Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win 7: Rechner langsam und dauernd Fehlermeldung ( Keine Rückmeldung) (https://www.trojaner-board.de/142546-win-7-rechner-langsam-dauernd-fehlermeldung-keine-rueckmeldung.html)

loo1977 04.10.2013 21:40
Win 7: Rechner langsam und dauernd Fehlermeldung ( Keine Rückmeldung)
 
Guten Tag

Habe das Problem das meine Notebook seit einiger zeit sich einfriert und im Fierfox oder Windows Explorer oben (Keine Rückmeldung) kommt. Das kommt mittlerweile immer öfters vor.

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:34 on 04/10/2013 (Joanna)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Joanna at 2013-10-04 21:28:04
Running from C:\Users\Joanna\Desktop\XXXXXXXXXXXXXX
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.1.30017)
µTorrent (x32 Version: 3.3.0.29126)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader XI (11.0.04) - Deutsch (x32 Version: 11.0.04)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Broadcom Wireless Utility (Version: 5.30.21.0)
bwin Poker (x32)
Canon MP Navigator EX 3.0 (x32)
Canon MP560 series MP Drivers
CDBurnerXP (x32 Version: 4.5.1.4003)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Drakensang Online (x32)
Full Tilt Poker (x32 Version: 4.48.3.WIN.FullTilt.COM)
IDT Audio (x32 Version: 1.0.6217.0)
iTunes (Version: 11.1.0.126)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
NVIDIA Display Control Panel (Version: 6.14.12.5738)
NVIDIA Drivers (Version: 1.10.62.40)
PDFCreator (x32 Version: 1.7.0)
Personal ID (x32 Version: 1.8.5.202)
PokerStars.eu (x32)
RICOH R5U833 Media Driver ver.3.60.01 (x32 Version: 3.60.01)
Secret City (x32 Version: 1.9.4662)
SiSoftware Sandra Lite 2013.SP1 (Version: 19.23.2013.1)
Skype™ 6.3 (x32 Version: 6.3.105)
TeamSpeak 3 Client (x32 Version: 3.0.13)
TomTom HOME (x32 Version: 2.9.5)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Varengold MetaTrader (x32 Version: 4.00)
VLC media player 2.0.5 (Version: 2.0.5)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
Windows-Treiberpaket - ITE Tech.Inc. (itecir) HIDClass  (05/01/2009 5.1.0000.1) (Version: 05/01/2009 5.1.0000.1)
World of Warcraft (x32 Version: 5.3.0.17128)

==================== Restore Points  =========================

24-09-2013 12:17:04 Windows Update
27-09-2013 08:35:32 Installed iTunes
01-10-2013 16:31:09 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {5D9259C0-0E83-4878-9B10-A0F921474B12} - System32\Tasks\Joanna-PC\Joanna - Start WLAN Tray Applet => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE [2013-01-20] (Broadcom Corporation)
Task: {B2A2B4B5-42DA-4BAB-B7F7-CB55E4D28408} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {EA76F8DC-7972-4861-B84E-4CD08189B761} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-23] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-01-20 18:21 - 2013-01-20 18:21 - 00058368 _____ () C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwlrmt.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 22:39 - 2013-01-20 17:22 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2013-09-18 14:59 - 2013-09-18 14:59 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: NVIDIA nForce 10/100/1000 Mbps Ethernet
Description: NVIDIA nForce Networking Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVNET
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/03/2013 00:57:07 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 24.0.0.5001 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 9a8

Startzeit: 01cebf585d81bd30

Endzeit: 179

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: efbc60f1-2bb5-11e3-8e7e-d2b4eba40b90

Error: (09/29/2013 11:27:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5304

Error: (09/29/2013 11:27:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5304

Error: (09/29/2013 11:27:25 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/27/2013 01:39:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10236551

Error: (09/27/2013 01:39:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10236551

Error: (09/27/2013 01:39:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/27/2013 01:39:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10235491

Error: (09/27/2013 01:39:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10235491

Error: (09/27/2013 01:39:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (10/04/2013 07:19:45 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (10/04/2013 03:11:38 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (10/04/2013 05:05:00 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (10/03/2013 10:22:43 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (10/03/2013 08:46:16 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (10/02/2013 00:09:58 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (10/02/2013 08:06:45 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (10/01/2013 10:06:06 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (10/01/2013 06:25:24 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (10/01/2013 08:00:01 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)


Microsoft Office Sessions:
=========================
Error: (10/03/2013 00:57:07 AM) (Source: Application Hang)(User: )
Description: firefox.exe24.0.0.50019a801cebf585d81bd30179C:\Program Files (x86)\Mozilla Firefox\firefox.exeefbc60f1-2bb5-11e3-8e7e-d2b4eba40b90

Error: (09/29/2013 11:27:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5304

Error: (09/29/2013 11:27:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5304

Error: (09/29/2013 11:27:25 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/27/2013 01:39:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10236551

Error: (09/27/2013 01:39:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10236551

Error: (09/27/2013 01:39:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/27/2013 01:39:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10235491

Error: (09/27/2013 01:39:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10235491

Error: (09/27/2013 01:39:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2013-09-30 09:38:48.596
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-30 09:38:48.596
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-30 09:38:48.596
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-30 09:38:48.581
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-30 09:38:48.581
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-30 09:38:48.581
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-28 09:35:39.987
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-28 09:35:39.987
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-28 09:35:39.987
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-09-28 09:35:39.971
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 51%
Total physical RAM: 3838.36 MB
Available physical RAM: 1875.66 MB
Total Pagefile: 7674.9 MB
Available Pagefile: 5346.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:150.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: D4D7C709)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Joanna (administrator) on JOANNA-PC on 04-10-2013 21:23:34
Running from C:\Users\Joanna\Desktop\XXXXXXXXXXXXXX
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\STacSV64.exe
() C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\AESTSr64.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Joanna\Desktop\XXXXXXXXXXXXXX\Defogger.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [4620288 2013-01-20] (Broadcom Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKCU\...\Run: [uTorrent] - C:\Users\Joanna\AppData\Roaming\uTorrent\uTorrent.exe [802136 2013-05-22] (BitTorrent Inc.)
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom)
HKCU\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2013-07-18] (coolspot AG, Düsseldorf)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-20] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2039880D1DF7CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: FAIESSOHelper Class - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: uTorrentControl_v2  - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
FF Extension: toolbar - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-20] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe [68760 2008-12-27] (SiSoftware)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE [33280 2013-01-20] ()

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-23] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-04 21:23 - 2013-10-04 21:23 - 00000000 ____D C:\FRST
2013-10-04 21:22 - 2013-10-04 21:22 - 00000000 _____ C:\Users\Joanna\defogger_reenable
2013-10-04 21:16 - 2013-10-04 21:22 - 00000000 ____D C:\Users\Joanna\Desktop\XXXXXXXXXXXXXX
2013-10-03 22:36 - 2013-10-03 22:36 - 00534389 _____ C:\Users\Joanna\Downloads\noscript_security_suite-2.6.8.1-fx_sm_fn.xpi.zip
2013-10-03 22:17 - 2013-10-03 22:19 - 00005419 _____ C:\Users\Joanna\Desktop\Scann mailware.txt
2013-10-03 22:09 - 2013-10-03 22:09 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Malwarebytes
2013-10-03 22:08 - 2013-10-03 22:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Joanna\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-03 22:08 - 2013-10-03 22:08 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-03 22:08 - 2013-10-03 22:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-03 22:08 - 2013-10-03 22:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-03 22:08 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-03 20:50 - 2013-10-03 21:56 - 00000000 ____D C:\Users\Joanna\Downloads\[Polskie-torrenty.pl] Starbuck up by Zbyszek2874
2013-10-03 20:49 - 2013-10-03 21:44 - 00000000 ____D C:\Users\Joanna\Downloads\Stuck in Love
2013-10-03 20:46 - 2013-10-03 21:25 - 00000000 ____D C:\Users\Joanna\Downloads\[Polskie-torrenty.pl] Swieta czworca up by Zbyszek2874
2013-10-03 20:44 - 2013-10-03 21:35 - 00000000 ____D C:\Users\Joanna\Downloads\[Polskie-torrenty.pl]Penumbra up by Zbyszek2874
2013-10-03 20:22 - 2013-10-03 20:42 - 00000000 ____D C:\Users\Joanna\Downloads\[Polskie-torrenty.pl]La Femme du Veme Zbyszek2874
2013-10-03 20:20 - 2013-10-03 20:27 - 00000000 ____D C:\Users\Joanna\Downloads\Oko w oko z tesciem
2013-10-03 20:18 - 2013-10-03 20:21 - 00000000 ____D C:\Users\Joanna\Downloads\Zauroczenie
2013-10-03 20:16 - 2013-10-03 20:18 - 00000000 ____D C:\Users\Joanna\Downloads\Wydarzylo sie w Teksasie
2013-10-03 12:47 - 2013-10-03 15:10 - 00000000 ____D C:\Users\Joanna\Downloads\[BEST-TORRENTS.NET]  The Lone Ranger
2013-09-27 10:38 - 2013-09-27 10:38 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-27 10:37 - 2013-09-27 10:38 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-27 10:37 - 2013-09-27 10:38 - 00000000 ____D C:\Program Files\iTunes
2013-09-27 10:37 - 2013-09-27 10:38 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-27 10:37 - 2013-09-27 10:37 - 00000000 ____D C:\Program Files\iPod
2013-09-27 10:29 - 2013-09-27 10:29 - 97176400 _____ (Apple Inc.) C:\Users\Joanna\Downloads\iTunes64Setup(2).exe
2013-09-18 14:59 - 2013-09-18 14:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-12 17:06 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 17:06 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 17:06 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 17:06 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 17:06 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 17:06 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 17:06 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 17:06 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 17:06 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 17:06 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 17:06 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 17:06 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 05:16 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 05:16 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 05:16 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 05:16 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 05:16 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 05:16 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 05:16 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 05:16 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 05:16 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 05:16 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 05:16 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 05:16 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 05:16 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 05:16 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 05:16 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 05:16 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 05:16 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 05:16 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 05:16 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 05:16 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 05:16 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 05:15 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 05:15 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 05:15 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 05:15 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 05:15 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 18:31 - 2013-09-11 18:32 - 00000000 ____D C:\Program Files (x86)\Varengold MetaTrader
2013-09-11 18:31 - 2013-09-11 18:31 - 00409296 _____ (MetaQuotes Software Corp.) C:\Users\Joanna\Downloads\vg4setup.exe
2013-09-11 18:31 - 2013-09-11 18:31 - 00001997 _____ C:\Users\Public\Desktop\Varengold MetaTrader.lnk
2013-09-11 18:31 - 2013-09-11 18:31 - 00000000 ____D C:\Users\Joanna\AppData\Local\Google
2013-09-11 18:31 - 2013-09-11 18:31 - 00000000 ____D C:\ProgramData\MetaQuotes

==================== One Month Modified Files and Folders =======

2013-10-04 21:24 - 2013-01-20 20:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-04 21:23 - 2013-10-04 21:23 - 00000000 ____D C:\FRST
2013-10-04 21:22 - 2013-10-04 21:22 - 00000000 _____ C:\Users\Joanna\defogger_reenable
2013-10-04 21:22 - 2013-10-04 21:16 - 00000000 ____D C:\Users\Joanna\Desktop\XXXXXXXXXXXXXX
2013-10-04 21:22 - 2013-01-20 16:46 - 00000000 ____D C:\Users\Joanna
2013-10-04 21:22 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 21:22 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 21:05 - 2013-01-20 16:29 - 01639280 _____ C:\Windows\WindowsUpdate.log
2013-10-04 20:40 - 2013-08-28 23:23 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\TS3Client
2013-10-04 19:33 - 2013-01-20 17:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-04 19:19 - 2013-02-21 14:22 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\uTorrent
2013-10-04 19:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-04 19:18 - 2009-07-14 06:51 - 00044363 _____ C:\Windows\setupact.log
2013-10-03 22:36 - 2013-10-03 22:36 - 00534389 _____ C:\Users\Joanna\Downloads\noscript_security_suite-2.6.8.1-fx_sm_fn.xpi.zip
2013-10-03 22:21 - 2013-01-20 18:04 - 00123390 _____ C:\Windows\PFRO.log
2013-10-03 22:19 - 2013-10-03 22:17 - 00005419 _____ C:\Users\Joanna\Desktop\Scann mailware.txt
2013-10-03 22:09 - 2013-10-03 22:09 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Malwarebytes
2013-10-03 22:08 - 2013-10-03 22:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Joanna\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-03 22:08 - 2013-10-03 22:08 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-03 22:08 - 2013-10-03 22:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-03 22:08 - 2013-10-03 22:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-03 21:56 - 2013-10-03 20:50 - 00000000 ____D C:\Users\Joanna\Downloads\[Polskie-torrenty.pl] Starbuck up by Zbyszek2874
2013-10-03 21:44 - 2013-10-03 20:49 - 00000000 ____D C:\Users\Joanna\Downloads\Stuck in Love
2013-10-03 21:35 - 2013-10-03 20:44 - 00000000 ____D C:\Users\Joanna\Downloads\[Polskie-torrenty.pl]Penumbra up by Zbyszek2874
2013-10-03 21:25 - 2013-10-03 20:46 - 00000000 ____D C:\Users\Joanna\Downloads\[Polskie-torrenty.pl] Swieta czworca up by Zbyszek2874
2013-10-03 20:42 - 2013-10-03 20:22 - 00000000 ____D C:\Users\Joanna\Downloads\[Polskie-torrenty.pl]La Femme du Veme Zbyszek2874
2013-10-03 20:27 - 2013-10-03 20:20 - 00000000 ____D C:\Users\Joanna\Downloads\Oko w oko z tesciem
2013-10-03 20:21 - 2013-10-03 20:18 - 00000000 ____D C:\Users\Joanna\Downloads\Zauroczenie
2013-10-03 20:18 - 2013-10-03 20:16 - 00000000 ____D C:\Users\Joanna\Downloads\Wydarzylo sie w Teksasie
2013-10-03 20:14 - 2013-02-21 14:24 - 00000000 ____D C:\Users\Joanna\Desktop\filmy
2013-10-03 15:10 - 2013-10-03 12:47 - 00000000 ____D C:\Users\Joanna\Downloads\[BEST-TORRENTS.NET]  The Lone Ranger
2013-10-03 13:05 - 2009-08-06 23:30 - 00699342 _____ C:\Windows\system32\perfh007.dat
2013-10-03 13:05 - 2009-08-06 23:30 - 00149450 _____ C:\Windows\system32\perfc007.dat
2013-10-03 13:05 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-03 10:03 - 2013-01-20 20:36 - 00000000 ____D C:\Users\Joanna\AppData\Local\PokerStars.EU
2013-10-02 10:19 - 2013-08-28 23:22 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-09-27 10:38 - 2013-09-27 10:38 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-27 10:38 - 2013-09-27 10:37 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-27 10:38 - 2013-09-27 10:37 - 00000000 ____D C:\Program Files\iTunes
2013-09-27 10:38 - 2013-09-27 10:37 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-27 10:37 - 2013-09-27 10:37 - 00000000 ____D C:\Program Files\iPod
2013-09-27 10:29 - 2013-09-27 10:29 - 97176400 _____ (Apple Inc.) C:\Users\Joanna\Downloads\iTunes64Setup(2).exe
2013-09-23 14:09 - 2013-01-20 20:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-23 14:09 - 2013-01-20 20:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-23 14:09 - 2013-01-20 20:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-23 04:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-19 22:46 - 2013-01-20 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-19 09:38 - 2013-01-20 16:51 - 00000000 ____D C:\Users\Joanna\AppData\Local\Mozilla
2013-09-18 14:59 - 2013-09-18 14:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 18:51 - 2013-01-20 16:46 - 00000000 ____D C:\Users\Joanna\AppData\Local\VirtualStore
2013-09-15 08:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 18:32 - 2013-01-20 16:46 - 00000000 ___RD C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 18:32 - 2013-01-20 16:46 - 00000000 ___RD C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 18:32 - 2009-07-14 06:45 - 00276616 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 17:05 - 2013-08-15 05:11 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 17:04 - 2013-01-21 22:06 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 19:23 - 2013-03-30 20:11 - 00000642 _____ C:\Users\Joanna\Desktop\Daten.txt
2013-09-11 18:32 - 2013-09-11 18:31 - 00000000 ____D C:\Program Files (x86)\Varengold MetaTrader
2013-09-11 18:31 - 2013-09-11 18:31 - 00409296 _____ (MetaQuotes Software Corp.) C:\Users\Joanna\Downloads\vg4setup.exe
2013-09-11 18:31 - 2013-09-11 18:31 - 00001997 _____ C:\Users\Public\Desktop\Varengold MetaTrader.lnk
2013-09-11 18:31 - 2013-09-11 18:31 - 00000000 ____D C:\Users\Joanna\AppData\Local\Google
2013-09-11 18:31 - 2013-09-11 18:31 - 00000000 ____D C:\ProgramData\MetaQuotes

Some content of TEMP:
====================
C:\Users\Joanna\AppData\Local\Temp\CommandCenterSetupSetup.exe
C:\Users\Joanna\AppData\Local\Temp\SIInvoker.exe
C:\Users\Joanna\AppData\Local\Temp\utt964E.tmp.exe
C:\Users\Joanna\AppData\Local\Temp\uttBB68.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 00:54

==================== End Of Log ============================
--- --- ---


Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-04 22:09:56
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000067 TOSHIBA_ rev.MF00 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Joanna\AppData\Local\Temp\awdiqpog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1848] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey            0000000077d5faa8 5 bytes JMP 00000001730119b0
.text  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1848] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory    0000000077d60038 5 bytes JMP 0000000173012066

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{D3032789-F10D-4C51-AFB9-9053510513FB}\Connection@Name  isatap.{8221763C-5848-486E-ACB8-F43A5A8FA6E9}
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind    \Device\{D3032789-F10D-4C51-AFB9-9053510513FB}?\Device\{1948A3B8-0F2A-418D-85C4-AE0B054DC947}?\Device\{39D7EBA9-C663-4AD4-8644-6F529FB89F0F}?
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route    "{D3032789-F10D-4C51-AFB9-9053510513FB}"?"{1948A3B8-0F2A-418D-85C4-AE0B054DC947}"?"{39D7EBA9-C663-4AD4-8644-6F529FB89F0F}"?
Reg    HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export  \Device\TCPIP6TUNNEL_{D3032789-F10D-4C51-AFB9-9053510513FB}?\Device\TCPIP6TUNNEL_{1948A3B8-0F2A-418D-85C4-AE0B054DC947}?\Device\TCPIP6TUNNEL_{39D7EBA9-C663-4AD4-8644-6F529FB89F0F}?
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\701a045a6f61                                                                 
Reg    HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{D3032789-F10D-4C51-AFB9-9053510513FB}@InterfaceName                      isatap.{8221763C-5848-486E-ACB8-F43A5A8FA6E9}
Reg    HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{D3032789-F10D-4C51-AFB9-9053510513FB}@ReusableType                        0
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\701a045a6f61 (not active ControlSet)                                             

---- EOF - GMER 2.1 ----

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.03.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Joanna :: JOANNA-PC [Administrator]

Schutz: Aktiviert

03.10.2013 22:11:17
mbam-log-2013-10-03 (22-11-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222537
Laufzeit: 7 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro.A) -> 3224 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\OPTIMIZER PRO (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Optimizer Pro (PUP.Optional.OptimizePro.A) -> Daten: C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Optimizer Pro|AdsBuyNowURL (PUP.Optional.OptimizerPro.A) -> Daten: hxxp://pcup26.pcutilitiespro.revenuewire.net/driverpro/xsell/ -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 5
C:\Program Files (x86)\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Löschen bei Neustart.
C:\Users\Joanna\AppData\Local\Temp\CT3220468 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Joanna\AppData\Local\Temp\CT3220468\xpi (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Joanna\AppData\Local\Temp\CT3220468\xpi\defaults (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Joanna\AppData\Local\Temp\CT3220468\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 22
C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PUP.Optional.OptimizePro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Joanna\Desktop\rcpsetup_softonic_sd_global.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.chm (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\file_id.diz (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\German.ini (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\HomePage.url (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\OptProGuard.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Optimizer Pro\OptProSchedule.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\OptProStart.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\OptProUninstaller.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\scan.gif (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\sqlite3.dll (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\unins000.dat (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Optimizer Pro\unins000.exe (PUP.Optional.OptimizerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Joanna\AppData\Local\Temp\CT3220468\conduit.xml (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Joanna\AppData\Local\Temp\CT3220468\CT3220468.xpi (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Joanna\AppData\Local\Temp\CT3220468\version.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Joanna\AppData\Local\Temp\CT3220468\xpi\install.rdf (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Joanna\AppData\Local\Temp\CT3220468\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Hier die Logfile und schon mal danke für die Hilfe im voraus

Loo

schrauber 04.10.2013 22:19
hi,

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

loo1977 05.10.2013 14:02
Hallo schrauber , hier die Logs

Code:
# AdwCleaner v3.006 - Bericht erstellt am 05/10/2013 um 14:31:57
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Joanna - JOANNA-PC
# Gestartet von : C:\Users\Joanna\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Windows\System32\roboot64.exe
Ordner Gefunden : C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Ordner Gefunden C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\CT3220468
Ordner Gefunden C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Smartbar
Ordner Gefunden C:\Users\Joanna\AppData\Roaming\optimizer pro
Ordner Gefunden C:\Users\Joanna\AppData\Roaming\pdfforge
Ordner Gefunden C:\Users\Joanna\AppData\Roaming\Systweak

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\smartbar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_utorrent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_utorrent_RASMANCS
Schlüssel Gefunden : HKLM\Software\systweak

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\prefs.js ]

Zeile gefunden : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM4MDg5MjI3MCwidXVpZCI6MTE4MjEzODY5MzM4NjM5LCJzZXFfaWQiOjIwMywic3NiIjoxMzYxNDc0MjczfQ==");
Zeile gefunden : user_pref("CT3220468.BT_Usage.enc", "eyJ1dWlkIjoxMTgyMTM4NjkzMzg2MzksInNlcV9pZCI6MX0=");
Zeile gefunden : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT3220468.FF19Solved", "true");
Zeile gefunden : user_pref("CT3220468.Facebook_Mode.enc", "Mg==");
Zeile gefunden : user_pref("CT3220468.Facebook_User_Locale.enc", "ZW4=");
Zeile gefunden : user_pref("CT3220468.FirstTime", "true");
Zeile gefunden : user_pref("CT3220468.FirstTimeFF3", "true");
Zeile gefunden : user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ==");
Zeile gefunden : user_pref("CT3220468.PG_ENABLE.enc", "dHJ1ZQ==");
Zeile gefunden : user_pref("CT3220468.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Zeile gefunden : user_pref("CT3220468.SF_STATUS.enc", "RU5BQkxFRA==");
Zeile gefunden : user_pref("CT3220468.SF_USER_ID.enc", "Y2lkXzk0MjAxMzU1MDExMTgxNzI5");
Zeile gefunden : user_pref("CT3220468.UserID", "UN16061574528601222");
Zeile gefunden : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Zeile gefunden : user_pref("CT3220468.autoDisableScopes", -1);
Zeile gefunden : user_pref("CT3220468.cb_experience_000.enc", "MTkx");
Zeile gefunden : user_pref("CT3220468.cb_firstuse0100.enc", "MQ==");
Zeile gefunden : user_pref("CT3220468.cb_user_id_000.enc", "Q0I3NjkwNzQwMzUxMzZfMTM2MTg5MzExMzU2N19GaXJlZm94");
Zeile gefunden : user_pref("CT3220468.cbfirsttime.enc", "VGh1IEZlYiAyMSAyMDEzIDEzOjMyOjUyIEdNVCswMTAw");
Zeile gefunden : user_pref("CT3220468.countryCode", "DE");
Zeile gefunden : user_pref("CT3220468.defaultSearch", "false");
Zeile gefunden : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Zeile gefunden : user_pref("CT3220468.enableAlerts", "always");
Zeile gefunden : user_pref("CT3220468.enableFix404ByUser", "FALSE");
Zeile gefunden : user_pref("CT3220468.enableSearchFromAddressBar", "false");
Zeile gefunden : user_pref("CT3220468.firstTimeDialogOpened", "true");
Zeile gefunden : user_pref("CT3220468.fixPageNotFoundError", "true");
Zeile gefunden : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
Zeile gefunden : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Zeile gefunden : user_pref("CT3220468.fixUrls", true);
Zeile gefunden : user_pref("CT3220468.fullUserID", "UN16061574528601222.UP.20130710203117");
Zeile gefunden : user_pref("CT3220468.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...]
Zeile gefunden : user_pref("CT3220468.hxxp___toolbar_utorrent_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsc2F2ZXJlc2l6ZWRzaXplPTAsdGl0bGViYXI9MCxjbG9zZW9uZXh0ZXJuYWxjbGljaz0xLHNhdmVsb2NhdGlvbj0wLG9wZW5wb3NpdGlvbj1vZmZ[...]
Zeile gefunden : user_pref("CT3220468.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc", "b3BlbnBvc2l0aW9uPW9mZnNldDo1MDs1MCxzYXZlbG9jYXRpb249MCxyZXNpemFibGU9bm8sc2Nyb2xsYmFycz1ubyx0aXRsZW[...]
Zeile gefunden : user_pref("CT3220468.installDate", "21/2/2013 13:31:47");
Zeile gefunden : user_pref("CT3220468.installType", "xpe");
Zeile gefunden : user_pref("CT3220468.isCheckedStartAsHidden", true);
Zeile gefunden : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
Zeile gefunden : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gefunden : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3220468&octid=CT3220468&SearchSource=15&CUI=UN16061574528601222&SSPV=&Lay=1&UM=\"}");
Zeile gefunden : user_pref("CT3220468.lastVersion", "10.20.0.513");
Zeile gefunden : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM4MDk3NjA0MDk2MQ==");
Zeile gefunden : user_pref("CT3220468.mam_gk_appState_CouponBuddy.enc", "b24=");
Zeile gefunden : user_pref("CT3220468.mam_gk_appState_PriceGong.enc", "b24=");
Zeile gefunden : user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]
Zeile gefunden : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Zeile gefunden : user_pref("CT3220468.mam_gk_calledSetupService.enc", "MQ==");
Zeile gefunden : user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiI1MDYzMmM4Zi1hNmNkLTQyMDctOWI3NC0wMzZmM2FjMjYwMWYiLCJ[...]
Zeile gefunden : user_pref("CT3220468.mam_gk_currentBadgeValue.enc", "MA==");
Zeile gefunden : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Zeile gefunden : user_pref("CT3220468.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Zeile gefunden : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");
Zeile gefunden : user_pref("CT3220468.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Zeile gefunden : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM4MDk3NjA0MTk0MQ==");
Zeile gefunden : user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50LVJpY2h0bGluaWUifSwiZ2FkZ2V0RGVzY3JpcHRpb25QcmltYXJ5Ijp7IlRleHQiOiJWYWx1ZSBBcHBzIGJlcmVpY2hlcnQgSWhy[...]
Zeile gefunden : user_pref("CT3220468.mam_gk_mamEnabled.enc", "ZmFsc2U=");
Zeile gefunden : user_pref("CT3220468.mam_gk_newApps.enc", "W10=");
Zeile gefunden : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Zeile gefunden : user_pref("CT3220468.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiREUiLCJpc1dlbGNvbWVFeHBl[...]
Zeile gefunden : user_pref("CT3220468.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiREUiLCJpc1dlbGNvbWVFeHBl[...]
Zeile gefunden : user_pref("CT3220468.mam_gk_settings1.4.3.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Zeile gefunden : user_pref("CT3220468.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTk1XzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Zeile gefunden : user_pref("CT3220468.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Zeile gefunden : user_pref("CT3220468.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Zeile gefunden : user_pref("CT3220468.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiUEwiLCJpc1dlbGNvbWVFeHBlc[...]
Zeile gefunden : user_pref("CT3220468.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiREUiLCJpc1dlbGNvbWVFeHBlc[...]
Zeile gefunden : user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Zeile gefunden : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Zeile gefunden : user_pref("CT3220468.mam_gk_userId.enc", "NDNiMTQ3MmItNzVlMC00ZWY5LTg3NmMtOTE4MjRmODUwMGRm");
Zeile gefunden : user_pref("CT3220468.mam_gk_user_approval_interacted.enc", "MQ==");
Zeile gefunden : user_pref("CT3220468.mam_gk_user_apps_selection.enc", "");
Zeile gefunden : user_pref("CT3220468.mam_gk_welcomeDialogMode.enc", "MQ==");
Zeile gefunden : user_pref("CT3220468.migrateAppsAndComponents", true);
Zeile gefunden : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.trojaner-board.de%2F142546-win-7-rechner-langsam-dauernd-fehlermeldung-keine-rueckmeldun[...]
Zeile gefunden : user_pref("CT3220468.openThankYouPage", "true");
Zeile gefunden : user_pref("CT3220468.openUninstallPage", "false");
Zeile gefunden : user_pref("CT3220468.price-gong.isManagedApp", "true");
Zeile gefunden : user_pref("CT3220468.revertSettingsEnabled", "false");
Zeile gefunden : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Zeile gefunden : user_pref("CT3220468.search.searchCount", "2");
Zeile gefunden : user_pref("CT3220468.searchInNewTabEnabledByUser", "false");
Zeile gefunden : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Zeile gefunden : user_pref("CT3220468.searchSuggestEnabledByUser", "false");
Zeile gefunden : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gefunden : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
Zeile gefunden : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
Zeile gefunden : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2 \"}");
Zeile gefunden : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_Configuration_lastUpdate", "1380892271465");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1380802199115");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1380976042827");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1380917666473");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1373381706782");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364323385809");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363176456954");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369326453149");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_login_10.16.2.509_lastUpdate", "1373381706393");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374956306589");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_login_10.16.70.505_lastUpdate", "1379188997267");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380976039256");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1380917666742");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1380892271411");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1380892269089");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_setupAPI_lastUpdate", "1363078824498");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1380917666398");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1380976042833");
Zeile gefunden : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1380892269034");
Zeile gefunden : user_pref("CT3220468.settingsINI", true);
Zeile gefunden : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Zeile gefunden : user_pref("CT3220468.showToolbarPermission", "false");
Zeile gefunden : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Zeile gefunden : user_pref("CT3220468.smartbar.Uninstall", "0");
Zeile gefunden : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Zeile gefunden : user_pref("CT3220468.startPage", "false");
Zeile gefunden : user_pref("CT3220468.toolbarBornServerTime", "21-2-2013");
Zeile gefunden : user_pref("CT3220468.toolbarCurrentServerTime", "5-10-2013");
Zeile gefunden : user_pref("CT3220468.toolbarLoginClientTime", "Wed Mar 13 2013 15:47:45 GMT+0100");
Zeile gefunden : user_pref("CT3220468.url_history0001.enc", "aHR0cDovL2ZpbGVwb255LmRlL2RsLWFIUjBjRG92TDNSb2FYTnBjM1ZrWVhndWIzSm5MMlJ2ZDI1c2IyRmtjeTlLVWxRdVpYaGwtanVua3dhcmVfcmVtb3ZhbF90b29sLTEzNjAyNzYwODgtOTU5MDExNC86[...]
Zeile gefunden : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1380976037058,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gefunden : user_pref("smartbar.machineId", "OAHAIKYNBN+RIUNBI2U59PKDI5SQ2BRP8VELA/HGGC0CGEYXD7QSEYYA9XH5QHJBB8084IBI3SIWHKW9DQIQPA");

*************************

AdwCleaner[R0].txt - [15989 octets] - [05/10/2013 14:31:57]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16050 octets] ##########

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by Joanna on 05.10.2013 at 14:38:43,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Joanna\AppData\Roaming\mozilla\firefox\profiles\h4tywhr9.default\minidumps [262 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.10.2013 at 14:46:12,24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Joanna (administrator) on JOANNA-PC on 05-10-2013 14:47:29
Running from C:\Users\Joanna\Desktop\XXXXXXXXXXXXXX
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [4620288 2013-01-20] (Broadcom Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKCU\...\Run: [uTorrent] - C:\Users\Joanna\AppData\Roaming\uTorrent\uTorrent.exe [802136 2013-05-22] (BitTorrent Inc.)
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom)
HKCU\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2013-07-18] (coolspot AG, Düsseldorf)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-20] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2039880D1DF7CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: FAIESSOHelper Class - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: toolbar - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-20] (Kaspersky Lab ZAO)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe [68760 2008-12-27] (SiSoftware)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE [33280 2013-01-20] ()

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-23] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-23] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-05 14:46 - 2013-10-05 14:46 - 00000760 _____ C:\Users\Joanna\Desktop\JRT.txt
2013-10-05 14:38 - 2013-10-05 14:38 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 14:37 - 2013-10-05 14:37 - 00016028 _____ C:\Users\Joanna\Desktop\ADWCLEANER.txt
2013-10-05 14:30 - 2013-10-05 14:33 - 00000000 ____D C:\AdwCleaner
2013-10-05 14:29 - 2013-10-05 14:29 - 01030305 _____ (Thisisu) C:\Users\Joanna\Desktop\JRT.exe
2013-10-05 14:28 - 2013-10-05 14:28 - 01045226 _____ C:\Users\Joanna\Desktop\adwcleaner.exe
2013-10-04 22:01 - 2013-10-04 22:01 - 00307984 _____ C:\Windows\Minidump\100413-18798-01.dmp
2013-10-04 22:01 - 2013-10-04 22:01 - 00000000 ____D C:\Windows\Minidump
2013-10-04 22:00 - 2013-10-04 22:00 - 546155479 _____ C:\Windows\MEMORY.DMP
2013-10-04 21:23 - 2013-10-04 21:23 - 00000000 ____D C:\FRST
2013-10-04 21:22 - 2013-10-04 21:22 - 00000000 _____ C:\Users\Joanna\defogger_reenable
2013-10-04 21:21 - 2013-10-04 21:21 - 00377856 _____ C:\Users\Joanna\Desktop\gmer_2.1.19163.exe
2013-10-04 21:16 - 2013-10-04 22:34 - 00000000 ____D C:\Users\Joanna\Desktop\XXXXXXXXXXXXXX
2013-10-03 22:36 - 2013-10-03 22:36 - 00534389 _____ C:\Users\Joanna\Downloads\noscript_security_suite-2.6.8.1-fx_sm_fn.xpi.zip
2013-10-03 22:09 - 2013-10-03 22:09 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Malwarebytes
2013-10-03 22:08 - 2013-10-03 22:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Joanna\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-03 22:08 - 2013-10-03 22:08 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-03 22:08 - 2013-10-03 22:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-03 22:08 - 2013-10-03 22:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-03 22:08 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-27 10:38 - 2013-09-27 10:38 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-27 10:37 - 2013-09-27 10:38 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-27 10:37 - 2013-09-27 10:38 - 00000000 ____D C:\Program Files\iTunes
2013-09-27 10:37 - 2013-09-27 10:38 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-27 10:37 - 2013-09-27 10:37 - 00000000 ____D C:\Program Files\iPod
2013-09-27 10:29 - 2013-09-27 10:29 - 97176400 _____ (Apple Inc.) C:\Users\Joanna\Downloads\iTunes64Setup(2).exe
2013-09-18 14:59 - 2013-09-18 14:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-12 17:06 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 17:06 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 17:06 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 17:06 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 17:06 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 17:06 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 17:06 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 17:06 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 17:06 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 17:06 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 17:06 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 17:06 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 05:16 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 05:16 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 05:16 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 05:16 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 05:16 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 05:16 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 05:16 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 05:16 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 05:16 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 05:16 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 05:16 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 05:16 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 05:16 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 05:16 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 05:16 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 05:16 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 05:16 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 05:16 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 05:16 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 05:16 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 05:16 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 05:15 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 05:15 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 05:15 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 05:15 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 05:15 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 18:31 - 2013-09-11 18:32 - 00000000 ____D C:\Program Files (x86)\Varengold MetaTrader
2013-09-11 18:31 - 2013-09-11 18:31 - 00409296 _____ (MetaQuotes Software Corp.) C:\Users\Joanna\Downloads\vg4setup.exe
2013-09-11 18:31 - 2013-09-11 18:31 - 00001997 _____ C:\Users\Public\Desktop\Varengold MetaTrader.lnk
2013-09-11 18:31 - 2013-09-11 18:31 - 00000000 ____D C:\Users\Joanna\AppData\Local\Google
2013-09-11 18:31 - 2013-09-11 18:31 - 00000000 ____D C:\ProgramData\MetaQuotes

==================== One Month Modified Files and Folders =======

2013-10-05 14:46 - 2013-10-05 14:46 - 00000760 _____ C:\Users\Joanna\Desktop\JRT.txt
2013-10-05 14:43 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-05 14:43 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 14:38 - 2013-10-05 14:38 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 14:38 - 2013-02-21 14:22 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\uTorrent
2013-10-05 14:37 - 2013-10-05 14:37 - 00016028 _____ C:\Users\Joanna\Desktop\ADWCLEANER.txt
2013-10-05 14:36 - 2013-01-20 17:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-05 14:35 - 2013-01-20 16:29 - 01663525 _____ C:\Windows\WindowsUpdate.log
2013-10-05 14:35 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-05 14:35 - 2009-07-14 06:51 - 00044587 _____ C:\Windows\setupact.log
2013-10-05 14:33 - 2013-10-05 14:30 - 00000000 ____D C:\AdwCleaner
2013-10-05 14:29 - 2013-10-05 14:29 - 01030305 _____ (Thisisu) C:\Users\Joanna\Desktop\JRT.exe
2013-10-05 14:28 - 2013-10-05 14:28 - 01045226 _____ C:\Users\Joanna\Desktop\adwcleaner.exe
2013-10-05 14:24 - 2013-01-20 20:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-05 08:21 - 2013-02-21 14:24 - 00000000 ____D C:\Users\Joanna\Desktop\filmy
2013-10-05 07:58 - 2009-08-06 23:30 - 00699342 _____ C:\Windows\system32\perfh007.dat
2013-10-05 07:58 - 2009-08-06 23:30 - 00149450 _____ C:\Windows\system32\perfc007.dat
2013-10-05 07:58 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-04 22:34 - 2013-10-04 21:16 - 00000000 ____D C:\Users\Joanna\Desktop\XXXXXXXXXXXXXX
2013-10-04 22:01 - 2013-10-04 22:01 - 00307984 _____ C:\Windows\Minidump\100413-18798-01.dmp
2013-10-04 22:01 - 2013-10-04 22:01 - 00000000 ____D C:\Windows\Minidump
2013-10-04 22:00 - 2013-10-04 22:00 - 546155479 _____ C:\Windows\MEMORY.DMP
2013-10-04 21:23 - 2013-10-04 21:23 - 00000000 ____D C:\FRST
2013-10-04 21:22 - 2013-10-04 21:22 - 00000000 _____ C:\Users\Joanna\defogger_reenable
2013-10-04 21:22 - 2013-01-20 16:46 - 00000000 ____D C:\Users\Joanna
2013-10-04 21:21 - 2013-10-04 21:21 - 00377856 _____ C:\Users\Joanna\Desktop\gmer_2.1.19163.exe
2013-10-04 20:40 - 2013-08-28 23:23 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\TS3Client
2013-10-03 22:36 - 2013-10-03 22:36 - 00534389 _____ C:\Users\Joanna\Downloads\noscript_security_suite-2.6.8.1-fx_sm_fn.xpi.zip
2013-10-03 22:21 - 2013-01-20 18:04 - 00123390 _____ C:\Windows\PFRO.log
2013-10-03 22:09 - 2013-10-03 22:09 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Malwarebytes
2013-10-03 22:08 - 2013-10-03 22:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Joanna\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-03 22:08 - 2013-10-03 22:08 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-03 22:08 - 2013-10-03 22:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-03 22:08 - 2013-10-03 22:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-03 10:03 - 2013-01-20 20:36 - 00000000 ____D C:\Users\Joanna\AppData\Local\PokerStars.EU
2013-10-02 10:19 - 2013-08-28 23:22 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-09-27 10:38 - 2013-09-27 10:38 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-27 10:38 - 2013-09-27 10:37 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-27 10:38 - 2013-09-27 10:37 - 00000000 ____D C:\Program Files\iTunes
2013-09-27 10:38 - 2013-09-27 10:37 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-27 10:37 - 2013-09-27 10:37 - 00000000 ____D C:\Program Files\iPod
2013-09-27 10:29 - 2013-09-27 10:29 - 97176400 _____ (Apple Inc.) C:\Users\Joanna\Downloads\iTunes64Setup(2).exe
2013-09-23 14:09 - 2013-01-20 20:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-23 14:09 - 2013-01-20 20:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-23 14:09 - 2013-01-20 20:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-23 04:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-19 22:46 - 2013-01-20 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-19 09:38 - 2013-01-20 16:51 - 00000000 ____D C:\Users\Joanna\AppData\Local\Mozilla
2013-09-18 14:59 - 2013-09-18 14:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 18:51 - 2013-01-20 16:46 - 00000000 ____D C:\Users\Joanna\AppData\Local\VirtualStore
2013-09-15 08:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 18:32 - 2013-01-20 16:46 - 00000000 ___RD C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 18:32 - 2013-01-20 16:46 - 00000000 ___RD C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 18:32 - 2009-07-14 06:45 - 00276616 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 17:05 - 2013-08-15 05:11 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 17:04 - 2013-01-21 22:06 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 19:23 - 2013-03-30 20:11 - 00000642 _____ C:\Users\Joanna\Desktop\Daten.txt
2013-09-11 18:32 - 2013-09-11 18:31 - 00000000 ____D C:\Program Files (x86)\Varengold MetaTrader
2013-09-11 18:31 - 2013-09-11 18:31 - 00409296 _____ (MetaQuotes Software Corp.) C:\Users\Joanna\Downloads\vg4setup.exe
2013-09-11 18:31 - 2013-09-11 18:31 - 00001997 _____ C:\Users\Public\Desktop\Varengold MetaTrader.lnk
2013-09-11 18:31 - 2013-09-11 18:31 - 00000000 ____D C:\Users\Joanna\AppData\Local\Google
2013-09-11 18:31 - 2013-09-11 18:31 - 00000000 ____D C:\ProgramData\MetaQuotes

Some content of TEMP:
====================
C:\Users\Joanna\AppData\Local\Temp\CommandCenterSetupSetup.exe
C:\Users\Joanna\AppData\Local\Temp\Quarantine.exe
C:\Users\Joanna\AppData\Local\Temp\SIInvoker.exe
C:\Users\Joanna\AppData\Local\Temp\utt964E.tmp.exe
C:\Users\Joanna\AppData\Local\Temp\uttBB68.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 00:54

==================== End Of Log ============================
--- --- ---

schrauber 05.10.2013 19:38

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

loo1977 05.10.2013 21:27
Hallo schrauber
Rechner läuft wieder wesentlich besser als vorher noch mal DANKE .du hast mich gerettet Freundin ist auch glücklich das ihr PC wieder richtig funktioniert. und hier die Logs

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3d6f99135dc5034885dfa179e70f8c0e
# engine=15371
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-05 08:00:13
# local_time=2013-10-05 10:00:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777213 100 98 26655 35769535 0 0
# compatibility_mode=5893 16776573 100 94 25926 132633063 0 0
# scanned=196168
# found=0
# cleaned=0
# scan_time=4203
Code:
Results of screen317's Security Check version 0.99.74 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
Kaspersky Internet Security 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java 7 Update 17 
 Java version out of Date!
 Adobe Flash Player 11.8.800.168 
 Adobe Reader XI 
 Mozilla Firefox (24.0)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe 
 Kaspersky Lab Kaspersky Internet Security 2013 avp.exe 
 Kaspersky Lab Kaspersky Internet Security 2013 x64 wmi64.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Joanna (administrator) on JOANNA-PC on 05-10-2013 22:16:32
Running from C:\Users\Joanna\Desktop\XXXXXXXXXXXXXX
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\STacSV64.exe
() C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Joanna\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\system32\consent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [4620288 2013-01-20] (Broadcom Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKCU\...\Run: [uTorrent] - C:\Users\Joanna\AppData\Roaming\uTorrent\uTorrent.exe [802136 2013-05-22] (BitTorrent Inc.)
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom)
HKCU\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2013-07-18] (coolspot AG, Düsseldorf)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-20] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2039880D1DF7CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: FAIESSOHelper Class - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: toolbar - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-20] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe [68760 2008-12-27] (SiSoftware)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE [33280 2013-01-20] ()

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-23] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-05 20:45 - 2013-10-05 20:45 - 00891167 _____ C:\Users\Joanna\Desktop\SecurityCheck.exe
2013-10-05 20:44 - 2013-10-05 20:44 - 02347384 _____ (ESET) C:\Users\Joanna\Desktop\esetsmartinstaller_enu.exe
2013-10-05 16:55 - 2013-10-05 17:44 - 00000000 ____D C:\Users\Joanna\Downloads\Dark.Touch.2013.PLSUBBED.WEB-DL.XviD-GHW.avi
2013-10-05 16:53 - 2013-10-05 18:23 - 733943808 ____R C:\Users\Joanna\Downloads\Sisters.2006.PL.DVDRip.XviD.avi
2013-10-05 16:52 - 2013-10-05 17:39 - 00000000 ____D C:\Users\Joanna\Downloads\[BEST-TORRENTS.NET]  Byl sobie dzieciak
2013-10-05 14:46 - 2013-10-05 14:46 - 00000760 _____ C:\Users\Joanna\Desktop\JRT.txt
2013-10-05 14:38 - 2013-10-05 14:38 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 14:37 - 2013-10-05 14:37 - 00016028 _____ C:\Users\Joanna\Desktop\ADWCLEANER.txt
2013-10-05 14:30 - 2013-10-05 14:33 - 00000000 ____D C:\AdwCleaner
2013-10-05 14:29 - 2013-10-05 14:29 - 01030305 _____ (Thisisu) C:\Users\Joanna\Desktop\JRT.exe
2013-10-05 14:28 - 2013-10-05 14:28 - 01045226 _____ C:\Users\Joanna\Desktop\adwcleaner.exe
2013-10-04 22:01 - 2013-10-04 22:01 - 00307984 _____ C:\Windows\Minidump\100413-18798-01.dmp
2013-10-04 22:01 - 2013-10-04 22:01 - 00000000 ____D C:\Windows\Minidump
2013-10-04 22:00 - 2013-10-04 22:00 - 546155479 _____ C:\Windows\MEMORY.DMP
2013-10-04 21:23 - 2013-10-04 21:23 - 00000000 ____D C:\FRST
2013-10-04 21:22 - 2013-10-04 21:22 - 00000000 _____ C:\Users\Joanna\defogger_reenable
2013-10-04 21:21 - 2013-10-04 21:21 - 00377856 _____ C:\Users\Joanna\Desktop\gmer_2.1.19163.exe
2013-10-04 21:16 - 2013-10-05 22:16 - 00000000 ____D C:\Users\Joanna\Desktop\XXXXXXXXXXXXXX
2013-10-03 22:36 - 2013-10-03 22:36 - 00534389 _____ C:\Users\Joanna\Downloads\noscript_security_suite-2.6.8.1-fx_sm_fn.xpi.zip
2013-10-03 22:09 - 2013-10-03 22:09 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Malwarebytes
2013-10-03 22:08 - 2013-10-03 22:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Joanna\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-03 22:08 - 2013-10-03 22:08 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-03 22:08 - 2013-10-03 22:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-03 22:08 - 2013-10-03 22:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-03 22:08 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-27 10:38 - 2013-09-27 10:38 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-27 10:37 - 2013-09-27 10:38 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-27 10:37 - 2013-09-27 10:38 - 00000000 ____D C:\Program Files\iTunes
2013-09-27 10:37 - 2013-09-27 10:38 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-27 10:37 - 2013-09-27 10:37 - 00000000 ____D C:\Program Files\iPod
2013-09-27 10:29 - 2013-09-27 10:29 - 97176400 _____ (Apple Inc.) C:\Users\Joanna\Downloads\iTunes64Setup(2).exe
2013-09-18 14:59 - 2013-09-18 14:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-12 17:06 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 17:06 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 17:06 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 17:06 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 17:06 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 17:06 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 17:06 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 17:06 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 17:06 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 17:06 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 17:06 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 17:06 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 05:16 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 05:16 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 05:16 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 05:16 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 05:16 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 05:16 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 05:16 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 05:16 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 05:16 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 05:16 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 05:16 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 05:16 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 05:16 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 05:16 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 05:16 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 05:16 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 05:16 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 05:16 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 05:16 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 05:16 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 05:16 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 05:15 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 05:15 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 05:15 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 05:15 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 05:15 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 18:31 - 2013-09-11 18:32 - 00000000 ____D C:\Program Files (x86)\Varengold MetaTrader
2013-09-11 18:31 - 2013-09-11 18:31 - 00409296 _____ (MetaQuotes Software Corp.) C:\Users\Joanna\Downloads\vg4setup.exe
2013-09-11 18:31 - 2013-09-11 18:31 - 00001997 _____ C:\Users\Public\Desktop\Varengold MetaTrader.lnk
2013-09-11 18:31 - 2013-09-11 18:31 - 00000000 ____D C:\Users\Joanna\AppData\Local\Google
2013-09-11 18:31 - 2013-09-11 18:31 - 00000000 ____D C:\ProgramData\MetaQuotes

==================== One Month Modified Files and Folders =======

2013-10-05 22:16 - 2013-10-04 21:16 - 00000000 ____D C:\Users\Joanna\Desktop\XXXXXXXXXXXXXX
2013-10-05 22:15 - 2009-08-06 23:30 - 00699342 _____ C:\Windows\system32\perfh007.dat
2013-10-05 22:15 - 2009-08-06 23:30 - 00149450 _____ C:\Windows\system32\perfc007.dat
2013-10-05 22:15 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-05 22:15 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-05 22:15 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 22:12 - 2013-01-20 16:29 - 01670495 _____ C:\Windows\WindowsUpdate.log
2013-10-05 22:09 - 2013-02-21 14:22 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\uTorrent
2013-10-05 22:09 - 2013-01-20 17:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-05 22:08 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-05 22:08 - 2009-07-14 06:51 - 00044643 _____ C:\Windows\setupact.log
2013-10-05 21:24 - 2013-01-20 20:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-05 20:45 - 2013-10-05 20:45 - 00891167 _____ C:\Users\Joanna\Desktop\SecurityCheck.exe
2013-10-05 20:44 - 2013-10-05 20:44 - 02347384 _____ (ESET) C:\Users\Joanna\Desktop\esetsmartinstaller_enu.exe
2013-10-05 18:23 - 2013-10-05 16:53 - 733943808 ____R C:\Users\Joanna\Downloads\Sisters.2006.PL.DVDRip.XviD.avi
2013-10-05 17:44 - 2013-10-05 16:55 - 00000000 ____D C:\Users\Joanna\Downloads\Dark.Touch.2013.PLSUBBED.WEB-DL.XviD-GHW.avi
2013-10-05 17:39 - 2013-10-05 16:52 - 00000000 ____D C:\Users\Joanna\Downloads\[BEST-TORRENTS.NET]  Byl sobie dzieciak
2013-10-05 14:46 - 2013-10-05 14:46 - 00000760 _____ C:\Users\Joanna\Desktop\JRT.txt
2013-10-05 14:38 - 2013-10-05 14:38 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 14:37 - 2013-10-05 14:37 - 00016028 _____ C:\Users\Joanna\Desktop\ADWCLEANER.txt
2013-10-05 14:33 - 2013-10-05 14:30 - 00000000 ____D C:\AdwCleaner
2013-10-05 14:29 - 2013-10-05 14:29 - 01030305 _____ (Thisisu) C:\Users\Joanna\Desktop\JRT.exe
2013-10-05 14:28 - 2013-10-05 14:28 - 01045226 _____ C:\Users\Joanna\Desktop\adwcleaner.exe
2013-10-05 08:21 - 2013-02-21 14:24 - 00000000 ____D C:\Users\Joanna\Desktop\filmy
2013-10-04 22:01 - 2013-10-04 22:01 - 00307984 _____ C:\Windows\Minidump\100413-18798-01.dmp
2013-10-04 22:01 - 2013-10-04 22:01 - 00000000 ____D C:\Windows\Minidump
2013-10-04 22:00 - 2013-10-04 22:00 - 546155479 _____ C:\Windows\MEMORY.DMP
2013-10-04 21:23 - 2013-10-04 21:23 - 00000000 ____D C:\FRST
2013-10-04 21:22 - 2013-10-04 21:22 - 00000000 _____ C:\Users\Joanna\defogger_reenable
2013-10-04 21:22 - 2013-01-20 16:46 - 00000000 ____D C:\Users\Joanna
2013-10-04 21:21 - 2013-10-04 21:21 - 00377856 _____ C:\Users\Joanna\Desktop\gmer_2.1.19163.exe
2013-10-04 20:40 - 2013-08-28 23:23 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\TS3Client
2013-10-03 22:36 - 2013-10-03 22:36 - 00534389 _____ C:\Users\Joanna\Downloads\noscript_security_suite-2.6.8.1-fx_sm_fn.xpi.zip
2013-10-03 22:21 - 2013-01-20 18:04 - 00123390 _____ C:\Windows\PFRO.log
2013-10-03 22:09 - 2013-10-03 22:09 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Malwarebytes
2013-10-03 22:08 - 2013-10-03 22:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Joanna\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-03 22:08 - 2013-10-03 22:08 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-03 22:08 - 2013-10-03 22:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-03 22:08 - 2013-10-03 22:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-03 10:03 - 2013-01-20 20:36 - 00000000 ____D C:\Users\Joanna\AppData\Local\PokerStars.EU
2013-10-02 10:19 - 2013-08-28 23:22 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-09-27 10:38 - 2013-09-27 10:38 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-27 10:38 - 2013-09-27 10:37 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-27 10:38 - 2013-09-27 10:37 - 00000000 ____D C:\Program Files\iTunes
2013-09-27 10:38 - 2013-09-27 10:37 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-27 10:37 - 2013-09-27 10:37 - 00000000 ____D C:\Program Files\iPod
2013-09-27 10:29 - 2013-09-27 10:29 - 97176400 _____ (Apple Inc.) C:\Users\Joanna\Downloads\iTunes64Setup(2).exe
2013-09-23 14:09 - 2013-01-20 20:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-23 14:09 - 2013-01-20 20:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-23 14:09 - 2013-01-20 20:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-23 04:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-19 22:46 - 2013-01-20 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-19 09:38 - 2013-01-20 16:51 - 00000000 ____D C:\Users\Joanna\AppData\Local\Mozilla
2013-09-18 14:59 - 2013-09-18 14:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 18:51 - 2013-01-20 16:46 - 00000000 ____D C:\Users\Joanna\AppData\Local\VirtualStore
2013-09-15 08:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 18:32 - 2013-01-20 16:46 - 00000000 ___RD C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 18:32 - 2013-01-20 16:46 - 00000000 ___RD C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 18:32 - 2009-07-14 06:45 - 00276616 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 17:05 - 2013-08-15 05:11 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 17:04 - 2013-01-21 22:06 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 19:23 - 2013-03-30 20:11 - 00000642 _____ C:\Users\Joanna\Desktop\Daten.txt
2013-09-11 18:32 - 2013-09-11 18:31 - 00000000 ____D C:\Program Files (x86)\Varengold MetaTrader
2013-09-11 18:31 - 2013-09-11 18:31 - 00409296 _____ (MetaQuotes Software Corp.) C:\Users\Joanna\Downloads\vg4setup.exe
2013-09-11 18:31 - 2013-09-11 18:31 - 00001997 _____ C:\Users\Public\Desktop\Varengold MetaTrader.lnk
2013-09-11 18:31 - 2013-09-11 18:31 - 00000000 ____D C:\Users\Joanna\AppData\Local\Google
2013-09-11 18:31 - 2013-09-11 18:31 - 00000000 ____D C:\ProgramData\MetaQuotes

Some content of TEMP:
====================
C:\Users\Joanna\AppData\Local\Temp\CommandCenterSetupSetup.exe
C:\Users\Joanna\AppData\Local\Temp\Quarantine.exe
C:\Users\Joanna\AppData\Local\Temp\SIInvoker.exe
C:\Users\Joanna\AppData\Local\Temp\utt964E.tmp.exe
C:\Users\Joanna\AppData\Local\Temp\uttBB68.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-05 15:21

==================== End Of Log ============================
--- --- ---

schrauber 06.10.2013 16:18
Java updaten.

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



loo1977 06.10.2013 17:31
Hi

Java ist geupdate

Code:
Farbar Service Scanner Version: 13-09-2013
Ran by Joanna (administrator) on 06-10-2013 at 18:28:02
Running from "C:\Users\Joanna\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

schrauber 07.10.2013 08:21
Fertig :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

loo1977 07.10.2013 11:50
Danke für die ganzen tipps . Rechner geht auf jeden fall besser auch wen noch ab und zu der fehler kommt. aber nicht mehr so oft .

schrauber 08.10.2013 07:17
Wann genau kommt er?

loo1977 09.10.2013 00:08
Meistens wen ich mit Fierfox im Internet online spiele wie Command and Conquer oder auch wen ich normale Seiten schaue. Aber im Moment komm ich auch nicht so oft wegen Arbeit an den Rechner das ich genauere angaben machen kann. in 2 tagen nutze ich den Rechner öfters dann kann ich das Problem besser beschreiben.
Hab hier noch mal einen neuen FRST und Malwarebytes Anti-Malware log


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Joanna (administrator) on JOANNA-PC on 09-10-2013 00:49:59
Running from C:\Users\Joanna\Desktop\XXXXXXXXXXXXXX
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\STacSV64.exe
() C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(BitTorrent Inc.) C:\Users\Joanna\AppData\Roaming\uTorrent\uTorrent.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [4620288 2013-01-20] (Broadcom Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKCU\...\Run: [uTorrent] - C:\Users\Joanna\AppData\Roaming\uTorrent\uTorrent.exe [802136 2013-05-22] (BitTorrent Inc.)
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom)
HKCU\...\Run: [Personal ID] - C:\Program Files (x86)\coolspot AG\Personal ID\pid.exe [1132984 2013-07-18] (coolspot AG, Düsseldorf)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-24] (BillP Studios)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-20] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2039880D1DF7CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: FAIESSOHelper Class - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: toolbar - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h4tywhr9.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-20] (Kaspersky Lab ZAO)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\RpcAgentSrv.exe [68760 2008-12-27] (SiSoftware)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4aa689b67feb46b2\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE [33280 2013-01-20] ()

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-23] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-23] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-08 23:24 - 2013-10-09 00:25 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-10-07 12:31 - 2013-10-07 12:31 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\WinPatrol
2013-10-07 12:31 - 2013-10-07 12:31 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-07 12:31 - 2013-10-07 12:31 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-10-07 11:55 - 2013-10-07 11:57 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-10-07 11:55 - 2013-10-07 11:55 - 00001083 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-10-07 11:55 - 2013-10-07 11:55 - 00000000 ____D C:\ProgramData\Licenses
2013-10-07 11:55 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2013-10-07 11:52 - 2013-10-07 12:30 - 00000000 ____D C:\Schutz
2013-10-06 18:46 - 2013-10-06 18:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-06 18:46 - 2013-10-06 18:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-06 18:46 - 2013-10-06 18:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-06 18:46 - 2013-10-06 18:46 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-06 18:46 - 2013-10-06 18:46 - 00000000 ____D C:\ProgramData\Oracle
2013-10-06 18:28 - 2013-10-06 18:28 - 00002221 _____ C:\Users\Joanna\Desktop\FSS.txt
2013-10-06 18:26 - 2013-10-06 18:26 - 00358923 _____ (Farbar) C:\Users\Joanna\Desktop\FSS.exe
2013-10-05 20:45 - 2013-10-05 20:45 - 00891167 _____ C:\Users\Joanna\Desktop\SecurityCheck.exe
2013-10-05 20:44 - 2013-10-05 20:44 - 02347384 _____ (ESET) C:\Users\Joanna\Desktop\esetsmartinstaller_enu.exe
2013-10-05 14:46 - 2013-10-05 14:46 - 00000760 _____ C:\Users\Joanna\Desktop\JRT.txt
2013-10-05 14:38 - 2013-10-05 14:38 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 14:37 - 2013-10-05 14:37 - 00016028 _____ C:\Users\Joanna\Desktop\ADWCLEANER.txt
2013-10-05 14:30 - 2013-10-05 14:33 - 00000000 ____D C:\AdwCleaner
2013-10-05 14:29 - 2013-10-05 14:29 - 01030305 _____ (Thisisu) C:\Users\Joanna\Desktop\JRT.exe
2013-10-05 14:28 - 2013-10-05 14:28 - 01045226 _____ C:\Users\Joanna\Desktop\adwcleaner.exe
2013-10-04 22:01 - 2013-10-04 22:01 - 00307984 _____ C:\Windows\Minidump\100413-18798-01.dmp
2013-10-04 22:01 - 2013-10-04 22:01 - 00000000 ____D C:\Windows\Minidump
2013-10-04 22:00 - 2013-10-04 22:00 - 546155479 _____ C:\Windows\MEMORY.DMP
2013-10-04 21:23 - 2013-10-04 21:23 - 00000000 ____D C:\FRST
2013-10-04 21:22 - 2013-10-04 21:22 - 00000000 _____ C:\Users\Joanna\defogger_reenable
2013-10-04 21:21 - 2013-10-04 21:21 - 00377856 _____ C:\Users\Joanna\Desktop\gmer_2.1.19163.exe
2013-10-04 21:16 - 2013-10-09 00:49 - 00000000 ____D C:\Users\Joanna\Desktop\XXXXXXXXXXXXXX
2013-10-03 22:36 - 2013-10-03 22:36 - 00534389 _____ C:\Users\Joanna\Downloads\noscript_security_suite-2.6.8.1-fx_sm_fn.xpi.zip
2013-10-03 22:09 - 2013-10-03 22:09 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Malwarebytes
2013-10-03 22:08 - 2013-10-03 22:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Joanna\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-03 22:08 - 2013-10-03 22:08 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-03 22:08 - 2013-10-03 22:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-03 22:08 - 2013-10-03 22:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-03 22:08 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-27 10:38 - 2013-09-27 10:38 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-27 10:37 - 2013-09-27 10:38 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-27 10:37 - 2013-09-27 10:38 - 00000000 ____D C:\Program Files\iTunes
2013-09-27 10:37 - 2013-09-27 10:38 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-27 10:37 - 2013-09-27 10:37 - 00000000 ____D C:\Program Files\iPod
2013-09-27 10:29 - 2013-09-27 10:29 - 97176400 _____ (Apple Inc.) C:\Users\Joanna\Downloads\iTunes64Setup(2).exe
2013-09-18 14:59 - 2013-09-18 14:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-12 17:06 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 17:06 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 17:06 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 17:06 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 17:06 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 17:06 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 17:06 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 17:06 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 17:06 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 17:06 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 17:06 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 17:06 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 17:06 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 17:06 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 05:16 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 05:16 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 05:16 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 05:16 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 05:16 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 05:16 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 05:16 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 05:16 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 05:16 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 05:16 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 05:16 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 05:16 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 05:16 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 05:16 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 05:16 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 05:16 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 05:16 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 05:16 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 05:16 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 05:16 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 05:16 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 05:16 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 05:15 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 05:15 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 05:15 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 05:15 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 05:15 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-11 18:31 - 2013-09-11 18:32 - 00000000 ____D C:\Program Files (x86)\Varengold MetaTrader
2013-09-11 18:31 - 2013-09-11 18:31 - 00409296 _____ (MetaQuotes Software Corp.) C:\Users\Joanna\Downloads\vg4setup.exe
2013-09-11 18:31 - 2013-09-11 18:31 - 00001997 _____ C:\Users\Public\Desktop\Varengold MetaTrader.lnk
2013-09-11 18:31 - 2013-09-11 18:31 - 00000000 ____D C:\Users\Joanna\AppData\Local\Google
2013-09-11 18:31 - 2013-09-11 18:31 - 00000000 ____D C:\ProgramData\MetaQuotes

==================== One Month Modified Files and Folders =======

2013-10-09 00:49 - 2013-10-04 21:16 - 00000000 ____D C:\Users\Joanna\Desktop\XXXXXXXXXXXXXX
2013-10-09 00:47 - 2013-02-21 14:22 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\uTorrent
2013-10-09 00:32 - 2013-01-20 17:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-10-09 00:25 - 2013-10-08 23:24 - 17813896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-10-09 00:25 - 2013-01-20 20:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 00:25 - 2013-01-20 20:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 00:25 - 2013-01-20 20:21 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-09 00:25 - 2013-01-20 20:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-08 23:20 - 2013-01-20 16:29 - 01756559 _____ C:\Windows\WindowsUpdate.log
2013-10-08 17:35 - 2013-02-21 14:24 - 00000000 ____D C:\Users\Joanna\Desktop\filmy
2013-10-08 17:03 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-08 17:03 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-08 17:02 - 2009-08-06 23:30 - 00699342 _____ C:\Windows\system32\perfh007.dat
2013-10-08 17:02 - 2009-08-06 23:30 - 00149450 _____ C:\Windows\system32\perfc007.dat
2013-10-08 17:02 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-08 16:55 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-08 16:55 - 2009-07-14 06:51 - 00045035 _____ C:\Windows\setupact.log
2013-10-07 12:58 - 2013-01-20 18:04 - 00123738 _____ C:\Windows\PFRO.log
2013-10-07 12:50 - 2013-08-28 23:23 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\TS3Client
2013-10-07 12:31 - 2013-10-07 12:31 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\WinPatrol
2013-10-07 12:31 - 2013-10-07 12:31 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-07 12:31 - 2013-10-07 12:31 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-10-07 12:30 - 2013-10-07 11:52 - 00000000 ____D C:\Schutz
2013-10-07 11:57 - 2013-10-07 11:55 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-10-07 11:55 - 2013-10-07 11:55 - 00001083 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2013-10-07 11:55 - 2013-10-07 11:55 - 00000000 ____D C:\ProgramData\Licenses
2013-10-06 18:46 - 2013-10-06 18:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-06 18:46 - 2013-10-06 18:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-06 18:46 - 2013-10-06 18:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-06 18:46 - 2013-10-06 18:46 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-06 18:46 - 2013-10-06 18:46 - 00000000 ____D C:\ProgramData\Oracle
2013-10-06 18:46 - 2013-02-21 15:14 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-10-06 18:46 - 2013-02-21 15:14 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-06 18:28 - 2013-10-06 18:28 - 00002221 _____ C:\Users\Joanna\Desktop\FSS.txt
2013-10-06 18:26 - 2013-10-06 18:26 - 00358923 _____ (Farbar) C:\Users\Joanna\Desktop\FSS.exe
2013-10-05 20:45 - 2013-10-05 20:45 - 00891167 _____ C:\Users\Joanna\Desktop\SecurityCheck.exe
2013-10-05 20:44 - 2013-10-05 20:44 - 02347384 _____ (ESET) C:\Users\Joanna\Desktop\esetsmartinstaller_enu.exe
2013-10-05 14:46 - 2013-10-05 14:46 - 00000760 _____ C:\Users\Joanna\Desktop\JRT.txt
2013-10-05 14:38 - 2013-10-05 14:38 - 00000000 ____D C:\Windows\ERUNT
2013-10-05 14:37 - 2013-10-05 14:37 - 00016028 _____ C:\Users\Joanna\Desktop\ADWCLEANER.txt
2013-10-05 14:33 - 2013-10-05 14:30 - 00000000 ____D C:\AdwCleaner
2013-10-05 14:29 - 2013-10-05 14:29 - 01030305 _____ (Thisisu) C:\Users\Joanna\Desktop\JRT.exe
2013-10-05 14:28 - 2013-10-05 14:28 - 01045226 _____ C:\Users\Joanna\Desktop\adwcleaner.exe
2013-10-04 22:01 - 2013-10-04 22:01 - 00307984 _____ C:\Windows\Minidump\100413-18798-01.dmp
2013-10-04 22:01 - 2013-10-04 22:01 - 00000000 ____D C:\Windows\Minidump
2013-10-04 22:00 - 2013-10-04 22:00 - 546155479 _____ C:\Windows\MEMORY.DMP
2013-10-04 21:23 - 2013-10-04 21:23 - 00000000 ____D C:\FRST
2013-10-04 21:22 - 2013-10-04 21:22 - 00000000 _____ C:\Users\Joanna\defogger_reenable
2013-10-04 21:22 - 2013-01-20 16:46 - 00000000 ____D C:\Users\Joanna
2013-10-04 21:21 - 2013-10-04 21:21 - 00377856 _____ C:\Users\Joanna\Desktop\gmer_2.1.19163.exe
2013-10-03 22:36 - 2013-10-03 22:36 - 00534389 _____ C:\Users\Joanna\Downloads\noscript_security_suite-2.6.8.1-fx_sm_fn.xpi.zip
2013-10-03 22:09 - 2013-10-03 22:09 - 00000000 ____D C:\Users\Joanna\AppData\Roaming\Malwarebytes
2013-10-03 22:08 - 2013-10-03 22:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Joanna\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-03 22:08 - 2013-10-03 22:08 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-03 22:08 - 2013-10-03 22:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-03 22:08 - 2013-10-03 22:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-03 10:03 - 2013-01-20 20:36 - 00000000 ____D C:\Users\Joanna\AppData\Local\PokerStars.EU
2013-10-02 10:19 - 2013-08-28 23:22 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2013-09-27 10:38 - 2013-09-27 10:38 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-27 10:38 - 2013-09-27 10:37 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-27 10:38 - 2013-09-27 10:37 - 00000000 ____D C:\Program Files\iTunes
2013-09-27 10:38 - 2013-09-27 10:37 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-27 10:37 - 2013-09-27 10:37 - 00000000 ____D C:\Program Files\iPod
2013-09-27 10:29 - 2013-09-27 10:29 - 97176400 _____ (Apple Inc.) C:\Users\Joanna\Downloads\iTunes64Setup(2).exe
2013-09-23 04:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-09-19 22:46 - 2013-01-20 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-19 09:38 - 2013-01-20 16:51 - 00000000 ____D C:\Users\Joanna\AppData\Local\Mozilla
2013-09-18 14:59 - 2013-09-18 14:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-17 18:51 - 2013-01-20 16:46 - 00000000 ____D C:\Users\Joanna\AppData\Local\VirtualStore
2013-09-15 08:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 18:32 - 2013-01-20 16:46 - 00000000 ___RD C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 18:32 - 2013-01-20 16:46 - 00000000 ___RD C:\Users\Joanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 18:32 - 2009-07-14 06:45 - 00276616 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 17:05 - 2013-08-15 05:11 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 17:04 - 2013-01-21 22:06 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 19:23 - 2013-03-30 20:11 - 00000642 _____ C:\Users\Joanna\Desktop\Daten.txt
2013-09-11 18:32 - 2013-09-11 18:31 - 00000000 ____D C:\Program Files (x86)\Varengold MetaTrader
2013-09-11 18:31 - 2013-09-11 18:31 - 00409296 _____ (MetaQuotes Software Corp.) C:\Users\Joanna\Downloads\vg4setup.exe
2013-09-11 18:31 - 2013-09-11 18:31 - 00001997 _____ C:\Users\Public\Desktop\Varengold MetaTrader.lnk
2013-09-11 18:31 - 2013-09-11 18:31 - 00000000 ____D C:\Users\Joanna\AppData\Local\Google
2013-09-11 18:31 - 2013-09-11 18:31 - 00000000 ____D C:\ProgramData\MetaQuotes

Some content of TEMP:
====================
C:\Users\Joanna\AppData\Local\Temp\CommandCenterSetupSetup.exe
C:\Users\Joanna\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Joanna\AppData\Local\Temp\Quarantine.exe
C:\Users\Joanna\AppData\Local\Temp\SIInvoker.exe
C:\Users\Joanna\AppData\Local\Temp\utt24B1.tmp.exe
C:\Users\Joanna\AppData\Local\Temp\utt964E.tmp.exe
C:\Users\Joanna\AppData\Local\Temp\uttBB68.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-05 15:21

==================== End Of Log ============================
--- --- ---


Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.08.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Joanna :: JOANNA-PC [Administrator]

Schutz: Aktiviert

08.10.2013 23:53:38
mbam-log-2013-10-08 (23-53-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 381565
Laufzeit: 55 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
PS: Wenn der Fehler kommt dauert der einfriere Bildschirm (weiß) länger als vorher

schrauber 09.10.2013 08:53
Ok, teste mal ausgiebig und versuch es einzugrenzen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131