Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ständig poppt Werbung auf bei Benutzung von Firefox (https://www.trojaner-board.de/137959-staendig-poppt-werbung-benutzung-firefox.html)

schlumpf09 09.07.2013 16:37
Ständig poppt Werbung auf bei Benutzung von Firefox
 
Hallo zusammen,

seit ca 1 Woche stelle ich fest, dass Werbepoppups bei der Nutzung von Firefox auftreten. Bei der Nutzung von MS IE habe ich das nicht. Mein Virenscanner Kapersky zeigt keine Fehler oder Vierenmeldung an. Zusätzlich nutze ich CCleaner aber auch das hat keine Abhilfe geschaffen. Da ich nicht weiss, was ich noch machen kann, hoffe ich ihr könnt mir helfen.

Nach den Anweisungen habe ich den Defogger heruntergeladen und ausgeführt. Ein Neustart war nicht notwendig.

Ich habe auch OTL heruntergeladen und ausgeführt allerdings auch nachdem ich alle Programme geschlossen habe (einschliesslich Kapersky) hat sich OTL immer beim scannen von Firfox aufgehängt...

Ich lebe in Frankreich und habe einen franz. Rechner weshalb die o.a. Tools alle auf französisch laufen, ich hoffe das macht nix aus :stirn:

anbei ein paar links die bei mir aufpoppen:
hxxp://ad.yieldmanager.com/st?ad_type=iframe&ad_size=800x440&section=2922708&pub_url=${PUB_URL}

hxxp://www.prizee.com/fr/inscription/prestataire?landing=101&ptn=1349&t2c=a0aa34f36a40968e5a41f1709d3d2f401fb4&utm_source=771-1&utm_medium=366&utm_campaign=11744&utm_term=771&utm_content=13459&subid=wii_electronics

schrauber 09.07.2013 16:39
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


schlumpf09 09.07.2013 17:14
So sorry hat ein wenig gedauert hoffe es ist ok so:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013 01
Ran by Système on 09-07-2013 18:06:11
Running from G:\
Windows 7 Home Premium (X64) OS Language: French Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE [x]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2008-07-08] (Analog Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [206448 2012-10-31] (Kaspersky Lab ZAO)
HKU\Admin\...\Policies\system: [LogonHoursAction] 2
HKU\Admin\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)

==================== Services (Whitelisted) =================

S4 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [109056 2008-05-28] (Andrea Electronics Corporation)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
S4 EFUploadSrv; C:\Extrafilm Designer FR\EFUploadSrv.exe [1716224 2009-07-09] (Textalk AB)
S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()

==================== Drivers (Whitelisted) ====================

S0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
S1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-07-12] (Lavasoft AB)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-09 18:06 - 2013-07-09 18:06 - 00000000 ____D C:\FRST
2013-07-09 16:07 - 2013-07-09 16:59 - 00000168 ____A C:\Windows\setupact.log
2013-07-09 16:07 - 2013-07-09 16:58 - 00000878 ____A C:\Windows\PFRO.log
2013-07-09 16:07 - 2013-07-09 16:07 - 00000000 ____A C:\Windows\setuperr.log
2013-07-09 15:54 - 2013-07-09 16:09 - 00000472 ____A C:\Users\Admin\Desktop\defogger_disable.log
2013-07-09 15:54 - 2013-07-09 15:54 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-07-09 15:49 - 2013-07-09 15:49 - 00050477 ____A C:\Users\Admin\Desktop\Defogger.exe
2013-07-09 15:47 - 2013-07-09 15:47 - 01062184 ____A C:\Users\Admin\Desktop\GMER Setup.exe
2013-07-09 15:47 - 2013-07-09 15:47 - 00656952 ____A C:\Users\Admin\Desktop\setup.exe
2013-07-09 15:45 - 2013-07-09 15:45 - 00602112 ____A (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2013-07-09 15:24 - 2013-07-09 15:24 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2013-07-03 07:25 - 2013-07-03 07:25 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenuEX
2013-07-02 21:41 - 2013-07-02 21:41 - 00000000 ____D C:\ProgramData\CanonIJ
2013-07-02 21:36 - 2013-07-02 21:36 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-07-02 21:36 - 2013-07-02 21:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Canon
2013-07-02 21:34 - 2013-07-09 15:24 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-07-02 21:33 - 2013-07-02 21:33 - 00002039 ____A C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2013-07-02 21:33 - 2013-07-02 21:33 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-07-02 21:33 - 2013-07-02 21:33 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-07-02 21:32 - 2013-07-02 21:32 - 00002336 ____A C:\Users\Public\Desktop\Canon CanoScan LiDE 110 Manuel en ligne.lnk
2013-07-02 21:32 - 2013-07-02 21:32 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-07-02 21:32 - 2013-07-02 21:32 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-02 21:32 - 2012-07-04 10:55 - 01354240 ____A (CANON INC.) C:\Windows\System32\CNQ2414C.dll
2013-07-02 21:32 - 2012-07-04 10:55 - 00112128 ____A (CANON INC.) C:\Windows\System32\CNQ2414I.dll
2013-07-02 21:32 - 2012-07-04 10:29 - 00106496 ____A (CANON INC.) C:\Windows\SysWOW64\CNQ2414U.dll
2013-07-02 21:32 - 2012-04-18 14:24 - 00103424 ____A (Canon Inc.) C:\Windows\System32\CNQ2414O.dll
2013-07-02 21:32 - 2010-12-17 13:49 - 00515072 ____A (CANON INC.) C:\Windows\System32\CNQ2414L.dll
2013-07-02 21:32 - 2010-12-17 13:49 - 00438272 ____A (CANON INC.) C:\Windows\SysWOW64\CNQ2414L.dll
2013-07-02 21:32 - 2010-03-19 09:04 - 00393256 ____A C:\Windows\SysWOW64\CNQ2414N.DAT
2013-07-02 21:32 - 2010-03-19 09:04 - 00393256 ____A C:\Windows\System32\CNQ2414N.DAT
2013-07-02 21:32 - 2010-03-11 08:57 - 00248320 ____A (CANON INC.) C:\Windows\System32\CNQ2414Y.dll
2013-07-02 21:32 - 2008-08-25 17:02 - 00017920 ____A (CANON INC.) C:\Windows\System32\CNHMCA6.dll
2013-07-02 21:32 - 2008-08-25 17:02 - 00015872 ____A (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2013-07-02 21:31 - 2013-07-02 21:33 - 00000000 ____D C:\Program Files (x86)\Canon
2013-07-02 07:51 - 2012-08-23 15:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-07-02 07:51 - 2012-08-23 15:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-07-02 07:51 - 2012-08-23 15:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-07-02 07:51 - 2012-08-23 14:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-07-02 07:51 - 2012-08-23 14:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-07-02 07:51 - 2012-08-23 14:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-07-02 07:51 - 2012-08-23 14:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-07-02 07:51 - 2012-08-23 14:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-07-02 07:51 - 2012-08-23 14:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-07-02 07:51 - 2012-08-23 14:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-07-02 07:51 - 2012-08-23 14:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-07-02 07:51 - 2012-08-23 14:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-07-02 07:51 - 2012-08-23 13:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-07-02 07:51 - 2012-08-23 12:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-07-02 07:51 - 2012-08-23 12:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-07-02 07:51 - 2012-08-23 12:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-07-02 07:51 - 2012-08-23 12:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-07-02 07:51 - 2012-08-23 11:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-07-02 07:51 - 2012-08-23 11:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-07-02 07:51 - 2012-08-23 11:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-07-02 07:51 - 2012-08-23 11:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-07-02 07:51 - 2012-08-23 10:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-07-02 07:51 - 2012-08-23 09:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-07-02 07:51 - 2012-08-23 09:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-07-02 07:50 - 2012-08-24 19:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-07-02 07:50 - 2012-08-24 19:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-07-02 07:50 - 2012-08-24 19:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-07-02 07:50 - 2012-08-24 19:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-07-02 07:50 - 2012-08-24 17:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-07-02 07:50 - 2012-08-24 17:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-07-02 07:50 - 2012-08-24 17:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-07-02 07:50 - 2012-05-04 12:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-07-02 07:50 - 2012-05-04 10:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-06-25 18:04 - 2013-06-25 18:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-25 18:04 - 2013-06-25 18:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-06-20 13:21 - 2013-06-20 13:21 - 00109296 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-20 07:37 - 2013-06-20 07:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BabSolution
2013-06-18 10:27 - 2013-06-18 10:27 - 00002107 ____A C:\Users\Public\Desktop\Logiciel de caméra Web Logitech.lnk
2013-06-18 10:27 - 2013-06-18 10:27 - 00000000 ____D C:\Program Files\Logitech
2013-06-18 10:26 - 2013-06-23 21:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-06-18 10:25 - 2013-06-19 13:37 - 00000000 ____D C:\ProgramData\Skype
2013-06-18 10:25 - 2013-06-19 13:36 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-18 10:25 - 2013-06-18 10:27 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-06-18 10:25 - 2013-06-18 10:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-16 14:25 - 2013-06-16 14:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2013-06-16 14:25 - 2013-06-16 14:25 - 00001362 ____A C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-06-16 14:25 - 2013-06-16 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\OpenCandy
2013-06-16 14:25 - 2013-06-16 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Babylon
2013-06-16 14:25 - 2013-06-16 14:25 - 00000000 ____D C:\ProgramData\Babylon
2013-06-16 14:25 - 2013-06-16 14:25 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-06-15 19:01 - 2013-06-08 15:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 19:01 - 2013-06-08 15:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 19:01 - 2013-06-08 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 19:01 - 2013-06-08 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 19:01 - 2013-06-08 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 19:01 - 2013-06-08 13:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 19:01 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 19:01 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 19:01 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 19:01 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 19:01 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 19:01 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 19:02 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 19:02 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 19:02 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 19:02 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 19:02 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 19:02 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 19:02 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 19:02 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 19:02 - 2013-05-17 01:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 19:02 - 2013-05-17 01:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 19:02 - 2013-05-17 01:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 19:02 - 2013-05-17 01:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 19:02 - 2013-05-17 01:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 19:02 - 2013-05-17 01:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 19:02 - 2013-05-17 01:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 19:02 - 2013-05-17 01:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 19:02 - 2013-05-17 01:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 19:02 - 2013-05-14 13:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 19:02 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 10:08 - 2013-06-12 10:08 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-12 10:07 - 2013-06-12 10:08 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 10:07 - 2013-06-12 10:08 - 00000000 ____D C:\Program Files\iTunes
2013-06-12 10:07 - 2013-06-12 10:07 - 00000000 ____D C:\Program Files\iPod
2013-06-12 08:42 - 2013-05-13 06:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:42 - 2013-05-13 06:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:42 - 2013-05-13 06:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:42 - 2013-05-13 06:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:42 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 08:42 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 08:42 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 08:42 - 2013-05-13 04:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:42 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 08:42 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 08:42 - 2013-05-10 06:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 08:42 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 08:42 - 2013-05-08 07:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:42 - 2013-04-26 06:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:42 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 08:42 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 08:42 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 08:42 - 2013-04-17 07:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 08:42 - 2013-03-31 23:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-09 18:06 - 2013-07-09 18:06 - 00000000 ____D C:\FRST
2013-07-09 16:59 - 2013-07-09 16:07 - 00000168 ____A C:\Windows\setupact.log
2013-07-09 16:59 - 2013-06-01 20:24 - 00001198 ____A C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
2013-07-09 16:59 - 2013-06-01 20:24 - 00001194 ____A C:\Windows\Tasks\Plus-HD-2.2-updater.job
2013-07-09 16:59 - 2013-06-01 20:24 - 00001098 ____A C:\Windows\Tasks\Plus-HD-2.2-enabler.job
2013-07-09 16:59 - 2013-06-01 20:23 - 00001830 ____A C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
2013-07-09 16:59 - 2012-05-11 09:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-09 16:59 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 16:58 - 2013-07-09 16:07 - 00000878 ____A C:\Windows\PFRO.log
2013-07-09 16:57 - 2011-05-21 13:56 - 00001062 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-09 16:52 - 2013-03-06 11:00 - 01314382 ____A C:\Windows\WindowsUpdate.log
2013-07-09 16:46 - 2009-07-14 16:24 - 00707220 ____A C:\Windows\System32\perfh00C.dat
2013-07-09 16:46 - 2009-07-14 16:24 - 00131648 ____A C:\Windows\System32\perfc00C.dat
2013-07-09 16:46 - 2009-07-14 06:13 - 01557714 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-09 16:26 - 2011-05-21 13:56 - 00001066 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-09 16:17 - 2012-05-13 13:55 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-09 16:14 - 2009-07-14 05:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-09 16:14 - 2009-07-14 05:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-09 16:09 - 2013-07-09 15:54 - 00000472 ____A C:\Users\Admin\Desktop\defogger_disable.log
2013-07-09 16:07 - 2013-07-09 16:07 - 00000000 ____A C:\Windows\setuperr.log
2013-07-09 15:54 - 2013-07-09 15:54 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-07-09 15:54 - 2009-08-30 16:15 - 00000000 ____D C:\users\Admin
2013-07-09 15:49 - 2013-07-09 15:49 - 00050477 ____A C:\Users\Admin\Desktop\Defogger.exe
2013-07-09 15:47 - 2013-07-09 15:47 - 01062184 ____A C:\Users\Admin\Desktop\GMER Setup.exe
2013-07-09 15:47 - 2013-07-09 15:47 - 00656952 ____A C:\Users\Admin\Desktop\setup.exe
2013-07-09 15:45 - 2013-07-09 15:45 - 00602112 ____A (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2013-07-09 15:24 - 2013-07-09 15:24 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2013-07-09 15:24 - 2013-07-02 21:34 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-07-09 07:16 - 2009-10-03 21:27 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-07-09 07:15 - 2012-05-12 15:16 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-09 07:15 - 2011-05-20 21:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-03 07:54 - 2013-02-06 11:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 07:25 - 2013-07-03 07:25 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenuEX
2013-07-02 21:41 - 2013-07-02 21:41 - 00000000 ____D C:\ProgramData\CanonIJ
2013-07-02 21:36 - 2013-07-02 21:36 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-07-02 21:36 - 2013-07-02 21:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Canon
2013-07-02 21:35 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2013-07-02 21:33 - 2013-07-02 21:33 - 00002039 ____A C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2013-07-02 21:33 - 2013-07-02 21:33 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-07-02 21:33 - 2013-07-02 21:33 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-07-02 21:33 - 2013-07-02 21:31 - 00000000 ____D C:\Program Files (x86)\Canon
2013-07-02 21:32 - 2013-07-02 21:32 - 00002336 ____A C:\Users\Public\Desktop\Canon CanoScan LiDE 110 Manuel en ligne.lnk
2013-07-02 21:32 - 2013-07-02 21:32 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-07-02 21:32 - 2013-07-02 21:32 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-02 20:45 - 2010-12-05 14:11 - 00000290 _RASH C:\ProgramData\ntuser.pol
2013-07-02 08:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-07-02 08:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-25 18:04 - 2013-06-25 18:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-25 18:04 - 2013-06-25 18:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-06-24 07:46 - 2010-04-24 09:14 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2013-06-23 21:01 - 2013-06-18 10:26 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-06-20 13:21 - 2013-06-20 13:21 - 00109296 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-20 13:19 - 2010-01-16 10:04 - 00000000 ____D C:\Windows\pss
2013-06-20 07:37 - 2013-06-20 07:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BabSolution
2013-06-19 13:37 - 2013-06-18 10:25 - 00000000 ____D C:\ProgramData\Skype
2013-06-19 13:36 - 2013-06-18 10:25 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-18 10:28 - 2010-04-24 09:16 - 00000000 ____D C:\Users\Admin\AppData\Local\LogiShrd
2013-06-18 10:27 - 2013-06-18 10:27 - 00002107 ____A C:\Users\Public\Desktop\Logiciel de caméra Web Logitech.lnk
2013-06-18 10:27 - 2013-06-18 10:27 - 00000000 ____D C:\Program Files\Logitech
2013-06-18 10:27 - 2013-06-18 10:25 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-06-18 10:27 - 2010-04-24 09:16 - 00000000 ____D C:\ProgramData\LogiShrd
2013-06-18 10:25 - 2013-06-18 10:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-18 10:25 - 2010-04-24 09:14 - 00023192 ____A C:\Windows\System32\lvcoinst.log
2013-06-16 14:27 - 2013-06-16 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2013-06-16 14:25 - 2013-06-16 14:25 - 00001362 ____A C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-06-16 14:25 - 2013-06-16 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\OpenCandy
2013-06-16 14:25 - 2013-06-16 14:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Babylon
2013-06-16 14:25 - 2013-06-16 14:25 - 00000000 ____D C:\ProgramData\Babylon
2013-06-16 14:25 - 2013-06-16 14:25 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-06-15 19:29 - 2009-09-13 16:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2013-06-12 19:04 - 2009-08-30 14:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 19:02 - 2009-10-24 07:26 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 10:08 - 2013-06-12 10:08 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-12 10:08 - 2013-06-12 10:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 10:08 - 2013-06-12 10:07 - 00000000 ____D C:\Program Files\iTunes
2013-06-12 10:08 - 2013-02-23 17:15 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-12 10:07 - 2013-06-12 10:07 - 00000000 ____D C:\Program Files\iPod
2013-06-12 09:24 - 2009-08-30 12:01 - 00000000 ____D C:\Program Files\Common Files\Apple

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2801922753-1568483922-2384193263-1003\$b36ddbb90e8e99b1afbbc055003e1b4a

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-07-05 12:38:55
Restore point made on: 2013-07-09 12:54:20

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3063.3 MB
Available physical RAM: 2494.41 MB
Total Pagefile: 3061.45 MB
Available Pagefile: 2481.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:18.81 GB) NTFS (Disk=0 Partition=2)
Drive d: (DOCUMENT) (Fixed) (Total:149.05 GB) (Free:67.54 GB) NTFS (Disk=1 Partition=1)
Drive g: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Réservé au système) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 8C878C87)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 7D627685)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)


LastRegBack: 2013-07-04 20:13

==================== End Of Log ============================
--- --- ---

schrauber 09.07.2013 17:17
Hi,

es reciht wenn Du FRST vom DEsktop laufen lässt. Bitte nochmal :)

schlumpf09 09.07.2013 17:25
Ok spass muss sein :singsing: / brauchst du auch dass additional txt file kommt im nächsten post!
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013 01
Ran by Admin (administrator) on 09-07-2013 18:23:37
Running from C:\Users\Admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: French Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Windows\sysWow64\SearchProtocolHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE [x]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {40948ce1-f1fb-11de-a88d-0024819f1d68} - F:\NokiaPCIA_Autorun.exe
MountPoints2: {5ac33e38-8991-11df-999b-0024819f1d68} - "F:\WD SmartWare.exe" autoplay=true
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2008-07-08] (Analog Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [206448 2012-10-31] (Kaspersky Lab ZAO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://fr.msn.com/?ocid=iehp
HKCU SearchScopes: DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Plus-HD-2.2 - {11111111-1111-1111-1111-110311301136} - C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-bho.dll (Plus HD)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - No Name - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\Admin\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\Admin\AppData\Local\Temp\f5tmp\InstallerControl.cab
DPF: HKLM-x32 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.extrafilm.fr/ImageUploader5.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\Admin\AppData\Local\Temp\f5tmp\urxshost.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\Admin\AppData\Local\Temp\f5tmp\urxhost.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default
FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\user.js
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Admin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\searchplugins\delta.xml
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
FF Extension: F5 Networks Host Plugin - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
FF Extension: hdvc - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\Extensions\hdvc@hdvc.com.xpi
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru

==================== Services (Whitelisted) =================

S4 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [109056 2008-05-28] (Andrea Electronics Corporation)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
S4 EFUploadSrv; C:\Extrafilm Designer FR\EFUploadSrv.exe [1716224 2009-07-09] (Textalk AB)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()

==================== Drivers (Whitelisted) ====================

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-07-12] (Lavasoft AB)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-09 19:06 - 2013-07-09 19:06 - 00000000 ____D C:\FRST
2013-07-09 17:46 - 2013-07-09 17:46 - 01776221 ____A (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2013-07-09 17:07 - 2013-07-09 18:08 - 00001168 ____A C:\Windows\PFRO.log
2013-07-09 17:07 - 2013-07-09 18:08 - 00000224 ____A C:\Windows\setupact.log
2013-07-09 17:07 - 2013-07-09 17:07 - 00000000 ____A C:\Windows\setuperr.log
2013-07-09 16:54 - 2013-07-09 17:09 - 00000472 ____A C:\Users\Admin\Desktop\defogger_disable.log
2013-07-09 16:54 - 2013-07-09 16:54 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-07-09 16:49 - 2013-07-09 16:49 - 00050477 ____A C:\Users\Admin\Desktop\Defogger.exe
2013-07-09 16:47 - 2013-07-09 16:47 - 01062184 ____A C:\Users\Admin\Desktop\GMER Setup.exe
2013-07-09 16:47 - 2013-07-09 16:47 - 00656952 ____A C:\Users\Admin\Desktop\setup.exe
2013-07-09 16:45 - 2013-07-09 16:45 - 00602112 ____A (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2013-07-09 16:24 - 2013-07-09 16:24 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2013-07-03 08:25 - 2013-07-03 08:25 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenuEX
2013-07-02 22:41 - 2013-07-02 22:41 - 00000000 ____D C:\ProgramData\CanonIJ
2013-07-02 22:36 - 2013-07-02 22:36 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-07-02 22:36 - 2013-07-02 22:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Canon
2013-07-02 22:34 - 2013-07-09 16:24 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-07-02 22:33 - 2013-07-02 22:33 - 00002039 ____A C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2013-07-02 22:33 - 2013-07-02 22:33 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-07-02 22:33 - 2013-07-02 22:33 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-07-02 22:32 - 2013-07-02 22:32 - 00002336 ____A C:\Users\Public\Desktop\Canon CanoScan LiDE 110 Manuel en ligne.lnk
2013-07-02 22:32 - 2013-07-02 22:32 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-07-02 22:32 - 2013-07-02 22:32 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-02 22:32 - 2012-07-04 11:55 - 01354240 ____A (CANON INC.) C:\Windows\System32\CNQ2414C.dll
2013-07-02 22:32 - 2012-07-04 11:55 - 00112128 ____A (CANON INC.) C:\Windows\System32\CNQ2414I.dll
2013-07-02 22:32 - 2012-07-04 11:29 - 00106496 ____A (CANON INC.) C:\Windows\SysWOW64\CNQ2414U.dll
2013-07-02 22:32 - 2012-04-18 15:24 - 00103424 ____A (Canon Inc.) C:\Windows\System32\CNQ2414O.dll
2013-07-02 22:32 - 2010-12-17 14:49 - 00515072 ____A (CANON INC.) C:\Windows\System32\CNQ2414L.dll
2013-07-02 22:32 - 2010-12-17 14:49 - 00438272 ____A (CANON INC.) C:\Windows\SysWOW64\CNQ2414L.dll
2013-07-02 22:32 - 2010-03-19 10:04 - 00393256 ____A C:\Windows\SysWOW64\CNQ2414N.DAT
2013-07-02 22:32 - 2010-03-19 10:04 - 00393256 ____A C:\Windows\System32\CNQ2414N.DAT
2013-07-02 22:32 - 2010-03-11 09:57 - 00248320 ____A (CANON INC.) C:\Windows\System32\CNQ2414Y.dll
2013-07-02 22:32 - 2008-08-25 18:02 - 00017920 ____A (CANON INC.) C:\Windows\System32\CNHMCA6.dll
2013-07-02 22:32 - 2008-08-25 18:02 - 00015872 ____A (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2013-07-02 22:31 - 2013-07-02 22:33 - 00000000 ____D C:\Program Files (x86)\Canon
2013-07-02 08:51 - 2012-08-23 16:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-07-02 08:51 - 2012-08-23 16:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-07-02 08:51 - 2012-08-23 16:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-07-02 08:51 - 2012-08-23 15:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-07-02 08:51 - 2012-08-23 15:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-07-02 08:51 - 2012-08-23 15:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-07-02 08:51 - 2012-08-23 15:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-07-02 08:51 - 2012-08-23 15:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-07-02 08:51 - 2012-08-23 15:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-07-02 08:51 - 2012-08-23 15:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-07-02 08:51 - 2012-08-23 15:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-07-02 08:51 - 2012-08-23 15:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-07-02 08:51 - 2012-08-23 14:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-07-02 08:51 - 2012-08-23 13:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-07-02 08:51 - 2012-08-23 13:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-07-02 08:51 - 2012-08-23 13:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-07-02 08:51 - 2012-08-23 13:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-07-02 08:51 - 2012-08-23 12:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-07-02 08:51 - 2012-08-23 12:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-07-02 08:51 - 2012-08-23 12:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-07-02 08:51 - 2012-08-23 12:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-07-02 08:51 - 2012-08-23 11:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-07-02 08:51 - 2012-08-23 10:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-07-02 08:51 - 2012-08-23 10:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-07-02 08:50 - 2012-08-24 20:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-07-02 08:50 - 2012-08-24 20:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-07-02 08:50 - 2012-08-24 20:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-07-02 08:50 - 2012-08-24 20:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-07-02 08:50 - 2012-08-24 18:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-07-02 08:50 - 2012-08-24 18:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-07-02 08:50 - 2012-08-24 18:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-07-02 08:50 - 2012-05-04 13:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-07-02 08:50 - 2012-05-04 11:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-06-25 19:04 - 2013-06-25 19:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-25 19:04 - 2013-06-25 19:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-06-20 14:21 - 2013-06-20 14:21 - 00109296 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-20 08:37 - 2013-06-20 08:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BabSolution
2013-06-18 11:27 - 2013-06-18 11:27 - 00002107 ____A C:\Users\Public\Desktop\Logiciel de caméra Web Logitech.lnk
2013-06-18 11:27 - 2013-06-18 11:27 - 00000000 ____D C:\Program Files\Logitech
2013-06-18 11:26 - 2013-06-23 22:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-06-18 11:25 - 2013-06-19 14:37 - 00000000 ____D C:\ProgramData\Skype
2013-06-18 11:25 - 2013-06-19 14:36 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-18 11:25 - 2013-06-18 11:27 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-06-18 11:25 - 2013-06-18 11:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-16 15:25 - 2013-06-16 15:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2013-06-16 15:25 - 2013-06-16 15:25 - 00001362 ____A C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-06-16 15:25 - 2013-06-16 15:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\OpenCandy
2013-06-16 15:25 - 2013-06-16 15:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Babylon
2013-06-16 15:25 - 2013-06-16 15:25 - 00000000 ____D C:\ProgramData\Babylon
2013-06-16 15:25 - 2013-06-16 15:25 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-06-15 20:01 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 20:01 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 20:01 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 20:01 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 20:01 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 20:01 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 20:01 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 20:01 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 20:01 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 20:01 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 20:01 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 20:01 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 20:02 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 20:02 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 20:02 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 20:02 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 20:02 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 20:02 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 11:08 - 2013-06-12 11:08 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-12 11:07 - 2013-06-12 11:08 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 11:07 - 2013-06-12 11:08 - 00000000 ____D C:\Program Files\iTunes
2013-06-12 11:07 - 2013-06-12 11:07 - 00000000 ____D C:\Program Files\iPod
2013-06-12 09:42 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:42 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:42 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:42 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:42 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 09:42 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 09:42 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 09:42 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:42 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 09:42 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 09:42 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 09:42 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 09:42 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 09:42 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 09:42 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 09:42 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 09:42 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 09:42 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 09:42 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-09 19:06 - 2013-07-09 19:06 - 00000000 ____D C:\FRST
2013-07-09 18:17 - 2012-05-13 14:55 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-09 18:16 - 2009-07-14 06:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-09 18:16 - 2009-07-14 06:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-09 18:10 - 2012-05-11 10:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-09 18:09 - 2013-06-01 21:24 - 00001198 ____A C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
2013-07-09 18:09 - 2013-06-01 21:24 - 00001194 ____A C:\Windows\Tasks\Plus-HD-2.2-updater.job
2013-07-09 18:09 - 2013-06-01 21:24 - 00001098 ____A C:\Windows\Tasks\Plus-HD-2.2-enabler.job
2013-07-09 18:09 - 2013-06-01 21:23 - 00001830 ____A C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
2013-07-09 18:09 - 2011-05-21 14:56 - 00001062 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-09 18:08 - 2013-07-09 17:07 - 00001168 ____A C:\Windows\PFRO.log
2013-07-09 18:08 - 2013-07-09 17:07 - 00000224 ____A C:\Windows\setupact.log
2013-07-09 18:08 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 17:52 - 2013-03-06 12:00 - 01320503 ____A C:\Windows\WindowsUpdate.log
2013-07-09 17:46 - 2013-07-09 17:46 - 01776221 ____A (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2013-07-09 17:46 - 2009-07-14 17:24 - 00707220 ____A C:\Windows\System32\perfh00C.dat
2013-07-09 17:46 - 2009-07-14 17:24 - 00131648 ____A C:\Windows\System32\perfc00C.dat
2013-07-09 17:46 - 2009-07-14 07:13 - 01557714 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-09 17:26 - 2011-05-21 14:56 - 00001066 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-09 17:09 - 2013-07-09 16:54 - 00000472 ____A C:\Users\Admin\Desktop\defogger_disable.log
2013-07-09 17:07 - 2013-07-09 17:07 - 00000000 ____A C:\Windows\setuperr.log
2013-07-09 16:54 - 2013-07-09 16:54 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-07-09 16:54 - 2009-08-30 17:15 - 00000000 ____D C:\users\Admin
2013-07-09 16:49 - 2013-07-09 16:49 - 00050477 ____A C:\Users\Admin\Desktop\Defogger.exe
2013-07-09 16:47 - 2013-07-09 16:47 - 01062184 ____A C:\Users\Admin\Desktop\GMER Setup.exe
2013-07-09 16:47 - 2013-07-09 16:47 - 00656952 ____A C:\Users\Admin\Desktop\setup.exe
2013-07-09 16:45 - 2013-07-09 16:45 - 00602112 ____A (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2013-07-09 16:24 - 2013-07-09 16:24 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2013-07-09 16:24 - 2013-07-02 22:34 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-07-09 08:16 - 2009-10-03 22:27 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-07-09 08:15 - 2012-05-12 16:16 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-09 08:15 - 2011-05-20 22:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-03 08:54 - 2013-02-06 12:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 08:25 - 2013-07-03 08:25 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenuEX
2013-07-02 22:41 - 2013-07-02 22:41 - 00000000 ____D C:\ProgramData\CanonIJ
2013-07-02 22:36 - 2013-07-02 22:36 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-07-02 22:36 - 2013-07-02 22:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Canon
2013-07-02 22:35 - 2009-07-14 05:20 - 00000000 __RSD C:\Windows\Media
2013-07-02 22:33 - 2013-07-02 22:33 - 00002039 ____A C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2013-07-02 22:33 - 2013-07-02 22:33 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-07-02 22:33 - 2013-07-02 22:33 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-07-02 22:33 - 2013-07-02 22:31 - 00000000 ____D C:\Program Files (x86)\Canon
2013-07-02 22:32 - 2013-07-02 22:32 - 00002336 ____A C:\Users\Public\Desktop\Canon CanoScan LiDE 110 Manuel en ligne.lnk
2013-07-02 22:32 - 2013-07-02 22:32 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-07-02 22:32 - 2013-07-02 22:32 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-02 21:45 - 2010-12-05 15:11 - 00000290 _RASH C:\ProgramData\ntuser.pol
2013-07-02 09:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-02 09:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-25 19:04 - 2013-06-25 19:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-25 19:04 - 2013-06-25 19:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-06-24 08:46 - 2010-04-24 10:14 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2013-06-23 22:01 - 2013-06-18 11:26 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-06-20 14:21 - 2013-06-20 14:21 - 00109296 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-20 14:19 - 2010-01-16 11:04 - 00000000 ____D C:\Windows\pss
2013-06-20 08:37 - 2013-06-20 08:37 - 00000000 ____D C:\Users\Admin\AppData\Roaming\BabSolution
2013-06-19 14:37 - 2013-06-18 11:25 - 00000000 ____D C:\ProgramData\Skype
2013-06-19 14:36 - 2013-06-18 11:25 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-18 11:28 - 2010-04-24 10:16 - 00000000 ____D C:\Users\Admin\AppData\Local\LogiShrd
2013-06-18 11:27 - 2013-06-18 11:27 - 00002107 ____A C:\Users\Public\Desktop\Logiciel de caméra Web Logitech.lnk
2013-06-18 11:27 - 2013-06-18 11:27 - 00000000 ____D C:\Program Files\Logitech
2013-06-18 11:27 - 2013-06-18 11:25 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-06-18 11:27 - 2010-04-24 10:16 - 00000000 ____D C:\ProgramData\LogiShrd
2013-06-18 11:25 - 2013-06-18 11:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-18 11:25 - 2010-04-24 10:14 - 00023192 ____A C:\Windows\System32\lvcoinst.log
2013-06-16 15:27 - 2013-06-16 15:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2013-06-16 15:25 - 2013-06-16 15:25 - 00001362 ____A C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-06-16 15:25 - 2013-06-16 15:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\OpenCandy
2013-06-16 15:25 - 2013-06-16 15:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Babylon
2013-06-16 15:25 - 2013-06-16 15:25 - 00000000 ____D C:\ProgramData\Babylon
2013-06-16 15:25 - 2013-06-16 15:25 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-06-15 20:29 - 2009-09-13 17:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2013-06-12 20:04 - 2009-08-30 15:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 20:02 - 2009-10-24 08:26 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 11:08 - 2013-06-12 11:08 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-12 11:08 - 2013-06-12 11:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 11:08 - 2013-06-12 11:07 - 00000000 ____D C:\Program Files\iTunes
2013-06-12 11:08 - 2013-02-23 18:15 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-12 11:07 - 2013-06-12 11:07 - 00000000 ____D C:\Program Files\iPod
2013-06-12 10:24 - 2009-08-30 13:01 - 00000000 ____D C:\Program Files\Common Files\Apple

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2801922753-1568483922-2384193263-1003\$b36ddbb90e8e99b1afbbc055003e1b4a

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-04 21:13

==================== End Of Log ============================
--- --- ---

--- --- ---


So hier das Additional txt:FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2013 01
Ran by Admin at 2013-07-09 18:24:06
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
 Update for Microsoft Office 2007 (KB2508958) (x32)
"Nero SoundTrax Help (x32 Version: 4.0.15.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Adobe SVG Viewer (x32 Version: 1.0)
Advertising Center (x32 Version: 0.0.0.1)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.736.0)
Audiograbber 1.83 SE  (x32 Version: 1.83 SE )
Audiograbber MP3-Plugin (x32 Version: 1.0)
Belkin F5D8053 N Wireless USB Adapter (x32 Version: 2.0.0.04)
Bonjour (Version: 3.0.0.10)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32)
Canon MP Navigator EX 4.0 (x32)
Canon Solution Menu EX (x32)
CanoScan LiDE 110 Scanner Driver
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.0714.2132.36830)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0714.2132.36830)
Catalyst Control Center Graphics Full New (x32 Version: 2009.0714.2132.36830)
Catalyst Control Center Graphics Light (x32 Version: 2009.0714.2132.36830)
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0714.2132.36830)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0714.2132.36830)
Catalyst Control Center HydraVision Full (x32 Version: 2009.0714.2132.36830)
Catalyst Control Center InstallProxy (x32 Version: 2009.0714.2132.36830)
CCC Help English (x32 Version: 2009.0714.2131.36830)
ccc-core-static (x32 Version: 2009.0714.2132.36830)
ccc-utility64 (Version: 2009.0714.2132.36830)
D3DX10 (x32 Version: 15.4.2368.0902)
DolbyFiles (x32 Version: 2.0)
eaner (Version: 3.09)
Extrafilm Designer FR (x32)
Free YouTube to MP3 Converter version 3.12.3.610 (x32 Version: 3.12.3.610)
Google Update Helper (x32 Version: 1.3.21.149)
iCloud (Version: 2.1.2.8)
ImagXpress (x32 Version: 7.0.74.0)
iTunes (Version: 11.0.4.4)
Java 7 Update 6 (64-bit) (Version: 7.0.60)
Java Auto Updater (x32 Version: 2.0.2.4)
Java(TM) 6 Update 21 (x32 Version: 6.0.210)
Kaspersky Anti-Virus 2012 (x32 Version: 12.0.0.374)
LightScribe System Software  1.14.17.1 (x32 Version: 1.14.17.1)
livebox (x32 Version: 1.00.000)
Logitech Webcam Software (Version: 12.10.1113)
Media Player Classic - Home Cinema v. 1.3.1249.0
Menu Templates - Starter Kit (x32 Version: 9.0.4.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile FRA Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.0.30729.1)
Microsoft Corporation (x32 Version: 9.0.30729.1)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Arabic) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Dutch) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.133.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mise à jour Microsoft Office Excel 2007 Help  (KB963678) (x32)
Mise à jour Microsoft Office Outlook 2007 Help  (KB963677) (x32)
Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669) (x32)
Mise à jour Microsoft Office Word 2007 Help  (KB963665) (x32)
MobileMe Control Panel (Version: 3.1.8.0)
Module linguistique Microsoft .NET Framework 4 Client Profile FRA (Version: 4.0.30319)
Movie Templates - Starter Kit (x32 Version: 9.0.4.0)
Mozilla Firefox 22.0 (x86 fr) (x32 Version: 22.0)
MP4 To MP3 Converter V3.0 (x32)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 9 (x32)
Nero BurningROM (x32 Version: 9.0.0.0)
Nero BurnRights (x32 Version: 2.99.6.100)
Nero ControlCenter (x32 Version: 0.0.0.1)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero CoverDesigner (x32 Version: 4.0.5.100)
Nero CoverDesigner Help (x32 Version: 4.0.0.0)
Nero Disc Copy Gadget (x32 Version: 1.53.0.0)
Nero Disc Copy Gadget Help (x32 Version: 2.0.0.0)
Nero DiscSpeed (x32 Version: 4.99.5.105)
Nero DriveSpeed (x32 Version: 3.99.5.105)
Nero Express (x32 Version: 9.0.0.0)
Nero InfoTool (x32 Version: 5.99.5.105)
Nero Installer (x32 Version: 2.0.0.1)
Nero Live (x32 Version: 1.0.164.0)
Nero Live Help (x32 Version: 1.0.162.0)
Nero PhotoSnap (x32 Version: 1.53.2.0)
Nero PhotoSnap Help (x32 Version: 1.53.2.0)
Nero Recode (x32 Version: 3.53.0.0)
Nero Recode Help (x32 Version: 3.53.0.0)
Nero Rescue Agent (x32 Version: 1.99.0.1)
Nero RescueAgent Help (x32 Version: 1.99.0.1)
Nero ShowTime (x32 Version: 4.99.0.0)
Nero StartSmart (x32 Version: 9.0.9.100)
Nero StartSmart Help (x32 Version: 9.0.0.0)
Nero Vision (x32 Version: 0.0.0.1)
Nero Vision (x32 Version: 6.0.6.100)
Nero WaveEditor (x32 Version: 5.0.18.0)
Nero WaveEditor Help (x32 Version: 5.0.15.0)
NeroBurningROM (x32 Version: 9.0.9.100)
NeroExpress (x32 Version: 9.0.9.100)
neroxml (x32 Version: 1.0.0)
NVIDIA PhysX (x32 Version: 9.09.1112)
OF: Red River (x32 Version: 1.0.0001.129)
OpenAL (x32)
Plus-HD-2.2 (x32 Version: 1.27.153.3)
QuickTime (x32 Version: 7.74.80.86)
Safari (x32 Version: 5.34.57.2)
Skype™ 6.5 (x32 Version: 6.5.158)
SoundMAX (x32 Version: 6.10.2.5860)
SoundTrax (x32 Version: 4.0.18.0)
SuperCopier2 (x32)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition (x32)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (x32 Version: 9.0.30729.01)
WinRAR archiver (x32)

==================== Restore Points  =========================

05-07-2013 11:38:29 Windows Update
09-07-2013 11:53:58 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2011-12-05 22:14 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {223A0564-AA0F-41DD-9F23-6B53BC854B46} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {2A8F4288-04D4-40D0-A1EC-FD52E3B4721F} - System32\Tasks\{42D5FC95-3697-4663-BB88-37BC7A331CEC} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-03] (Skype Technologies S.A.)
Task: {2D7DCF1F-3B10-4919-9750-64FBCC5CF774} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21] (Google Inc.)
Task: {435C2465-A23F-4CC1-ADC9-95B8C7E8FD11} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-09] (Adobe Systems Incorporated)
Task: {69D8DAEA-28F7-4DE9-A324-5A5CF3015617} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6D1F5041-8613-40F4-942B-11CE8FAFE685} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-21] (Google Inc.)
Task: {7C664280-5AE6-4D35-81CE-BB4D3002F518} - \Plus-HD-2.2-updater No Task File
Task: {7E6E3893-B9DF-47A7-AFBE-2107A83E8357} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2801922753-1568483922-2384193263-1003 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {82F8B96E-62C8-4168-965E-73DD580FE898} - \Plus-HD-2.2-firefoxinstaller No Task File
Task: {99A99E08-CF9E-4373-BD27-126398E969CF} - \Plus-HD-2.2-enabler No Task File
Task: {D9AC8B82-C55D-4E4E-AD06-B6E8FAC1B4B2} - \User_Feed_Synchronization-{FD5BA123-7CA4-44FA-ADC6-89C2337C8DBA} No Task File
Task: {E03C618C-7698-4AD8-9C35-76FAB520BE53} - \Plus-HD-2.2-codedownloader No Task File
Task: {FD18A892-47F0-4E2C-BCE2-D22720D9405F} - \Ad-Aware Update (Weekly) No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-enabler.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-firefoxinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-2.2-updater.job => C:\Program Files (x86)\Plus-HD-2.2\Plus-HD-2.2-updater.exe

==================== Faulty Device Manager Devices =============

Name: Contrôleur PCI de communications simplifiées
Description: Contrôleur PCI de communications simplifiées
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PS/2 Mouse
Description: PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PS/2 Keyboard
Description: PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/09/2013 05:19:50 PM) (Source: Application Hang) (User: )
Description: Le programme OTL.exe version 3.2.69.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus*: 117c

Heure de début*: 01ce7cb7a5a0fe6c

Heure de fin*: 0

Chemin d’accès de l’application : C:\Users\Admin\Desktop\OTL.exe

ID de rapport : fe4962a8-e8aa-11e2-b93d-0024819f1d68

Error: (07/09/2013 05:17:56 PM) (Source: Application Hang) (User: )
Description: Le programme OTL.exe version 3.2.69.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus*: e60

Heure de début*: 01ce7cb75d1f5441

Heure de fin*: 16

Chemin d’accès de l’application : C:\Users\Admin\Desktop\OTL.exe

ID de rapport : ba20208a-e8aa-11e2-b93d-0024819f1d68

Error: (07/09/2013 05:13:14 PM) (Source: Application Hang) (User: )
Description: Le programme OTL.exe version 3.2.69.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus*: e20

Heure de début*: 01ce7cb6a1e17a24

Heure de fin*: 15

Chemin d’accès de l’application : C:\Users\Admin\Desktop\OTL.exe

ID de rapport : 11ea21d2-e8aa-11e2-b93d-0024819f1d68

Error: (07/09/2013 05:11:35 PM) (Source: Application Hang) (User: )
Description: Le programme OTL.exe version 3.2.69.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus*: c50

Heure de début*: 01ce7cb655ba5078

Heure de fin*: 0

Chemin d’accès de l’application : C:\Users\Admin\Desktop\OTL.exe

ID de rapport : d0792961-e8a9-11e2-b93d-0024819f1d68

Error: (07/09/2013 05:06:31 PM) (Source: VSS) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x80070013, Média protégé en écriture.
.

Error: (07/09/2013 05:06:31 PM) (Source: VSS) (User: )
Description: Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x80070013, Média protégé en écriture.
]

Error: (07/09/2013 05:06:31 PM) (Source: VSS) (User: )
Description: Erreur du service de cliché instantané des volumes : erreur lors de l’appel de la routine CoCreateInstance. hr = 0x80070013, Média protégé en écriture.
.

Error: (07/09/2013 05:06:31 PM) (Source: VSS) (User: )
Description: Informations du service de cliché instantané de volumes : impossible de démarrer le serveur COM de CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} et de nom CEventSystem. [0x80070013, Média protégé en écriture.
]

Error: (07/09/2013 03:40:05 PM) (Source: SideBySide) (User: )
Description: La création du contexte d’activation a échoué pour «*C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1*». Erreur dans le fichier de manifeste ou de stratégie «*C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2*» à la ligne C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active.
Les composants en conflit sont :
Composant 1*: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Composant 2*: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/09/2013 03:40:05 PM) (Source: SideBySide) (User: )
Description: La création du contexte d’activation a échoué pour «*C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1*». Erreur dans le fichier de manifeste ou de stratégie «*C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2*» à la ligne C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active.
Les composants en conflit sont :
Composant 1*: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Composant 2*: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (07/09/2013 06:08:48 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (07/09/2013 06:08:48 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/09/2013 06:08:50 PM) (Source: EventLog) (User: )
Description: L’arrêt système précédant à 17:59:00 le ‎09/‎07/‎2013 n’était pas prévu.

Error: (07/09/2013 05:59:22 PM) (Source: Service Control Manager) (User: )
Description: Le service Alimentation s’est arrêté avec l’erreur service particulière %%0.

Error: (07/09/2013 05:58:58 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (07/09/2013 05:58:58 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/09/2013 05:59:00 PM) (Source: EventLog) (User: )
Description: L’arrêt système précédant à 17:57:19 le ‎09/‎07/‎2013 n’était pas prévu.

Error: (07/09/2013 05:57:18 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (07/09/2013 05:57:18 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/09/2013 05:18:45 PM) (Source: Service Control Manager) (User: )
Description: Le service SeaPort s’est terminé de façon inattendue pour la 1ème fois.


Microsoft Office Sessions:
=========================
Error: (02/18/2013 00:35:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2572 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/22/2012 09:49:11 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 586 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (10/15/2011 07:44:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 11710 seconds with 3780 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3063.3 MB
Available physical RAM: 1674.88 MB
Total Pagefile: 6124.79 MB
Available Pagefile: 4228.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:18.88 GB) NTFS (Disk=1 Partition=2)
Drive d: (DOCUMENT) (Fixed) (Total:149.05 GB) (Free:67.54 GB) NTFS (Disk=0 Partition=1)
Drive f: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32 (Disk=2 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: 7D627685)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 8C878C87)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================
--- --- ---

schrauber 09.07.2013 17:33
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2801922753-1568483922-2384193263-1003\$b36ddbb90e8e99b1afbbc055003e1b4a

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST Log bitte.

schlumpf09 09.07.2013 17:41
So hier schon mal das erste Ergebnis:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-07-2013 01
Ran by Admin at 2013-07-09 18:40:52 Run:1
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
==============================================

HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2801922753-1568483922-2384193263-1003\$b36ddbb90e8e99b1afbbc055003e1b4a => Moved successfully.

==== End of Fixlog ====

schrauber 09.07.2013 17:43
und weiter. Poste die anderen Logs zusammen wenn Du sie hast :)

schlumpf09 09.07.2013 17:45
So hier ist adw cleaner (lieber alles nacheinander dann verpasse ich nix lol)AdwCleaner Logfile:
Code:
# AdwCleaner v2.304 - Rapport créé le 09/07/2013 à 18:43:06
# Mis à jour le 03/07/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Admin - PC01
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\Admin\Desktop\adwcleaner.exe
# Option [Recherche]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Program Files (x86)\HDvidCodec.com
Dossier Présent : C:\Program Files (x86)\Plus-HD-2.2
Dossier Présent : C:\ProgramData\Babylon
Dossier Présent : C:\Users\Admin\AppData\Roaming\BabSolution
Dossier Présent : C:\Users\Admin\AppData\Roaming\Babylon
Dossier Présent : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\jetpack
Dossier Présent : C:\Users\Admin\AppData\Roaming\OpenCandy
Dossier Présent : C:\Users\Admin\AppData\Roaming\QuickStoresToolbar
Dossier Présent : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Fichier Présent : C:\END
Fichier Présent : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\bProtector_extensions.rdf
Fichier Présent : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\extensions\hdvc@hdvc.com.xpi
Fichier Présent : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\searchplugins\Babylon.xml
Fichier Présent : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\searchplugins\delta.xml
Fichier Présent : C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
Fichier Présent : C:\Windows\Tasks\Plus-HD-2.2-enabler.job
Fichier Présent : C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
Fichier Présent : C:\Windows\Tasks\Plus-HD-2.2-updater.job

***** [Registre] *****

Clé Présente : HKCU\Software\1ClickDownload
Clé Présente : HKCU\Software\AppDataLow\Software\Crossrider
Clé Présente : HKCU\Software\AppDataLow\Software\Plus-HD-2.2
Clé Présente : HKCU\Software\BabSolution
Clé Présente : HKCU\Software\Conduit
Clé Présente : HKCU\Software\DataMngr
Clé Présente : HKCU\Software\IM
Clé Présente : HKCU\Software\ImInstaller
Clé Présente : HKCU\Software\InstalledBrowserExtensions
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311301136}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311301136}
Clé Présente : HKCU\Software\WNLT
Clé Présente : HKCU\Software\YahooPartnerToolbar
Clé Présente : HKLM\Software\Babylon
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Clé Présente : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHO
Clé Présente : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHO.1
Clé Présente : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox
Clé Présente : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox.1
Clé Présente : HKLM\SOFTWARE\Classes\Prod.cap
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344304436}
Clé Présente : HKLM\Software\DataMngr
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311301136}
Clé Présente : HKLM\Software\Plus-HD-2.2
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311301136}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322302236}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550355305536}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311301136}
Clé Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.2
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355305536}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366306636}
Valeur Présente : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]

***** [Navigateurs] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v22.0 (fr)

Fichier : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\prefs.js

Présente : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Présente : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Présente : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Présente : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Présente : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Présente : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Présente : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Présente : user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.3303[...]
Présente : user_pref("extensions.delta.admin", false);
Présente : user_pref("extensions.delta.aflt", "babsst");
Présente : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Présente : user_pref("extensions.delta.autoRvrt", "false");
Présente : user_pref("extensions.delta.dfltLng", "fr");
Présente : user_pref("extensions.delta.excTlbr", false);
Présente : user_pref("extensions.delta.ffxUnstlRst", true);
Présente : user_pref("extensions.delta.id", "f4b920a10000000000000024819f1d68");
Présente : user_pref("extensions.delta.instlDay", "15872");
Présente : user_pref("extensions.delta.instlRef", "sst");
Présente : user_pref("extensions.delta.newTab", false);
Présente : user_pref("extensions.delta.prdct", "delta");
Présente : user_pref("extensions.delta.prtnrId", "delta");
Présente : user_pref("extensions.delta.rvrt", "false");
Présente : user_pref("extensions.delta.smplGrp", "none");
Présente : user_pref("extensions.delta.tlbrId", "base");
Présente : user_pref("extensions.delta.tlbrSrchUrl", "");
Présente : user_pref("extensions.delta.vrsn", "1.8.21.5");
Présente : user_pref("extensions.delta.vrsnTs", "1.8.21.515:25:42");
Présente : user_pref("extensions.delta.vrsni", "1.8.21.5");
Présente : user_pref("extensions.delta_i.babExt", "");
Présente : user_pref("extensions.delta_i.babTrack", "affID=121562&tt=120613_ndt");
Présente : user_pref("extensions.delta_i.srcExt", "ss");
Présente : user_pref("quickstores.toolbar.affid", "2002");
Présente : user_pref("quickstores.toolbar.guid", "{BC15F714-9D5D-3925-3991-A7CF926F6598}");
Présente : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.google.de/");
Présente : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?ptr=100&crg=3.1010000.10011&bar[...]

*************************

AdwCleaner[R1].txt - [7554 octets] - [09/07/2013 18:43:06]

########## EOF - C:\AdwCleaner[R1].txt - [7614 octets] ##########
--- --- ---

schrauber 09.07.2013 17:46
ja aber ich bekomm dauernd mail und muss hier reinschreiben dass ich nochmal ne Benachrichtigung bekomme ;)

schlumpf09 09.07.2013 18:18
Ich finde leider das Lösch log von adw nicht! Sorry soll ich noch einmal laufen lassen?

So hier ist das JRT txt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.2 (07.09.2013:1)
OS: Windows 7 Home Premium x64
Ran by Admin on 09/07/2013 at 18:55:59,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{33710C25-7719-45A1-9B5C-36E69C64166F}



~~~ FireFox

Successfully deleted: [File] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\hph5sjan.default\invalidprefs.js
Successfully deleted the following from C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\hph5sjan.default\prefs.js

user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.backgroundjs", "\n\n/****************************************************
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.internaldb.cache/d5baae4ef839769f8eb7e9f9d82d8a40_FR.value", "%22var%20ca
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.js", "\n\n /************************************************************
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regi
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.res
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jqu
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_91.code", "(function(e){var l=(function(){var N=0;var V=\"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"unde
user_pref("extensions.crossrider.bic", "13f0133d0bcff7f476ead1a800ccb16f");
Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\hph5sjan.default\minidumps [412 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/07/2013 at 19:00:25,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber 09.07.2013 18:22
frisches FRST log bitte :)

schlumpf09 09.07.2013 18:41
voilà!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.2 (07.09.2013:1)
OS: Windows 7 Home Premium x64
Ran by Admin on 09/07/2013 at 18:55:59,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Admin\appdata\local\{33710C25-7719-45A1-9B5C-36E69C64166F}



~~~ FireFox

Successfully deleted: [File] C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\hph5sjan.default\invalidprefs.js
Successfully deleted the following from C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\hph5sjan.default\prefs.js

user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.backgroundjs", "\n\n/****************************************************
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.internaldb.cache/d5baae4ef839769f8eb7e9f9d82d8a40_FR.value", "%22var%20ca
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.js", "\n\n /************************************************************
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],regi
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){va
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.res
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jqu
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_91.code", "(function(e){var l=(function(){var N=0;var V=\"
user_pref("extensions.a4fdacf00e9c44ad5b4cfbf9800f184f63685711674e04973936f860cd2a102a9com33036.33036.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"unde
user_pref("extensions.crossrider.bic", "13f0133d0bcff7f476ead1a800ccb16f");
Emptied folder: C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\hph5sjan.default\minidumps [412 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/07/2013 at 19:00:25,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013 01
Ran by Admin (administrator) on 09-07-2013 19:42:48
Running from C:\Users\Admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: French Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE [x]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: {40948ce1-f1fb-11de-a88d-0024819f1d68} - F:\NokiaPCIA_Autorun.exe
MountPoints2: {5ac33e38-8991-11df-999b-0024819f1d68} - "F:\WD SmartWare.exe" autoplay=true
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2008-07-08] (Analog Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [206448 2012-10-31] (Kaspersky Lab ZAO)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail-Adresse kostenlos, FreeMail, Nachrichten & Services
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\Admin\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\Admin\AppData\Local\Temp\f5tmp\InstallerControl.cab
DPF: HKLM-x32 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.extrafilm.fr/ImageUploader5.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\Admin\AppData\Local\Temp\f5tmp\urxshost.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\Admin\AppData\Local\Temp\f5tmp\urxhost.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default
FF Homepage: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Admin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
FF Extension: F5 Networks Host Plugin - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru

==================== Services (Whitelisted) =================

S4 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [109056 2008-05-28] (Andrea Electronics Corporation)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
S4 EFUploadSrv; C:\Extrafilm Designer FR\EFUploadSrv.exe [1716224 2009-07-09] (Textalk AB)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()

==================== Drivers (Whitelisted) ====================

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-07-12] (Lavasoft AB)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-09 19:06 - 2013-07-09 19:06 - 00000000 ____D C:\FRST
2013-07-09 19:00 - 2013-07-09 19:00 - 00004463 ____A C:\Users\Admin\Desktop\JRT.txt
2013-07-09 18:55 - 2013-07-09 18:55 - 00000000 ____D C:\Windows\ERUNT
2013-07-09 18:54 - 2013-07-09 18:54 - 00552389 ____A (Oleg N. Scherbakov) C:\Users\Admin\Desktop\JRT.exe
2013-07-09 18:45 - 2013-07-09 18:45 - 00007930 ____A C:\AdwCleaner[S1].txt
2013-07-09 18:43 - 2013-07-09 18:43 - 00007679 ____A C:\AdwCleaner[R1].txt
2013-07-09 18:42 - 2013-07-09 18:42 - 00650027 ____A C:\Users\Admin\Desktop\adwcleaner.exe
2013-07-09 18:24 - 2013-07-09 18:24 - 00023579 ____A C:\Users\Admin\Desktop\Addition.txt
2013-07-09 17:46 - 2013-07-09 17:46 - 01776221 ____A (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2013-07-09 17:07 - 2013-07-09 18:47 - 00000280 ____A C:\Windows\setupact.log
2013-07-09 17:07 - 2013-07-09 18:46 - 00001462 ____A C:\Windows\PFRO.log
2013-07-09 17:07 - 2013-07-09 17:07 - 00000000 ____A C:\Windows\setuperr.log
2013-07-09 16:54 - 2013-07-09 17:09 - 00000472 ____A C:\Users\Admin\Desktop\defogger_disable.log
2013-07-09 16:54 - 2013-07-09 16:54 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-07-09 16:49 - 2013-07-09 16:49 - 00050477 ____A C:\Users\Admin\Desktop\Defogger.exe
2013-07-09 16:47 - 2013-07-09 16:47 - 01062184 ____A C:\Users\Admin\Desktop\GMER Setup.exe
2013-07-09 16:47 - 2013-07-09 16:47 - 00656952 ____A C:\Users\Admin\Desktop\setup.exe
2013-07-09 16:45 - 2013-07-09 16:45 - 00602112 ____A (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2013-07-09 16:24 - 2013-07-09 16:24 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2013-07-03 08:25 - 2013-07-03 08:25 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenuEX
2013-07-02 22:41 - 2013-07-02 22:41 - 00000000 ____D C:\ProgramData\CanonIJ
2013-07-02 22:36 - 2013-07-02 22:36 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-07-02 22:36 - 2013-07-02 22:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Canon
2013-07-02 22:34 - 2013-07-09 16:24 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-07-02 22:33 - 2013-07-02 22:33 - 00002039 ____A C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2013-07-02 22:33 - 2013-07-02 22:33 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-07-02 22:33 - 2013-07-02 22:33 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-07-02 22:32 - 2013-07-02 22:32 - 00002336 ____A C:\Users\Public\Desktop\Canon CanoScan LiDE 110 Manuel en ligne.lnk
2013-07-02 22:32 - 2013-07-02 22:32 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-07-02 22:32 - 2013-07-02 22:32 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-02 22:32 - 2012-07-04 11:55 - 01354240 ____A (CANON INC.) C:\Windows\System32\CNQ2414C.dll
2013-07-02 22:32 - 2012-07-04 11:55 - 00112128 ____A (CANON INC.) C:\Windows\System32\CNQ2414I.dll
2013-07-02 22:32 - 2012-07-04 11:29 - 00106496 ____A (CANON INC.) C:\Windows\SysWOW64\CNQ2414U.dll
2013-07-02 22:32 - 2012-04-18 15:24 - 00103424 ____A (Canon Inc.) C:\Windows\System32\CNQ2414O.dll
2013-07-02 22:32 - 2010-12-17 14:49 - 00515072 ____A (CANON INC.) C:\Windows\System32\CNQ2414L.dll
2013-07-02 22:32 - 2010-12-17 14:49 - 00438272 ____A (CANON INC.) C:\Windows\SysWOW64\CNQ2414L.dll
2013-07-02 22:32 - 2010-03-19 10:04 - 00393256 ____A C:\Windows\SysWOW64\CNQ2414N.DAT
2013-07-02 22:32 - 2010-03-19 10:04 - 00393256 ____A C:\Windows\System32\CNQ2414N.DAT
2013-07-02 22:32 - 2010-03-11 09:57 - 00248320 ____A (CANON INC.) C:\Windows\System32\CNQ2414Y.dll
2013-07-02 22:32 - 2008-08-25 18:02 - 00017920 ____A (CANON INC.) C:\Windows\System32\CNHMCA6.dll
2013-07-02 22:32 - 2008-08-25 18:02 - 00015872 ____A (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2013-07-02 22:31 - 2013-07-02 22:33 - 00000000 ____D C:\Program Files (x86)\Canon
2013-07-02 08:51 - 2012-08-23 16:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-07-02 08:51 - 2012-08-23 16:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-07-02 08:51 - 2012-08-23 16:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-07-02 08:51 - 2012-08-23 15:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-07-02 08:51 - 2012-08-23 15:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-07-02 08:51 - 2012-08-23 15:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-07-02 08:51 - 2012-08-23 15:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-07-02 08:51 - 2012-08-23 15:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-07-02 08:51 - 2012-08-23 15:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-07-02 08:51 - 2012-08-23 15:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-07-02 08:51 - 2012-08-23 15:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-07-02 08:51 - 2012-08-23 15:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-07-02 08:51 - 2012-08-23 14:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-07-02 08:51 - 2012-08-23 13:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-07-02 08:51 - 2012-08-23 13:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-07-02 08:51 - 2012-08-23 13:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-07-02 08:51 - 2012-08-23 13:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-07-02 08:51 - 2012-08-23 12:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-07-02 08:51 - 2012-08-23 12:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-07-02 08:51 - 2012-08-23 12:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-07-02 08:51 - 2012-08-23 12:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-07-02 08:51 - 2012-08-23 11:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-07-02 08:51 - 2012-08-23 10:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-07-02 08:51 - 2012-08-23 10:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-07-02 08:50 - 2012-08-24 20:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-07-02 08:50 - 2012-08-24 20:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-07-02 08:50 - 2012-08-24 20:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-07-02 08:50 - 2012-08-24 20:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-07-02 08:50 - 2012-08-24 18:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-07-02 08:50 - 2012-08-24 18:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-07-02 08:50 - 2012-08-24 18:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-07-02 08:50 - 2012-05-04 13:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-07-02 08:50 - 2012-05-04 11:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-06-25 19:04 - 2013-06-25 19:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-25 19:04 - 2013-06-25 19:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-06-20 14:21 - 2013-06-20 14:21 - 00109296 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-18 11:27 - 2013-06-18 11:27 - 00002107 ____A C:\Users\Public\Desktop\Logiciel de caméra Web Logitech.lnk
2013-06-18 11:27 - 2013-06-18 11:27 - 00000000 ____D C:\Program Files\Logitech
2013-06-18 11:26 - 2013-06-23 22:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-06-18 11:25 - 2013-06-19 14:37 - 00000000 ____D C:\ProgramData\Skype
2013-06-18 11:25 - 2013-06-19 14:36 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-18 11:25 - 2013-06-18 11:27 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-06-18 11:25 - 2013-06-18 11:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-16 15:25 - 2013-06-16 15:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2013-06-16 15:25 - 2013-06-16 15:25 - 00001362 ____A C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-06-16 15:25 - 2013-06-16 15:25 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-06-15 20:01 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 20:01 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 20:01 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 20:01 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 20:01 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 20:01 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 20:01 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 20:01 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 20:01 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 20:01 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 20:01 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 20:01 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 20:02 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 20:02 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 20:02 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 20:02 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 20:02 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 20:02 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 11:08 - 2013-06-12 11:08 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-12 11:07 - 2013-06-12 11:08 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 11:07 - 2013-06-12 11:08 - 00000000 ____D C:\Program Files\iTunes
2013-06-12 11:07 - 2013-06-12 11:07 - 00000000 ____D C:\Program Files\iPod
2013-06-12 09:42 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:42 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:42 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:42 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:42 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 09:42 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 09:42 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 09:42 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:42 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 09:42 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 09:42 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 09:42 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 09:42 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 09:42 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 09:42 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 09:42 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 09:42 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 09:42 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 09:42 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-09 19:26 - 2011-05-21 14:56 - 00001066 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-09 19:17 - 2012-05-13 14:55 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-09 19:06 - 2013-07-09 19:06 - 00000000 ____D C:\FRST
2013-07-09 19:04 - 2013-03-06 12:00 - 01327412 ____A C:\Windows\WindowsUpdate.log
2013-07-09 19:04 - 2012-05-11 10:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-09 19:00 - 2013-07-09 19:00 - 00004463 ____A C:\Users\Admin\Desktop\JRT.txt
2013-07-09 18:55 - 2013-07-09 18:55 - 00000000 ____D C:\Windows\ERUNT
2013-07-09 18:54 - 2013-07-09 18:54 - 00552389 ____A (Oleg N. Scherbakov) C:\Users\Admin\Desktop\JRT.exe
2013-07-09 18:54 - 2009-07-14 06:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-09 18:54 - 2009-07-14 06:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-09 18:49 - 2011-05-21 14:56 - 00001062 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-09 18:47 - 2013-07-09 17:07 - 00000280 ____A C:\Windows\setupact.log
2013-07-09 18:47 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 18:46 - 2013-07-09 17:07 - 00001462 ____A C:\Windows\PFRO.log
2013-07-09 18:45 - 2013-07-09 18:45 - 00007930 ____A C:\AdwCleaner[S1].txt
2013-07-09 18:43 - 2013-07-09 18:43 - 00007679 ____A C:\AdwCleaner[R1].txt
2013-07-09 18:42 - 2013-07-09 18:42 - 00650027 ____A C:\Users\Admin\Desktop\adwcleaner.exe
2013-07-09 18:24 - 2013-07-09 18:24 - 00023579 ____A C:\Users\Admin\Desktop\Addition.txt
2013-07-09 17:46 - 2013-07-09 17:46 - 01776221 ____A (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2013-07-09 17:46 - 2009-07-14 17:24 - 00707220 ____A C:\Windows\System32\perfh00C.dat
2013-07-09 17:46 - 2009-07-14 17:24 - 00131648 ____A C:\Windows\System32\perfc00C.dat
2013-07-09 17:46 - 2009-07-14 07:13 - 01557714 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-09 17:09 - 2013-07-09 16:54 - 00000472 ____A C:\Users\Admin\Desktop\defogger_disable.log
2013-07-09 17:07 - 2013-07-09 17:07 - 00000000 ____A C:\Windows\setuperr.log
2013-07-09 16:54 - 2013-07-09 16:54 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-07-09 16:54 - 2009-08-30 17:15 - 00000000 ____D C:\users\Admin
2013-07-09 16:49 - 2013-07-09 16:49 - 00050477 ____A C:\Users\Admin\Desktop\Defogger.exe
2013-07-09 16:47 - 2013-07-09 16:47 - 01062184 ____A C:\Users\Admin\Desktop\GMER Setup.exe
2013-07-09 16:47 - 2013-07-09 16:47 - 00656952 ____A C:\Users\Admin\Desktop\setup.exe
2013-07-09 16:45 - 2013-07-09 16:45 - 00602112 ____A (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2013-07-09 16:24 - 2013-07-09 16:24 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2013-07-09 16:24 - 2013-07-02 22:34 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-07-09 08:16 - 2009-10-03 22:27 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-07-09 08:15 - 2012-05-12 16:16 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-09 08:15 - 2011-05-20 22:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-03 08:54 - 2013-02-06 12:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 08:25 - 2013-07-03 08:25 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenuEX
2013-07-02 22:41 - 2013-07-02 22:41 - 00000000 ____D C:\ProgramData\CanonIJ
2013-07-02 22:36 - 2013-07-02 22:36 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-07-02 22:36 - 2013-07-02 22:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Canon
2013-07-02 22:35 - 2009-07-14 05:20 - 00000000 __RSD C:\Windows\Media
2013-07-02 22:33 - 2013-07-02 22:33 - 00002039 ____A C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2013-07-02 22:33 - 2013-07-02 22:33 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-07-02 22:33 - 2013-07-02 22:33 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-07-02 22:33 - 2013-07-02 22:31 - 00000000 ____D C:\Program Files (x86)\Canon
2013-07-02 22:32 - 2013-07-02 22:32 - 00002336 ____A C:\Users\Public\Desktop\Canon CanoScan LiDE 110 Manuel en ligne.lnk
2013-07-02 22:32 - 2013-07-02 22:32 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-07-02 22:32 - 2013-07-02 22:32 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-02 21:45 - 2010-12-05 15:11 - 00000290 _RASH C:\ProgramData\ntuser.pol
2013-07-02 09:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-02 09:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-25 19:04 - 2013-06-25 19:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-25 19:04 - 2013-06-25 19:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-06-24 08:46 - 2010-04-24 10:14 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2013-06-23 22:01 - 2013-06-18 11:26 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-06-20 14:21 - 2013-06-20 14:21 - 00109296 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-20 14:19 - 2010-01-16 11:04 - 00000000 ____D C:\Windows\pss
2013-06-19 14:37 - 2013-06-18 11:25 - 00000000 ____D C:\ProgramData\Skype
2013-06-19 14:36 - 2013-06-18 11:25 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-18 11:28 - 2010-04-24 10:16 - 00000000 ____D C:\Users\Admin\AppData\Local\LogiShrd
2013-06-18 11:27 - 2013-06-18 11:27 - 00002107 ____A C:\Users\Public\Desktop\Logiciel de caméra Web Logitech.lnk
2013-06-18 11:27 - 2013-06-18 11:27 - 00000000 ____D C:\Program Files\Logitech
2013-06-18 11:27 - 2013-06-18 11:25 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-06-18 11:27 - 2010-04-24 10:16 - 00000000 ____D C:\ProgramData\LogiShrd
2013-06-18 11:25 - 2013-06-18 11:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-18 11:25 - 2010-04-24 10:14 - 00023192 ____A C:\Windows\System32\lvcoinst.log
2013-06-16 15:27 - 2013-06-16 15:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2013-06-16 15:25 - 2013-06-16 15:25 - 00001362 ____A C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-06-16 15:25 - 2013-06-16 15:25 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-06-15 20:29 - 2009-09-13 17:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2013-06-12 20:04 - 2009-08-30 15:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 20:02 - 2009-10-24 08:26 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 11:08 - 2013-06-12 11:08 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-12 11:08 - 2013-06-12 11:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 11:08 - 2013-06-12 11:07 - 00000000 ____D C:\Program Files\iTunes
2013-06-12 11:08 - 2013-02-23 18:15 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-12 11:07 - 2013-06-12 11:07 - 00000000 ____D C:\Program Files\iPod
2013-06-12 10:24 - 2009-08-30 13:01 - 00000000 ____D C:\Program Files\Common Files\Apple

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-04 21:13

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Hab ich etwas vergessen?

schrauber 09.07.2013 19:43

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte. Noch Probleme? :)

schlumpf09 09.07.2013 22:19
Hallo Schrauber,

vielen Dank erst einmal für deine Superhilfe leider bin ich etwas in Verzug geraten zudem habe ich einen Fehler gemacht beim Einsatz von ESET, die gefundenen Einträge wurden gelöscht und ich kann leider unter dem angegebenen Pfad kein Log finden....
:headbang:
Das ist das einzige was ich leider habe!
C:\Users\Admin\Desktop\GMER Setup.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined
D:\Computer\download\EazelCompressor_3.0.exe Win32/Adware.Lollipop.G application cleaned by deleting - quarantined

Bei security check bekomme ich leider nur diese Meldung:
UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2013 01
Ran by Admin (administrator) on 09-07-2013 23:16:58
Running from C:\Users\Admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: French Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - KHALMNPR.EXE [x]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {40948ce1-f1fb-11de-a88d-0024819f1d68} - F:\NokiaPCIA_Autorun.exe
MountPoints2: {5ac33e38-8991-11df-999b-0024819f1d68} - "F:\WD SmartWare.exe" autoplay=true
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2008-07-08] (Analog Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-14] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [206448 2012-10-31] (Kaspersky Lab ZAO)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://fr.msn.com/?ocid=iehp
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\Admin\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\Admin\AppData\Local\Temp\f5tmp\InstallerControl.cab
DPF: HKLM-x32 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.extrafilm.fr/ImageUploader5.cab
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\Admin\AppData\Local\Temp\f5tmp\urxshost.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\Admin\AppData\Local\Temp\f5tmp\urxhost.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.6.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.6.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Admin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
FF Extension: F5 Networks Host Plugin - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}
FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hph5sjan.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF Extension: Kaspersky Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru

==================== Services (Whitelisted) =================

S4 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [109056 2008-05-28] (Andrea Electronics Corporation)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
S4 EFUploadSrv; C:\Extrafilm Designer FR\EFUploadSrv.exe [1716224 2009-07-09] (Textalk AB)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()

==================== Drivers (Whitelisted) ====================

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2010-07-12] (Lavasoft AB)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-09 21:07 - 2013-07-09 21:07 - 02347384 ____A (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
2013-07-09 21:07 - 2013-07-09 21:07 - 00890988 ____A C:\Users\Admin\Desktop\SecurityCheck.exe
2013-07-09 19:06 - 2013-07-09 19:06 - 00000000 ____D C:\FRST
2013-07-09 18:55 - 2013-07-09 18:55 - 00000000 ____D C:\Windows\ERUNT
2013-07-09 18:54 - 2013-07-09 18:54 - 00552389 ____A (Oleg N. Scherbakov) C:\Users\Admin\Desktop\JRT.exe
2013-07-09 18:45 - 2013-07-09 18:45 - 00007930 ____A C:\AdwCleaner[S1].txt
2013-07-09 18:43 - 2013-07-09 18:43 - 00007679 ____A C:\AdwCleaner[R1].txt
2013-07-09 18:42 - 2013-07-09 18:42 - 00650027 ____A C:\Users\Admin\Desktop\adwcleaner.exe
2013-07-09 17:46 - 2013-07-09 17:46 - 01776221 ____A (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2013-07-09 17:07 - 2013-07-09 18:47 - 00000280 ____A C:\Windows\setupact.log
2013-07-09 17:07 - 2013-07-09 18:46 - 00001462 ____A C:\Windows\PFRO.log
2013-07-09 17:07 - 2013-07-09 17:07 - 00000000 ____A C:\Windows\setuperr.log
2013-07-09 16:54 - 2013-07-09 17:09 - 00000472 ____A C:\Users\Admin\Desktop\defogger_disable.log
2013-07-09 16:54 - 2013-07-09 16:54 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-07-09 16:49 - 2013-07-09 16:49 - 00050477 ____A C:\Users\Admin\Desktop\Defogger.exe
2013-07-09 16:47 - 2013-07-09 16:47 - 00656952 ____A C:\Users\Admin\Desktop\setup.exe
2013-07-09 16:45 - 2013-07-09 16:45 - 00602112 ____A (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2013-07-09 16:24 - 2013-07-09 16:24 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2013-07-03 08:25 - 2013-07-03 08:25 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenuEX
2013-07-02 22:41 - 2013-07-02 22:41 - 00000000 ____D C:\ProgramData\CanonIJ
2013-07-02 22:36 - 2013-07-02 22:36 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-07-02 22:36 - 2013-07-02 22:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Canon
2013-07-02 22:34 - 2013-07-09 16:24 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-07-02 22:33 - 2013-07-02 22:33 - 00002039 ____A C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2013-07-02 22:33 - 2013-07-02 22:33 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-07-02 22:33 - 2013-07-02 22:33 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-07-02 22:32 - 2013-07-02 22:32 - 00002336 ____A C:\Users\Public\Desktop\Canon CanoScan LiDE 110 Manuel en ligne.lnk
2013-07-02 22:32 - 2013-07-02 22:32 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-07-02 22:32 - 2013-07-02 22:32 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-02 22:32 - 2012-07-04 11:55 - 01354240 ____A (CANON INC.) C:\Windows\System32\CNQ2414C.dll
2013-07-02 22:32 - 2012-07-04 11:55 - 00112128 ____A (CANON INC.) C:\Windows\System32\CNQ2414I.dll
2013-07-02 22:32 - 2012-07-04 11:29 - 00106496 ____A (CANON INC.) C:\Windows\SysWOW64\CNQ2414U.dll
2013-07-02 22:32 - 2012-04-18 15:24 - 00103424 ____A (Canon Inc.) C:\Windows\System32\CNQ2414O.dll
2013-07-02 22:32 - 2010-12-17 14:49 - 00515072 ____A (CANON INC.) C:\Windows\System32\CNQ2414L.dll
2013-07-02 22:32 - 2010-12-17 14:49 - 00438272 ____A (CANON INC.) C:\Windows\SysWOW64\CNQ2414L.dll
2013-07-02 22:32 - 2010-03-19 10:04 - 00393256 ____A C:\Windows\SysWOW64\CNQ2414N.DAT
2013-07-02 22:32 - 2010-03-19 10:04 - 00393256 ____A C:\Windows\System32\CNQ2414N.DAT
2013-07-02 22:32 - 2010-03-11 09:57 - 00248320 ____A (CANON INC.) C:\Windows\System32\CNQ2414Y.dll
2013-07-02 22:32 - 2008-08-25 18:02 - 00017920 ____A (CANON INC.) C:\Windows\System32\CNHMCA6.dll
2013-07-02 22:32 - 2008-08-25 18:02 - 00015872 ____A (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2013-07-02 22:31 - 2013-07-02 22:33 - 00000000 ____D C:\Program Files (x86)\Canon
2013-07-02 08:51 - 2012-08-23 16:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-07-02 08:51 - 2012-08-23 16:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-07-02 08:51 - 2012-08-23 16:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-07-02 08:51 - 2012-08-23 15:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-07-02 08:51 - 2012-08-23 15:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-07-02 08:51 - 2012-08-23 15:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-07-02 08:51 - 2012-08-23 15:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-07-02 08:51 - 2012-08-23 15:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-07-02 08:51 - 2012-08-23 15:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-07-02 08:51 - 2012-08-23 15:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-07-02 08:51 - 2012-08-23 15:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-07-02 08:51 - 2012-08-23 15:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-07-02 08:51 - 2012-08-23 14:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-07-02 08:51 - 2012-08-23 13:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-07-02 08:51 - 2012-08-23 13:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-07-02 08:51 - 2012-08-23 13:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-07-02 08:51 - 2012-08-23 13:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-07-02 08:51 - 2012-08-23 12:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-07-02 08:51 - 2012-08-23 12:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-07-02 08:51 - 2012-08-23 12:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-07-02 08:51 - 2012-08-23 12:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-07-02 08:51 - 2012-08-23 11:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-07-02 08:51 - 2012-08-23 10:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-07-02 08:51 - 2012-08-23 10:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-07-02 08:50 - 2012-08-24 20:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-07-02 08:50 - 2012-08-24 20:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-07-02 08:50 - 2012-08-24 20:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-07-02 08:50 - 2012-08-24 20:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-07-02 08:50 - 2012-08-24 18:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-07-02 08:50 - 2012-08-24 18:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-07-02 08:50 - 2012-08-24 18:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-07-02 08:50 - 2012-05-04 13:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-07-02 08:50 - 2012-05-04 11:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-06-25 19:04 - 2013-06-25 19:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-25 19:04 - 2013-06-25 19:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-06-20 14:21 - 2013-06-20 14:21 - 00109296 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-18 11:27 - 2013-06-18 11:27 - 00002107 ____A C:\Users\Public\Desktop\Logiciel de caméra Web Logitech.lnk
2013-06-18 11:27 - 2013-06-18 11:27 - 00000000 ____D C:\Program Files\Logitech
2013-06-18 11:26 - 2013-06-23 22:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-06-18 11:25 - 2013-06-19 14:37 - 00000000 ____D C:\ProgramData\Skype
2013-06-18 11:25 - 2013-06-19 14:36 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-18 11:25 - 2013-06-18 11:27 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-06-18 11:25 - 2013-06-18 11:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-16 15:25 - 2013-06-16 15:27 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2013-06-16 15:25 - 2013-06-16 15:25 - 00001362 ____A C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-06-16 15:25 - 2013-06-16 15:25 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-06-15 20:01 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 20:01 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 20:01 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 20:01 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 20:01 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 20:01 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 20:01 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 20:01 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 20:01 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 20:01 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 20:01 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 20:01 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 20:02 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 20:02 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 20:02 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 20:02 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 20:02 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 20:02 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 20:02 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 20:02 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 11:08 - 2013-06-12 11:08 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-12 11:07 - 2013-06-12 11:08 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 11:07 - 2013-06-12 11:08 - 00000000 ____D C:\Program Files\iTunes
2013-06-12 11:07 - 2013-06-12 11:07 - 00000000 ____D C:\Program Files\iPod
2013-06-12 09:42 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 09:42 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 09:42 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 09:42 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 09:42 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 09:42 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 09:42 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 09:42 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 09:42 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 09:42 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 09:42 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 09:42 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 09:42 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 09:42 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 09:42 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 09:42 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 09:42 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 09:42 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 09:42 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

==================== One Month Modified Files and Folders =======

2013-07-09 23:17 - 2012-05-13 14:55 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-09 22:27 - 2012-05-11 10:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-09 22:26 - 2011-05-21 14:56 - 00001066 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-09 21:17 - 2013-03-06 12:00 - 01327776 ____A C:\Windows\WindowsUpdate.log
2013-07-09 21:16 - 2009-07-14 17:24 - 00707220 ____A C:\Windows\System32\perfh00C.dat
2013-07-09 21:16 - 2009-07-14 17:24 - 00131648 ____A C:\Windows\System32\perfc00C.dat
2013-07-09 21:16 - 2009-07-14 07:13 - 01557714 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-09 21:07 - 2013-07-09 21:07 - 02347384 ____A (ESET) C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
2013-07-09 21:07 - 2013-07-09 21:07 - 00890988 ____A C:\Users\Admin\Desktop\SecurityCheck.exe
2013-07-09 19:06 - 2013-07-09 19:06 - 00000000 ____D C:\FRST
2013-07-09 18:55 - 2013-07-09 18:55 - 00000000 ____D C:\Windows\ERUNT
2013-07-09 18:54 - 2013-07-09 18:54 - 00552389 ____A (Oleg N. Scherbakov) C:\Users\Admin\Desktop\JRT.exe
2013-07-09 18:54 - 2009-07-14 06:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-09 18:54 - 2009-07-14 06:45 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-09 18:49 - 2011-05-21 14:56 - 00001062 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-09 18:47 - 2013-07-09 17:07 - 00000280 ____A C:\Windows\setupact.log
2013-07-09 18:47 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-09 18:46 - 2013-07-09 17:07 - 00001462 ____A C:\Windows\PFRO.log
2013-07-09 18:45 - 2013-07-09 18:45 - 00007930 ____A C:\AdwCleaner[S1].txt
2013-07-09 18:43 - 2013-07-09 18:43 - 00007679 ____A C:\AdwCleaner[R1].txt
2013-07-09 18:42 - 2013-07-09 18:42 - 00650027 ____A C:\Users\Admin\Desktop\adwcleaner.exe
2013-07-09 17:46 - 2013-07-09 17:46 - 01776221 ____A (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2013-07-09 17:09 - 2013-07-09 16:54 - 00000472 ____A C:\Users\Admin\Desktop\defogger_disable.log
2013-07-09 17:07 - 2013-07-09 17:07 - 00000000 ____A C:\Windows\setuperr.log
2013-07-09 16:54 - 2013-07-09 16:54 - 00000000 ____A C:\Users\Admin\defogger_reenable
2013-07-09 16:54 - 2009-08-30 17:15 - 00000000 ____D C:\users\Admin
2013-07-09 16:49 - 2013-07-09 16:49 - 00050477 ____A C:\Users\Admin\Desktop\Defogger.exe
2013-07-09 16:47 - 2013-07-09 16:47 - 00656952 ____A C:\Users\Admin\Desktop\setup.exe
2013-07-09 16:45 - 2013-07-09 16:45 - 00602112 ____A (OldTimer Tools) C:\Users\Admin\Desktop\OTL.exe
2013-07-09 16:24 - 2013-07-09 16:24 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2013-07-09 16:24 - 2013-07-02 22:34 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-07-09 08:16 - 2009-10-03 22:27 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2013-07-09 08:15 - 2012-05-12 16:16 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-09 08:15 - 2011-05-20 22:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-03 08:54 - 2013-02-06 12:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 08:25 - 2013-07-03 08:25 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenuEX
2013-07-02 22:41 - 2013-07-02 22:41 - 00000000 ____D C:\ProgramData\CanonIJ
2013-07-02 22:36 - 2013-07-02 22:36 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-07-02 22:36 - 2013-07-02 22:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Canon
2013-07-02 22:35 - 2009-07-14 05:20 - 00000000 __RSD C:\Windows\Media
2013-07-02 22:33 - 2013-07-02 22:33 - 00002039 ____A C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2013-07-02 22:33 - 2013-07-02 22:33 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-07-02 22:33 - 2013-07-02 22:33 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-07-02 22:33 - 2013-07-02 22:31 - 00000000 ____D C:\Program Files (x86)\Canon
2013-07-02 22:32 - 2013-07-02 22:32 - 00002336 ____A C:\Users\Public\Desktop\Canon CanoScan LiDE 110 Manuel en ligne.lnk
2013-07-02 22:32 - 2013-07-02 22:32 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-07-02 22:32 - 2013-07-02 22:32 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-02 21:45 - 2010-12-05 15:11 - 00000290 _RASH C:\ProgramData\ntuser.pol
2013-07-02 09:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-02 09:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-25 19:04 - 2013-06-25 19:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-06-25 19:04 - 2013-06-25 19:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-06-24 08:46 - 2010-04-24 10:14 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2013-06-23 22:01 - 2013-06-18 11:26 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2013-06-20 14:21 - 2013-06-20 14:21 - 00109296 ____A C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-20 14:19 - 2010-01-16 11:04 - 00000000 ____D C:\Windows\pss
2013-06-19 14:37 - 2013-06-18 11:25 - 00000000 ____D C:\ProgramData\Skype
2013-06-19 14:36 - 2013-06-18 11:25 - 00002517 ____A C:\Users\Public\Desktop\Skype.lnk
2013-06-18 11:28 - 2010-04-24 10:16 - 00000000 ____D C:\Users\Admin\AppData\Local\LogiShrd
2013-06-18 11:27 - 2013-06-18 11:27 - 00002107 ____A C:\Users\Public\Desktop\Logiciel de caméra Web Logitech.lnk
2013-06-18 11:27 - 2013-06-18 11:27 - 00000000 ____D C:\Program Files\Logitech
2013-06-18 11:27 - 2013-06-18 11:25 - 00000000 ____D C:\Program Files\Common Files\logishrd
2013-06-18 11:27 - 2010-04-24 10:16 - 00000000 ____D C:\ProgramData\LogiShrd
2013-06-18 11:25 - 2013-06-18 11:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-18 11:25 - 2010-04-24 10:14 - 00023192 ____A C:\Windows\System32\lvcoinst.log
2013-06-16 15:27 - 2013-06-16 15:25 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DVDVideoSoft
2013-06-16 15:25 - 2013-06-16 15:25 - 00001362 ____A C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-06-16 15:25 - 2013-06-16 15:25 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-06-15 20:29 - 2009-09-13 17:57 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Apple Computer
2013-06-12 20:04 - 2009-08-30 15:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 20:02 - 2009-10-24 08:26 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 11:08 - 2013-06-12 11:08 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-12 11:08 - 2013-06-12 11:07 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-12 11:08 - 2013-06-12 11:07 - 00000000 ____D C:\Program Files\iTunes
2013-06-12 11:08 - 2013-02-23 18:15 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-12 11:07 - 2013-06-12 11:07 - 00000000 ____D C:\Program Files\iPod
2013-06-12 10:24 - 2009-08-30 13:01 - 00000000 ____D C:\Program Files\Common Files\Apple

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-04 21:13

==================== End Of Log ============================
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:19 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131