Frst text
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-12-2013 03
Ran by Tschimi (administrator) on TSCHIMI-PC on 12-12-2013 22:44:46
Running from C:\Users\Tschimi\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
() C:\Users\Tschimi\Downloads\qifna897.exe
(Doctor Web, Ltd.) C:\Users\Tschimi\AppData\Local\Temp\39A60BEC-DF049CA4-69FE9A40-7137DF38\qp1lakvl.exe
() C:\Users\Tschimi\AppData\Local\Temp\39A60BEC-DF049CA4-69FE9A40-7137DF38\chk0och8.exe
(Doctor Web, Ltd.) C:\Users\Tschimi\AppData\Local\Temp\39A60BEC-DF049CA4-69FE9A40-7137DF38\clbxuofn.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-01-10] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKCU\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1315144 2013-09-04] (Apple Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [6604568 2013-12-12] (SUPERAntiSpyware)
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-18] (Egis Technology Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\avastui.exe [3567800 2013-10-19] (AVAST Software)
HKLM-x32\...\Run: [PSUAMain] - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-10-19] (Panda Security, S.L.)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\36cc26cf-46ee-4b81-acdc-b94d3998ef54.exe [180184 2013-11-23] (AVAST Software)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
Startup: C:\Users\Tschimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Users\Tschimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm070^YYA^de&si=flvrunner&ptb=B680EDDB-2DDF-4BC4-8AE7-E9CB3969B73F&ind=2013093009&n=77fd5c91&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm070^YYA^de&si=flvrunner&ptb=B680EDDB-2DDF-4BC4-8AE7-E9CB3969B73F&ind=2013093009&n=77fd5c91&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} - No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} - No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{07205666-71C5-4EBE-86F6-6B13C1D799DC}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{60B0444B-4556-406B-B46E-BA6277B16799}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{79D44384-75CE-4942-A35C-8D77E962D8D8}: [NameServer]8.8.8.8 8.8.4.4
FireFox:
========
FF ProfilePath: C:\Users\Tschimi\AppData\Roaming\Mozilla\Firefox\Profiles\swek54pd.default
FF NewTab: about:blank
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.bild.de/
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=mkg030&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\Tschimi\AppData\Roaming\Mozilla\Firefox\Profiles\swek54pd.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: DownloadHelper - C:\Users\Tschimi\AppData\Roaming\Mozilla\Firefox\Profiles\swek54pd.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: fasterfox - C:\Users\Tschimi\AppData\Roaming\Mozilla\Firefox\Profiles\swek54pd.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
FF Extension: Adblock Plus - C:\Users\Tschimi\AppData\Roaming\Mozilla\Firefox\Profiles\swek54pd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
==================== Services (Whitelisted) =================
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-25] (Adobe Systems)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-18] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-10-03] (Panda Security, S.L.)
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-10-19] (Panda Security, S.L.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [x]
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-10-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-10-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-10-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-08] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-10-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-18] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2013-12-12] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [91368 2013-05-29] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [122088 2013-05-29] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109288 2013-05-29] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [114920 2013-05-29] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95464 2013-05-29] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69864 2013-05-29] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [119016 2013-05-29] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [305896 2013-05-29] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [118504 2013-05-29] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [114920 2013-05-29] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [246504 2013-05-29] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106216 2013-05-29] (Panda Security, S.L.)
S3 PDNMp50; C:\Windows\SysWow64\drivers\PDNMp50.sys [28224 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PDNSp50; C:\Windows\SysWow64\drivers\PDNSp50.sys [27072 2006-11-28] (Printing Communications Assoc., Inc. (PCAUSA))
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [169192 2013-10-17] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [122600 2013-10-11] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [206056 2013-10-11] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124648 2013-10-11] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [137960 2013-10-11] (Panda Security, S.L.)
S3 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [105704 2013-10-11] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58808 2013-04-29] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-12-03] ()
S3 VReadMemDriver; C:\Windows\SysWow64\drivers\vreadmem.sys [3189 2013-12-12] (MicroWorld Technologies Inc.)
S3 iSafeKrnl; \??\C:\Program Files (x86)\iSafe\iSafeKrnl.sys [x]
R1 iSafeNetFilter; \??\C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [x]
U3 axlirfow; \??\C:\Users\Tschimi\AppData\Local\Temp\axlirfow.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-12 22:44 - 2013-12-12 22:46 - 00020452 _____ C:\Users\Tschimi\Downloads\FRST.txt
2013-12-12 22:44 - 2013-12-12 22:44 - 00000000 ____D C:\FRST
2013-12-12 22:42 - 2013-12-12 22:44 - 01927274 _____ (Farbar) C:\Users\Tschimi\Downloads\FRST64.exe
2013-12-12 21:56 - 2013-12-12 22:33 - 00000000 ____D C:\Users\Tschimi\Doctor Web
2013-12-12 21:56 - 2013-12-12 21:58 - 00000000 ____D C:\ProgramData\Doctor Web
2013-12-12 21:33 - 2013-12-12 21:55 - 137994000 _____ C:\Users\Tschimi\Downloads\qifna897.exe
2013-12-12 21:30 - 2013-12-12 21:30 - 00842992 _____ C:\Users\Tschimi\Downloads\drweb-900-win.exe.part
2013-12-12 21:29 - 2013-12-12 21:29 - 00142368 _____ C:\Users\Tschimi\Downloads\drweb-700-win-space.exe.part
2013-12-12 20:06 - 2013-12-12 20:06 - 23282905 _____ C:\Users\Tschimi\Downloads\BootkitRemoval.zip
2013-12-12 20:06 - 2013-02-19 10:56 - 19443328 _____ (Bitdefender LLC) C:\Users\Tschimi\Downloads\BootkitRemoval_x64.exe
2013-12-12 20:06 - 2013-02-19 10:56 - 07241648 _____ (Bitdefender LLC) C:\Users\Tschimi\Downloads\BootkitRemoval_x86.exe
2013-12-12 20:01 - 2013-12-12 20:01 - 00377856 _____ C:\Users\Tschimi\Downloads\gmer_2.1.19163.exe
2013-12-12 19:47 - 2013-12-12 19:47 - 00000000 ____D C:\Users\Tschimi\AppData\Roaming\iSafe
2013-12-12 19:44 - 2013-12-12 19:44 - 01347258 _____ C:\Users\Tschimi\Downloads\cureit.exe.part
2013-12-12 19:40 - 2013-12-12 19:42 - 04631756 _____ (Safety Peak ) C:\Users\Tschimi\Downloads\SafetyPeakAntimalware.exe.part
2013-12-12 19:29 - 2013-12-12 19:29 - 00271198 _____ C:\Users\Tschimi\Documents\pinfect.zip
2013-12-12 19:29 - 2013-12-12 19:29 - 00003189 ____R (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\Drivers\vreadmem.sys
2013-12-12 19:27 - 2013-12-12 19:27 - 00000028 _____ C:\Windows\Lic.xxx
2013-12-12 19:27 - 2013-12-12 19:27 - 00000000 ____D C:\Windows\SysWOW64\runouce.exe
2013-12-12 19:27 - 2013-12-12 19:27 - 00000000 ____D C:\Windows\rundll16.exe
2013-12-12 19:27 - 2013-12-12 19:27 - 00000000 ____D C:\Windows\logo_1.exe
2013-12-12 19:26 - 2013-12-12 19:26 - 00003132 _____ C:\Windows\System32\Tasks\{B8A0F681-E681-4FC2-9FB7-6F4DD5F3694C}
2013-12-12 19:18 - 2013-12-12 19:18 - 00632064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2013-12-12 19:18 - 2013-12-12 19:18 - 00554240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll
2013-12-12 19:18 - 2013-12-12 19:18 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe
2013-12-12 19:18 - 2013-12-12 19:18 - 00000000 ____D C:\ProgramData\MicroWorld
2013-12-12 19:18 - 2005-09-22 23:22 - 00000522 _____ C:\Windows\SysWOW64\Microsoft.VC80.CRT.manifest
2013-12-12 19:14 - 2013-12-12 19:17 - 99334664 _____ C:\Users\Tschimi\Downloads\mwav.exe
2013-12-12 18:29 - 2013-12-12 18:29 - 00011277 _____ C:\Users\Tschimi\Desktop\hijackthis.log
2013-12-12 18:17 - 2013-12-12 18:17 - 00891200 _____ C:\Users\Tschimi\Downloads\SecurityCheck.exe
2013-12-12 18:14 - 2013-12-12 18:14 - 00688992 ____R (Swearware) C:\Users\Tschimi\Downloads\dds.scr
2013-12-12 18:01 - 2013-12-12 18:01 - 00000000 ____D C:\Windows\system32\log
2013-12-12 18:01 - 2013-12-12 18:01 - 00000000 ____D C:\Users\Tschimi\AppData\Roaming\eCyber
2013-12-12 18:00 - 2013-12-12 18:00 - 05841392 _____ (Elex do Brasil Participa??es Ltda) C:\Users\Tschimi\Downloads\yet_another_cleaner.exe
2013-12-12 17:55 - 2013-11-18 06:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Tschimi\Desktop\TDSSKiller.exe
2013-12-12 17:54 - 2013-12-12 18:16 - 00000636 _____ C:\Users\Tschimi\Downloads\Stinger_12122013_175452.html
2013-12-12 17:53 - 2013-12-12 17:53 - 04101441 _____ C:\Users\Tschimi\Downloads\tdsskiller.zip
2013-12-12 17:52 - 2013-11-18 06:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Tschimi\Downloads\TDSSKiller.exe
2013-12-12 17:28 - 2013-12-12 17:29 - 11328032 _____ (McAfee Inc) C:\Users\Tschimi\Downloads\stinger64.exe
2013-12-12 05:54 - 2013-12-12 19:49 - 00003414 _____ C:\Windows\PFRO.log
2013-12-12 05:54 - 2013-12-12 17:50 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-12-11 22:36 - 2013-12-11 22:37 - 00000000 ____D C:\Users\Tschimi\AppData\Roaming\Rainmeter
2013-12-11 22:36 - 2013-12-11 22:36 - 00000000 ____D C:\Users\Tschimi\Documents\Rainmeter
2013-12-11 22:36 - 2013-12-11 22:36 - 00000000 ____D C:\Program Files\Rainmeter
2013-12-11 22:35 - 2013-12-11 22:36 - 02228376 _____ C:\Users\Tschimi\Downloads\Rainmeter-3.0.2.exe
2013-12-11 21:37 - 2013-12-12 21:37 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7eeeae37-77bb-4252-95ad-987e8a630a9d.job
2013-12-11 21:37 - 2013-12-12 05:54 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 41c37281-dba0-4f3f-bcc1-8c21c1355666.job
2013-12-11 21:37 - 2013-12-11 21:37 - 00003596 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 41c37281-dba0-4f3f-bcc1-8c21c1355666
2013-12-11 21:37 - 2013-12-11 21:37 - 00003522 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 7eeeae37-77bb-4252-95ad-987e8a630a9d
2013-12-11 21:36 - 2013-12-12 16:40 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-11 21:36 - 2013-12-11 21:36 - 00001812 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-12-11 21:36 - 2013-12-11 21:36 - 00000000 ____D C:\Users\Tschimi\AppData\Roaming\SUPERAntiSpyware.com
2013-12-11 21:36 - 2013-12-11 21:36 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-11 21:34 - 2013-12-11 21:35 - 27853504 _____ (SUPERAntiSpyware) C:\Users\Tschimi\Downloads\SUPERAntiSpyware.exe
2013-12-11 20:19 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-11 20:19 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-11 20:19 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 20:19 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 20:17 - 2013-10-25 07:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-11 20:17 - 2013-10-25 07:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-11 20:17 - 2013-10-25 07:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-11 20:17 - 2013-10-25 07:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-11 20:17 - 2013-10-25 07:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-11 20:17 - 2013-10-25 07:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-11 20:17 - 2013-10-25 07:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 20:17 - 2013-10-25 07:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-11 20:17 - 2013-10-25 07:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-11 20:17 - 2013-10-25 07:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-11 20:17 - 2013-10-25 07:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-11 20:17 - 2013-10-25 07:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-11 20:17 - 2013-10-25 07:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-11 20:17 - 2013-10-25 07:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-11 20:17 - 2013-10-25 05:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 20:17 - 2013-10-25 05:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 20:17 - 2013-10-25 05:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 20:17 - 2013-10-25 05:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 20:17 - 2013-10-25 05:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 20:17 - 2013-10-25 05:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 20:17 - 2013-10-25 05:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-11 20:17 - 2013-10-25 05:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-11 20:17 - 2013-10-25 05:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 20:17 - 2013-10-25 05:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-11 20:17 - 2013-10-25 05:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-11 20:17 - 2013-10-25 05:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 20:17 - 2013-10-25 05:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-11 20:17 - 2013-10-25 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-11 20:17 - 2013-10-25 04:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 20:17 - 2013-10-25 04:17 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-11 20:17 - 2013-10-25 03:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-11 19:55 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 19:55 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 19:55 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 19:55 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 19:55 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 19:55 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 19:55 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 19:55 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-12-11 19:55 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-12-11 19:55 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-11 19:55 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-12-11 19:55 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-12-11 19:55 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-12-11 19:55 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-11 19:55 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-12-11 19:55 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-12-11 19:55 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-12-11 19:54 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 19:54 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 19:54 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-12-11 19:54 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-11 19:54 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-11 19:54 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-12-11 19:54 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-12-11 19:54 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-11 19:54 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-12-11 19:54 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 19:54 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-11 19:54 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-11 19:54 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-12-11 19:54 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-11 19:54 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-12-11 19:54 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-12-11 19:54 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-12-11 19:54 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-12-11 19:54 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-12-11 19:54 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-11 19:54 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-12-11 19:54 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-11 19:54 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-12-11 19:54 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-12-11 19:54 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-12-11 19:54 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-12-11 19:54 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-12-11 19:54 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-11 19:54 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-12-11 19:54 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-12-11 19:54 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-11 19:54 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-11 19:54 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-12-11 19:54 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-12-11 19:54 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-12-11 19:54 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-12-11 19:54 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-12-11 19:54 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-12-11 19:54 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-12-11 19:54 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-12-11 19:54 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-12-11 19:54 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-12-11 19:54 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-12-11 19:54 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-12-11 19:54 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-12-11 19:54 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-12-11 19:54 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-12-11 19:54 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-12-11 19:54 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-12-11 19:54 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-12-11 19:54 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-12-11 19:54 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-12-11 19:54 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-12-11 19:54 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-12-11 19:54 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-12-11 19:54 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-12-11 19:54 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-12-11 19:53 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 19:53 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 19:53 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 19:53 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 19:53 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 19:53 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 19:53 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 19:53 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 19:53 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-12-11 19:53 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-12-11 19:53 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-12-11 19:53 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-12-11 19:53 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-12-11 19:53 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-12-11 19:53 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-12-11 19:53 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-12-11 19:53 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-12-11 19:53 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-12-11 19:52 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-12-11 19:13 - 2013-12-11 19:13 - 00009890 _____ C:\Windows\system32\.crusader
2013-12-11 19:06 - 2013-12-11 19:07 - 00448512 _____ (OldTimer Tools) C:\Users\Tschimi\Downloads\TFC.exe
2013-12-11 19:02 - 2013-12-11 19:02 - 00526323 _____ C:\Users\Tschimi\Downloads\web_of_trust_wot-20131118-fx.zip
2013-12-11 19:02 - 2013-12-02 12:28 - 00526864 _____ C:\Users\Tschimi\Downloads\web_of_trust_wot-20131118-fx.xpi
2013-12-11 18:57 - 2013-12-11 18:57 - 00001193 _____ C:\Users\Tschimi\Desktop\HitmanPro_x64 - Verknüpfung.lnk
2013-12-11 18:52 - 2013-12-11 19:13 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-11 18:52 - 2013-12-11 18:52 - 10264904 _____ (SurfRight B.V.) C:\Users\Tschimi\Downloads\HitmanPro_x64.exe
2013-12-11 18:41 - 2013-12-11 18:41 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-12-11 18:33 - 2013-12-11 18:34 - 01226802 _____ C:\Users\Tschimi\Downloads\AdwCleaner(1).exe
2013-12-09 14:45 - 2013-04-29 08:17 - 00058808 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2013-12-08 10:06 - 2013-12-12 19:49 - 00000784 _____ C:\Windows\setupact.log
2013-12-08 10:06 - 2013-12-08 10:06 - 00000000 _____ C:\Windows\setuperr.log
2013-12-01 19:05 - 2013-12-01 19:06 - 00000000 ____D C:\Users\Tschimi\Desktop\bilder
2013-12-01 17:00 - 2013-12-01 17:00 - 00000000 ____D C:\ProgramData\McAfee
2013-11-30 18:36 - 2013-11-30 19:45 - 00000000 ____D C:\Users\Tschimi\AppData\Roaming\DivX
2013-11-30 17:27 - 2013-11-30 17:28 - 00000000 ____D C:\Program Files (x86)\DivX
2013-11-30 17:24 - 2013-11-30 17:25 - 21601896 _____ (DivX, Inc.) C:\Users\Tschimi\Downloads\divxplayer72.exe
2013-11-30 17:23 - 2013-11-30 17:25 - 23801112 _____ (DivX, Inc.) C:\Users\Tschimi\Downloads\DivXInstaller0310.exe
2013-11-26 09:07 - 2013-11-26 09:13 - 00000000 ____D C:\Users\Tschimi\Desktop\Beselerallee 35
2013-11-15 19:45 - 2013-11-30 17:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2013-12-12 22:46 - 2013-12-12 22:44 - 00020452 _____ C:\Users\Tschimi\Downloads\FRST.txt
2013-12-12 22:44 - 2013-12-12 22:44 - 00000000 ____D C:\FRST
2013-12-12 22:44 - 2013-12-12 22:42 - 01927274 _____ (Farbar) C:\Users\Tschimi\Downloads\FRST64.exe
2013-12-12 22:33 - 2013-12-12 21:56 - 00000000 ____D C:\Users\Tschimi\Doctor Web
2013-12-12 22:07 - 2013-09-11 20:43 - 01746388 _____ C:\Windows\WindowsUpdate.log
2013-12-12 22:04 - 2012-09-03 19:06 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-12 21:58 - 2013-12-12 21:56 - 00000000 ____D C:\ProgramData\Doctor Web
2013-12-12 21:56 - 2011-08-09 17:17 - 00000000 ____D C:\Users\Tschimi
2013-12-12 21:55 - 2013-12-12 21:33 - 137994000 _____ C:\Users\Tschimi\Downloads\qifna897.exe
2013-12-12 21:37 - 2013-12-11 21:37 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7eeeae37-77bb-4252-95ad-987e8a630a9d.job
2013-12-12 21:30 - 2013-12-12 21:30 - 00842992 _____ C:\Users\Tschimi\Downloads\drweb-900-win.exe.part
2013-12-12 21:29 - 2013-12-12 21:29 - 00142368 _____ C:\Users\Tschimi\Downloads\drweb-700-win-space.exe.part
2013-12-12 20:06 - 2013-12-12 20:06 - 23282905 _____ C:\Users\Tschimi\Downloads\BootkitRemoval.zip
2013-12-12 20:01 - 2013-12-12 20:01 - 00377856 _____ C:\Users\Tschimi\Downloads\gmer_2.1.19163.exe
2013-12-12 19:57 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-12 19:57 - 2009-07-14 05:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-12 19:49 - 2013-12-12 05:54 - 00003414 _____ C:\Windows\PFRO.log
2013-12-12 19:49 - 2013-12-08 10:06 - 00000784 _____ C:\Windows\setupact.log
2013-12-12 19:49 - 2013-08-30 07:02 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-12 19:47 - 2013-12-12 19:47 - 00000000 ____D C:\Users\Tschimi\AppData\Roaming\iSafe
2013-12-12 19:47 - 2013-10-02 15:47 - 00000000 ____D C:\AdwCleaner
2013-12-12 19:44 - 2013-12-12 19:44 - 01347258 _____ C:\Users\Tschimi\Downloads\cureit.exe.part
2013-12-12 19:42 - 2013-12-12 19:40 - 04631756 _____ (Safety Peak ) C:\Users\Tschimi\Downloads\SafetyPeakAntimalware.exe.part
2013-12-12 19:29 - 2013-12-12 19:29 - 00271198 _____ C:\Users\Tschimi\Documents\pinfect.zip
2013-12-12 19:29 - 2013-12-12 19:29 - 00003189 ____R (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\Drivers\vreadmem.sys
2013-12-12 19:27 - 2013-12-12 19:27 - 00000028 _____ C:\Windows\Lic.xxx
2013-12-12 19:27 - 2013-12-12 19:27 - 00000000 ____D C:\Windows\SysWOW64\runouce.exe
2013-12-12 19:27 - 2013-12-12 19:27 - 00000000 ____D C:\Windows\rundll16.exe
2013-12-12 19:27 - 2013-12-12 19:27 - 00000000 ____D C:\Windows\logo_1.exe
2013-12-12 19:26 - 2013-12-12 19:26 - 00003132 _____ C:\Windows\System32\Tasks\{B8A0F681-E681-4FC2-9FB7-6F4DD5F3694C}
2013-12-12 19:18 - 2013-12-12 19:18 - 00632064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2013-12-12 19:18 - 2013-12-12 19:18 - 00554240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll
2013-12-12 19:18 - 2013-12-12 19:18 - 00034048 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe
2013-12-12 19:18 - 2013-12-12 19:18 - 00000000 ____D C:\ProgramData\MicroWorld
2013-12-12 19:17 - 2013-12-12 19:14 - 99334664 _____ C:\Users\Tschimi\Downloads\mwav.exe
2013-12-12 19:07 - 2013-09-14 18:23 - 00000000 ____D C:\Windows\SysWOW64\C2MP
2013-12-12 18:29 - 2013-12-12 18:29 - 00011277 _____ C:\Users\Tschimi\Desktop\hijackthis.log
2013-12-12 18:19 - 2013-11-02 17:19 - 00000000 ____D C:\Program Files\stinger
2013-12-12 18:19 - 2013-11-02 17:04 - 00000118 ___RH C:\Users\Tschimi\Downloads\Stinger.opt
2013-12-12 18:17 - 2013-12-12 18:17 - 00891200 _____ C:\Users\Tschimi\Downloads\SecurityCheck.exe
2013-12-12 18:16 - 2013-12-12 17:54 - 00000636 _____ C:\Users\Tschimi\Downloads\Stinger_12122013_175452.html
2013-12-12 18:14 - 2013-12-12 18:14 - 00688992 ____R (Swearware) C:\Users\Tschimi\Downloads\dds.scr
2013-12-12 18:01 - 2013-12-12 18:01 - 00000000 ____D C:\Windows\system32\log
2013-12-12 18:01 - 2013-12-12 18:01 - 00000000 ____D C:\Users\Tschimi\AppData\Roaming\eCyber
2013-12-12 18:00 - 2013-12-12 18:00 - 05841392 _____ (Elex do Brasil Participa??es Ltda) C:\Users\Tschimi\Downloads\yet_another_cleaner.exe
2013-12-12 17:53 - 2013-12-12 17:53 - 04101441 _____ C:\Users\Tschimi\Downloads\tdsskiller.zip
2013-12-12 17:50 - 2013-12-12 05:54 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-12-12 17:29 - 2013-12-12 17:28 - 11328032 _____ (McAfee Inc) C:\Users\Tschimi\Downloads\stinger64.exe
2013-12-12 16:40 - 2013-12-11 21:36 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-12 06:02 - 2011-06-08 09:13 - 00674528 _____ C:\Windows\system32\perfh007.dat
2013-12-12 06:02 - 2011-06-08 09:13 - 00137752 _____ C:\Windows\system32\perfc007.dat
2013-12-12 06:02 - 2009-07-14 06:13 - 01543190 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-12 05:55 - 2007-07-12 02:49 - 00000000 ____D C:\Windows\Panther
2013-12-12 05:54 - 2013-12-11 21:37 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 41c37281-dba0-4f3f-bcc1-8c21c1355666.job
2013-12-12 05:54 - 2012-05-13 22:22 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-12 05:54 - 2012-05-13 22:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-12 05:54 - 2009-07-14 05:45 - 00329592 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 22:37 - 2013-12-11 22:36 - 00000000 ____D C:\Users\Tschimi\AppData\Roaming\Rainmeter
2013-12-11 22:36 - 2013-12-11 22:36 - 00000000 ____D C:\Users\Tschimi\Documents\Rainmeter
2013-12-11 22:36 - 2013-12-11 22:36 - 00000000 ____D C:\Program Files\Rainmeter
2013-12-11 22:36 - 2013-12-11 22:35 - 02228376 _____ C:\Users\Tschimi\Downloads\Rainmeter-3.0.2.exe
2013-12-11 22:36 - 2011-08-09 17:19 - 00000000 ___RD C:\Users\Tschimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-11 21:54 - 2011-08-31 08:01 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-11 21:53 - 2011-08-31 08:01 - 00000000 ____D C:\Users\Tschimi\AppData\Local\Google
2013-12-11 21:37 - 2013-12-11 21:37 - 00003596 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 41c37281-dba0-4f3f-bcc1-8c21c1355666
2013-12-11 21:37 - 2013-12-11 21:37 - 00003522 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 7eeeae37-77bb-4252-95ad-987e8a630a9d
2013-12-11 21:36 - 2013-12-11 21:36 - 00001812 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-12-11 21:36 - 2013-12-11 21:36 - 00000000 ____D C:\Users\Tschimi\AppData\Roaming\SUPERAntiSpyware.com
2013-12-11 21:36 - 2013-12-11 21:36 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-11 21:35 - 2013-12-11 21:34 - 27853504 _____ (SUPERAntiSpyware) C:\Users\Tschimi\Downloads\SUPERAntiSpyware.exe
2013-12-11 20:08 - 2013-08-15 04:58 - 00000000 ____D C:\Windows\system32\MRT
2013-12-11 19:13 - 2013-12-11 19:13 - 00009890 _____ C:\Windows\system32\.crusader
2013-12-11 19:13 - 2013-12-11 18:52 - 00000000 ____D C:\ProgramData\HitmanPro
2013-12-11 19:07 - 2013-12-11 19:06 - 00448512 _____ (OldTimer Tools) C:\Users\Tschimi\Downloads\TFC.exe
2013-12-11 19:07 - 2013-10-28 15:10 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 19:06 - 2012-09-03 19:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 19:06 - 2011-08-09 20:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 19:02 - 2013-12-11 19:02 - 00526323 _____ C:\Users\Tschimi\Downloads\web_of_trust_wot-20131118-fx.zip
2013-12-11 18:57 - 2013-12-11 18:57 - 00001193 _____ C:\Users\Tschimi\Desktop\HitmanPro_x64 - Verknüpfung.lnk
2013-12-11 18:52 - 2013-12-11 18:52 - 10264904 _____ (SurfRight B.V.) C:\Users\Tschimi\Downloads\HitmanPro_x64.exe
2013-12-11 18:42 - 2009-07-14 03:34 - 00039784 _____ C:\Windows\system32\Drivers\etc\hosts.50868743
2013-12-11 18:41 - 2013-12-11 18:41 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2013-12-11 18:34 - 2013-12-11 18:33 - 01226802 _____ C:\Users\Tschimi\Downloads\AdwCleaner(1).exe
2013-12-11 18:28 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-09 14:08 - 2013-10-02 14:51 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-08 10:06 - 2013-12-08 10:06 - 00000000 _____ C:\Windows\setuperr.log
2013-12-07 09:47 - 2013-09-03 15:52 - 00547328 ___SH C:\Users\Tschimi\Downloads\Thumbs.db
2013-12-04 02:03 - 2011-08-14 20:13 - 00000000 ____D C:\Users\Tschimi\AppData\Roaming\SoftGrid Client
2013-12-03 22:19 - 2011-08-09 17:17 - 00060424 _____ C:\Users\Tschimi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-03 22:06 - 2013-09-02 15:02 - 00000000 ____D C:\Users\Tschimi\Desktop\Word Dokus
2013-12-03 10:27 - 2013-09-16 23:22 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2013-12-02 12:28 - 2013-12-11 19:02 - 00526864 _____ C:\Users\Tschimi\Downloads\web_of_trust_wot-20131118-fx.xpi
2013-12-01 19:08 - 2011-05-09 10:06 - 00000000 ____D C:\Program Files (x86)\Acer GameZone
2013-12-01 19:06 - 2013-12-01 19:05 - 00000000 ____D C:\Users\Tschimi\Desktop\bilder
2013-12-01 17:05 - 2011-08-13 12:33 - 00000000 ____D C:\Users\Tschimi\AppData\Local\Adobe
2013-12-01 17:00 - 2013-12-01 17:00 - 00000000 ____D C:\ProgramData\McAfee
2013-12-01 14:42 - 2011-08-19 16:31 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-30 19:45 - 2013-11-30 18:36 - 00000000 ____D C:\Users\Tschimi\AppData\Roaming\DivX
2013-11-30 18:35 - 2011-08-09 20:36 - 00044089 _____ C:\Windows\wininit.ini
2013-11-30 17:28 - 2013-11-30 17:27 - 00000000 ____D C:\Program Files (x86)\DivX
2013-11-30 17:27 - 2013-11-15 19:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-30 17:25 - 2013-11-30 17:24 - 21601896 _____ (DivX, Inc.) C:\Users\Tschimi\Downloads\divxplayer72.exe
2013-11-30 17:25 - 2013-11-30 17:23 - 23801112 _____ (DivX, Inc.) C:\Users\Tschimi\Downloads\DivXInstaller0310.exe
2013-11-30 08:50 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-26 09:13 - 2013-11-26 09:07 - 00000000 ____D C:\Users\Tschimi\Desktop\Beselerallee 35
2013-11-23 19:26 - 2013-12-11 19:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 18:47 - 2013-12-11 19:55 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-19 03:33 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-18 06:28 - 2013-12-12 17:55 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Tschimi\Desktop\TDSSKiller.exe
2013-11-18 06:28 - 2013-12-12 17:52 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Tschimi\Downloads\TDSSKiller.exe
2013-11-16 16:59 - 2012-06-06 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-13 18:36 - 2013-09-28 16:53 - 00001087 _____ C:\Users\Tschimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-11-12 03:23 - 2013-12-11 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-11-12 03:07 - 2013-12-11 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
Some content of TEMP:
====================
C:\Users\Tschimi\AppData\Local\Temp\avxdisk.dll
C:\Users\Tschimi\AppData\Local\Temp\bdc.exe
C:\Users\Tschimi\AppData\Local\Temp\bdcore.dll
C:\Users\Tschimi\AppData\Local\Temp\bdfltlib.dll
C:\Users\Tschimi\AppData\Local\Temp\bdfltlib2k.dll
C:\Users\Tschimi\AppData\Local\Temp\bdupdateservice.dll
C:\Users\Tschimi\AppData\Local\Temp\DEVCON.EXE
C:\Users\Tschimi\AppData\Local\Temp\download.exe
C:\Users\Tschimi\AppData\Local\Temp\eEmpty.exe
C:\Users\Tschimi\AppData\Local\Temp\encdec.dll
C:\Users\Tschimi\AppData\Local\Temp\esupdate.exe
C:\Users\Tschimi\AppData\Local\Temp\FSSync.dll
C:\Users\Tschimi\AppData\Local\Temp\Getvlist.exe
C:\Users\Tschimi\AppData\Local\Temp\ikave.dll
C:\Users\Tschimi\AppData\Local\Temp\ipc.dll
C:\Users\Tschimi\AppData\Local\Temp\kave.dll
C:\Users\Tschimi\AppData\Local\Temp\kavvlg.dll
C:\Users\Tschimi\AppData\Local\Temp\msvclnt.dll
C:\Users\Tschimi\AppData\Local\Temp\msvcp80.dll
C:\Users\Tschimi\AppData\Local\Temp\msvcr80.dll
C:\Users\Tschimi\AppData\Local\Temp\msvl64.dll
C:\Users\Tschimi\AppData\Local\Temp\msvlclnt.dll
C:\Users\Tschimi\AppData\Local\Temp\MWAVL.exe
C:\Users\Tschimi\AppData\Local\Temp\mwunzip.dll
C:\Users\Tschimi\AppData\Local\Temp\prLoader.dll
C:\Users\Tschimi\AppData\Local\Temp\psapi.dll
C:\Users\Tschimi\AppData\Local\Temp\Quarantine.exe
C:\Users\Tschimi\AppData\Local\Temp\red32.dll
C:\Users\Tschimi\AppData\Local\Temp\reload.exe
C:\Users\Tschimi\AppData\Local\Temp\scan.dll
C:\Users\Tschimi\AppData\Local\Temp\ScanningProcess.exe
C:\Users\Tschimi\AppData\Local\Temp\setpriv.exe
C:\Users\Tschimi\AppData\Local\Temp\test2.exe
C:\Users\Tschimi\AppData\Local\Temp\unregx.exe
C:\Users\Tschimi\AppData\Local\Temp\viewtcp.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-10 18:36
==================== End Of Log ============================
--- --- ---
--- --- ---
FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-12-2013 03
Ran by Tschimi at 2013-12-12 22:46:54
Running from C:\Users\Tschimi\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Panda Cloud Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Panda Cloud Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Cloud Antivirus Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
==================== Installed Programs ======================
1912 Titanic Mystery (x32)
AAC Decoder (x32 Version: 7.1.0)
Acer Backup Manager (x32 Version: 3.0.0.85)
Acer Crystal Eye Webcam (x32 Version: 1.0.1523)
Acer ePower Management (x32 Version: 6.00.3006)
Acer eRecovery Management (x32 Version: 5.00.3004)
Acer GameZone Console (x32 Version: 6.1.0.40497)
Acer Registration (x32 Version: 1.03.3004)
Acer ScreenSaver (x32 Version: 1.1.0114.2011)
Acer Updater (x32 Version: 1.02.3005)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Bridge 1.0 (x32 Version: 001.000.001)
Adobe Common File Installer (x32 Version: 1.00.001)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Help Center 1.0 (x32 Version: 1.0.1)
Adobe Photoshop CS2 (x32 Version: 9.0)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1)
Alice-Installationsdateien entfernen (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.39)
Atheros Driver Installation Program (x32 Version: 9.0)
AutoUpdate (x32 Version: 1.1)
avast! Free Antivirus (x32 Version: 9.0.2006)
Backup Manager V3 (x32 Version: 3.0.0.85)
Bejeweled 2 Deluxe (x32)
Bonjour (Version: 3.0.0.10)
CCleaner 4.06.4324 Business (x32)
clear.fi (x32 Version: 1.0.1422.00)
clear.fi (x32 Version: 9.0.7418)
clear.fi Client (x32 Version: 1.00.3008)
concept/design onlineTV 8 (x32 Version: 8.5.0.6)
concept/design Video Jukebox (x32 Version: 1.3.0.0)
ConvertXtoDVD 4.1.20.0 (x32 Version: 4.1.20.0)
D3DX10 (x32 Version: 15.4.2368.0902)
DivX Codec (x32 Version: 6.9.1)
DivX Converter (x32 Version: 7.1.0)
DivX Player (x32 Version: 7.2.0)
DivX Plus DirectShow Filters (x32)
DivX Version Checker (x32 Version: 7.1.0.9)
DivX Web Player (x32 Version: 1.5.0)
DMUninstaller (x32)
Dropbox (HKCU Version: 2.4.5)
eBay Worldwide (x32 Version: 2.1.0901)
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Galerie foto Windows Live (x32 Version: 15.4.3502.0922)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
H.264 Decoder (x32 Version: 1.1.0)
iCloud (Version: 3.0.2.163)
Identity Card (x32 Version: 1.00.3006)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2476)
iTunes (Version: 11.0.5.5)
Java 7 Update 40 (x32 Version: 7.0.400)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
jv16 PowerTools 2013 (x32 Version: )
Launch Manager (x32 Version: 5.1.4)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Media Player Codec Pack 4.2.5 (x32 Version: 4.2.5)
MediaEspresso (x32 Version: 1.0.1418_35759)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.5128.5002)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (x32 Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MKV Splitter (x32 Version: 1.0.1)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MyWinLocker (Version: 4.0.14.11)
MyWinLocker 4 (x32 Version: 4.0.14.11)
MyWinLocker Suite (x32 Version: 4.0.14.11)
newsXpresso (x32 Version: 1.0.0.40)
Panda Cloud Antivirus (Version: 6.06.00.0000)
Panda Cloud Antivirus (x32 Version: 2.2.1)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922)
Pošta Windows Live (x32 Version: 15.4.3502.0922)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Rainmeter (x32 Version: 3.0.2 r2161)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6289)
Realtek PCIE Card Reader (x32 Version: 6.1.7600.63)
Revo Uninstaller 1.95 (x32 Version: 1.95)
Shredder (Version: 2.0.8.7)
Shredder (x32 Version: 2.0.8.7)
Sim Aquarium 3 (x32 Version: 3)
SlimDrivers (x32 Version: 2.2.30877)
Snap.Do (x32 Version: 1.99.1.11691)
Snap.Do Engine (HKCU Version: 1.99.1.11691)
Sprill and Ritchie (x32)
Spybot - Search & Destroy (x32 Version: 2.1.21)
SUPERAntiSpyware (Version: 5.6.1040)
t@x 2012 (x32 Version: 19.00.7303)
t@x 2013 (x32 Version: 20.04.8223)
TIPP10 Version 2.1.0 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
Welcome Center (x32 Version: 1.02.3102)
Windows 7 Codec Pack 4.0.8 (x32 Version: 4.0.8)
Windows Live Argazki Galeria (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live Fotótár (x32 Version: 15.4.3502.0922)
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922)
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922)
Windows Liven sähköposti (x32 Version: 15.4.3502.0922)
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
World of Goo (x32)
YAC (x32)
Yahoo! Messenger (x32)
Yahoo! Software Update (x32)
Yahoo! Toolbar (x32)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922)
Почта Windows Live (x32 Version: 15.4.3502.0922)
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922)
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
بريد Windows Live (x32 Version: 15.4.3502.0922)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)
==================== Restore Points =========================
05-11-2013 07:34:52 Geplanter Prüfpunkt
06-11-2013 15:58:17 SlimDrivers Installing Drivers
07-11-2013 16:23:55 SlimDrivers Installing Drivers
16-11-2013 16:26:28 Geplanter Prüfpunkt
24-11-2013 09:35:28 Geplanter Prüfpunkt
01-12-2013 14:15:30 Geplanter Prüfpunkt
01-12-2013 16:38:26 Revo Uninstaller's restore point - Veetle TV
03-12-2013 09:27:43 SlimDrivers Installing Drivers
10-12-2013 17:43:47 Geplanter Prüfpunkt
11-12-2013 18:56:17 Windows Update
11-12-2013 20:52:37 Revo Uninstaller's restore point - Google Chrome
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-12-12 19:21 - 00000736 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {09864AEF-9D72-483C-ADBC-D31A3B79C6AD} - \clear.fi No Task File
Task: {0A81A7A3-E392-435A-B1AF-A5FF54EC2AB1} - System32\Tasks\SUPERAntiSpyware Scheduled Task 7eeeae37-77bb-4252-95ad-987e8a630a9d => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
Task: {1DADC01F-7D9A-4D81-BCE5-DE1EF767E5CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {386C02FF-904B-4C5B-9F2C-6F4095D103B7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {39DF339D-D736-4F52-B8CA-6EE37E856A67} - System32\Tasks\SUPERAntiSpyware Scheduled Task 41c37281-dba0-4f3f-bcc1-8c21c1355666 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
Task: {4406308C-9921-410F-9117-7552C8C29959} - \Desk 365 RunAsStdUser No Task File
Task: {46F7534A-FF99-44EB-AAC6-ED793F8CC521} - \clear.fiAgent No Task File
Task: {48229E98-62A2-4C6A-8329-B721B921C3F2} - \{39D8503A-0171-42AF-A8A0-DA016A51B7A5} No Task File
Task: {6AA10313-07AF-4566-97C2-465A832BCD74} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-10-18] (AVAST Software)
Task: {CB6B9967-EFD7-4363-A53B-7CE5ACAB3EFC} - \Scheduled Update for Ask Toolbar No Task File
Task: {FC9D5848-396A-4A56-B12D-63E16358D946} - \DMREngine No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 41c37281-dba0-4f3f-bcc1-8c21c1355666.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7eeeae37-77bb-4252-95ad-987e8a630a9d.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Loaded Modules (whitelisted) =============
2009-01-22 00:45 - 2009-01-22 00:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2013-10-29 21:45 - 2013-10-29 21:45 - 00798392 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2013-10-29 21:41 - 2013-10-29 21:41 - 00058880 _____ () C:\Program Files\Rainmeter\Plugins\WebParser.DLL
2013-10-29 21:41 - 2013-10-29 21:41 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\PowerPlugin.DLL
2013-10-29 21:41 - 2013-10-29 21:41 - 00027136 _____ () C:\Program Files\Rainmeter\Plugins\Win7AudioPlugin.DLL
2013-10-29 21:41 - 2013-10-29 21:41 - 00011776 _____ () C:\Program Files\Rainmeter\Plugins\RecycleManager.DLL
2013-12-12 16:36 - 2013-12-12 08:57 - 02152448 _____ () C:\Program Files\AVAST Software\Avast\defs\13121200\algo.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\SQLite3.dll
2013-08-16 16:55 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-08-16 16:55 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-08-16 16:55 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-08-16 16:55 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-08-16 16:55 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-10-18 16:50 - 2013-10-18 16:50 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-08-09 20:35 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2013-11-15 19:45 - 2013-11-15 19:45 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-11 19:06 - 2013-12-11 19:06 - 16242056 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:1D6686D8
AlternateDataStreams: C:\ProgramData\Temp:2430E4FC
AlternateDataStreams: C:\ProgramData\Temp:5925E400
AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:8173A019
AlternateDataStreams: C:\ProgramData\Temp:9B750A13
AlternateDataStreams: C:\ProgramData\Temp:C46995DA
AlternateDataStreams: C:\ProgramData\Temp:E79EFDA4
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
==================== Faulty Device Manager Devices =============
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/12/2013 08:04:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Name des fehlerhaften Moduls: gmer_2.1.19163.exe, Version: 2.1.19163.0, Zeitstempel: 0x515d31f0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0008c8ae
ID des fehlerhaften Prozesses: 0x1554
Startzeit der fehlerhaften Anwendung: 0xgmer_2.1.19163.exe0
Pfad der fehlerhaften Anwendung: gmer_2.1.19163.exe1
Pfad des fehlerhaften Moduls: gmer_2.1.19163.exe2
Berichtskennung: gmer_2.1.19163.exe3
Error: (12/10/2013 06:39:36 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (12/09/2013 08:19:01 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (12/04/2013 05:24:39 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (12/03/2013 10:28:04 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x800706ba, Der RPC-Server ist nicht verfügbar.
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Error: (12/03/2013 10:28:04 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x800706ba, Der RPC-Server ist nicht verfügbar.
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
PrepareForSnapshot-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {3795c34d-a93f-40b0-a21e-18ff5350b0cd}
Error: (12/03/2013 10:28:04 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x800706ba, Der RPC-Server ist nicht verfügbar.
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
PrepareForSnapshot-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Generatorname: Registry Writer
Generatorinstanz-ID: {6c2c6875-54b2-4862-b080-241ab7bba196}
Error: (12/03/2013 10:28:04 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x800706ba, Der RPC-Server ist nicht verfügbar.
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
PrepareForSnapshot-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Generatorname: COM+ REGDB Writer
Generatorinstanz-ID: {b46cb51b-8831-4fd5-878d-de0bbea12381}
Error: (12/03/2013 10:28:04 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x800706ba, Der RPC-Server ist nicht verfügbar.
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Error: (12/03/2013 10:28:04 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x800706ba, Der RPC-Server ist nicht verfügbar.
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
System errors:
=============
Error: (12/12/2013 07:49:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "iSafeService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (12/12/2013 07:29:34 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\vreadmem.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/12/2013 07:29:33 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\vreadmem.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/12/2013 07:29:32 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\vreadmem.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/12/2013 07:29:31 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\vreadmem.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/12/2013 07:29:30 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\vreadmem.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/12/2013 07:29:29 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\vreadmem.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/12/2013 07:29:28 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\vreadmem.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/12/2013 07:29:27 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\vreadmem.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/12/2013 07:29:26 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\vreadmem.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Microsoft Office Sessions:
=========================
Error: (12/12/2013 08:04:27 PM) (Source: Application Error)(User: )
Description: gmer_2.1.19163.exe2.1.19163.0515d31f0gmer_2.1.19163.exe2.1.19163.0515d31f0c00000050008c8ae155401cef76cab54425cC:\Users\Tschimi\Downloads\gmer_2.1.19163.exeC:\Users\Tschimi\Downloads\gmer_2.1.19163.exe3893949d-6360-11e3-bedb-e069959c7577
Error: (12/10/2013 06:39:36 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (12/09/2013 08:19:01 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (12/04/2013 05:24:39 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (12/03/2013 10:28:04 AM) (Source: VSS)(User: )
Description: 0x800706ba, Der RPC-Server ist nicht verfügbar.
Error: (12/03/2013 10:28:04 AM) (Source: VSS)(User: )
Description: 0x800706ba, Der RPC-Server ist nicht verfügbar.
Vorgang:
PrepareForSnapshot-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {3795c34d-a93f-40b0-a21e-18ff5350b0cd}
Error: (12/03/2013 10:28:04 AM) (Source: VSS)(User: )
Description: 0x800706ba, Der RPC-Server ist nicht verfügbar.
Vorgang:
PrepareForSnapshot-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Generatorname: Registry Writer
Generatorinstanz-ID: {6c2c6875-54b2-4862-b080-241ab7bba196}
Error: (12/03/2013 10:28:04 AM) (Source: VSS)(User: )
Description: 0x800706ba, Der RPC-Server ist nicht verfügbar.
Vorgang:
PrepareForSnapshot-Ereignis
Kontext:
Ausführungskontext: Writer
Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Generatorname: COM+ REGDB Writer
Generatorinstanz-ID: {b46cb51b-8831-4fd5-878d-de0bbea12381}
Error: (12/03/2013 10:28:04 AM) (Source: VSS)(User: )
Description: 0x800706ba, Der RPC-Server ist nicht verfügbar.
Error: (12/03/2013 10:28:04 AM) (Source: VSS)(User: )
Description: 0x800706ba, Der RPC-Server ist nicht verfügbar.
==================== Memory info ===========================
Percentage of memory in use: 49%
Total physical RAM: 3946.73 MB
Available physical RAM: 1974.28 MB
Total Pagefile: 7891.65 MB
Available Pagefile: 4763.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:450.66 GB) (Free:382.89 GB) NTFS
Drive d: (Neu) (CDROM) (Total:3.58 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D4735FDF)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
==================== End Of Log ============================
--- --- --- |
FRST 32-Bit | FRST 64-Bit