Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   search.certified-toolbar entfernen? (https://www.trojaner-board.de/140690-search-certified-toolbar-entfernen.html)

santaniy 29.08.2013 20:10
search.certified-toolbar entfernen?
 
Hi! Ich habe mir gestern den "search.certified-toolbar" Hijacker eingefangen!
Wie ich es aus den meisten Foren Beiträgen verstanden habe, ist jede "infektion" individuell zu behandeln. Was mir nicht ganz klar ist, welches Programm ich für die log-files nutzen soll!
Und wie ich dieses Super Tool wieder los werde!

Ich verwende win8 pro.
Ich habe das Programm "search.certified-toolbar" bereits deinstalliert. Wenn ich firefox öffne habe ich das "Standard" Google Suchmaschinen Fenster, nur wenn ich einen neuen Tab öffne, öffnet sich die Seite: hxxp://search.certified-toolbar.com/?si=43169&st=newtab&tid=3580&ver=4.5&ts=1377681541522.000009&tguid=43169-3580-1377681541522-C08AC0157E114C69D47ED11EB8646D12.

Schon mal Danke für Eure Hilfe
Andi

cosinus 29.08.2013 21:12
Hallo und :hallo:

Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


santaniy 29.08.2013 21:38
Code:
# AdwCleaner v3.001 - Report created 29/08/2013 at 22:25:22
# Updated 24/08/2013 by Xplode
# Operating System : Windows 8 Pro  (32 bits)
# Username : AndiY - FRANZ
# Running from : C:\Users\AndiY\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BrowserDefendert

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Program Files\Browser Updater
Folder Deleted : C:\Program Files\Protected Search
Folder Deleted : C:\Users\AndiY\AppData\Local\DownloadGuide
Folder Deleted : C:\Users\AndiY\AppData\Local\Temp\OCS
Folder Deleted : C:\Users\AndiY\AppData\LocalLow\SimplyTech
Folder Deleted : C:\Users\AndiY\AppData\Roaming\Babylon
Folder Deleted : C:\Users\AndiY\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\AndiY\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\AndiY\AppData\Roaming\SimplyTech
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\Users\AndiY\AppData\Roaming\Mozilla\Firefox\Profiles\tf6bddtv.default\searchplugins\holasearch.xml
File Deleted : C:\Users\AndiY\AppData\Roaming\Mozilla\Firefox\Profiles\mData\searchplugins\Web Search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Web Search.xml
File Deleted : C:\Users\AndiY\AppData\Roaming\Mozilla\Firefox\Profiles\tf6bddtv.default\bprotector_extensions.sqlite
File Deleted : C:\Users\AndiY\AppData\Roaming\Mozilla\Firefox\Profiles\tf6bddtv.default\user.js
File Deleted : C:\WINDOWS\System32\Tasks\BrowserDefendert

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA0B1608-A239-43CB-902E-394063688FA0}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA0B1608-A239-43CB-902E-394063688FA0}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\5f48d88e039ba14
Key Deleted : HKLM\SOFTWARE\5f48d88e039ba14
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]

-\\ Mozilla Firefox v23.0.1 (de)

[ File : C:\Users\AndiY\AppData\Roaming\Mozilla\Firefox\Profiles\mData\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Line Deleted : user_pref("browser.search.defaultengine", "Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Line Deleted : user_pref("browser.search.order.1", "Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=43169&st=home&tid=3580&ver=4.5&ts=1377681541522.000009&tguid=43169-3580-1377681541522-C08AC0157E114C69D47ED11EB8646D12");
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=43169&st=newtab&tid=3580&ver=4.5&ts=1377681541522.000009&tguid=43169-3580-1377681541522-C08AC0157E114C69D47ED11EB8646D12");
Line Deleted : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=4.5&ts=1377681541522.000009&tguid=43169-3580-1377681541522-C08AC0157E114C69D47ED11EB8646D12&q=");
Line Deleted : user_pref("wtb3580.homepage", "hxxp://search.certified-toolbar.com?si=43169&st=home&tid=3580&ver=4.5&ts=1377681541522.000009&tguid=43169-3580-1377681541522-C08AC0157E114C69D47ED11EB8646D12");
Line Deleted : user_pref("wtb3580.newtab", "hxxp://search.certified-toolbar.com?si=43169&st=home&tid=3580&ver=4.5&ts=1377681541522.000009&tguid=43169-3580-1377681541522-C08AC0157E114C69D47ED11EB8646D12");

[ File : C:\Users\AndiY\AppData\Roaming\Mozilla\Firefox\Profiles\tf6bddtv.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=43169&st=newtab&tid=3580&ver=4.5&ts=1377681541522.000009&tguid=43169-3580-1377681541522-C08AC0157E114C69D47ED11EB8646D12");
Line Deleted : user_pref("browser.search.defaultengine", "Web Search");
Line Deleted : user_pref("browser.search.order.1", "Web Search");
Line Deleted : user_pref("extensions.holasearch.admin", false);
Line Deleted : user_pref("extensions.holasearch.aflt", "babsst");
Line Deleted : user_pref("extensions.holasearch.appId", "{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}");
Line Deleted : user_pref("extensions.holasearch.autoRvrt", "false");
Line Deleted : user_pref("extensions.holasearch.dfltLng", "en");
Line Deleted : user_pref("extensions.holasearch.excTlbr", false);
Line Deleted : user_pref("extensions.holasearch.ffxUnstlRst", false);
Line Deleted : user_pref("extensions.holasearch.id", "42cad5fe000000000000827bcb8809ff");
Line Deleted : user_pref("extensions.holasearch.instlDay", "15854");
Line Deleted : user_pref("extensions.holasearch.instlRef", "sst");
Line Deleted : user_pref("extensions.holasearch.newTab", false);
Line Deleted : user_pref("extensions.holasearch.prdct", "holasearch");
Line Deleted : user_pref("extensions.holasearch.prtnrId", "holasearch");
Line Deleted : user_pref("extensions.holasearch.rvrt", "false");
Line Deleted : user_pref("extensions.holasearch.smplGrp", "none");
Line Deleted : user_pref("extensions.holasearch.tlbrId", "base");
Line Deleted : user_pref("extensions.holasearch.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.holasearch.vrsn", "1.8.16.16");
Line Deleted : user_pref("extensions.holasearch.vrsnTs", "1.8.16.1618:15:27");
Line Deleted : user_pref("extensions.holasearch.vrsni", "1.8.16.16");
Line Deleted : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=43169&st=chrome&tid=3580&ver=4.5&ts=1377681541522.000009&tguid=43169-3580-1377681541522-C08AC0157E114C69D47ED11EB8646D12&q=");
Line Deleted : user_pref("wtb3580.homepage", "hxxp://search.certified-toolbar.com?si=43169&st=home&tid=3580&ver=4.5&ts=1377681541522.000009&tguid=43169-3580-1377681541522-C08AC0157E114C69D47ED11EB8646D12");
Line Deleted : user_pref("wtb3580.newtab", "hxxp://search.certified-toolbar.com?si=43169&st=home&tid=3580&ver=4.5&ts=1377681541522.000009&tguid=43169-3580-1377681541522-C08AC0157E114C69D47ED11EB8646D12");

*************************

AdwCleaner[R0].txt - [13218 octets] - [29/08/2013 22:24:42]
AdwCleaner[S0].txt - [9621 octets] - [29/08/2013 22:25:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9681 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.5 (08.28.2013:1)
OS: Windows 8 Pro x86
Ran by AndiY on 29.08.2013 at 22:34:20,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\simplytech
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\simplytech
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hometab_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hometab_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{17A81D31-1AAA-4BBE-A3D9-4122E3DCBC19}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\AndiY\AppData\Roaming\mozilla\firefox\profiles\tf6bddtv.default\minidumps [21 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.08.2013 at 22:36:36,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cosinus 29.08.2013 22:13
Ein neues FRST Log bitte noch ;)

santaniy 29.08.2013 22:13

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by SYSTEM on 29-08-2013 23:10:20
Running from D:\
Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKU\AndiY\...\Run: [Spotify Web Helper] - C:\Users\AndiY\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [ 2013-07-31] (Spotify Ltd)
HKU\AndiY\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [ 2013-07-02] (TomTom)
Startup: C:\Users\AndiY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

========================== Services (Whitelisted) =================

S2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-06-17] (Kaspersky Lab ZAO)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 athr; C:\Windows\system32\DRIVERS\athr.sys [2273280 2012-06-02] (Qualcomm Atheros Communications, Inc.)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-05-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [24496 2012-07-27] (Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [548224 2013-08-14] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [25696 2013-06-10] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [25696 2013-05-05] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [25696 2013-05-05] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
S1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [54368 2013-05-07] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [145120 2013-06-06] (Kaspersky Lab ZAO)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 yukonw8; C:\Windows\system32\DRIVERS\yk63x86.sys [238080 2012-07-25] (Marvell)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 21:43 - 2013-08-29 21:43 - 01072975 _____ (Farbar) C:\Users\AndiY\Desktop\FRST.exe
2013-08-29 21:36 - 2013-08-29 21:36 - 00001374 _____ C:\Users\AndiY\Desktop\JRT.txt
2013-08-29 21:34 - 2013-08-29 21:34 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 21:31 - 2013-08-29 21:31 - 01023533 _____ (Thisisu) C:\Users\AndiY\Desktop\JRT.exe
2013-08-29 21:24 - 2013-08-29 21:25 - 00000000 ____D C:\AdwCleaner
2013-08-29 21:21 - 2013-08-29 21:21 - 00994642 _____ C:\Users\AndiY\Desktop\adwcleaner.exe
2013-08-29 21:13 - 2013-08-29 21:13 - 00018786 _____ C:\Users\AndiY\AppData\Local\recently-used.xbel
2013-08-29 18:42 - 2013-08-29 18:42 - 00000000 ____D C:\Users\AndiY\AppData\Local\webkit
2013-08-29 11:01 - 2013-08-29 11:02 - 29255112 _____ (DVDVideoSoft Ltd.                                          ) C:\Users\AndiY\Downloads\FreeYouTubeToMP3Converter(2).exe
2013-08-29 00:06 - 2013-08-29 00:07 - 06396822 _____ C:\Users\AndiY\Downloads\AuroraX - Seven Sunsets.mp3.part
2013-08-28 23:24 - 2013-08-28 23:24 - 00000000 ____D C:\ProgramData\Panasonic
2013-08-28 23:23 - 2013-08-28 23:23 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\InstallShield
2013-08-28 23:23 - 2013-08-28 23:23 - 00000000 ____D C:\Users\AndiY\AppData\Local\Panasonic
2013-08-28 23:23 - 2007-06-21 23:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\PICSDK2.dll
2013-08-28 23:23 - 2007-06-21 23:10 - 00000097 _____ C:\Windows\System32\PICSDK.ini
2013-08-28 23:23 - 2006-10-30 23:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\EpPicPrt.dll
2013-08-28 23:23 - 2006-10-30 23:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\EPPicMgr.dll
2013-08-28 23:23 - 2006-10-19 23:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\PICEntry.dll
2013-08-28 23:23 - 2006-10-19 23:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\Windows\System32\PICSDK.dll
2013-08-28 23:23 - 2005-05-31 23:20 - 00111932 _____ C:\Windows\System32\EPPICPrinterDB.dat
2013-08-28 23:23 - 2004-03-03 05:10 - 00031053 _____ C:\Windows\System32\EPPICPattern131.dat
2013-08-28 23:23 - 2004-03-03 05:10 - 00027417 _____ C:\Windows\System32\EPPICPattern121.dat
2013-08-28 23:23 - 2004-03-03 05:10 - 00026154 _____ C:\Windows\System32\EPPICPattern1.dat
2013-08-28 23:23 - 2004-03-03 05:10 - 00024903 _____ C:\Windows\System32\EPPICPattern3.dat
2013-08-28 23:23 - 2004-03-03 05:10 - 00021390 _____ C:\Windows\System32\EPPICPattern5.dat
2013-08-28 23:23 - 2004-03-03 05:10 - 00020148 _____ C:\Windows\System32\EPPICPattern2.dat
2013-08-28 23:23 - 2004-03-03 05:10 - 00013732 _____ C:\Windows\System32\EPPICLocal_EN.cfg
2013-08-28 23:23 - 2004-03-03 05:10 - 00011811 _____ C:\Windows\System32\EPPICPattern4.dat
2013-08-28 23:23 - 2004-03-03 05:10 - 00006442 _____ C:\Windows\System32\EPPICLocal_IT.cfg
2013-08-28 23:23 - 2004-03-03 05:10 - 00006347 _____ C:\Windows\System32\EPPICLocal_PT.cfg
2013-08-28 23:23 - 2004-03-03 05:10 - 00006347 _____ C:\Windows\System32\EPPICLocal_BP.cfg
2013-08-28 23:23 - 2004-03-03 05:10 - 00006335 _____ C:\Windows\System32\EPPICLocal_GE.cfg
2013-08-28 23:23 - 2004-03-03 05:10 - 00006195 _____ C:\Windows\System32\EPPICLocal_FR.cfg
2013-08-28 23:23 - 2004-03-03 05:10 - 00006195 _____ C:\Windows\System32\EPPICLocal_CF.cfg
2013-08-28 23:23 - 2004-03-03 05:10 - 00006122 _____ C:\Windows\System32\EPPICLocal_DU.cfg
2013-08-28 23:23 - 2004-03-03 05:10 - 00006103 _____ C:\Windows\System32\EPPICLocal_ES.cfg
2013-08-28 23:23 - 2004-03-03 05:10 - 00005817 _____ C:\Windows\System32\EPPICLocal_KO.cfg
2013-08-28 23:23 - 2004-03-03 05:10 - 00005436 _____ C:\Windows\System32\EPPICLocal_SC.cfg
2013-08-28 23:23 - 2004-03-03 05:10 - 00004943 _____ C:\Windows\System32\EPPICPattern6.dat
2013-08-28 23:23 - 2004-03-03 05:10 - 00002889 _____ C:\Windows\System32\EPPICLocal_RU.cfg
2013-08-28 23:23 - 2004-03-03 05:10 - 00002426 _____ C:\Windows\System32\EPPICLocal_TC.cfg
2013-08-28 23:23 - 2004-03-03 05:10 - 00001146 _____ C:\Windows\System32\EPPICPresetData_DU.dat
2013-08-28 23:23 - 2004-03-03 05:10 - 00001139 _____ C:\Windows\System32\EPPICPresetData_PT.dat
2013-08-28 23:23 - 2004-03-03 05:10 - 00001139 _____ C:\Windows\System32\EPPICPresetData_BP.dat
2013-08-28 23:23 - 2004-03-03 05:10 - 00001136 _____ C:\Windows\System32\EPPICPresetData_ES.dat
2013-08-28 23:23 - 2004-03-03 05:10 - 00001129 _____ C:\Windows\System32\EPPICPresetData_FR.dat
2013-08-28 23:23 - 2004-03-03 05:10 - 00001129 _____ C:\Windows\System32\EPPICPresetData_CF.dat
2013-08-28 23:23 - 2004-03-03 05:10 - 00001120 _____ C:\Windows\System32\EPPICPresetData_IT.dat
2013-08-28 23:23 - 2004-03-03 05:10 - 00001107 _____ C:\Windows\System32\EPPICPresetData_GE.dat
2013-08-28 23:23 - 2004-03-03 05:10 - 00001104 _____ C:\Windows\System32\EPPICPresetData_EN.dat
2013-08-28 23:21 - 2013-08-29 10:50 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2013-08-28 23:20 - 2013-08-28 23:20 - 00000000 ____D C:\Program Files\Common Files\Panasonic
2013-08-28 23:19 - 2013-08-28 23:19 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-08-28 23:19 - 2013-08-28 23:19 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-08-28 10:23 - 2013-08-29 21:13 - 00000000 ____D C:\Users\AndiY\AppData\Local\gtk-2.0
2013-08-28 10:23 - 2013-08-28 10:23 - 00000000 ____D C:\Users\AndiY\.thumbnails
2013-08-28 10:18 - 2013-08-29 21:19 - 00000000 ____D C:\Users\AndiY\.gimp-2.8
2013-08-28 10:18 - 2013-08-28 10:18 - 00000000 ____D C:\Users\AndiY\AppData\Local\gegl-0.2
2013-08-28 10:04 - 2013-08-28 10:05 - 00000000 ____D C:\Program Files\GIMP 2
2013-08-28 10:01 - 2013-08-13 07:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-28 09:58 - 2013-08-28 09:58 - 00475912 _____ C:\Users\AndiY\Downloads\GIMP_Setup_Download.exe
2013-08-27 23:50 - 2013-08-29 21:27 - 00002276 _____ C:\Users\AndiY\Desktop\Sicherer Zahlungsverkehr.lnk
2013-08-27 23:46 - 2013-08-27 23:43 - 00001094 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2013-08-27 23:28 - 2013-08-27 23:36 - 261894976 _____ C:\Users\AndiY\Downloads\kis14.0.0.4651aDE_4888.exe
2013-08-27 20:20 - 2013-07-13 05:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-27 20:20 - 2013-07-13 05:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-27 20:20 - 2013-07-13 05:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\apprepapi.dll
2013-08-27 20:20 - 2013-07-13 05:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\System32\apprepsync.dll
2013-08-27 20:20 - 2013-07-13 05:23 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-27 20:20 - 2013-07-11 03:31 - 05573464 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-27 20:20 - 2013-07-01 23:53 - 00030144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdBoot.sys
2013-08-27 20:20 - 2013-07-01 23:08 - 00211288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdFilter.sys
2013-08-27 20:20 - 2013-05-24 00:27 - 00837632 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-27 20:19 - 2013-07-26 04:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-27 20:19 - 2013-07-26 04:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-27 20:19 - 2013-07-26 04:13 - 00661504 _____ (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-08-27 20:19 - 2013-07-26 04:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2013-08-27 20:19 - 2013-07-26 04:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-27 20:19 - 2013-07-26 04:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-27 20:19 - 2013-07-26 04:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-27 20:19 - 2013-07-26 04:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-27 20:19 - 2013-07-26 04:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-27 20:19 - 2013-07-26 04:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-27 20:19 - 2013-07-26 04:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-27 20:19 - 2013-07-26 04:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-27 20:19 - 2013-07-26 04:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-27 20:19 - 2013-07-26 03:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-27 20:18 - 2013-07-26 04:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-27 20:18 - 2013-07-26 04:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-27 20:18 - 2013-07-09 05:06 - 01800024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-14 11:40 - 2013-08-14 11:40 - 00548224 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys
2013-08-08 18:39 - 2013-08-08 18:39 - 00000000 ____D C:\ProgramData\TomTom
2013-08-08 18:34 - 2013-08-08 18:34 - 00000000 ____D C:\Users\AndiY\Documents\TomTom
2013-08-08 18:34 - 2013-08-08 18:34 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\TomTom
2013-08-08 18:34 - 2013-08-08 18:34 - 00000000 ____D C:\Users\AndiY\AppData\Local\TomTom
2013-08-08 18:33 - 2013-08-08 18:33 - 00000000 ____D C:\Program Files\TomTom HOME 2
2013-08-08 18:32 - 2013-08-08 18:32 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-08-08 18:30 - 2013-08-08 18:31 - 00000000 ____D C:\Users\AndiY\AppData\Local\Downloaded Installations
2013-08-08 18:29 - 2013-08-08 18:29 - 30914760 _____ C:\Users\AndiY\Downloads\TomTomHOME2winlatest.exe
2013-08-07 21:08 - 2013-08-08 15:50 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-01 17:24 - 2013-08-01 17:24 - 00001848 _____ C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
2013-08-01 17:24 - 2013-08-01 17:24 - 00000972 _____ C:\Users\Public\Desktop\IrfanView.lnk
2013-08-01 17:22 - 2013-08-01 17:24 - 02145888 _____ (Irfan Skiljan) C:\Users\AndiY\Downloads\iview436g_setup.exe
2013-08-01 17:12 - 2013-08-29 22:01 - 00000000 ___RD C:\Users\AndiY\Dropbox
2013-08-01 17:12 - 2013-08-27 23:52 - 00000979 _____ C:\Users\AndiY\Desktop\Dropbox.lnk
2013-08-01 17:06 - 2013-08-29 22:01 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\Dropbox
2013-08-01 17:05 - 2013-08-01 17:06 - 34994736 _____ (Dropbox, Inc.) C:\Users\AndiY\Downloads\Dropbox_2.2.12.exe

==================== One Month Modified Files and Folders =======

2013-08-29 22:04 - 2013-01-25 02:00 - 01745416 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-29 22:01 - 2013-08-01 17:12 - 00000000 ___RD C:\Users\AndiY\Dropbox
2013-08-29 22:01 - 2013-08-01 17:06 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\Dropbox
2013-08-29 22:01 - 2013-01-28 21:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-29 22:00 - 2013-01-25 01:56 - 01833719 _____ C:\Windows\WindowsUpdate.log
2013-08-29 22:00 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\System32\sru
2013-08-29 21:50 - 2012-07-26 05:17 - 00524288 ___SH C:\Windows\System32\config\BBI
2013-08-29 21:43 - 2013-08-29 21:43 - 01072975 _____ (Farbar) C:\Users\AndiY\Desktop\FRST.exe
2013-08-29 21:36 - 2013-08-29 21:36 - 00001374 _____ C:\Users\AndiY\Desktop\JRT.txt
2013-08-29 21:34 - 2013-08-29 21:34 - 00000000 ____D C:\Windows\ERUNT
2013-08-29 21:31 - 2013-08-29 21:31 - 01023533 _____ (Thisisu) C:\Users\AndiY\Desktop\JRT.exe
2013-08-29 21:27 - 2013-08-27 23:50 - 00002276 _____ C:\Users\AndiY\Desktop\Sicherer Zahlungsverkehr.lnk
2013-08-29 21:26 - 2013-07-18 21:15 - 00358136 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-29 21:26 - 2013-01-25 01:51 - 00015090 _____ C:\Windows\PFRO.log
2013-08-29 21:25 - 2013-08-29 21:24 - 00000000 ____D C:\AdwCleaner
2013-08-29 21:21 - 2013-08-29 21:21 - 00994642 _____ C:\Users\AndiY\Desktop\adwcleaner.exe
2013-08-29 21:20 - 2013-02-26 22:38 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\AIMP3
2013-08-29 21:19 - 2013-08-28 10:18 - 00000000 ____D C:\Users\AndiY\.gimp-2.8
2013-08-29 21:13 - 2013-08-29 21:13 - 00018786 _____ C:\Users\AndiY\AppData\Local\recently-used.xbel
2013-08-29 21:13 - 2013-08-28 10:23 - 00000000 ____D C:\Users\AndiY\AppData\Local\gtk-2.0
2013-08-29 18:51 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\AUInstallAgent
2013-08-29 18:42 - 2013-08-29 18:42 - 00000000 ____D C:\Users\AndiY\AppData\Local\webkit
2013-08-29 11:03 - 2013-06-23 22:24 - 00001356 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-08-29 11:03 - 2013-06-23 22:24 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-08-29 11:03 - 2013-06-23 22:24 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-08-29 11:03 - 2013-05-25 08:40 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\DVDVideoSoft
2013-08-29 11:02 - 2013-08-29 11:01 - 29255112 _____ (DVDVideoSoft Ltd.                                          ) C:\Users\AndiY\Downloads\FreeYouTubeToMP3Converter(2).exe
2013-08-29 10:50 - 2013-08-28 23:21 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2013-08-29 10:50 - 2013-02-08 17:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-08-29 10:50 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-29 10:42 - 2012-07-26 07:03 - 00031544 _____ C:\Windows\setupact.log
2013-08-29 00:07 - 2013-08-29 00:06 - 06396822 _____ C:\Users\AndiY\Downloads\AuroraX - Seven Sunsets.mp3.part
2013-08-28 23:24 - 2013-08-28 23:24 - 00000000 ____D C:\ProgramData\Panasonic
2013-08-28 23:23 - 2013-08-28 23:23 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\InstallShield
2013-08-28 23:23 - 2013-08-28 23:23 - 00000000 ____D C:\Users\AndiY\AppData\Local\Panasonic
2013-08-28 23:20 - 2013-08-28 23:20 - 00000000 ____D C:\Program Files\Common Files\Panasonic
2013-08-28 23:20 - 2013-02-17 17:43 - 00000000 ____D C:\Program Files\Panasonic
2013-08-28 23:19 - 2013-08-28 23:19 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-08-28 23:19 - 2013-08-28 23:19 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-08-28 23:19 - 2012-07-26 07:53 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-28 18:11 - 2013-02-07 21:38 - 00000000 ____D C:\Program Files\No23 Recorder
2013-08-28 17:04 - 2013-04-06 02:32 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\vlc
2013-08-28 15:20 - 2013-05-05 10:43 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\Spotify
2013-08-28 11:21 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\rescache
2013-08-28 10:48 - 2013-05-05 10:44 - 00000000 ____D C:\Users\AndiY\AppData\Local\Spotify
2013-08-28 10:23 - 2013-08-28 10:23 - 00000000 ____D C:\Users\AndiY\.thumbnails
2013-08-28 10:23 - 2013-01-25 01:56 - 00000000 ____D C:\users\AndiY
2013-08-28 10:18 - 2013-08-28 10:18 - 00000000 ____D C:\Users\AndiY\AppData\Local\gegl-0.2
2013-08-28 10:15 - 2013-02-07 18:22 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-28 10:14 - 2012-07-26 07:53 - 00000000 ____D C:\Windows\System32\de-DE
2013-08-28 10:14 - 2012-07-26 07:53 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-28 10:05 - 2013-08-28 10:04 - 00000000 ____D C:\Program Files\GIMP 2
2013-08-28 09:58 - 2013-08-28 09:58 - 00475912 _____ C:\Users\AndiY\Downloads\GIMP_Setup_Download.exe
2013-08-28 00:01 - 2013-04-14 19:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-27 23:52 - 2013-08-01 17:12 - 00000979 _____ C:\Users\AndiY\Desktop\Dropbox.lnk
2013-08-27 23:48 - 2013-01-28 21:53 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-08-27 23:43 - 2013-08-27 23:46 - 00001094 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2013-08-27 23:43 - 2012-07-26 05:17 - 00262144 ___SH C:\Windows\System32\config\ELAM
2013-08-27 23:36 - 2013-08-27 23:28 - 261894976 _____ C:\Users\AndiY\Downloads\kis14.0.0.4651aDE_4888.exe
2013-08-27 21:27 - 2013-07-20 20:21 - 00000000 ____D C:\Windows\System32\MRT
2013-08-27 21:25 - 2013-01-26 02:55 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-14 11:40 - 2013-08-14 11:40 - 00548224 _____ (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys
2013-08-13 07:38 - 2013-08-28 10:01 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-08 18:39 - 2013-08-08 18:39 - 00000000 ____D C:\ProgramData\TomTom
2013-08-08 18:34 - 2013-08-08 18:34 - 00000000 ____D C:\Users\AndiY\Documents\TomTom
2013-08-08 18:34 - 2013-08-08 18:34 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\TomTom
2013-08-08 18:34 - 2013-08-08 18:34 - 00000000 ____D C:\Users\AndiY\AppData\Local\TomTom
2013-08-08 18:33 - 2013-08-08 18:33 - 00000000 ____D C:\Program Files\TomTom HOME 2
2013-08-08 18:32 - 2013-08-08 18:32 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-08-08 18:31 - 2013-08-08 18:30 - 00000000 ____D C:\Users\AndiY\AppData\Local\Downloaded Installations
2013-08-08 18:29 - 2013-08-08 18:29 - 30914760 _____ C:\Users\AndiY\Downloads\TomTomHOME2winlatest.exe
2013-08-08 15:50 - 2013-08-07 21:08 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-01 17:24 - 2013-08-01 17:24 - 00001848 _____ C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
2013-08-01 17:24 - 2013-08-01 17:24 - 00000972 _____ C:\Users\Public\Desktop\IrfanView.lnk
2013-08-01 17:24 - 2013-08-01 17:22 - 02145888 _____ (Irfan Skiljan) C:\Users\AndiY\Downloads\iview436g_setup.exe
2013-08-01 17:06 - 2013-08-01 17:05 - 34994736 _____ (Dropbox, Inc.) C:\Users\AndiY\Downloads\Dropbox_2.2.12.exe

Files to move or delete:
====================
C:\Users\AndiY\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\AndiY\AppData\Local\Temp\ose00000.exe
C:\Users\AndiY\AppData\Local\Temp\Quarantine.exe
C:\Users\AndiY\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\AndiY\AppData\Local\Temp\tbu89F6.exe
C:\Users\AndiY\AppData\Local\Temp\uninst1.exe
C:\Users\AndiY\AppData\Local\Temp\_is32A8.exe
C:\Users\AndiY\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\AndiY\AppData\Local\Temp\{AFEE44A5-F043-4D89-9B36-DFDCF6766A63}\setup.exe
C:\Users\AndiY\AppData\Local\Temp\{8DAC13CF-723F-4FB5-8EE6-BBC313593D62}\Cleaner\cleanapi.dll
C:\Users\AndiY\AppData\Local\Temp\{717F3AC9-DC0F-4919-A443-1B81ED9AB0A8}\ISSetup.dll
C:\Users\AndiY\AppData\Local\Temp\{717F3AC9-DC0F-4919-A443-1B81ED9AB0A8}\_Setup.dll
C:\Users\AndiY\AppData\Local\Temp\Temp1_MozBackup-1.5.1-EN.zip\MozBackup-1.5.1-EN\MozBackup.exe
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_.exe
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Desktop.exe
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_ar.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_bg.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_cs.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_da.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_de.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_el.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_en.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_es.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_fi.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_fr.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_he.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_hr.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_hu.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_id.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_it.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_ja.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_ko.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_lt.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_nl.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_no.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_pl.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_pt.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_ro.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_ru.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_sk.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_sr.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_sv.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_th.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_tr.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_uk.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_vi.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_zhCN.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_zhTW.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Service.exe
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_StaticRes.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\tv_w32.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\tv_x64.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\tv_x64.exe
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\uninstall.exe
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\x86\Teamviewer_PrintProcessor.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\outlook\TeamViewerMeetingAddIn.dll
C:\Users\AndiY\AppData\Local\Temp\SDIAG_89d5fdc5-7e6f-4b90-b122-73e6763a2b33\NetworkDiagnosticSnapIn.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\ChCfg.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\RtlExUpd.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Setup.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\AERTACap.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\AERTARen.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\AERTSrv.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\BlackBlueSkinImages.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\BlackSkinImages.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DarkSkinImages.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSAudioService.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSBassEnhancementDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSBoostDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSGainCompensatorDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSGFXAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSGFXAPONS.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSLFXAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSLimiterDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSNeoPCDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSS2HeadphoneDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSS2SpeakerDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSSymmetryDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSU2PAuSrv32.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSU2PGFX32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSU2PLFX32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSU2PREC32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSVoiceClarityDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\FMAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\FMAPP.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\GrayJadeSkinImages.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\KAAPORT.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioAPO20.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioAPO30.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioAPO40.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioAPOShell.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioControl.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioEQ.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioMeters.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioRealtek.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioRealtek2.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxVolumeSDAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MBAPO32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MBPPCn32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MBppld32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MBTHX32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MBWrp32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\PremiumBlackSkinImages.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\R4EEA32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\R4EED32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\R4EEG32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\R4EEL32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\R4EEP32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RP3DAA32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RP3DHT32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RTCOMDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RTEED32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RTEEG32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RTEEL32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RTEEP32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtHDVBg.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtHDVCpl.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkApoApi.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkAudioService.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkCfg.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkCoInstII.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkCoLDR.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkGuiCompLib.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkNGUI.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkPgExt.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtlCPAPI.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtlUpd.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFCOM.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFFXComm.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFFXDAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFFXHAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFFXProc.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFFXSAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFNHK.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFSS_APO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SkyTel.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\sl3apo32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slcc3d32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slcnt32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slcshp32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slcsii32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slgeq32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slh36032.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slhlim32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slInit32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slmaxv32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slprp32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\sltech32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\sltshd32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\sluapo32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slvipp32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slviq32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SRSHP360.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SRSTSHD.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SRSTSXT.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SRSWOW.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\tadefxapo.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\tadefxapo2.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\TepeqAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\tosade.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\vncutil.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\WavesGUILib.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\WavesLib.dll
C:\Users\AndiY\AppData\Local\Temp\oct405F.tmp\PokkiUpdater.exe
C:\Users\AndiY\AppData\Local\Temp\nsx33C6.tmp\___ocnsis.dll
C:\Users\AndiY\AppData\Local\Temp\nslF9C9.tmp\DropboxNSISTools.dll
C:\Users\AndiY\AppData\Local\Temp\nslF9C9.tmp\UAC.dll
C:\Users\AndiY\AppData\Local\Temp\nsfAE49.tmp\DropboxNSISTools.dll
C:\Users\AndiY\AppData\Local\Temp\nsfAE49.tmp\UAC.dll
C:\Users\AndiY\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\AndiY\AppData\Local\Temp\is-AERC8.tmp\Interop.IWshRuntimeLibrary.dll
C:\Users\AndiY\AppData\Local\Temp\is-AERC8.tmp\System.Data.SQLite.dll
C:\Users\AndiY\AppData\Local\Temp\is-61995.tmp\PokkiInstaller.exe
C:\Users\AndiY\AppData\Local\Temp\is-40NQG.tmp\cinshlpr.dll
C:\Users\AndiY\AppData\Local\Temp\is-40NQG.tmp\InstallHelper.dll
C:\Users\AndiY\AppData\Local\Temp\is-3LJFN.tmp\InstallHelper.dll
C:\Users\AndiY\AppData\Local\Temp\is-3LJFN.tmp\ProtectedSearchSetup.exe
C:\Users\AndiY\AppData\Local\Temp\is-2RG6T.tmp\Interop.IWshRuntimeLibrary.dll
C:\Users\AndiY\AppData\Local\Temp\is-2RG6T.tmp\System.Data.SQLite.dll
C:\Users\AndiY\AppData\Local\Temp\E8C23CB0-BAB0-7891-B0E4-9616A4768739\Setup.exe
C:\Users\AndiY\AppData\Local\Temp\E8C23CB0-BAB0-7891-B0E4-9616A4768739\sqlite3.dll
C:\Users\AndiY\AppData\Local\Temp\E8C23CB0-BAB0-7891-B0E4-9616A4768739\Latest\MyBabylonTB.exe
C:\Users\AndiY\AppData\Local\Temp\E8C23CB0-BAB0-7891-B0E4-9616A4768739\Latest\Setup.exe
C:\Users\AndiY\AppData\Local\Temp\E8C23CB0-BAB0-7891-B0E4-9616A4768739\Latest\sqlite3.dll
C:\Users\AndiY\AppData\Local\Temp\5164B33C96F03E11FA5C004245884822\SETUP.DLL
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\BabMaint.exe
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\BExternal.dll
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\BUSolution.dll
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\ccp.exe
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\GUninstaller.exe
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\IEHelper.dll
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\Setup.exe
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\sqlite3.dll

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-08-29 19:32:57

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 3956.55 MB
Available physical RAM: 3428.21 MB
Total Pagefile: 3956.55 MB
Available Pagefile: 3439.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50.94 GB) (Free:8.31 GB) NTFS
Drive d: () (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT
Drive f: () (Fixed) (Total:232.05 GB) (Free:181.5 GB) NTFS
Drive g: (RECOVERY) (Fixed) (Total:15 GB) (Free:2.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: B0FD1CB0)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=51 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=232 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 481 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=481 MB) - (Type=06)


LastRegBack: 2013-08-27 21:18

==================== End Of Log ============================
--- --- ---

cosinus 29.08.2013 22:20
Zitat:
Boot Mode: Recovery
Falscher Bootmodus! Wieso bist du nicht im normalen Modus?

santaniy 29.08.2013 22:25
Zitat:
Zitat von cosinus (Beitrag 1143715)
Falscher Bootmodus! Wieso bist du nicht im normalen Modus?
Sorry habe ne Zeit gebraucht um zu checken wie ich überhaupt unter win8 dahin komme! Habe las Admin die Systemwiederherstellungsoptionen geöffnet! Da stand eigentlich nichts von abgesichertem Modus etc.

cosinus 29.08.2013 22:31
Du sollst die Logs im ganz normalen Modus machen

santaniy 29.08.2013 22:37
Zitat:
Zitat von cosinus (Beitrag 1143728)
Du sollst die Logs im ganz normalen Modus machen
Also meine vorgehensweise: win8 neu starten -> F8 drücken -> CPU reparieren -> Problembehandlung -> Erweiterte Optionen -> hier muss ich mich anmelden, es gibt nur ein Benutzerkonto, und als Hinweis steht das nur Administartoren aufeglistet sind! Wo kommt dan der Recovery Boot Mode her?

Kannst Du mir erklären wie ich die logs im normalen Modus erstelle?

cosinus 29.08.2013 23:23
F8 drücken ist der Fehler
Einfach den Rechner in Ruhe booten lassen
Oder hab ich hier was verpasst :wtf:

santaniy 29.08.2013 23:45
Zitat:
Zitat von cosinus (Beitrag 1143763)
F8 drücken ist der Fehler
Einfach den Rechner in Ruhe booten lassen
Oder hab ich hier was verpasst :wtf:
In der Anleitung stehts halt genauso, mit der F8 taste...

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-08-2013
Ran by AndiY at 2013-08-30 00:44:21
Running from G:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.01) - Deutsch (Version: 11.0.01)
AIMP3 (Version: v3.20.1155, 16.11.2012)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Browser Updater 1.1
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox (HKCU Version: 2.2.13)
Free YouTube to MP3 Converter version 3.12.12.827 (Version: 3.12.12.827)
FreeCommander 2009.02b (Version: 2009.02)
GIMP 2.8.6 (Version: 2.8.6)
IrfanView (remove only) (Version: 4.36)
iTunes (Version: 11.0.4.4)
Kaspersky Internet Security (Version: 14.0.0.4651)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MozBackup 1.5.1
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
No23 Recorder (Version: 2.1.0.3)
Picasa 3 (Version: 3.9)
PokerStars.eu
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
TeamViewer 8 (Version: 8.0.20202)
TomTom HOME (Version: 2.9.6)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
VLC media player 2.0.5 (Version: 2.0.5)
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
 

==================== Restore Points  =========================

29-08-2013 18:32:43 Windows Update

==================== Hosts content: ==========================

2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0D16CEBE-BB3E-4049-8D81-CC2630BF94AD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\WINDOWS\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {0E78FEE0-C387-4530-AC36-4D46887FBFD5} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {0FB9F3EA-4F42-41A0-B8CE-06CDEF09B849} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {159DA30B-9B91-4267-A71F-5B7ACC15230D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {174644D4-4E5F-4B13-893F-DC718163E165} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {21EBABC3-315E-4262-91EA-833D48E9208B} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {2979CE11-8E95-402E-BC85-0C28B8A91EAC} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2012-07-26] (Microsoft Corporation)
Task: {2F1E6E55-3D1F-480B-8000-9E909BF482F5} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {307D6D3E-9D87-4CFD-B668-C60E8C86B0E3} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {311C4CC9-7320-42AB-B437-C1D02EEB6587} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {342D8E10-501F-4B38-A4C0-F2DE193B46E9} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {363B18FF-B363-4665-B1C4-DD7823139C45} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {3799C698-B9E2-4D51-86FC-B9B20E8DEF91} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {3979CF68-CD08-46D3-A340-CB769AE09013} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {3B292858-FAAA-4B61-9C76-6902AEB7607B} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {3E12441C-C2C4-42F9-8200-4E322F74BDC0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {3EC42D4C-09B0-49D9-A6A8-F2E1A94C0A74} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {4294B8A6-13BD-4733-8559-C8D558B6F597} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {44E19131-88E9-4238-9DCD-22306E438BB1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {4F2DA3E8-0B43-47C0-8811-45ECA435391F} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation)
Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-26] (Microsoft Corporation)
Task: {5AE9E01C-6D42-452E-A6A8-6A0CE9F18EC4} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2339853823-2107313754-116825072-1001
Task: {5B88CA1D-EEEA-4BAC-9E36-D94BA7D5CC37} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {600CBAC8-F824-4925-BE23-69B0D808CBB9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2012-07-26] (Microsoft Corporation)
Task: {6495D7D8-52C0-4309-9097-247A7B9574CC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {67FF304D-1A11-4CB0-909A-A92DCFD95294} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {68070BBC-F2DE-4476-95C6-C2ED1ECE3D0F} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {74748E76-21FC-465C-ABE1-5E465834A900} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {753C8596-7415-46D3-AF5E-9EEC299E7D90} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {7BA1AF95-B048-46B5-A898-B9B3D5A1548E} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2012-11-27] (Microsoft Corporation)
Task: {7EBC5A66-ABD2-4B81-872F-BC7CA4AD5D55} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {87B33971-7435-4AD9-8514-0B5BFE1F1CB0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {8E694376-21AC-46FA-8E80-C453341417E4} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {973628F1-FAD0-487A-B3EC-A318007483E8} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {9C3ADA14-4FAF-445F-B971-A69F60A7C497} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {9D175E12-DB50-4682-9F62-F923B154AA57} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A014EC55-F9EB-479D-9F4C-ACBE30C9E949} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: {AFE9EACD-AC61-4642-A077-BB06D1147FC5} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {BB4910D3-79D9-461E-AC1B-915B8E8672A3} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BC858B0C-7D0F-436F-B08B-50D51DF74306} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {BDB4FA9F-75FF-49F0-BB61-F10BBBA1FA6D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-27] (Adobe Systems Incorporated)
Task: {C465A656-3917-43C0-B40A-4EBBE8708BB9} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {C5ACF400-395F-4560-88EE-42FC3B1EAF7F} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {C66B8D31-A32F-4AF7-800E-475B2C2BE27D} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {C7B00221-71A0-4FB5-84F5-F1A8A2CA1B2A} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {D1CDD09C-5F29-4A7F-8FB4-897B439CC9A9} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {DF2D6074-8317-4050-890F-116E54CFAAD9} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2012-07-26] (Microsoft Corporation)
Task: {E3F2C42C-4547-49CD-A14F-FDDA37794A75} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {E3FC5136-FFFE-42DA-BB1D-6C62CAEB4585} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {E60C98D3-B41B-482A-AC61-DD19EDF2841D} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {EF9592CE-7796-47A6-9CD5-8630640D45BB} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation)
Task: {F273F7E8-98FA-47D0-BFE3-8B71C8C3E9A8} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {F413C755-E3DC-4075-BB1E-AC60C1CA9AEA} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {F69E710E-D481-4685-9A82-C1B0C2369EB5} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {F6E06073-27B2-48BB-8FA1-AAA8B50066D0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==========


==================== Faulty Device Manager Devices =============

Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (08/30/2013 00:33:03 AM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "FRANZ" auf Transport "NetBT_Tcpip_{1226921E-87E8-4DC6-A37A-F6D1". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/30/2013 00:30:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet:
%%1115

Error: (08/30/2013 00:29:59 AM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "FRANZ" auf Transport "NetBT_Tcpip_{1226921E-87E8-4DC6-A37A-F6D1". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/30/2013 00:20:28 AM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "FRANZ" auf Transport "NetBT_Tcpip_{1226921E-87E8-4DC6-A37A-F6D1". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/29/2013 11:58:37 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "FRANZ" auf Transport "NetBT_Tcpip_{1226921E-87E8-4DC6-A37A-F6D1". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/29/2013 11:33:30 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "FRANZ" auf Transport "NetBT_Tcpip_{1226921E-87E8-4DC6-A37A-F6D1". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/29/2013 11:12:27 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "FRANZ" auf Transport "NetBT_Tcpip_{1226921E-87E8-4DC6-A37A-F6D1". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/29/2013 11:00:52 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "FRANZ" auf Transport "NetBT_Tcpip_{1226921E-87E8-4DC6-A37A-F6D1". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/29/2013 10:55:31 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "FRANZ" auf Transport "NetBT_Tcpip_{1226921E-87E8-4DC6-A37A-F6D1". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/29/2013 10:53:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 3444.55 MB
Available physical RAM: 2292.16 MB
Total Pagefile: 4148.55 MB
Available Pagefile: 2801.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50.94 GB) (Free:8.29 GB) NTFS
Drive d: () (Fixed) (Total:232.05 GB) (Free:181.5 GB) NTFS
Drive g: () (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: B0FD1CB0)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=51 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=232 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 481 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=481 MB) - (Type=06)

==================== End Of Log ============================

cosinus 29.08.2013 23:54
Hmm..ja die Anleitung verweist auf das. Das ist missverständlich. Ich werd das mal anmerken bei Gelegenheit.
Grundsätzlich ist das nur erforderlich ja sogar notwendig, wenn der Rechner sich sonst nicht mehr starten lässt. Aber ansonsten normaler Bootmodus. ;)

Poste bitte noch das andere Log von FRST

santaniy 30.08.2013 00:08
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-08-2013
Ran by AndiY at 2013-08-30 00:44:21
Running from G:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.01) - Deutsch (Version: 11.0.01)
AIMP3 (Version: v3.20.1155, 16.11.2012)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Browser Updater 1.1
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox (HKCU Version: 2.2.13)
Free YouTube to MP3 Converter version 3.12.12.827 (Version: 3.12.12.827)
FreeCommander 2009.02b (Version: 2009.02)
GIMP 2.8.6 (Version: 2.8.6)
IrfanView (remove only) (Version: 4.36)
iTunes (Version: 11.0.4.4)
Kaspersky Internet Security (Version: 14.0.0.4651)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MozBackup 1.5.1
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8)
No23 Recorder (Version: 2.1.0.3)
Picasa 3 (Version: 3.9)
PokerStars.eu
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
TeamViewer 8 (Version: 8.0.20202)
TomTom HOME (Version: 2.9.6)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
VLC media player 2.0.5 (Version: 2.0.5)
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
 

==================== Restore Points  =========================

29-08-2013 18:32:43 Windows Update

==================== Hosts content: ==========================

2012-07-26 06:17 - 2012-07-26 06:17 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0D16CEBE-BB3E-4049-8D81-CC2630BF94AD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\WINDOWS\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {0E78FEE0-C387-4530-AC36-4D46887FBFD5} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {0FB9F3EA-4F42-41A0-B8CE-06CDEF09B849} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {159DA30B-9B91-4267-A71F-5B7ACC15230D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {174644D4-4E5F-4B13-893F-DC718163E165} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {1E84DCB8-8C84-4436-A108-209A65086823} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {21EBABC3-315E-4262-91EA-833D48E9208B} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {2979CE11-8E95-402E-BC85-0C28B8A91EAC} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2012-07-26] (Microsoft Corporation)
Task: {2F1E6E55-3D1F-480B-8000-9E909BF482F5} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {307D6D3E-9D87-4CFD-B668-C60E8C86B0E3} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {311C4CC9-7320-42AB-B437-C1D02EEB6587} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {342D8E10-501F-4B38-A4C0-F2DE193B46E9} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {363B18FF-B363-4665-B1C4-DD7823139C45} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {3799C698-B9E2-4D51-86FC-B9B20E8DEF91} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {3979CF68-CD08-46D3-A340-CB769AE09013} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {3B292858-FAAA-4B61-9C76-6902AEB7607B} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {3E12441C-C2C4-42F9-8200-4E322F74BDC0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {3EC42D4C-09B0-49D9-A6A8-F2E1A94C0A74} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {4294B8A6-13BD-4733-8559-C8D558B6F597} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {44E19131-88E9-4238-9DCD-22306E438BB1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {4F2DA3E8-0B43-47C0-8811-45ECA435391F} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {545C008C-4471-44F8-AD15-96CB8BB2BB0C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation)
Task: {56F59500-C4D1-4720-859F-13B4998AA792} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-26] (Microsoft Corporation)
Task: {5AE9E01C-6D42-452E-A6A8-6A0CE9F18EC4} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2339853823-2107313754-116825072-1001
Task: {5B88CA1D-EEEA-4BAC-9E36-D94BA7D5CC37} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {600CBAC8-F824-4925-BE23-69B0D808CBB9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2012-07-26] (Microsoft Corporation)
Task: {6495D7D8-52C0-4309-9097-247A7B9574CC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {67FF304D-1A11-4CB0-909A-A92DCFD95294} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {68070BBC-F2DE-4476-95C6-C2ED1ECE3D0F} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {74748E76-21FC-465C-ABE1-5E465834A900} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {753C8596-7415-46D3-AF5E-9EEC299E7D90} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {7BA1AF95-B048-46B5-A898-B9B3D5A1548E} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2012-11-27] (Microsoft Corporation)
Task: {7EBC5A66-ABD2-4B81-872F-BC7CA4AD5D55} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {87B33971-7435-4AD9-8514-0B5BFE1F1CB0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {8E694376-21AC-46FA-8E80-C453341417E4} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {973628F1-FAD0-487A-B3EC-A318007483E8} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {99768757-32DC-4E02-BE1E-2FE4783695EE} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {9C3ADA14-4FAF-445F-B971-A69F60A7C497} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {9D175E12-DB50-4682-9F62-F923B154AA57} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A014EC55-F9EB-479D-9F4C-ACBE30C9E949} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: {AFE9EACD-AC61-4642-A077-BB06D1147FC5} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {BB4910D3-79D9-461E-AC1B-915B8E8672A3} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BC858B0C-7D0F-436F-B08B-50D51DF74306} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {BDB4FA9F-75FF-49F0-BB61-F10BBBA1FA6D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-27] (Adobe Systems Incorporated)
Task: {C465A656-3917-43C0-B40A-4EBBE8708BB9} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {C5ACF400-395F-4560-88EE-42FC3B1EAF7F} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {C66B8D31-A32F-4AF7-800E-475B2C2BE27D} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {C7B00221-71A0-4FB5-84F5-F1A8A2CA1B2A} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {D1CDD09C-5F29-4A7F-8FB4-897B439CC9A9} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {DF2D6074-8317-4050-890F-116E54CFAAD9} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2012-07-26] (Microsoft Corporation)
Task: {E3F2C42C-4547-49CD-A14F-FDDA37794A75} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {E3FC5136-FFFE-42DA-BB1D-6C62CAEB4585} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {E60C98D3-B41B-482A-AC61-DD19EDF2841D} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {EF9592CE-7796-47A6-9CD5-8630640D45BB} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation)
Task: {F273F7E8-98FA-47D0-BFE3-8B71C8C3E9A8} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {F413C755-E3DC-4075-BB1E-AC60C1CA9AEA} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {F69E710E-D481-4685-9A82-C1B0C2369EB5} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {F6E06073-27B2-48BB-8FA1-AAA8B50066D0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==========


==================== Faulty Device Manager Devices =============

Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (08/30/2013 00:33:03 AM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "FRANZ" auf Transport "NetBT_Tcpip_{1226921E-87E8-4DC6-A37A-F6D1". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/30/2013 00:30:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet:
%%1115

Error: (08/30/2013 00:29:59 AM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "FRANZ" auf Transport "NetBT_Tcpip_{1226921E-87E8-4DC6-A37A-F6D1". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/30/2013 00:20:28 AM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "FRANZ" auf Transport "NetBT_Tcpip_{1226921E-87E8-4DC6-A37A-F6D1". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/29/2013 11:58:37 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "FRANZ" auf Transport "NetBT_Tcpip_{1226921E-87E8-4DC6-A37A-F6D1". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/29/2013 11:33:30 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "FRANZ" auf Transport "NetBT_Tcpip_{1226921E-87E8-4DC6-A37A-F6D1". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/29/2013 11:12:27 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "FRANZ" auf Transport "NetBT_Tcpip_{1226921E-87E8-4DC6-A37A-F6D1". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/29/2013 11:00:52 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "FRANZ" auf Transport "NetBT_Tcpip_{1226921E-87E8-4DC6-A37A-F6D1". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/29/2013 10:55:31 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "FRANZ" auf Transport "NetBT_Tcpip_{1226921E-87E8-4DC6-A37A-F6D1". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (08/29/2013 10:53:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 3444.55 MB
Available physical RAM: 2292.16 MB
Total Pagefile: 4148.55 MB
Available Pagefile: 2801.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:50.94 GB) (Free:8.29 GB) NTFS
Drive d: () (Fixed) (Total:232.05 GB) (Free:181.5 GB) NTFS
Drive g: () (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: B0FD1CB0)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=51 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=232 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 481 MB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=481 MB) - (Type=06)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-08-2013
Ran by AndiY (administrator) on 30-08-2013 00:43:51
Running from G:\
Microsoft Windows 8 Pro (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x86__8wekyb3d8bbwe\LiveComm.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Dropbox, Inc.) C:\Users\AndiY\AppData\Roaming\Dropbox\bin\Dropbox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\AndiY\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-31] (Spotify Ltd)
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-07-02] (TomTom)
MountPoints2: {d11b4fc6-d4f3-11e2-afbd-002454888422} - "F:\HTC_Sync_Manager_PC.exe"
Startup: C:\Users\AndiY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\AndiY\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\AndiY\AppData\Roaming\Mozilla\Firefox\Path=C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-2339853823-2107313754-116825072-1001\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\AndiY\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions:  C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com

========================== Services (Whitelisted) =================

R2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-06-17] (Kaspersky Lab ZAO)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 athr; C:\Windows\system32\DRIVERS\athr.sys [2273280 2012-06-02] (Qualcomm Atheros Communications, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-05-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [24496 2012-07-27] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [548224 2013-08-14] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [25696 2013-06-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [25696 2013-05-05] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [25696 2013-05-05] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [54368 2013-05-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [145120 2013-06-06] (Kaspersky Lab ZAO)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x86.sys [238080 2012-07-26] (Marvell)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 22:43 - 2013-08-29 22:43 - 01072975 _____ (Farbar) C:\Users\AndiY\Desktop\FRST.exe
2013-08-29 22:36 - 2013-08-29 22:36 - 00001374 _____ C:\Users\AndiY\Desktop\JRT.txt
2013-08-29 22:34 - 2013-08-29 22:34 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-29 22:31 - 2013-08-29 22:31 - 01023533 _____ (Thisisu) C:\Users\AndiY\Desktop\JRT.exe
2013-08-29 22:24 - 2013-08-29 22:25 - 00000000 ____D C:\AdwCleaner
2013-08-29 22:21 - 2013-08-29 22:21 - 00994642 _____ C:\Users\AndiY\Desktop\adwcleaner.exe
2013-08-29 22:13 - 2013-08-29 22:13 - 00018786 _____ C:\Users\AndiY\AppData\Local\recently-used.xbel
2013-08-29 19:42 - 2013-08-29 19:42 - 00000000 ____D C:\Users\AndiY\AppData\Local\webkit
2013-08-29 12:01 - 2013-08-29 12:02 - 29255112 _____ (DVDVideoSoft Ltd.                                          ) C:\Users\AndiY\Downloads\FreeYouTubeToMP3Converter(2).exe
2013-08-29 01:06 - 2013-08-29 01:07 - 06396822 _____ C:\Users\AndiY\Downloads\AuroraX - Seven Sunsets.mp3.part
2013-08-29 00:24 - 2013-08-29 00:24 - 00000000 ____D C:\ProgramData\Panasonic
2013-08-29 00:23 - 2013-08-29 00:23 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\InstallShield
2013-08-29 00:23 - 2013-08-29 00:23 - 00000000 ____D C:\Users\AndiY\AppData\Local\Panasonic
2013-08-29 00:23 - 2007-06-22 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICSDK2.dll
2013-08-29 00:23 - 2007-06-22 00:10 - 00000097 _____ C:\WINDOWS\system32\PICSDK.ini
2013-08-29 00:23 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EpPicPrt.dll
2013-08-29 00:23 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EPPicMgr.dll
2013-08-29 00:23 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICEntry.dll
2013-08-29 00:23 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\PICSDK.dll
2013-08-29 00:23 - 2005-06-01 00:20 - 00111932 _____ C:\WINDOWS\system32\EPPICPrinterDB.dat
2013-08-29 00:23 - 2004-03-03 06:10 - 00031053 _____ C:\WINDOWS\system32\EPPICPattern131.dat
2013-08-29 00:23 - 2004-03-03 06:10 - 00027417 _____ C:\WINDOWS\system32\EPPICPattern121.dat
2013-08-29 00:23 - 2004-03-03 06:10 - 00026154 _____ C:\WINDOWS\system32\EPPICPattern1.dat
2013-08-29 00:23 - 2004-03-03 06:10 - 00024903 _____ C:\WINDOWS\system32\EPPICPattern3.dat
2013-08-29 00:23 - 2004-03-03 06:10 - 00021390 _____ C:\WINDOWS\system32\EPPICPattern5.dat
2013-08-29 00:23 - 2004-03-03 06:10 - 00020148 _____ C:\WINDOWS\system32\EPPICPattern2.dat
2013-08-29 00:23 - 2004-03-03 06:10 - 00013732 _____ C:\WINDOWS\system32\EPPICLocal_EN.cfg
2013-08-29 00:23 - 2004-03-03 06:10 - 00011811 _____ C:\WINDOWS\system32\EPPICPattern4.dat
2013-08-29 00:23 - 2004-03-03 06:10 - 00006442 _____ C:\WINDOWS\system32\EPPICLocal_IT.cfg
2013-08-29 00:23 - 2004-03-03 06:10 - 00006347 _____ C:\WINDOWS\system32\EPPICLocal_PT.cfg
2013-08-29 00:23 - 2004-03-03 06:10 - 00006347 _____ C:\WINDOWS\system32\EPPICLocal_BP.cfg
2013-08-29 00:23 - 2004-03-03 06:10 - 00006335 _____ C:\WINDOWS\system32\EPPICLocal_GE.cfg
2013-08-29 00:23 - 2004-03-03 06:10 - 00006195 _____ C:\WINDOWS\system32\EPPICLocal_FR.cfg
2013-08-29 00:23 - 2004-03-03 06:10 - 00006195 _____ C:\WINDOWS\system32\EPPICLocal_CF.cfg
2013-08-29 00:23 - 2004-03-03 06:10 - 00006122 _____ C:\WINDOWS\system32\EPPICLocal_DU.cfg
2013-08-29 00:23 - 2004-03-03 06:10 - 00006103 _____ C:\WINDOWS\system32\EPPICLocal_ES.cfg
2013-08-29 00:23 - 2004-03-03 06:10 - 00005817 _____ C:\WINDOWS\system32\EPPICLocal_KO.cfg
2013-08-29 00:23 - 2004-03-03 06:10 - 00005436 _____ C:\WINDOWS\system32\EPPICLocal_SC.cfg
2013-08-29 00:23 - 2004-03-03 06:10 - 00004943 _____ C:\WINDOWS\system32\EPPICPattern6.dat
2013-08-29 00:23 - 2004-03-03 06:10 - 00002889 _____ C:\WINDOWS\system32\EPPICLocal_RU.cfg
2013-08-29 00:23 - 2004-03-03 06:10 - 00002426 _____ C:\WINDOWS\system32\EPPICLocal_TC.cfg
2013-08-29 00:23 - 2004-03-03 06:10 - 00001146 _____ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2013-08-29 00:23 - 2004-03-03 06:10 - 00001139 _____ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2013-08-29 00:23 - 2004-03-03 06:10 - 00001139 _____ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2013-08-29 00:23 - 2004-03-03 06:10 - 00001136 _____ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2013-08-29 00:23 - 2004-03-03 06:10 - 00001129 _____ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2013-08-29 00:23 - 2004-03-03 06:10 - 00001129 _____ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2013-08-29 00:23 - 2004-03-03 06:10 - 00001120 _____ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2013-08-29 00:23 - 2004-03-03 06:10 - 00001107 _____ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2013-08-29 00:23 - 2004-03-03 06:10 - 00001104 _____ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2013-08-29 00:21 - 2013-08-29 11:50 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2013-08-29 00:20 - 2013-08-29 00:20 - 00000000 ____D C:\Program Files\Common Files\Panasonic
2013-08-29 00:19 - 2013-08-29 00:19 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-08-29 00:19 - 2013-08-29 00:19 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-08-28 11:23 - 2013-08-29 22:13 - 00000000 ____D C:\Users\AndiY\AppData\Local\gtk-2.0
2013-08-28 11:23 - 2013-08-28 11:23 - 00000000 ____D C:\Users\AndiY\.thumbnails
2013-08-28 11:18 - 2013-08-29 22:19 - 00000000 ____D C:\Users\AndiY\.gimp-2.8
2013-08-28 11:18 - 2013-08-28 11:18 - 00000000 ____D C:\Users\AndiY\AppData\Local\gegl-0.2
2013-08-28 11:04 - 2013-08-28 11:05 - 00000000 ____D C:\Program Files\GIMP 2
2013-08-28 11:01 - 2013-08-13 08:38 - 00032328 _____ C:\WINDOWS\Launcher.exe
2013-08-28 10:58 - 2013-08-28 10:58 - 00475912 _____ C:\Users\AndiY\Downloads\GIMP_Setup_Download.exe
2013-08-28 00:51 - 2013-08-28 00:51 - 00001295 _____ C:\Users\AndiY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2013-08-28 00:50 - 2013-08-29 22:27 - 00002276 _____ C:\Users\AndiY\Desktop\Sicherer Zahlungsverkehr.lnk
2013-08-28 00:46 - 2013-08-28 00:43 - 00001094 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2013-08-28 00:28 - 2013-08-28 00:36 - 261894976 _____ C:\Users\AndiY\Downloads\kis14.0.0.4651aDE_4888.exe
2013-08-27 21:20 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2013-08-27 21:20 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-08-27 21:20 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2013-08-27 21:20 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2013-08-27 21:20 - 2013-07-13 06:23 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2013-08-27 21:20 - 2013-07-11 04:31 - 05573464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-08-27 21:20 - 2013-07-02 00:53 - 00030144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2013-08-27 21:20 - 2013-07-02 00:08 - 00211288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2013-08-27 21:20 - 2013-05-24 01:27 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2013-08-27 21:19 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-08-27 21:19 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-08-27 21:19 - 2013-07-26 05:13 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-08-27 21:19 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-08-27 21:19 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-08-27 21:19 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-08-27 21:19 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-08-27 21:19 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-08-27 21:19 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-08-27 21:19 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-08-27 21:19 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-08-27 21:19 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-08-27 21:19 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-08-27 21:19 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-08-27 21:18 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-08-27 21:18 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-08-27 21:18 - 2013-07-09 06:06 - 01800024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-08-14 12:40 - 2013-08-14 12:40 - 00548224 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2013-08-08 19:39 - 2013-08-08 19:39 - 00000000 ____D C:\ProgramData\TomTom
2013-08-08 19:34 - 2013-08-08 19:34 - 00000000 ____D C:\Users\AndiY\Documents\TomTom
2013-08-08 19:34 - 2013-08-08 19:34 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\TomTom
2013-08-08 19:34 - 2013-08-08 19:34 - 00000000 ____D C:\Users\AndiY\AppData\Local\TomTom
2013-08-08 19:33 - 2013-08-08 19:33 - 00000000 ____D C:\Program Files\TomTom HOME 2
2013-08-08 19:32 - 2013-08-08 19:32 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-08-08 19:30 - 2013-08-08 19:31 - 00000000 ____D C:\Users\AndiY\AppData\Local\Downloaded Installations
2013-08-08 19:29 - 2013-08-08 19:29 - 30914760 _____ C:\Users\AndiY\Downloads\TomTomHOME2winlatest.exe
2013-08-07 22:08 - 2013-08-08 16:50 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-01 18:24 - 2013-08-01 18:24 - 00001848 _____ C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
2013-08-01 18:24 - 2013-08-01 18:24 - 00000972 _____ C:\Users\Public\Desktop\IrfanView.lnk
2013-08-01 18:22 - 2013-08-01 18:24 - 02145888 _____ (Irfan Skiljan) C:\Users\AndiY\Downloads\iview436g_setup.exe
2013-08-01 18:12 - 2013-08-30 00:33 - 00000000 ___RD C:\Users\AndiY\Dropbox
2013-08-01 18:12 - 2013-08-28 00:52 - 00000979 _____ C:\Users\AndiY\Desktop\Dropbox.lnk
2013-08-01 18:08 - 2013-08-28 00:52 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-01 18:06 - 2013-08-30 00:33 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\Dropbox
2013-08-01 18:05 - 2013-08-01 18:06 - 34994736 _____ (Dropbox, Inc.) C:\Users\AndiY\Downloads\Dropbox_2.2.12.exe

==================== One Month Modified Files and Folders =======

2013-08-30 00:38 - 2013-03-31 13:21 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-08-30 00:37 - 2013-01-25 03:00 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-30 00:33 - 2013-08-01 18:12 - 00000000 ___RD C:\Users\AndiY\Dropbox
2013-08-30 00:33 - 2013-08-01 18:06 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\Dropbox
2013-08-30 00:33 - 2013-01-28 22:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-30 00:32 - 2012-07-26 08:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-30 00:30 - 2012-07-26 06:17 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2013-08-30 00:19 - 2013-01-25 02:56 - 01850230 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-30 00:10 - 2013-08-30 00:10 - 00000000 ____D C:\FRST
2013-08-30 00:00 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\sru
2013-08-29 22:43 - 2013-08-29 22:43 - 01072975 _____ (Farbar) C:\Users\AndiY\Desktop\FRST.exe
2013-08-29 22:36 - 2013-08-29 22:36 - 00001374 _____ C:\Users\AndiY\Desktop\JRT.txt
2013-08-29 22:34 - 2013-08-29 22:34 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-29 22:31 - 2013-08-29 22:31 - 01023533 _____ (Thisisu) C:\Users\AndiY\Desktop\JRT.exe
2013-08-29 22:27 - 2013-08-28 00:50 - 00002276 _____ C:\Users\AndiY\Desktop\Sicherer Zahlungsverkehr.lnk
2013-08-29 22:26 - 2013-07-18 22:15 - 00358136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-29 22:26 - 2013-02-17 18:43 - 00000000 ____D C:\Program Files\Panasonic
2013-08-29 22:26 - 2013-01-25 02:51 - 00015090 _____ C:\WINDOWS\PFRO.log
2013-08-29 22:25 - 2013-08-29 22:24 - 00000000 ____D C:\AdwCleaner
2013-08-29 22:21 - 2013-08-29 22:21 - 00994642 _____ C:\Users\AndiY\Desktop\adwcleaner.exe
2013-08-29 22:20 - 2013-02-26 23:38 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\AIMP3
2013-08-29 22:19 - 2013-08-28 11:18 - 00000000 ____D C:\Users\AndiY\.gimp-2.8
2013-08-29 22:13 - 2013-08-29 22:13 - 00018786 _____ C:\Users\AndiY\AppData\Local\recently-used.xbel
2013-08-29 22:13 - 2013-08-28 11:23 - 00000000 ____D C:\Users\AndiY\AppData\Local\gtk-2.0
2013-08-29 19:51 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-08-29 19:42 - 2013-08-29 19:42 - 00000000 ____D C:\Users\AndiY\AppData\Local\webkit
2013-08-29 12:03 - 2013-06-23 23:24 - 00001356 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-08-29 12:03 - 2013-06-23 23:24 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-08-29 12:03 - 2013-06-23 23:24 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-08-29 12:03 - 2013-05-25 09:40 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\DVDVideoSoft
2013-08-29 12:02 - 2013-08-29 12:01 - 29255112 _____ (DVDVideoSoft Ltd.                                          ) C:\Users\AndiY\Downloads\FreeYouTubeToMP3Converter(2).exe
2013-08-29 11:50 - 2013-08-29 00:21 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2013-08-29 11:50 - 2013-02-08 18:20 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-08-29 11:50 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-08-29 11:42 - 2012-07-26 08:03 - 00031544 _____ C:\WINDOWS\setupact.log
2013-08-29 01:07 - 2013-08-29 01:06 - 06396822 _____ C:\Users\AndiY\Downloads\AuroraX - Seven Sunsets.mp3.part
2013-08-29 00:24 - 2013-08-29 00:24 - 00000000 ____D C:\ProgramData\Panasonic
2013-08-29 00:23 - 2013-08-29 00:23 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\InstallShield
2013-08-29 00:23 - 2013-08-29 00:23 - 00000000 ____D C:\Users\AndiY\AppData\Local\Panasonic
2013-08-29 00:20 - 2013-08-29 00:20 - 00000000 ____D C:\Program Files\Common Files\Panasonic
2013-08-29 00:19 - 2013-08-29 00:19 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-08-29 00:19 - 2013-08-29 00:19 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-08-29 00:19 - 2012-07-26 08:53 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-28 19:11 - 2013-02-07 22:38 - 00000000 ____D C:\Program Files\No23 Recorder
2013-08-28 18:04 - 2013-04-06 03:32 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\vlc
2013-08-28 16:20 - 2013-05-05 11:43 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\Spotify
2013-08-28 12:21 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\rescache
2013-08-28 11:48 - 2013-05-05 11:44 - 00000000 ____D C:\Users\AndiY\AppData\Local\Spotify
2013-08-28 11:23 - 2013-08-28 11:23 - 00000000 ____D C:\Users\AndiY\.thumbnails
2013-08-28 11:23 - 2013-01-25 02:56 - 00000000 ____D C:\Users\AndiY
2013-08-28 11:18 - 2013-08-28 11:18 - 00000000 ____D C:\Users\AndiY\AppData\Local\gegl-0.2
2013-08-28 11:15 - 2013-02-07 19:22 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-28 11:14 - 2012-07-26 08:53 - 00000000 ____D C:\WINDOWS\system32\de-DE
2013-08-28 11:14 - 2012-07-26 08:53 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-28 11:05 - 2013-08-28 11:04 - 00000000 ____D C:\Program Files\GIMP 2
2013-08-28 10:58 - 2013-08-28 10:58 - 00475912 _____ C:\Users\AndiY\Downloads\GIMP_Setup_Download.exe
2013-08-28 01:01 - 2013-04-14 20:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-28 00:52 - 2013-08-01 18:12 - 00000979 _____ C:\Users\AndiY\Desktop\Dropbox.lnk
2013-08-28 00:52 - 2013-08-01 18:08 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-28 00:51 - 2013-08-28 00:51 - 00001295 _____ C:\Users\AndiY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security.lnk
2013-08-28 00:48 - 2013-01-28 22:53 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-08-28 00:43 - 2013-08-28 00:46 - 00001094 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2013-08-28 00:43 - 2012-07-26 06:17 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-08-28 00:36 - 2013-08-28 00:28 - 261894976 _____ C:\Users\AndiY\Downloads\kis14.0.0.4651aDE_4888.exe
2013-08-27 22:27 - 2013-07-20 21:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-27 22:25 - 2013-01-26 03:55 - 75778376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-14 12:40 - 2013-08-14 12:40 - 00548224 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2013-08-13 08:38 - 2013-08-28 11:01 - 00032328 _____ C:\WINDOWS\Launcher.exe
2013-08-08 19:39 - 2013-08-08 19:39 - 00000000 ____D C:\ProgramData\TomTom
2013-08-08 19:34 - 2013-08-08 19:34 - 00000000 ____D C:\Users\AndiY\Documents\TomTom
2013-08-08 19:34 - 2013-08-08 19:34 - 00000000 ____D C:\Users\AndiY\AppData\Roaming\TomTom
2013-08-08 19:34 - 2013-08-08 19:34 - 00000000 ____D C:\Users\AndiY\AppData\Local\TomTom
2013-08-08 19:33 - 2013-08-08 19:33 - 00000000 ____D C:\Program Files\TomTom HOME 2
2013-08-08 19:32 - 2013-08-08 19:32 - 00000000 ____D C:\Program Files\TomTom International B.V
2013-08-08 19:31 - 2013-08-08 19:30 - 00000000 ____D C:\Users\AndiY\AppData\Local\Downloaded Installations
2013-08-08 19:29 - 2013-08-08 19:29 - 30914760 _____ C:\Users\AndiY\Downloads\TomTomHOME2winlatest.exe
2013-08-08 16:50 - 2013-08-07 22:08 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-01 18:24 - 2013-08-01 18:24 - 00001848 _____ C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
2013-08-01 18:24 - 2013-08-01 18:24 - 00000972 _____ C:\Users\Public\Desktop\IrfanView.lnk
2013-08-01 18:24 - 2013-08-01 18:22 - 02145888 _____ (Irfan Skiljan) C:\Users\AndiY\Downloads\iview436g_setup.exe
2013-08-01 18:06 - 2013-08-01 18:05 - 34994736 _____ (Dropbox, Inc.) C:\Users\AndiY\Downloads\Dropbox_2.2.12.exe

Files to move or delete:
====================
C:\Users\AndiY\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\AndiY\AppData\Local\Temp\ose00000.exe
C:\Users\AndiY\AppData\Local\Temp\Quarantine.exe
C:\Users\AndiY\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\AndiY\AppData\Local\Temp\tbu89F6.exe
C:\Users\AndiY\AppData\Local\Temp\uninst1.exe
C:\Users\AndiY\AppData\Local\Temp\_is32A8.exe
C:\Users\AndiY\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\AndiY\AppData\Local\Temp\{AFEE44A5-F043-4D89-9B36-DFDCF6766A63}\setup.exe
C:\Users\AndiY\AppData\Local\Temp\{8DAC13CF-723F-4FB5-8EE6-BBC313593D62}\Cleaner\cleanapi.dll
C:\Users\AndiY\AppData\Local\Temp\{717F3AC9-DC0F-4919-A443-1B81ED9AB0A8}\ISSetup.dll
C:\Users\AndiY\AppData\Local\Temp\{717F3AC9-DC0F-4919-A443-1B81ED9AB0A8}\_Setup.dll
C:\Users\AndiY\AppData\Local\Temp\Temp1_MozBackup-1.5.1-EN.zip\MozBackup-1.5.1-EN\MozBackup.exe
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer.exe
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_.exe
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Desktop.exe
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_ar.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_bg.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_cs.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_da.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_de.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_el.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_en.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_es.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_fi.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_fr.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_he.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_hr.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_hu.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_id.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_it.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_ja.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_ko.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_lt.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_nl.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_no.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_pl.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_pt.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_ro.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_ru.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_sk.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_sr.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_sv.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_th.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_tr.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_uk.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_vi.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_zhCN.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Resource_zhTW.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_Service.exe
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_StaticRes.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\tv_w32.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\tv_w32.exe
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\tv_x64.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\tv_x64.exe
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\uninstall.exe
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\x86\Teamviewer_PrintProcessor.dll
C:\Users\AndiY\AppData\Local\Temp\TeamViewer\Version8\outlook\TeamViewerMeetingAddIn.dll
C:\Users\AndiY\AppData\Local\Temp\SDIAG_89d5fdc5-7e6f-4b90-b122-73e6763a2b33\NetworkDiagnosticSnapIn.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\ChCfg.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\RtlExUpd.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Setup.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\AERTACap.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\AERTARen.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\AERTSrv.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\BlackBlueSkinImages.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\BlackSkinImages.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DarkSkinImages.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSAudioService.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSBassEnhancementDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSBoostDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSGainCompensatorDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSGFXAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSGFXAPONS.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSLFXAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSLimiterDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSNeoPCDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSS2HeadphoneDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSS2SpeakerDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSSymmetryDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSU2PAuSrv32.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSU2PGFX32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSU2PLFX32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSU2PREC32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\DTSVoiceClarityDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\FMAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\FMAPP.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\GrayJadeSkinImages.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\KAAPORT.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioAPO20.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioAPO30.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioAPO40.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioAPOShell.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioControl.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioEQ.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioMeters.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioRealtek.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxAudioRealtek2.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MaxxVolumeSDAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MBAPO32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MBPPCn32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MBppld32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MBTHX32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\MBWrp32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\PremiumBlackSkinImages.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\R4EEA32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\R4EED32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\R4EEG32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\R4EEL32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\R4EEP32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RP3DAA32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RP3DHT32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RTCOMDLL.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RTEED32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RTEEG32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RTEEL32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RTEEP32A.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtHDVBg.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtHDVCpl.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkApoApi.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkAudioService.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkCfg.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkCoInstII.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkCoLDR.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkGuiCompLib.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkNGUI.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtkPgExt.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtlCPAPI.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\RtlUpd.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFCOM.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFFXComm.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFFXDAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFFXHAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFFXProc.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFFXSAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFNHK.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SFSS_APO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SkyTel.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\sl3apo32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slcc3d32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slcnt32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slcshp32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slcsii32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slgeq32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slh36032.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slhlim32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slInit32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slmaxv32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slprp32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\sltech32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\sltshd32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\sluapo32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slvipp32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\slviq32.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SRSHP360.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SRSTSHD.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SRSTSXT.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\SRSWOW.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\tadefxapo.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\tadefxapo2.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\TepeqAPO.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\tosade.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\vncutil.exe
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\WavesGUILib.dll
C:\Users\AndiY\AppData\Local\Temp\pft38D8~tmp\Vista\WavesLib.dll
C:\Users\AndiY\AppData\Local\Temp\oct405F.tmp\PokkiUpdater.exe
C:\Users\AndiY\AppData\Local\Temp\nsx33C6.tmp\___ocnsis.dll
C:\Users\AndiY\AppData\Local\Temp\nslF9C9.tmp\DropboxNSISTools.dll
C:\Users\AndiY\AppData\Local\Temp\nslF9C9.tmp\UAC.dll
C:\Users\AndiY\AppData\Local\Temp\nsfAE49.tmp\DropboxNSISTools.dll
C:\Users\AndiY\AppData\Local\Temp\nsfAE49.tmp\UAC.dll
C:\Users\AndiY\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\AndiY\AppData\Local\Temp\is-AERC8.tmp\Interop.IWshRuntimeLibrary.dll
C:\Users\AndiY\AppData\Local\Temp\is-AERC8.tmp\System.Data.SQLite.dll
C:\Users\AndiY\AppData\Local\Temp\is-61995.tmp\PokkiInstaller.exe
C:\Users\AndiY\AppData\Local\Temp\is-40NQG.tmp\cinshlpr.dll
C:\Users\AndiY\AppData\Local\Temp\is-40NQG.tmp\InstallHelper.dll
C:\Users\AndiY\AppData\Local\Temp\is-3LJFN.tmp\InstallHelper.dll
C:\Users\AndiY\AppData\Local\Temp\is-3LJFN.tmp\ProtectedSearchSetup.exe
C:\Users\AndiY\AppData\Local\Temp\is-2RG6T.tmp\Interop.IWshRuntimeLibrary.dll
C:\Users\AndiY\AppData\Local\Temp\is-2RG6T.tmp\System.Data.SQLite.dll
C:\Users\AndiY\AppData\Local\Temp\E8C23CB0-BAB0-7891-B0E4-9616A4768739\Setup.exe
C:\Users\AndiY\AppData\Local\Temp\E8C23CB0-BAB0-7891-B0E4-9616A4768739\sqlite3.dll
C:\Users\AndiY\AppData\Local\Temp\E8C23CB0-BAB0-7891-B0E4-9616A4768739\Latest\MyBabylonTB.exe
C:\Users\AndiY\AppData\Local\Temp\E8C23CB0-BAB0-7891-B0E4-9616A4768739\Latest\Setup.exe
C:\Users\AndiY\AppData\Local\Temp\E8C23CB0-BAB0-7891-B0E4-9616A4768739\Latest\sqlite3.dll
C:\Users\AndiY\AppData\Local\Temp\5164B33C96F03E11FA5C004245884822\SETUP.DLL
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\BabMaint.exe
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\BExternal.dll
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\BUSolution.dll
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\ccp.exe
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\GUninstaller.exe
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\IEHelper.dll
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\Setup.exe
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\sqlite3.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-27 22:18

==================== End Of Log ============================
--- --- ---

--- --- ---

cosinus 30.08.2013 00:15
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


santaniy 30.08.2013 00:30
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.29.09

Windows 8 x86 NTFS
Internet Explorer 10.0.9200.16660
AndiY :: FRANZ [Administrator]

30.08.2013 01:20:45
MBAM-log-2013-08-30 (01-29-19).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 211343
Laufzeit: 7 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\Users\AndiY\AppData\Local\Temp\C489.tmp (PUP.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\ccp.exe (PUP.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\AndiY\AppData\Local\Temp\40FD1792-BAB0-7891-BF0E-E72C5CC0DB8C\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\AndiY\AppData\Local\Temp\E8C23CB0-BAB0-7891-B0E4-9616A4768739\Setup.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\AndiY\AppData\Local\Temp\E8C23CB0-BAB0-7891-B0E4-9616A4768739\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\AndiY\Downloads\SoftonicDownloader_fuer_adblock-ie.exe (PUP.Optional.Softonic) -> Keine Aktion durchgeführt.
C:\Users\AndiY\Downloads\FreeYouTubeToMP3Converter(2).exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.

(Ende)


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:34 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131