open with list - .CPL extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList
Windows.OpenWith: [SBI $F34FE1D0] Open with list - .CUE extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUE\OpenWithList
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2478615884-895137908-1883612811-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cache: [SBI $49804B54] Browser: Cache (2) (Browser: Cache, nothing done)
History: [SBI $49804B54] Browser: History (2) (Browser: History, nothing done)
Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)
History: [SBI $49804B54] Browser: History (861) (Browser: History, nothing done)
--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---
2014-06-24 blindman.exe (2.4.40.151)
2014-06-24 explorer.exe (2.4.40.181)
2014-06-24 SDBootCD.exe (2.4.40.109)
2014-06-24 SDCleaner.exe (2.4.40.110)
2014-06-24 SDDelFile.exe (2.4.40.94)
2013-06-18 SDDisableProxy.exe
2014-06-24 SDFiles.exe (2.4.40.135)
2014-06-24 SDFileScanHelper.exe (2.4.40.1)
2014-06-24 SDFSSvc.exe (2.4.40.217)
2014-06-24 SDHelp.exe (2.4.40.1)
2014-04-25 SDHookHelper.exe (2.3.39.2)
2014-04-25 SDHookInst32.exe (2.3.39.2)
2014-04-25 SDHookInst64.exe (2.3.39.2)
2014-06-24 SDImmunize.exe (2.4.40.130)
2014-06-24 SDLogReport.exe (2.4.40.107)
2014-06-24 SDOnAccess.exe (2.4.40.11)
2014-06-24 SDPESetup.exe (2.4.40.3)
2014-06-24 SDPEStart.exe (2.4.40.86)
2014-06-24 SDPhoneScan.exe (2.4.40.28)
2014-06-24 SDPRE.exe (2.4.40.22)
2014-06-24 SDPrepPos.exe (2.4.40.15)
2014-06-24 SDQuarantine.exe (2.4.40.103)
2014-06-24 SDRootAlyzer.exe (2.4.40.116)
2014-06-24 SDSBIEdit.exe (2.4.40.39)
2014-06-24 SDScan.exe (2.4.40.181)
2014-06-24 SDScript.exe (2.4.40.54)
2014-06-24 SDSettings.exe (2.4.40.139)
2014-06-24 SDShell.exe (2.4.40.2)
2014-06-24 SDShred.exe (2.4.40.108)
2014-06-24 SDSysRepair.exe (2.4.40.102)
2014-06-24 SDTools.exe (2.4.40.157)
2014-06-24 SDTray.exe (2.4.40.129)
2014-06-27 SDUpdate.exe (2.4.40.94)
2014-06-27 SDUpdSvc.exe (2.4.40.77)
2014-06-24 SDWelcome.exe (2.4.40.130)
2014-04-25 SDWSCSvc.exe (2.3.39.2)
2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
2013-06-19 spybotsd2-translation-frx.exe
2014-07-20 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2014-04-25 NotificationSpreader.dll
2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98)
2014-04-25 SDAV.dll
2014-06-24 SDECon32.dll (2.4.40.114)
2014-06-24 SDECon64.dll (2.3.39.113)
2014-06-24 SDEvents.dll (2.4.40.2)
2014-06-24 SDFileScanLibrary.dll (2.4.40.14)
2014-04-25 SDHook32.dll (2.3.39.2)
2014-04-25 SDHook64.dll (2.3.39.2)
2014-06-24 SDImmunizeLibrary.dll (2.4.40.2)
2014-06-24 SDLicense.dll (2.4.40.0)
2014-06-24 SDLists.dll (2.4.40.4)
2014-06-24 SDResources.dll (2.4.40.7)
2014-06-24 SDScanLibrary.dll (2.4.40.131)
2014-06-24 SDTasks.dll (2.4.40.15)
2014-06-24 SDWinLogon.dll (2.4.40.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-06-24 Tools.dll (2.4.40.36)
2014-03-05 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-07-16 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2014-01-09 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2014-01-09 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-03-19 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-04-15 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-07-09 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-07-16 Includes\PUPS-C.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2014-07-09 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2014-07-09 Includes\Trojans-009.sbi (*)
2014-07-16 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
|
|
22.07.2014, 20:04
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus oder Malware Kannst du mir mal verraten was das Spybot Log soll  Hast du den Artikel zum ShadowExplorer KOMPLETT GELESEN & VERSTANDEN?  Gehts dir überhaupt noch um die angeblich vom adwCleaner gelöschten Fotos?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.07.2014, 20:09
| #29 |
| | Virus oder Malware Mir ging es nie um fotos die weg sind oder waren. um Fotos ging es nie. Ich wollte einfach nur von dir wissen ob mein PC infiziert ist und wie ich (Du) ihn wieder bereinigen. |
|
22.07.2014, 20:12
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus oder Malware Du hast aber das gepostet: Zitat:
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
Linear-Darstellung
