Trojaner-Board - TR/Downloader.Gen2 Virus am Laptop

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-08-2013 03

Ran by Tamara (administrator) on 19-08-2013 22:56:26

Running from C:\Users\Tamara\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

() C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

() C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe

() C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(cake bake) C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe

(X10) C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Bake Cake) C:\Users\Tamara\AppData\Roaming\Tepfel\WebCakeDesktop.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe

(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe

(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Kaspersky Lab ZAO) C:\Users\Tamara\Downloads\tdsskiller.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

(AVAST Software) C:\Users\Tamara\Downloads\aswMBR.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-11] (Synaptics Incorporated)

HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)

HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)

HKCU\...\Run: [WebCake Desktop] - C:\Users\Tamara\AppData\Roaming\Tepfel\WebCakeDesktop.exe [52504 2013-08-10] (Bake Cake)

HKCU\...\Run: [NTRedirect] - C:\Users\Tamara\AppData\Roaming\BabSolution\Shared\EnhancedNT.dll [173568 2013-08-12] ()

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)

HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)

HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)

HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)

HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-18] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)

AppInit_DLLs-x32: c:\progra~3\browse~2\261562~1.220\{c16c1~1\browse~1.dll  [2699216 2013-08-13] ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.com/websearch/ref=bit_bds-p12_serp_ie_us_display?ie=UTF8&tagbase=bds-p12&tbrId=v1_abb-channel-12_e01d638542e84c9daf46ed03a5033e87_39_1006_20130817_AT_ie_sp_

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=CA8F485D604651AF&affID=119357&tsp=4978

SearchScopes: HKCU - DefaultScope {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.com/websearch/ref=bit_bds-p12_serp_ie_us_display?ie=UTF8&tagbase=bds-p12&tag=bds-p12-serp-us-ie-20&tbrId=v1_abb-channel-12_e01d638542e84c9daf46ed03a5033e87_39_1006_20130817_AT_ie_ds_&query={searchTerms}

SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=CA8F485D604651AF&affID=119357&tsp=4978

SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 

SearchScopes: HKCU - {964F4C92-B382-4BD3-B87E-9AAD9E3DC39F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10263&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGU&apn_dtid=^YYYYYY^YY^AT&apn_uid=3b4b91a8-bf66-4567-bf2b-7ea50effd716&apn_sauid=51263F7F-3CB4-4EAE-B30B-C157A8C183F2

SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.com/websearch/ref=bit_bds-p12_serp_ie_us_display?ie=UTF8&tagbase=bds-p12&tag=bds-p12-serp-us-ie-20&tbrId=v1_abb-channel-12_e01d638542e84c9daf46ed03a5033e87_39_1006_20130817_AT_ie_ds_&query={searchTerms}

BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)

BHO-x32: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\Tepfel\WebCakeIEClient.dll (Let Them Eat Web-Cake LLC)

BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)

BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.5\bh\delta.dll (Delta-search.com)

BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)

BHO-x32: AlxHelper Class - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)

Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} -  No File

Toolbar: HKLM-x32 - Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)

Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.5\deltaTlbr.dll (Delta-search.com)

Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 

Chrome: 

=======

CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh\20.53263_0

CHR Extension: (Google Docs) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

CHR Extension: (Google Drive) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (Web Cake) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0

CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_0

CHR Extension: (Gmail) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx

CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Tamara\AppData\Roaming\BabSolution\CR\Delta.crx

CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\Tepfel\WebCakeLayers.crx
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-18] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-18] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-18] (Avira Operations GmbH & Co. KG)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)

R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2838480 2013-08-13] ()

R2 Updater Service for AMZN; C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2013-03-21] ()

R2 WebCakeUpdater; C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe [51992 2013-08-10] (cake bake)

R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)

R2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-18] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-18] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)

R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)

S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]

U3 aswMBR; \??\C:\Users\Tamara\AppData\Local\Temp\aswMBR.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-19 22:54 - 2013-08-19 22:54 - 02027485 _____ (Farbar) C:\Users\Tamara\Downloads\FRST64.exe

2013-08-19 22:52 - 2013-08-19 22:52 - 00003130 _____ C:\Users\Tamara\Desktop\aswMBR.txt

2013-08-19 22:52 - 2013-08-19 22:52 - 00000512 _____ C:\Users\Tamara\Desktop\MBR.dat

2013-08-19 21:02 - 2013-08-19 22:30 - 04745728 _____ (AVAST Software) C:\Users\Tamara\Downloads\aswMBR.exe

2013-08-19 20:54 - 2013-08-19 20:54 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Tamara\Downloads\tdsskiller.exe

2013-08-19 20:36 - 2013-08-19 20:36 - 00666633 _____ C:\Users\Tamara\Downloads\AdwCleaner.exe

2013-08-19 19:28 - 2013-08-19 19:28 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert

2013-08-18 11:06 - 2013-08-18 11:06 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Avira

2013-08-18 11:02 - 2013-08-18 11:02 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-08-18 11:02 - 2013-08-18 11:02 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Mozilla

2013-08-18 11:02 - 2013-08-18 11:02 - 00000000 ____D C:\ProgramData\AskPartnerNetwork

2013-08-18 11:02 - 2013-08-18 11:02 - 00000000 ____D C:\ProgramData\APN

2013-08-18 11:02 - 2013-08-18 11:02 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork

2013-08-18 11:02 - 2013-06-06 22:41 - 00489392 _____ (Ask Partner Network) C:\Users\Tamara\Documents\APNSetup.exe

2013-08-18 11:01 - 2013-08-18 11:01 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk

2013-08-18 11:01 - 2013-08-18 11:01 - 00000000 ____D C:\Program Files (x86)\Avira

2013-08-18 11:01 - 2013-07-18 08:02 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-08-18 11:01 - 2013-07-18 08:02 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-08-18 11:01 - 2013-03-06 16:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-08-18 10:56 - 2013-08-18 11:00 - 110344048 _____ C:\Users\Tamara\Downloads\avira_free_antivirus85_de.exe

2013-08-18 10:55 - 2013-08-18 10:55 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Tamara\Downloads\rcpsetup_chip_de_chip_de (3).exe

2013-08-18 10:55 - 2013-08-18 10:55 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Tamara\Downloads\rcpsetup_chip_de_chip_de (2).exe

2013-08-18 10:53 - 2013-08-18 10:53 - 00000000 ____D C:\Users\Tamara\AppData\Local\avgchrome

2013-08-18 10:44 - 2013-08-19 22:35 - 00000000 ____D C:\Program Files (x86)\Tepfel

2013-08-18 10:44 - 2013-08-19 19:29 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Tepfel

2013-08-18 10:44 - 2013-08-18 22:50 - 00000000 ____D C:\Program Files (x86)\DealPlyLive

2013-08-18 10:44 - 2013-08-18 22:12 - 00000000 ____D C:\Program Files (x86)\DealPly

2013-08-18 10:44 - 2013-08-18 21:44 - 00000294 _____ C:\Windows\Tasks\Dealply.job

2013-08-18 10:44 - 2013-08-18 10:44 - 00003238 _____ C:\Windows\System32\Tasks\Dealply

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Delta

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Dealply

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Users\Tamara\AppData\Local\DealPlyLive

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\ProgramData\DealPlyLive

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\ProgramData\BrowserDefender

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Program Files (x86)\Delta

2013-08-18 10:42 - 2013-08-18 10:42 - 00665440 _____ C:\Users\Tamara\Downloads\Avira-Antivirus-Download_Setup.exe

2013-08-17 19:47 - 2013-08-18 18:22 - 00001660 _____ C:\Windows\system32\ASOROSet.bin

2013-08-17 19:47 - 2013-08-18 10:59 - 00000000 ____D C:\Windows\system32\config\RCCBakup

2013-08-17 19:43 - 2013-08-17 19:43 - 00000000 ____D C:\Users\Tamara\AppData\Local\Amazon Browser Bar

2013-08-17 19:43 - 2013-08-17 19:43 - 00000000 ____D C:\Program Files (x86)\Amazon

2013-08-17 19:42 - 2013-08-18 22:15 - 00000000 ____D C:\Program Files (x86)\MyPC Backup

2013-08-17 19:42 - 2013-08-18 10:59 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Systweak

2013-08-17 19:42 - 2013-08-17 19:43 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Bar

2013-08-17 19:42 - 2013-08-17 19:42 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.2360.dll

2013-08-17 19:42 - 2013-05-27 16:01 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe

2013-08-17 19:39 - 2013-08-17 19:40 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Tamara\Downloads\rcpsetup_chip_de_chip_de (1).exe

2013-08-17 19:39 - 2013-08-17 19:39 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Tamara\Downloads\rcpsetup_chip_de_chip_de.exe

2013-08-17 19:16 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-17 19:16 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-17 19:16 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-17 19:16 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-17 19:16 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-17 19:16 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-17 19:16 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-17 19:16 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-17 19:16 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-17 19:16 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-17 19:16 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-17 19:16 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-17 19:12 - 2013-08-17 19:13 - 00000000 ____D C:\Windows\system32\MRT

2013-08-17 13:12 - 2013-08-17 13:12 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2013-08-17 13:12 - 2013-08-17 13:12 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

2013-08-17 12:44 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-17 12:44 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-17 12:44 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-17 12:44 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-17 12:44 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-17 12:44 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-17 12:44 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-17 12:44 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-17 12:44 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-17 12:44 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-17 12:44 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-17 12:44 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-17 12:44 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-17 12:44 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-17 12:44 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-17 12:44 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
 

==================== One Month Modified Files and Folders =======
 

2013-08-19 22:56 - 2013-08-19 22:56 - 00000000 ____D C:\FRST

2013-08-19 22:54 - 2013-08-19 22:54 - 02027485 _____ (Farbar) C:\Users\Tamara\Downloads\FRST64.exe

2013-08-19 22:52 - 2013-08-19 22:52 - 00003130 _____ C:\Users\Tamara\Desktop\aswMBR.txt

2013-08-19 22:52 - 2013-08-19 22:52 - 00000512 _____ C:\Users\Tamara\Desktop\MBR.dat

2013-08-19 22:52 - 2013-03-20 20:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-19 22:49 - 2009-07-14 06:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-19 22:49 - 2009-07-14 06:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-19 22:43 - 2013-03-16 14:38 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B902CC9-36BE-44C0-9126-0FB6EA6DB96C}

2013-08-19 22:35 - 2013-08-18 10:44 - 00000000 ____D C:\Program Files (x86)\Tepfel

2013-08-19 22:30 - 2013-08-19 21:02 - 04745728 _____ (AVAST Software) C:\Users\Tamara\Downloads\aswMBR.exe

2013-08-19 22:10 - 2013-03-21 19:19 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-19 21:10 - 2013-03-21 19:19 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-19 20:54 - 2013-08-19 20:54 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Tamara\Downloads\tdsskiller.exe

2013-08-19 20:36 - 2013-08-19 20:36 - 00666633 _____ C:\Users\Tamara\Downloads\AdwCleaner.exe

2013-08-19 19:34 - 2013-03-16 13:54 - 01459952 _____ C:\Windows\WindowsUpdate.log

2013-08-19 19:29 - 2013-08-18 10:44 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Tepfel

2013-08-19 19:28 - 2013-08-19 19:28 - 00003436 _____ C:\Windows\System32\Tasks\BrowserDefendert

2013-08-19 19:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-19 19:27 - 2009-07-14 06:51 - 00038574 _____ C:\Windows\setupact.log

2013-08-18 22:50 - 2013-08-18 10:44 - 00000000 ____D C:\Program Files (x86)\DealPlyLive

2013-08-18 22:15 - 2013-08-17 19:42 - 00000000 ____D C:\Program Files (x86)\MyPC Backup

2013-08-18 22:15 - 2013-03-16 14:32 - 00000000 ___RD C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-08-18 22:12 - 2013-08-18 10:44 - 00000000 ____D C:\Program Files (x86)\DealPly

2013-08-18 21:44 - 2013-08-18 10:44 - 00000294 _____ C:\Windows\Tasks\Dealply.job

2013-08-18 18:23 - 2013-03-21 21:18 - 00116640 _____ C:\Windows\PFRO.log

2013-08-18 18:23 - 2013-03-16 14:32 - 00000000 ____D C:\Users\Tamara

2013-08-18 18:23 - 2009-07-14 04:34 - 52953088 _____ C:\Windows\system32\config\SOFTWARE.bak

2013-08-18 18:23 - 2009-07-14 04:34 - 16777216 _____ C:\Windows\system32\config\SYSTEM.bak

2013-08-18 18:23 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\SECURITY.bak

2013-08-18 18:22 - 2013-08-17 19:47 - 00001660 _____ C:\Windows\system32\ASOROSet.bin

2013-08-18 11:44 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\SAM.bak

2013-08-18 11:06 - 2013-08-18 11:06 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Avira

2013-08-18 11:02 - 2013-08-18 11:02 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-08-18 11:02 - 2013-08-18 11:02 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Mozilla

2013-08-18 11:02 - 2013-08-18 11:02 - 00000000 ____D C:\ProgramData\AskPartnerNetwork

2013-08-18 11:02 - 2013-08-18 11:02 - 00000000 ____D C:\ProgramData\APN

2013-08-18 11:02 - 2013-08-18 11:02 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork

2013-08-18 11:01 - 2013-08-18 11:01 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk

2013-08-18 11:01 - 2013-08-18 11:01 - 00000000 ____D C:\Program Files (x86)\Avira

2013-08-18 11:01 - 2013-04-08 17:50 - 00000000 ____D C:\ProgramData\Avira

2013-08-18 11:00 - 2013-08-18 10:56 - 110344048 _____ C:\Users\Tamara\Downloads\avira_free_antivirus85_de.exe

2013-08-18 10:59 - 2013-08-17 19:47 - 00000000 ____D C:\Windows\system32\config\RCCBakup

2013-08-18 10:59 - 2013-08-17 19:42 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Systweak

2013-08-18 10:55 - 2013-08-18 10:55 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Tamara\Downloads\rcpsetup_chip_de_chip_de (3).exe

2013-08-18 10:55 - 2013-08-18 10:55 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Tamara\Downloads\rcpsetup_chip_de_chip_de (2).exe

2013-08-18 10:53 - 2013-08-18 10:53 - 00000000 ____D C:\Users\Tamara\AppData\Local\avgchrome

2013-08-18 10:47 - 2013-04-08 17:45 - 113679904 _____ C:\Users\Tamara\Downloads\avira_free3499_antivirus_de.exe

2013-08-18 10:44 - 2013-08-18 10:44 - 00003238 _____ C:\Windows\System32\Tasks\Dealply

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Delta

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Dealply

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Users\Tamara\AppData\Local\DealPlyLive

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\ProgramData\DealPlyLive

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\ProgramData\BrowserDefender

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Program Files (x86)\Delta

2013-08-18 10:44 - 2013-04-22 18:07 - 00003394 _____ C:\Windows\System32\Tasks\EPUpdater

2013-08-18 10:42 - 2013-08-18 10:42 - 00665440 _____ C:\Users\Tamara\Downloads\Avira-Antivirus-Download_Setup.exe

2013-08-17 19:43 - 2013-08-17 19:43 - 00000000 ____D C:\Users\Tamara\AppData\Local\Amazon Browser Bar

2013-08-17 19:43 - 2013-08-17 19:43 - 00000000 ____D C:\Program Files (x86)\Amazon

2013-08-17 19:43 - 2013-08-17 19:42 - 00000000 ____D C:\Program Files (x86)\Amazon Browser Bar

2013-08-17 19:42 - 2013-08-17 19:42 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.2360.dll

2013-08-17 19:42 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-08-17 19:40 - 2013-08-17 19:39 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Tamara\Downloads\rcpsetup_chip_de_chip_de (1).exe

2013-08-17 19:39 - 2013-08-17 19:39 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Tamara\Downloads\rcpsetup_chip_de_chip_de.exe

2013-08-17 19:14 - 2009-07-14 19:58 - 00654166 _____ C:\Windows\system32\perfh007.dat

2013-08-17 19:14 - 2009-07-14 19:58 - 00130006 _____ C:\Windows\system32\perfc007.dat

2013-08-17 19:14 - 2009-07-14 07:13 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-17 19:13 - 2013-08-17 19:12 - 00000000 ____D C:\Windows\system32\MRT

2013-08-17 19:12 - 2013-04-10 17:43 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-08-17 13:12 - 2013-08-17 13:12 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2013-08-17 13:12 - 2013-08-17 13:12 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

2013-08-17 12:20 - 2013-04-22 18:08 - 00000000 ____D C:\ProgramData\BrowserProtect

2013-08-12 21:11 - 2013-03-21 19:21 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-07-26 07:13 - 2013-08-17 19:16 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-26 07:13 - 2013-08-17 19:16 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-26 07:13 - 2013-08-17 19:16 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-07-26 07:12 - 2013-08-17 19:16 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-07-26 05:35 - 2013-08-17 19:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-26 05:13 - 2013-08-17 19:16 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-26 05:13 - 2013-08-17 19:16 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-26 05:11 - 2013-08-17 19:16 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-26 05:11 - 2013-08-17 19:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-07-26 04:49 - 2013-08-17 19:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-26 04:39 - 2013-08-17 19:16 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-07-26 03:59 - 2013-08-17 19:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-25 11:25 - 2013-08-17 12:44 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-07-25 10:57 - 2013-08-17 12:44 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-07-25 23:19
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-08-2013 03
Ran by Tamara at 2013-08-19 22:57:31
Running from C:\Users\Tamara\Downloads
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Amazon Browser Bar (x32 Version: 3.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.27)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663)
Bonjour (Version: 3.0.0.10)
BrowserDefender (x32)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Delta Chrome Toolbar (x32)
Delta toolbar (x32 Version: 1.8.24.5)
Free YouTube to MP3 Converter version 3.12.2.419 (x32 Version: 3.12.2.419)
Google Chrome (x32 Version: 28.0.1500.95)
Google Drive (x32 Version: 1.11.4865.2530)
Google Update Helper (x32 Version: 1.3.21.153)
iCloud (Version: 2.1.2.8)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2189)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.0.1014)
iTunes (Version: 11.0.4.4)
Launch Manager (x32 Version: 1.5.1.2)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Neverwinter (x32)
PhotoScape (x32)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30121)
REALTEK Wireless LAN Driver (x32 Version: 1.00.0148)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0)
rosoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
VLC media player 1.1.11 (x32 Version: 1.1.11)
Web-Cake 3.00 (Version: 3.00)
X10 Hardware(TM) (x32)

==================== Restore Points =========================

01-07-2013 20:48:58 Windows Update
15-07-2013 20:23:31 Windows Update
25-07-2013 21:20:42 Geplanter Prüfpunkt
17-08-2013 17:09:36 TuneUp Utilities 2013 wird entfernt
17-08-2013 17:10:45 TuneUp Utilities Language Pack (de-DE) wird entfernt
17-08-2013 17:11:22 Windows Update
17-08-2013 17:44:29 RegClean Pro Sa, Aug 17, 13 19:44
18-08-2013 08:58:46 RegClean Pro So, Aug 18, 13 10:58

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0094865D-751D-473D-9A5E-F45A8981B41E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {3ED37D18-19DB-4394-A176-52615AF01106} - System32\Tasks\EPUpdater => C:\Users\Tamara\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-08-04] ()
Task: {6306345F-4C49-48FB-915D-73DC98D6D316} - System32\Tasks\User_Feed_Synchronization-{1B902CC9-36BE-44C0-9126-0FB6EA6DB96C} => C:\Windows\system32\msfeedssync.exe [2013-06-25] (Microsoft Corporation)
Task: {8C0CCFC3-621D-4727-BD5F-BE24AC4D8FA5} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {97B75033-2A86-4DF3-9FD0-DB59E08F39F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21] (Google Inc.)
Task: {ABB42E1F-538D-42E1-8B00-D5165F3D371C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {D1DC4768-C96D-4D26-8B3D-E7C616703D8C} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {D2C0C802-2A98-43E0-95AD-1EC7D8EAED85} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated)
Task: {DF7632B0-F95A-44A4-B2DE-639844AFFBA1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F7547F78-E7BE-4F79-8BDA-0AD60CAE5E6C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-21] (Google Inc.)
Task: {FD19E347-7C90-4A43-B914-0A924190C328} - System32\Tasks\Dealply => C:\Users\Tamara\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Tamara\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2013 10:52:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e243
ID des fehlerhaften Prozesses: 0x334
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1
Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2
Berichtskennung: FlashPlayerUpdateService.exe3

Error: (08/19/2013 09:52:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e243
ID des fehlerhaften Prozesses: 0x190
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1
Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2
Berichtskennung: FlashPlayerUpdateService.exe3

Error: (08/19/2013 08:52:06 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e243
ID des fehlerhaften Prozesses: 0x10fc
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1
Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2
Berichtskennung: FlashPlayerUpdateService.exe3

Error: (08/19/2013 07:52:04 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e243
ID des fehlerhaften Prozesses: 0x1350
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1
Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2
Berichtskennung: FlashPlayerUpdateService.exe3

Error: (08/19/2013 05:55:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14711

Error: (08/19/2013 05:55:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14711

Error: (08/19/2013 05:55:34 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/19/2013 05:55:20 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e243
ID des fehlerhaften Prozesses: 0xedc
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1
Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2
Berichtskennung: FlashPlayerUpdateService.exe3

Error: (08/18/2013 11:52:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e243
ID des fehlerhaften Prozesses: 0xfd8
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1
Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2
Berichtskennung: FlashPlayerUpdateService.exe3

Error: (08/18/2013 10:52:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e243
ID des fehlerhaften Prozesses: 0x1380
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1
Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2
Berichtskennung: FlashPlayerUpdateService.exe3

System errors:
=============
Error: (08/19/2013 07:27:48 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎19.‎08.‎2013 um 19:23:24 unerwartet heruntergefahren.

Error: (08/18/2013 10:15:27 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Computer Backup (MyPC Backup)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/18/2013 08:37:42 PM) (Source: iaStor) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (08/18/2013 06:32:18 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Peernetzwerkidentitäts-Manager" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (08/18/2013 06:32:09 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (08/18/2013 06:27:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/18/2013 06:27:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/18/2013 06:27:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Peernetzwerkidentitäts-Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/18/2013 06:24:21 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/18/2013 06:24:21 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Microsoft Office Sessions:
=========================
Error: (08/19/2013 10:52:02 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b8fc00000050002e24333401ce9d1df331573bC:\Windows\SysWOW64\Macromed\Flash\F lashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dll323f34a0-0911-11e3-8261-00262dc35daf

Error: (08/19/2013 09:52:03 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b8fc00000050002e24319001ce9d1591711190C:\Windows\SysWOW64\Macromed\Flash\F lashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dlld1635ede-0908-11e3-8261-00262dc35daf

Error: (08/19/2013 08:52:06 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b8fc00000050002e24310fc01ce9d0d2fabc2c3C:\Windows\SysWOW64\Macromed\Flash\ FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dll710aebd8-0900-11e3-8261-00262dc35daf

Error: (08/19/2013 07:52:04 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b8fc00000050002e243135001ce9d04cdeade40C:\Windows\SysWOW64\Macromed\Flash\ FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dll0df8c966-08f8-11e3-8261-00262dc35daf

Error: (08/19/2013 05:55:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14711

Error: (08/19/2013 05:55:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14711

Error: (08/19/2013 05:55:34 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/19/2013 05:55:20 AM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b8fc00000050002e243edc01ce9c8fea076b2bC:\Windows\SysWOW64\Macromed\Flash\F lashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dll2a49b497-0883-11e3-92c9-00262dc35daf

Error: (08/18/2013 11:52:03 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b8fc00000050002e243fd801ce9c5d2abd632aC:\Windows\SysWOW64\Macromed\Flash\F lashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dll6a96f00b-0850-11e3-92c9-00262dc35daf

Error: (08/18/2013 10:52:05 PM) (Source: Application Error)(User: )
Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b8fc00000050002e243138001ce9c54c8cfd38bC:\Windows\SysWOW64\Macromed\Flash\ FlashPlayerUpdateService.exeC:\Windows\SysWOW64\ntdll.dll09b44c94-0848-11e3-92c9-00262dc35daf

Code:

# AdwCleaner v3.000 - Report created 21/08/2013 at 20:30:09

# Updated 20/08/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Tamara - TAMARA-PC

# Running from : C:\Users\Tamara\Downloads\adwcleaner (1).exe

# Option : Clean
 

***** [ Services ] *****
 

Service Deleted : APNMCP
 

***** [ Files / Folders ] *****
 

Folder Deleted : C:\ProgramData\APN

Folder Deleted : C:\ProgramData\AskPartnerNetwork

Folder Deleted : C:\ProgramData\Babylon

[!] Folder Deleted : C:\ProgramData\BrowserDefender

Folder Deleted : C:\ProgramData\BrowserProtect

Folder Deleted : C:\ProgramData\DealPlyLive

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork

Folder Deleted : C:\Program Files (x86)\DealPly

Folder Deleted : C:\Program Files (x86)\DealPlyLive

Folder Deleted : C:\Program Files (x86)\MyPC Backup

Folder Deleted : C:\Users\Tamara\AppData\Local\APN

Folder Deleted : C:\Users\Tamara\AppData\Local\DealPlyLive

Folder Deleted : C:\Users\Tamara\AppData\Local\Temp\APN

Folder Deleted : C:\Users\Tamara\AppData\Local\Temp\AskSearch

Folder Deleted : C:\Users\Tamara\AppData\Roaming\BabSolution

Folder Deleted : C:\Users\Tamara\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Tamara\AppData\Roaming\DealPly

Folder Deleted : C:\Users\Tamara\AppData\Roaming\dvdvideosoftiehelpers

Folder Deleted : C:\Users\Tamara\AppData\Roaming\file scout

Folder Deleted : C:\Users\Tamara\AppData\Roaming\OpenCandy

Folder Deleted : C:\Users\Tamara\AppData\Roaming\Systweak

Folder Deleted : C:\Users\Tamara\AppData\Roaming\Toolplugin

File Deleted : C:\Windows\System32\roboot64.exe

File Deleted : C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data

File Deleted : C:\Windows\Tasks\Dealply.job

File Deleted : C:\Windows\System32\Tasks\Dealply
 

***** [ Shortcuts ] *****
 
 

***** [ Registry ] *****
 

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]

Key Deleted : HKCU\Software\857d68fe53ee448

Key Deleted : HKLM\SOFTWARE\857d68fe53ee448

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-89AF-189327213627}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Key Deleted : HKCU\Software\Alexa Internet

Key Deleted : HKCU\Software\AskPartnerNetwork

Key Deleted : HKCU\Software\BabSolution

Key Deleted : HKCU\Software\DataMngr

[#] Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Delta

Key Deleted : HKCU\Software\filescout

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKLM\Software\AskPartnerNetwork

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Delta

Key Deleted : HKLM\Software\systweak

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
 

***** [ Browsers ] *****
 

-\\ Internet Explorer v10.0.9200.16660
 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 

-\\ Mozilla Firefox v
 

-\\ Google Chrome v28.0.1500.95
 

[ File : C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

Deleted : homepage

Deleted : urls_to_restore_on_startup
 

*************************
 

AdwCleaner[R0].txt - [5150 octets] - [21/08/2013 20:29:24]

AdwCleaner[S0].txt - [4552 octets] - [21/08/2013 20:30:09]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4612 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.5.2 (08.20.2013:1)

OS: Windows 7 Home Premium x64

Ran by Tamara on 21.08.2013 at 20:35:55,90

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\distromatic

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{964F4C92-B382-4BD3-B87E-9AAD9E3DC39F}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Chrome
 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 21.08.2013 at 20:40:51,24

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Muss ich mir das Programm FRST noch einmal herunterladen? Kann es nämlich nicht finden.
:-(

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013

Ran by Tamara (administrator) on 21-08-2013 20:59:26

Running from C:\Users\Tamara\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(X10) C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe

(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe

(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe

(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Tamara\Downloads\FRST64 (1).exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-11] (Synaptics Incorporated)

HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)

HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)

HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)

HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)

HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)

HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-18] (Avira Operations GmbH & Co. KG)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp

SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 

BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File

Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 

Chrome: 

=======

CHR Extension: (Docs) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0

CHR Extension: (Google Drive) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0

CHR Extension: (YouTube) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0

CHR Extension: (Google Search) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0

CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.2.3.3_0

CHR Extension: (Gmail) - C:\Users\Tamara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-18] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-18] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-18] (Avira Operations GmbH & Co. KG)

R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)

R2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-07-18] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-07-18] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)

R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)

S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-21 20:52 - 2013-08-21 20:53 - 00000000 ____D C:\Users\Tamara\Desktop\Neuer Ordner

2013-08-21 20:35 - 2013-08-21 20:35 - 00000000 ____D C:\Windows\ERUNT

2013-08-21 20:34 - 2013-08-21 20:34 - 01018947 _____ (Thisisu) C:\Users\Tamara\Downloads\JRT.exe

2013-08-21 20:27 - 2013-08-21 20:30 - 00000000 ____D C:\AdwCleaner

2013-08-21 20:27 - 2013-08-21 20:27 - 00975858 _____ C:\Users\Tamara\Downloads\adwcleaner (4).exe

2013-08-21 20:27 - 2013-08-21 20:27 - 00975858 _____ C:\Users\Tamara\Downloads\adwcleaner (3).exe

2013-08-21 20:26 - 2013-08-21 20:27 - 00975858 _____ C:\Users\Tamara\Downloads\adwcleaner (2).exe

2013-08-21 20:22 - 2013-08-21 20:22 - 00975858 _____ C:\Users\Tamara\Downloads\adwcleaner (1).exe

2013-08-20 00:09 - 2013-08-20 00:09 - 00035894 _____ C:\Users\Tamara\Documents\FRST.txt

2013-08-19 23:22 - 2013-08-19 23:22 - 00001272 _____ C:\Users\Tamara\Documents\Ereignisse.txt

2013-08-19 22:57 - 2013-08-19 22:57 - 00016613 _____ C:\Users\Tamara\Downloads\Addition.txt

2013-08-19 22:56 - 2013-08-19 22:56 - 00000000 ____D C:\FRST

2013-08-19 22:54 - 2013-08-19 22:54 - 02027485 _____ (Farbar) C:\Users\Tamara\Downloads\FRST64.exe

2013-08-19 21:02 - 2013-08-19 22:30 - 04745728 _____ (AVAST Software) C:\Users\Tamara\Downloads\aswMBR.exe

2013-08-19 20:54 - 2013-08-19 20:54 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Tamara\Downloads\tdsskiller.exe

2013-08-19 20:36 - 2013-08-19 20:36 - 00666633 _____ C:\Users\Tamara\Downloads\AdwCleaner.exe

2013-08-18 11:06 - 2013-08-18 11:06 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Avira

2013-08-18 11:02 - 2013-08-18 11:02 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-08-18 11:02 - 2013-08-18 11:02 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Mozilla

2013-08-18 11:02 - 2013-06-06 22:41 - 00489392 _____ (Ask Partner Network) C:\Users\Tamara\Documents\APNSetup.exe

2013-08-18 11:01 - 2013-08-18 11:01 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk

2013-08-18 11:01 - 2013-08-18 11:01 - 00000000 ____D C:\Program Files (x86)\Avira

2013-08-18 11:01 - 2013-07-18 08:02 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-08-18 11:01 - 2013-07-18 08:02 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-08-18 11:01 - 2013-03-06 16:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2013-08-18 10:56 - 2013-08-18 11:00 - 110344048 _____ C:\Users\Tamara\Downloads\avira_free_antivirus85_de.exe

2013-08-18 10:55 - 2013-08-18 10:55 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Tamara\Downloads\rcpsetup_chip_de_chip_de (3).exe

2013-08-18 10:55 - 2013-08-18 10:55 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Tamara\Downloads\rcpsetup_chip_de_chip_de (2).exe

2013-08-18 10:53 - 2013-08-18 10:53 - 00000000 ____D C:\Users\Tamara\AppData\Local\avgchrome

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-18 10:42 - 2013-08-18 10:42 - 00665440 _____ C:\Users\Tamara\Downloads\Avira-Antivirus-Download_Setup.exe

2013-08-17 19:47 - 2013-08-18 18:22 - 00001660 _____ C:\Windows\system32\ASOROSet.bin

2013-08-17 19:47 - 2013-08-18 10:59 - 00000000 ____D C:\Windows\system32\config\RCCBakup

2013-08-17 19:43 - 2013-08-21 20:20 - 00000000 ____D C:\Program Files (x86)\Amazon

2013-08-17 19:42 - 2013-08-17 19:42 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.2360.dll

2013-08-17 19:39 - 2013-08-17 19:40 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Tamara\Downloads\rcpsetup_chip_de_chip_de (1).exe

2013-08-17 19:39 - 2013-08-17 19:39 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Tamara\Downloads\rcpsetup_chip_de_chip_de.exe

2013-08-17 19:16 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-17 19:16 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-17 19:16 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-17 19:16 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-17 19:16 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-17 19:16 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-17 19:16 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-17 19:16 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-17 19:16 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-17 19:16 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-17 19:16 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-17 19:16 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-17 19:16 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-17 19:16 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-17 19:12 - 2013-08-17 19:13 - 00000000 ____D C:\Windows\system32\MRT

2013-08-17 13:12 - 2013-08-17 13:12 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2013-08-17 13:12 - 2013-08-17 13:12 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

2013-08-17 12:44 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-17 12:44 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-17 12:44 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-17 12:44 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-17 12:44 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-17 12:44 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-17 12:44 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-17 12:44 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-17 12:44 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-17 12:44 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2013-08-17 12:44 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-17 12:44 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-17 12:44 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-17 12:44 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-17 12:44 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-17 12:44 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
 

==================== One Month Modified Files and Folders =======
 

2013-08-21 20:59 - 2013-08-21 20:59 - 01576164 _____ (Farbar) C:\Users\Tamara\Downloads\FRST64 (1).exe

2013-08-21 20:58 - 2013-03-16 14:38 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1B902CC9-36BE-44C0-9126-0FB6EA6DB96C}

2013-08-21 20:53 - 2013-08-21 20:52 - 00000000 ____D C:\Users\Tamara\Desktop\Neuer Ordner

2013-08-21 20:52 - 2013-03-20 20:42 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-21 20:39 - 2009-07-14 06:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-21 20:39 - 2009-07-14 06:45 - 00014816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-21 20:36 - 2013-03-16 13:54 - 01501960 _____ C:\Windows\WindowsUpdate.log

2013-08-21 20:35 - 2013-08-21 20:35 - 00000000 ____D C:\Windows\ERUNT

2013-08-21 20:34 - 2013-08-21 20:34 - 01018947 _____ (Thisisu) C:\Users\Tamara\Downloads\JRT.exe

2013-08-21 20:32 - 2013-03-21 19:19 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-21 20:31 - 2013-03-21 21:18 - 00128246 _____ C:\Windows\PFRO.log

2013-08-21 20:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-21 20:31 - 2009-07-14 06:51 - 00038686 _____ C:\Windows\setupact.log

2013-08-21 20:30 - 2013-08-21 20:27 - 00000000 ____D C:\AdwCleaner

2013-08-21 20:27 - 2013-08-21 20:27 - 00975858 _____ C:\Users\Tamara\Downloads\adwcleaner (4).exe

2013-08-21 20:27 - 2013-08-21 20:27 - 00975858 _____ C:\Users\Tamara\Downloads\adwcleaner (3).exe

2013-08-21 20:27 - 2013-08-21 20:26 - 00975858 _____ C:\Users\Tamara\Downloads\adwcleaner (2).exe

2013-08-21 20:22 - 2013-08-21 20:22 - 00975858 _____ C:\Users\Tamara\Downloads\adwcleaner (1).exe

2013-08-21 20:20 - 2013-08-17 19:43 - 00000000 ____D C:\Program Files (x86)\Amazon

2013-08-21 20:13 - 2013-03-21 19:19 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-20 00:09 - 2013-08-20 00:09 - 00035894 _____ C:\Users\Tamara\Documents\FRST.txt

2013-08-19 23:22 - 2013-08-19 23:22 - 00001272 _____ C:\Users\Tamara\Documents\Ereignisse.txt

2013-08-19 22:57 - 2013-08-19 22:57 - 00016613 _____ C:\Users\Tamara\Downloads\Addition.txt

2013-08-19 22:56 - 2013-08-19 22:56 - 00000000 ____D C:\FRST

2013-08-19 22:54 - 2013-08-19 22:54 - 02027485 _____ (Farbar) C:\Users\Tamara\Downloads\FRST64.exe

2013-08-19 22:30 - 2013-08-19 21:02 - 04745728 _____ (AVAST Software) C:\Users\Tamara\Downloads\aswMBR.exe

2013-08-19 20:54 - 2013-08-19 20:54 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Tamara\Downloads\tdsskiller.exe

2013-08-19 20:36 - 2013-08-19 20:36 - 00666633 _____ C:\Users\Tamara\Downloads\AdwCleaner.exe

2013-08-18 22:15 - 2013-03-16 14:32 - 00000000 ___RD C:\Users\Tamara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-08-18 18:23 - 2013-03-16 14:32 - 00000000 ____D C:\Users\Tamara

2013-08-18 18:23 - 2009-07-14 04:34 - 52953088 _____ C:\Windows\system32\config\SOFTWARE.bak

2013-08-18 18:23 - 2009-07-14 04:34 - 16777216 _____ C:\Windows\system32\config\SYSTEM.bak

2013-08-18 18:23 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\SECURITY.bak

2013-08-18 18:22 - 2013-08-17 19:47 - 00001660 _____ C:\Windows\system32\ASOROSet.bin

2013-08-18 11:44 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\SAM.bak

2013-08-18 11:06 - 2013-08-18 11:06 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Avira

2013-08-18 11:02 - 2013-08-18 11:02 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-08-18 11:02 - 2013-08-18 11:02 - 00000000 ____D C:\Users\Tamara\AppData\Roaming\Mozilla

2013-08-18 11:01 - 2013-08-18 11:01 - 00002070 _____ C:\Users\Public\Desktop\Avira Control Center.lnk

2013-08-18 11:01 - 2013-08-18 11:01 - 00000000 ____D C:\Program Files (x86)\Avira

2013-08-18 11:01 - 2013-04-08 17:50 - 00000000 ____D C:\ProgramData\Avira

2013-08-18 11:00 - 2013-08-18 10:56 - 110344048 _____ C:\Users\Tamara\Downloads\avira_free_antivirus85_de.exe

2013-08-18 10:59 - 2013-08-17 19:47 - 00000000 ____D C:\Windows\system32\config\RCCBakup

2013-08-18 10:55 - 2013-08-18 10:55 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Tamara\Downloads\rcpsetup_chip_de_chip_de (3).exe

2013-08-18 10:55 - 2013-08-18 10:55 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Tamara\Downloads\rcpsetup_chip_de_chip_de (2).exe

2013-08-18 10:53 - 2013-08-18 10:53 - 00000000 ____D C:\Users\Tamara\AppData\Local\avgchrome

2013-08-18 10:47 - 2013-04-08 17:45 - 113679904 _____ C:\Users\Tamara\Downloads\avira_free3499_antivirus_de.exe

2013-08-18 10:44 - 2013-08-18 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-08-18 10:42 - 2013-08-18 10:42 - 00665440 _____ C:\Users\Tamara\Downloads\Avira-Antivirus-Download_Setup.exe

2013-08-17 19:42 - 2013-08-17 19:42 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.2360.dll

2013-08-17 19:42 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-08-17 19:40 - 2013-08-17 19:39 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Tamara\Downloads\rcpsetup_chip_de_chip_de (1).exe

2013-08-17 19:39 - 2013-08-17 19:39 - 04679352 _____ (Systweak Inc                                                ) C:\Users\Tamara\Downloads\rcpsetup_chip_de_chip_de.exe

2013-08-17 19:14 - 2009-07-14 19:58 - 00654166 _____ C:\Windows\system32\perfh007.dat

2013-08-17 19:14 - 2009-07-14 19:58 - 00130006 _____ C:\Windows\system32\perfc007.dat

2013-08-17 19:14 - 2009-07-14 07:13 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-17 19:13 - 2013-08-17 19:12 - 00000000 ____D C:\Windows\system32\MRT

2013-08-17 19:12 - 2013-04-10 17:43 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-08-17 13:12 - 2013-08-17 13:12 - 00000000 ____D C:\Users\Default\AppData\Local\Google

2013-08-17 13:12 - 2013-08-17 13:12 - 00000000 ____D C:\Users\Default User\AppData\Local\Google

2013-08-12 21:11 - 2013-03-21 19:21 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-07-26 07:13 - 2013-08-17 19:16 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-26 07:13 - 2013-08-17 19:16 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-26 07:13 - 2013-08-17 19:16 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-07-26 07:12 - 2013-08-17 19:16 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-26 07:12 - 2013-08-17 19:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-07-26 05:35 - 2013-08-17 19:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-26 05:13 - 2013-08-17 19:16 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-26 05:13 - 2013-08-17 19:16 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-07-26 05:12 - 2013-08-17 19:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-26 05:11 - 2013-08-17 19:16 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-26 05:11 - 2013-08-17 19:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-07-26 04:49 - 2013-08-17 19:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-26 04:39 - 2013-08-17 19:16 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-07-26 03:59 - 2013-08-17 19:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-07-25 11:25 - 2013-08-17 12:44 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-07-25 10:57 - 2013-08-17 12:44 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-07-25 23:19
 

==================== End Of Log ============================

--- --- ---

--- --- ---