Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Jegliche Videoformate und Mp3 werden nicht mehr abgespielt (https://www.trojaner-board.de/153981-jegliche-videoformate-mp3-mehr-abgespielt.html)

chetumal 17.05.2014 05:33
Jegliche Videoformate und Mp3 werden nicht mehr abgespielt
 
Jegliche Videoformate und Mp3 werden nicht mehr abgespielt


--------------------------------------------------------------------------------

Hallo zusammen,

Vor ein paar Tagen hatte ich das Vergnügen mit RegCleanPro und einer Menge anderer Viren und Trojanern. Nachdem ich das Programm endlich losgeworden bin, mit Einsatz von Malwarebytes, Virusprogramm, CCleaner sowie Revo Uninstaller laufen bei mir keinerlei Videoformate als auch keine Mp3 mehr, egal mit welchem Player ich es versuche. VLC sagt mir bei einigen Dateien kann "undf" also undefiened nicht abspielen, bei anderen Dateien, öffnet sich zwar der Player aber tut sich rein gar nichts. Nur mkv Dateien werden weiter abgespielt. Lade ich mir eine neue Datei, z.B. im avi Format runter, wird die einwandfrei abgespielt. Zu der Zeit wo ich noch RegcleanPro und das andere Zeugs drauf hatte liefen alle Formate auch einwandfrei. Habe auch fast in jedem Folder die Dateien DECRYPT_INSTRUCTION.HTML
DECRYPT_INSTRUCTION.TXT
DECRYPT_INSTRUCTION.URL

Bitte um Eure Hilfe

Lieben Dank

schrauber 17.05.2014 12:01
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


chetumal 17.05.2014 13:56

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by mochenmo1 (administrator) on MOCHENMO1-PC on 17-05-2014 14:48:49
Running from C:\Users\mochenmo1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ME43STKO
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\webget\updatewebget.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(USTechSupport, LLC (www.ustechsupport.com)) C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe
(USTechSupport, LLC (www.ustechsupport.com)) C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCOPrivacyProtector.exe
(USTechSupport, LLC (www.ustechsupport.com)) C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCOSystemCleaner.exe
(USTechSupport, LLC (www.ustechsupport.com)) C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCORegClean.exe
(Mischel Internet Security) C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe
() C:\Program Files (x86)\webget\bin\utilwebget.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\elantech\etdctrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => c:\program files\realtek\audio\hda\ravcpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => c:\program files\realtek\audio\hda\ravbg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => c:\program files\acer\acer epower management\epowertray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "c:\program files\intel\turboboost\runtbgadgetonce.vbs"
HKLM\...\Run: [AtherosBtStack] => c:\program files (x86)\bluetooth suite\btvstack.exe [976032 2011-09-16] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => c:\program files (x86)\bluetooth suite\athbttray.exe [799904 2011-09-16] (Atheros Commnucations)
HKLM-x32\...\Run: [Driver Genius] => [X]
HKLM-x32\...\Run: [BackupManagerTray] => c:\program files (x86)\nti\acer backup manager\backupmanagertray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [OOTag] => c:\program files (x86)\acer\oobeoffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [StartCCC] => c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [336384 2011-02-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => c:\program files (x86)\launch manager\lmanager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RemoteControl9] => c:\program files (x86)\cyberlink\powerdvd9\pdvd9serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => c:\program files (x86)\cyberlink\powerdvd9\language\language.exe [50472 2009-04-27] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => c:\program files (x86)\cyberlink\shared files\brs.exe [75048 2009-08-28] (cyberlink)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\update\realsched.exe [295512 2013-09-03] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => c:\dolby pcee4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVSetupPending] => C:\Windows\TEMP\AVSETUP_53768a28\SetupPending.exe [422456 2014-05-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [THGuard] => C:\Program Files (x86)\TrojanHunter 5.5\THGuard.exe [1086880 2012-10-23] (Mischel Internet Security)
HKLM\...\Policies\Explorer\Run: [36467805] => C:\ProgramData\msriv.exe [113152 2014-05-16] ( (CoupleNet Dev Group))
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Run: [UZmedia Update] => regsvr32.exe
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\MountPoints2: {1232592b-8fba-11e1-95c9-e4d53d088c7c} - G:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\MountPoints2: {4701b1ef-9c7b-11e2-8905-e4d53d088c7c} - G:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\MountPoints2: {88a6e618-80e9-11e1-9204-e4d53d088c7c} - F:\setup.exe
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\MountPoints2: {b6f3effd-758d-11e1-960b-e4d53d088c7c} - "F:\WD SmartWare.exe" autoplay=true
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [102512 2014-05-08] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN&q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll (Google Inc.)
BHO-x32: webget - {dc264a72-fa75-4948-b881-ea8eff8e5dd2} - C:\Program Files (x86)\webget\webgetbho.dll (webget)
Toolbar: HKLM-x32 - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

==================== Services (Whitelisted) =================

S2 AviraUpgradeService; C:\Windows\TEMP\AVSETUP_53768a28\setup.exe [1398352 2014-05-16] (Avira Operations GmbH & Co. KG)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Update webget; C:\Program Files (x86)\webget\updatewebget.exe [317720 2014-05-17] ()
S2 USTSPCODiskOptimizer; C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCODefragSrv64.exe [283928 2014-04-21] (USTechSupport, LLC (www.ustechsupport.com))
R2 Util webget; C:\Program Files (x86)\webget\bin\utilwebget.exe [317720 2014-05-17] ()
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [549008 2014-05-12] (Cherished Technololgy LIMITED)

==================== Drivers (Whitelisted) ====================

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-04-07] ()
U5 UnlockerDriver5; C:\Program Files (x86)\TC UP\PLUGINS\Media\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
R1 VD_FileDisk; C:\Windows\System32\Drivers\VD_FileDisk.sys [30312 2011-01-26] (CaptainFlint Software)
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [61112 2014-05-16] (StdLib)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2009-08-28] (CyberLink Corp.)
U3 abiqjaru; C:\Windows\System32\Drivers\abiqjaru.sys [0 ] (Microsoft Corporation)
R4 avkmgr; system32\DRIVERS\avkmgr.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 USBMULCD; system32\drivers\CM10664.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-17 14:48 - 2014-05-17 14:48 - 00000000 ____D () C:\FRST
2014-05-17 08:03 - 2014-05-17 08:03 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\TrojanHunter
2014-05-17 07:22 - 2014-05-16 18:34 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
2014-05-17 06:47 - 2014-05-17 06:50 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5
2014-05-17 06:47 - 2014-05-17 06:47 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll
2014-05-17 06:47 - 2014-05-17 06:47 - 00001049 _____ () C:\Users\mochenmo1\Desktop\TrojanHunter.lnk
2014-05-17 06:47 - 2014-05-17 06:47 - 00000000 ____D () C:\ProgramData\TrojanHunter
2014-05-17 06:47 - 2014-05-17 06:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2014-05-17 06:43 - 2014-05-17 06:46 - 00000000 ____D () C:\Program Files (x86)\USTechSupport
2014-05-17 06:43 - 2014-05-17 06:43 - 00003344 _____ () C:\Windows\System32\Tasks\USTSPCO-USTSPCOOneClickCare
2014-05-17 06:43 - 2014-05-17 06:43 - 00003166 _____ () C:\Windows\System32\Tasks\MyCleanPC PC Optimizer
2014-05-17 06:43 - 2014-05-17 06:43 - 00003002 _____ () C:\Windows\System32\Tasks\LAUNCH CDPCO
2014-05-17 06:43 - 2014-05-17 06:43 - 00000462 _____ () C:\Windows\Tasks\USTSPCO-USTSPCOOneClickCare.job
2014-05-17 06:43 - 2014-05-17 06:43 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\USTechSupport
2014-05-17 06:43 - 2014-05-17 06:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC
2014-05-17 06:42 - 2014-05-17 06:46 - 00000000 ____D () C:\ProgramData\USTechSupport
2014-05-17 05:54 - 2014-05-17 05:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-17 05:52 - 2014-05-17 05:52 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\SupTab
2014-05-17 05:52 - 2014-05-17 05:52 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-05-17 05:52 - 2014-05-17 05:52 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-05-17 05:51 - 2014-05-17 06:52 - 00000000 ____D () C:\Program Files (x86)\webget
2014-05-17 05:51 - 2014-05-17 05:51 - 00669799 _____ () C:\Users\mochenmo1\Downloads\voxware_audio.zip
2014-05-16 23:59 - 2014-05-16 23:59 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-05-16 22:29 - 2014-05-16 22:29 - 00001827 _____ () C:\Users\Public\Desktop\DivX Movies.lnk
2014-05-16 22:29 - 2014-05-16 22:29 - 00001106 _____ () C:\Users\Public\Desktop\DivX Player.lnk
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack
2014-05-16 02:18 - 2014-05-16 02:18 - 00000000 ___RD () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
2014-05-16 01:39 - 2014-05-16 01:39 - 00001082 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
2014-05-16 01:39 - 2014-05-16 01:39 - 00001070 _____ () C:\Users\Public\Desktop\Prism Video File Converter.lnk
2014-05-16 01:39 - 2014-05-16 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-05-16 01:33 - 2014-05-16 01:38 - 00000000 ____D () C:\Program Files (x86)\Total Video Converter
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GSpot
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSpot
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\Program Files (x86)\GSpot
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Win7codecs
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win7codecs
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\Program Files (x86)\Win7codecs
2014-05-16 01:28 - 2014-05-16 01:28 - 00008629 _____ () C:\Windows\LDPINST.LOG
2014-05-16 00:35 - 2014-05-17 05:54 - 00001030 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-16 00:35 - 2014-05-17 05:54 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\vlc
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\soundbackends
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\sound
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\plugins
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\platforms
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\imageformats
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\accessible
2014-05-16 00:32 - 2014-05-16 00:32 - 00126308 _____ (TeamSpeak Systems GmbH) C:\Users\mochenmo1\Uninstall.exe
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\translations
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\styles
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\news
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\gfx
2014-05-16 00:29 - 2014-05-16 01:21 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Overwolf
2014-05-16 00:29 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-16 00:29 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\TeamSpeak 3 Client
2014-05-16 00:29 - 2014-05-16 00:32 - 00000798 _____ () C:\Users\mochenmo1\Desktop\TeamSpeak 3 Client.lnk
2014-05-16 00:29 - 2014-05-16 00:29 - 01301028 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-16 00_29_42.913393.dmp
2014-05-16 00:25 - 2014-05-16 00:25 - 01293740 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-16 00_25_21.003342.dmp
2014-05-15 23:30 - 2009-03-24 12:52 - 00155984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-05-15 23:05 - 2014-05-15 23:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 23:05 - 2014-05-15 23:05 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-15 23:04 - 2014-05-16 01:16 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-15 22:50 - 2014-05-16 01:16 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-15 22:34 - 2014-05-15 22:34 - 01171946 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 22_34_22.992244.dmp
2014-05-15 22:23 - 2014-05-15 22:23 - 00001228 _____ () C:\Users\mochenmo1\Desktop\Revo Uninstaller.lnk
2014-05-15 22:23 - 2014-05-15 22:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 21:49 - 2014-05-15 21:49 - 00000000 ____D () C:\backup
2014-05-15 21:48 - 2014-05-17 03:17 - 00000390 _____ () C:\Windows\Tasks\PC Health Advisor.job
2014-05-15 21:48 - 2014-05-17 02:05 - 00000450 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-05-15 21:48 - 2014-05-16 18:00 - 00000476 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-05-15 21:48 - 2014-05-16 02:18 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-05-15 21:48 - 2014-05-15 22:12 - 00000408 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-05-15 21:48 - 2014-05-15 21:48 - 00003318 _____ () C:\Windows\System32\Tasks\PC Health Advisor
2014-05-15 21:48 - 2014-05-15 21:48 - 00003290 _____ () C:\Windows\System32\Tasks\PC Health Advisor Defrag
2014-05-15 21:48 - 2014-05-15 21:48 - 00003272 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3
2014-05-15 21:48 - 2014-05-15 21:48 - 00003148 _____ () C:\Windows\System32\Tasks\ParetoLogic Registration3
2014-05-15 21:48 - 2014-05-15 21:48 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\ParetoLogic
2014-05-15 21:48 - 2014-05-15 21:48 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\DriverCure
2014-05-15 21:44 - 2014-05-16 02:18 - 00095362 _____ () C:\Windows\PFRO.log
2014-05-15 21:44 - 2014-05-16 02:18 - 00000896 _____ () C:\Windows\setupact.log
2014-05-15 21:44 - 2014-05-15 21:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-15 21:09 - 2014-05-15 21:09 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-15 21:00 - 2014-05-15 21:00 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 21_00_16.075060.dmp
2014-05-15 20:52 - 2014-05-15 21:07 - 00000991 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-15 20:52 - 2014-05-15 20:52 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-15 20:52 - 2014-05-15 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-15 20:52 - 2014-05-15 20:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-15 20:48 - 2014-05-15 20:48 - 00003170 _____ () C:\Windows\System32\Tasks\{0DE29827-F5F2-483D-8333-7C424F679B3D}
2014-05-15 20:41 - 2014-05-15 20:41 - 01194692 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_41_01.371074.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01306049 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_30.614315.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01295455 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_34.385530.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01294943 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_36.714664.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01195948 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_40_39.795840.dmp
2014-05-15 20:39 - 2014-05-15 20:39 - 01296113 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_39_44.959703.dmp
2014-05-15 20:32 - 2014-05-15 20:32 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_32_33.183978.dmp
2014-05-15 20:28 - 2014-05-15 20:28 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_28_41.318444.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_32.635991.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_26.306629.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_07.048527.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_48.781482.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_46.346343.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_42.550126.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_38.440891.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_36.935805.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_28.041296.dmp
2014-05-15 20:20 - 2014-05-15 20:20 - 01166445 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_20_40.076257.dmp
2014-05-15 01:51 - 2014-05-15 01:51 - 00008802 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:51 - 2014-05-15 01:51 - 00008802 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:51 - 2014-05-15 01:51 - 00004742 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:51 - 2014-05-15 01:51 - 00004742 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:51 - 2014-05-15 01:51 - 00000280 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-05-15 01:51 - 2014-05-15 01:51 - 00000280 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.URL
2014-05-15 01:50 - 2014-05-15 01:50 - 00008802 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:50 - 2014-05-15 01:50 - 00008802 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:50 - 2014-05-15 01:50 - 00004742 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:50 - 2014-05-15 01:50 - 00004742 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:50 - 2014-05-15 01:50 - 00000280 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-05-15 01:50 - 2014-05-15 01:50 - 00000280 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-05-15 01:48 - 2014-05-15 20:26 - 00000000 ___HD () C:\2ce2165
2014-05-14 00:17 - 2014-05-14 00:17 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Astuma
2014-05-13 19:38 - 2014-05-13 19:38 - 00204280 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-13 19_38_36.980195.dmp
2014-05-13 19:38 - 2014-05-13 19:38 - 00203536 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-13 19_38_36.981195.dmp
2014-05-11 22:19 - 2014-05-15 20:30 - 00000000 ____D () C:\Program Files (x86)\ROCCAT
2014-05-09 00:23 - 2014-05-09 00:23 - 00000000 ____D () C:\Users\mochenmo1\Documents\Screen Recording Suite
2014-05-09 00:22 - 2014-05-15 20:30 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Apowersoft
2014-05-09 00:22 - 2014-05-15 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2014-05-09 00:22 - 2014-05-15 20:30 - 00000000 ____D () C:\Program Files (x86)\Apowersoft
2014-05-02 00:30 - 2014-05-02 00:31 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-05-02 00:25 - 2014-05-17 05:52 - 00000000 ____D () C:\ProgramData\WPM
2014-05-02 00:25 - 2014-05-15 20:45 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Mobogenie
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\Documents\Mobogenie
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\cache
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\.android
2014-05-02 00:24 - 2014-05-17 05:52 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Systweak
2014-05-02 00:24 - 2014-04-21 12:19 - 00019736 _____ (CyberDefender, (www.cyberdefender.com)) C:\Windows\system32\roboot64.exe
2014-05-02 00:23 - 2014-05-17 05:51 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\sweet-page
2014-05-02 00:13 - 2014-05-02 00:13 - 00000000 ____D () C:\Users\Public\Documents\DriverGenius
2014-05-02 00:13 - 2014-05-02 00:13 - 00000000 ____D () C:\ProgramData\DriverGenius
2014-05-02 00:10 - 2014-05-15 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
2014-05-02 00:10 - 2014-05-15 20:42 - 00000000 ____D () C:\Program Files (x86)\Driver-Soft
2014-05-02 00:10 - 2014-05-02 00:10 - 00001171 _____ () C:\Users\mochenmo1\Desktop\Driver Genius Professional Edition.lnk
2014-05-01 23:55 - 2014-05-15 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-01 23:55 - 2014-05-15 01:50 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Malwarebytes
2014-04-26 00:57 - 2014-05-15 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-26 00:57 - 2014-05-15 20:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-26 00:57 - 2014-05-15 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-26 00:06 - 2014-05-16 02:43 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\UZmedia
2014-04-26 00:04 - 2014-05-15 20:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-20 16:44 - 2014-05-15 21:43 - 00000000 ____D () C:\ProgramData\2992199F9A

==================== One Month Modified Files and Folders =======

2014-05-17 14:48 - 2014-05-17 14:48 - 00000000 ____D () C:\FRST
2014-05-17 14:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-17 14:43 - 2012-08-28 12:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-17 14:43 - 2012-04-07 22:00 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\CrashDumps
2014-05-17 08:03 - 2014-05-17 08:03 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\TrojanHunter
2014-05-17 06:58 - 2011-10-30 21:26 - 01610618 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 06:52 - 2014-05-17 05:51 - 00000000 ____D () C:\Program Files (x86)\webget
2014-05-17 06:50 - 2014-05-17 06:47 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5
2014-05-17 06:47 - 2014-05-17 06:47 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll
2014-05-17 06:47 - 2014-05-17 06:47 - 00001049 _____ () C:\Users\mochenmo1\Desktop\TrojanHunter.lnk
2014-05-17 06:47 - 2014-05-17 06:47 - 00000000 ____D () C:\ProgramData\TrojanHunter
2014-05-17 06:47 - 2014-05-17 06:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2014-05-17 06:46 - 2014-05-17 06:43 - 00000000 ____D () C:\Program Files (x86)\USTechSupport
2014-05-17 06:46 - 2014-05-17 06:42 - 00000000 ____D () C:\ProgramData\USTechSupport
2014-05-17 06:43 - 2014-05-17 06:43 - 00003344 _____ () C:\Windows\System32\Tasks\USTSPCO-USTSPCOOneClickCare
2014-05-17 06:43 - 2014-05-17 06:43 - 00003166 _____ () C:\Windows\System32\Tasks\MyCleanPC PC Optimizer
2014-05-17 06:43 - 2014-05-17 06:43 - 00003002 _____ () C:\Windows\System32\Tasks\LAUNCH CDPCO
2014-05-17 06:43 - 2014-05-17 06:43 - 00000462 _____ () C:\Windows\Tasks\USTSPCO-USTSPCOOneClickCare.job
2014-05-17 06:43 - 2014-05-17 06:43 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\USTechSupport
2014-05-17 06:43 - 2014-05-17 06:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC
2014-05-17 05:54 - 2014-05-17 05:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-17 05:54 - 2014-05-16 00:35 - 00001030 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-17 05:54 - 2014-05-16 00:35 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\vlc
2014-05-17 05:52 - 2014-05-17 05:52 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\SupTab
2014-05-17 05:52 - 2014-05-17 05:52 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-05-17 05:52 - 2014-05-17 05:52 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-05-17 05:52 - 2014-05-02 00:25 - 00000000 ____D () C:\ProgramData\WPM
2014-05-17 05:52 - 2014-05-02 00:24 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Systweak
2014-05-17 05:51 - 2014-05-17 05:51 - 00669799 _____ () C:\Users\mochenmo1\Downloads\voxware_audio.zip
2014-05-17 05:51 - 2014-05-02 00:23 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\sweet-page
2014-05-17 03:17 - 2014-05-15 21:48 - 00000390 _____ () C:\Windows\Tasks\PC Health Advisor.job
2014-05-17 02:05 - 2014-05-15 21:48 - 00000450 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2014-05-16 23:59 - 2014-05-16 23:59 - 00000000 _____ () C:\ProgramData\rebootpending.txt
2014-05-16 22:29 - 2014-05-16 22:29 - 00001827 _____ () C:\Users\Public\Desktop\DivX Movies.lnk
2014-05-16 22:29 - 2014-05-16 22:29 - 00001106 _____ () C:\Users\Public\Desktop\DivX Player.lnk
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack
2014-05-16 22:29 - 2013-07-20 22:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-16 22:17 - 2013-09-23 23:58 - 00003378 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-16 22:17 - 2013-09-23 23:58 - 00003252 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-16 22:10 - 2012-03-26 20:48 - 00113152 ___SH (CoupleNet Dev Group) C:\ProgramData\msriv.exe
2014-05-16 18:34 - 2014-05-17 07:22 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
2014-05-16 18:00 - 2014-05-15 21:48 - 00000476 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2014-05-16 06:24 - 2012-04-25 11:56 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\QuickPar
2014-05-16 06:02 - 2013-08-30 04:17 - 00003356 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-16 06:02 - 2013-08-08 19:21 - 00003230 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-16 02:45 - 2011-10-31 06:19 - 00654166 _____ () C:\Windows\system32\perfh007.dat
2014-05-16 02:45 - 2011-10-31 06:19 - 00130006 _____ () C:\Windows\system32\perfc007.dat
2014-05-16 02:45 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-16 02:43 - 2014-04-26 00:06 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\UZmedia
2014-05-16 02:25 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-16 02:25 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-16 02:18 - 2014-05-16 02:18 - 00000000 ___RD () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
2014-05-16 02:18 - 2014-05-15 21:48 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-05-16 02:18 - 2014-05-15 21:44 - 00095362 _____ () C:\Windows\PFRO.log
2014-05-16 02:18 - 2014-05-15 21:44 - 00000896 _____ () C:\Windows\setupact.log
2014-05-16 02:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-16 01:50 - 2013-06-20 02:30 - 00003398 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-16 01:42 - 2012-09-18 00:07 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-05-16 01:39 - 2014-05-16 01:39 - 00001082 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
2014-05-16 01:39 - 2014-05-16 01:39 - 00001070 _____ () C:\Users\Public\Desktop\Prism Video File Converter.lnk
2014-05-16 01:39 - 2014-05-16 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2014-05-16 01:39 - 2012-09-18 00:07 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-05-16 01:38 - 2014-05-16 01:33 - 00000000 ____D () C:\Program Files (x86)\Total Video Converter
2014-05-16 01:37 - 2012-03-24 10:34 - 00060360 _____ () C:\Users\mochenmo1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-16 01:36 - 2009-07-14 06:45 - 00283136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GSpot
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSpot
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\Program Files (x86)\GSpot
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Win7codecs
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win7codecs
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\Program Files (x86)\Win7codecs
2014-05-16 01:30 - 2012-04-01 19:47 - 00000000 ____D () C:\ProgramData\Win7codecs
2014-05-16 01:28 - 2014-05-16 01:28 - 00008629 _____ () C:\Windows\LDPINST.LOG
2014-05-16 01:28 - 2012-04-01 19:42 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-05-16 01:28 - 2012-04-01 19:42 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
2014-05-16 01:21 - 2014-05-16 00:29 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Overwolf
2014-05-16 01:18 - 2012-03-24 10:34 - 00000000 ____D () C:\Users\mochenmo1
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\soundbackends
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\sound
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\plugins
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\platforms
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\imageformats
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\accessible
2014-05-16 01:17 - 2014-05-16 00:29 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-16 01:17 - 2014-05-16 00:29 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\TeamSpeak 3 Client
2014-05-16 01:17 - 2013-08-09 23:23 - 00000000 ____D () C:\Program Files (x86)\TC UP
2014-05-16 01:17 - 2012-06-08 23:57 - 00000000 ____D () C:\ProgramData\Real
2014-05-16 01:17 - 2011-10-30 21:43 - 00000000 ____D () C:\ProgramData\Atheros
2014-05-16 01:17 - 2011-08-12 10:02 - 00000000 ____D () C:\ProgramData\BackupManager
2014-05-16 01:17 - 2011-08-12 10:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-16 01:17 - 2011-08-12 09:59 - 00000000 ____D () C:\ProgramData\oem
2014-05-16 01:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-05-16 01:16 - 2014-05-15 23:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-16 01:16 - 2014-05-15 22:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-16 01:16 - 2012-04-01 19:45 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-16 00:32 - 2014-05-16 00:32 - 00126308 _____ (TeamSpeak Systems GmbH) C:\Users\mochenmo1\Uninstall.exe
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\translations
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\styles
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\news
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\gfx
2014-05-16 00:32 - 2014-05-16 00:29 - 00000798 _____ () C:\Users\mochenmo1\Desktop\TeamSpeak 3 Client.lnk
2014-05-16 00:29 - 2014-05-16 00:29 - 01301028 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-16 00_29_42.913393.dmp
2014-05-16 00:25 - 2014-05-16 00:25 - 01293740 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-16 00_25_21.003342.dmp
2014-05-15 23:45 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 23:05 - 2014-05-15 23:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 23:05 - 2014-05-15 23:05 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-15 22:55 - 2012-08-31 16:35 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Adobe
2014-05-15 22:42 - 2012-04-30 23:21 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Deployment
2014-05-15 22:34 - 2014-05-15 22:34 - 01171946 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 22_34_22.992244.dmp
2014-05-15 22:23 - 2014-05-15 22:23 - 00001228 _____ () C:\Users\mochenmo1\Desktop\Revo Uninstaller.lnk
2014-05-15 22:23 - 2014-05-15 22:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 22:12 - 2014-05-15 21:48 - 00000408 _____ () C:\Windows\Tasks\PC Health Advisor Defrag.job
2014-05-15 21:49 - 2014-05-15 21:49 - 00000000 ____D () C:\backup
2014-05-15 21:48 - 2014-05-15 21:48 - 00003318 _____ () C:\Windows\System32\Tasks\PC Health Advisor
2014-05-15 21:48 - 2014-05-15 21:48 - 00003290 _____ () C:\Windows\System32\Tasks\PC Health Advisor Defrag
2014-05-15 21:48 - 2014-05-15 21:48 - 00003272 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3
2014-05-15 21:48 - 2014-05-15 21:48 - 00003148 _____ () C:\Windows\System32\Tasks\ParetoLogic Registration3
2014-05-15 21:48 - 2014-05-15 21:48 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\ParetoLogic
2014-05-15 21:48 - 2014-05-15 21:48 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\DriverCure
2014-05-15 21:44 - 2014-05-15 21:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-15 21:43 - 2014-04-20 16:44 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-15 21:09 - 2014-05-15 21:09 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-15 21:09 - 2012-08-28 12:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 21:09 - 2012-05-18 21:01 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 21:09 - 2011-08-12 10:01 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 21:07 - 2014-05-15 20:52 - 00000991 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-15 21:00 - 2014-05-15 21:00 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 21_00_16.075060.dmp
2014-05-15 20:56 - 2012-09-29 01:53 - 00000000 ____D () C:\Windows\Minidump
2014-05-15 20:56 - 2012-04-25 00:56 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Media Player Classic
2014-05-15 20:56 - 2012-04-07 21:39 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\DAEMON Tools Lite
2014-05-15 20:56 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2014-05-15 20:52 - 2014-05-15 20:52 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-15 20:52 - 2014-05-15 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-15 20:52 - 2014-05-15 20:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-15 20:48 - 2014-05-15 20:48 - 00003170 _____ () C:\Windows\System32\Tasks\{0DE29827-F5F2-483D-8333-7C424F679B3D}
2014-05-15 20:45 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Mobogenie
2014-05-15 20:45 - 2014-04-09 22:30 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-05-15 20:43 - 2014-05-02 00:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
2014-05-15 20:42 - 2014-05-02 00:10 - 00000000 ____D () C:\Program Files (x86)\Driver-Soft
2014-05-15 20:42 - 2014-04-26 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-15 20:42 - 2014-04-26 00:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-15 20:42 - 2014-04-26 00:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-15 20:42 - 2014-04-26 00:04 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-15 20:42 - 2013-09-03 19:22 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-05-15 20:42 - 2013-03-30 12:20 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-05-15 20:42 - 2012-05-26 13:08 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Real
2014-05-15 20:42 - 2012-05-18 21:01 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-15 20:42 - 2012-03-26 21:27 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Skype
2014-05-15 20:42 - 2011-08-12 10:01 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-05-15 20:42 - 2011-08-12 10:00 - 00000000 ___HD () C:\OEM
2014-05-15 20:42 - 2011-08-12 09:45 - 00000000 ____D () C:\ProgramData\Acer
2014-05-15 20:42 - 2011-08-12 09:43 - 00000000 ____D () C:\ProgramData\Skype
2014-05-15 20:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-15 20:41 - 2014-05-15 20:41 - 01194692 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_41_01.371074.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01306049 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_30.614315.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01295455 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_34.385530.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01294943 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_36.714664.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01195948 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_40_39.795840.dmp
2014-05-15 20:39 - 2014-05-15 20:39 - 01296113 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_39_44.959703.dmp
2014-05-15 20:32 - 2014-05-15 20:32 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_32_33.183978.dmp
2014-05-15 20:30 - 2014-05-11 22:19 - 00000000 ____D () C:\Program Files (x86)\ROCCAT
2014-05-15 20:30 - 2014-05-09 00:22 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Apowersoft
2014-05-15 20:30 - 2014-05-09 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2014-05-15 20:30 - 2014-05-09 00:22 - 00000000 ____D () C:\Program Files (x86)\Apowersoft
2014-05-15 20:30 - 2014-03-08 21:20 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-15 20:30 - 2013-05-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any Video Converter
2014-05-15 20:28 - 2014-05-15 20:28 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_28_41.318444.dmp
2014-05-15 20:26 - 2014-05-15 01:48 - 00000000 ___HD () C:\2ce2165
2014-05-15 20:26 - 2014-05-01 23:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 20:26 - 2013-04-06 23:05 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_32.635991.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_26.306629.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_07.048527.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_48.781482.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_46.346343.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_42.550126.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_38.440891.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_36.935805.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_28.041296.dmp
2014-05-15 20:20 - 2014-05-15 20:20 - 01166445 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_20_40.076257.dmp
2014-05-15 01:51 - 2014-05-15 01:51 - 00008802 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:51 - 2014-05-15 01:51 - 00008802 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:51 - 2014-05-15 01:51 - 00004742 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:51 - 2014-05-15 01:51 - 00004742 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:51 - 2014-05-15 01:51 - 00000280 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-05-15 01:51 - 2014-05-15 01:51 - 00000280 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.URL
2014-05-15 01:51 - 2013-07-02 20:18 - 00000000 ____D () C:\Users\mochenmo1\Documents\Any Video Converter
2014-05-15 01:51 - 2012-04-25 01:02 - 00000000 ____D () C:\Users\mochenmo1\Documents\CyberLink
2014-05-15 01:50 - 2014-05-15 01:50 - 00008802 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:50 - 2014-05-15 01:50 - 00008802 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:50 - 2014-05-15 01:50 - 00004742 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:50 - 2014-05-15 01:50 - 00004742 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:50 - 2014-05-15 01:50 - 00000280 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-05-15 01:50 - 2014-05-15 01:50 - 00000280 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-05-15 01:50 - 2014-05-01 23:55 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Malwarebytes
2014-05-15 01:50 - 2013-05-01 18:21 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Any Video Converter
2014-05-15 01:50 - 2012-04-26 18:10 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\InternetEverywhere
2014-05-15 01:50 - 2012-03-24 10:56 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Western Digital
2014-05-15 01:49 - 2011-10-30 21:25 - 00000000 ____D () C:\book
2014-05-15 01:49 - 2011-08-12 10:09 - 00008728 __RSH () C:\BOOTSECT.BAK
2014-05-14 00:17 - 2014-05-14 00:17 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Astuma
2014-05-13 19:38 - 2014-05-13 19:38 - 00204280 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-13 19_38_36.980195.dmp
2014-05-13 19:38 - 2014-05-13 19:38 - 00203536 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-13 19_38_36.981195.dmp
2014-05-12 00:10 - 2009-07-14 04:34 - 54525952 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-12 00:10 - 2009-07-14 04:34 - 16777216 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-12 00:10 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-09 00:23 - 2014-05-09 00:23 - 00000000 ____D () C:\Users\mochenmo1\Documents\Screen Recording Suite
2014-05-08 20:06 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-05-02 00:31 - 2014-05-02 00:30 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\Documents\Mobogenie
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\cache
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\.android
2014-05-02 00:13 - 2014-05-02 00:13 - 00000000 ____D () C:\Users\Public\Documents\DriverGenius
2014-05-02 00:13 - 2014-05-02 00:13 - 00000000 ____D () C:\ProgramData\DriverGenius
2014-05-02 00:10 - 2014-05-02 00:10 - 00001171 _____ () C:\Users\mochenmo1\Desktop\Driver Genius Professional Edition.lnk
2014-05-02 00:07 - 2013-05-01 18:21 - 00000000 ____D () C:\Program Files (x86)\Any Video Converter
2014-05-01 16:19 - 2009-07-14 07:38 - 00067584 ____S () C:\Windows\bootstat(32).dat
2014-04-30 11:07 - 2013-09-17 19:21 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Guild Wars 2
2014-04-21 12:19 - 2014-05-02 00:24 - 00019736 _____ (CyberDefender, (www.cyberdefender.com)) C:\Windows\system32\roboot64.exe
2014-04-20 16:57 - 2010-11-21 09:16 - 00000000 ___RD () C:\Users\Public\Recorded TV

Files to move or delete:
====================
C:\ProgramData\msriv.exe
C:\Users\mochenmo1\createfileassoc.exe
C:\Users\mochenmo1\error_report.exe
C:\Users\mochenmo1\libeay32.dll
C:\Users\mochenmo1\msvcp110.dll
C:\Users\mochenmo1\msvcr110.dll
C:\Users\mochenmo1\OverwolfTeamSpeakInstaller.exe
C:\Users\mochenmo1\package_inst.exe
C:\Users\mochenmo1\Qt5Core.dll
C:\Users\mochenmo1\Qt5Gui.dll
C:\Users\mochenmo1\Qt5Network.dll
C:\Users\mochenmo1\Qt5Sql.dll
C:\Users\mochenmo1\Qt5Widgets.dll
C:\Users\mochenmo1\quazip.dll
C:\Users\mochenmo1\ssleay32.dll
C:\Users\mochenmo1\ts3client_win64.exe
C:\Users\mochenmo1\Uninstall.exe
C:\Users\mochenmo1\update.exe


Some content of TEMP:
====================
C:\Users\mochenmo1\AppData\Local\Temp\9t6h.difxapi.dll
C:\Users\mochenmo1\AppData\Local\Temp\AskSLib.dll
C:\Users\mochenmo1\AppData\Local\Temp\del.dll
C:\Users\mochenmo1\AppData\Local\Temp\Difx64.exe
C:\Users\mochenmo1\AppData\Local\Temp\dlbc.dll
C:\Users\mochenmo1\AppData\Local\Temp\ffmpeg17.exe
C:\Users\mochenmo1\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\mochenmo1\AppData\Local\Temp\W2NTSo.difxapi.dll
C:\Users\mochenmo1\AppData\Local\Temp\zuYJ.Difx64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-14 02:30

==================== End Of Log ============================
--- --- ---




FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by mochenmo1 at 2014-05-17 14:49:05
Running from C:\Users\mochenmo1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ME43STKO
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{1D72BF42-E249-4EB7-CC4C-8CC09DAB180B}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.0 - )
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.96 - Atheros Communications)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0208.2202.39516 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0208.2202.39516 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help English (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help French (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help German (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0208.2201.39516 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0208.2202.39516 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2011.0208.2202.39516 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Combined Community Codec Pack 2008-09-21 16:18 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2008.09.21.0 - CCCP Project)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1501 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.1501 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 5.2.1 - DivXNetworks, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 2.6 - DivXNetworks, Inc.)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Driver Genius Professional Edition (HKLM-x32\...\Driver Genius Professional Edition_is1) (Version: 11.0 - Driver-Soft Inc.)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
GrabIt 1.7.1 Beta (build 960) (HKLM-x32\...\GrabIt_is1) (Version:  - Ilan Shemes)
GSpot Codec Information Appliance (HKLM-x32\...\GSpot) (Version:  - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyCleanPC PC Optimizer (HKLM-x32\...\{6AAEB4CB-0573-41ec-89B0-0FE0D5134A8B}_is1) (Version: 2.0.648.15898 - USTechSupport)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.10 - NCH Software)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Total Commander Ultima Prime 5.7.0.0 (HKLM-x32\...\TC UP) (Version: 5.7.0.0 - Robert £ajka & Pawe³ Porwisz)
TrojanHunter 5.5 (HKLM-x32\...\TrojanHunter_is1) (Version: 5.5 - Mischel Internet Security)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
webget (HKLM\...\webget) (Version: 2014.05.17.014642 - webget) <==== ATTENTION
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.0.5 - Shark007)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WPM18.8.0.304 (HKLM-x32\...\WPM) (Version: 18.8.0.304 - Cherished Technololgy LIMITED) <==== ATTENTION
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

15-05-2014 21:50:40 Windows-Sicherung
15-05-2014 22:21:21 Revo Uninstaller's restore point - VLC media player 2.0.0
15-05-2014 22:25:34 Revo Uninstaller's restore point - TeamSpeak 3 Client
15-05-2014 22:30:04 Revo Uninstaller's restore point - TeamSpeak 3 Client
15-05-2014 23:12:42 Wiederherstellungsvorgang
15-05-2014 23:24:18 Revo Uninstaller's restore point - Overwolf
15-05-2014 23:24:28 Removed Overwolf
15-05-2014 23:26:08 Revo Uninstaller's restore point - sweet-page uninstaller
15-05-2014 23:27:08 Revo Uninstaller's restore point - Logitech SetPoint
15-05-2014 23:30:50 Installed Win7codecs.
15-05-2014 23:38:01 Revo Uninstaller's restore point - Total Video Converter 3.11
16-05-2014 00:16:48 Revo Uninstaller's restore point - ParetoLogic PC Health Advisor
16-05-2014 00:17:51 Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 1.75.0.1300
17-05-2014 03:52:06 Revo Uninstaller's restore point - RegClean-Pro
17-05-2014 03:57:27 Revo Uninstaller's restore point - Sweet Page
17-05-2014 04:46:13 Revo Uninstaller's restore point - US Tech Support Framework
17-05-2014 04:46:20 Removed US Tech Support Framework

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1CCEA241-48DC-4AEC-BDA5-3FA337D8D6B1} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {218484D2-0B17-4326-802B-0179EBC147A7} - System32\Tasks\MyCleanPC PC Optimizer => C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe [2014-04-21] (USTechSupport, LLC (www.ustechsupport.com))
Task: {26BFF2DE-D596-4713-91A1-3B2A5900205C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {393D3036-F5F6-40AC-8213-8B4F350C59BF} - System32\Tasks\PC Health Advisor => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
Task: {400AD4BE-3D54-4B9F-8DDA-4B499648479F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2435969490-785047729-4073554876-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4E8A0B69-6C6B-401E-ADF6-09F1E83D8790} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2435969490-785047729-4073554876-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4F145B4A-49B7-4B42-A576-7D5BE40F8466} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2435969490-785047729-4073554876-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4FE12E33-B025-4623-81AB-B6502DA5188B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2435969490-785047729-4073554876-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {66C89A4C-A0A4-4CC2-8A70-5A813E7FC927} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {6827722C-C2F5-4D4F-ADC7-1C2606BEC1CC} - System32\Tasks\ParetoLogic Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll" RunUns
Task: {78DCAAF4-9839-4D82-8E7E-7E5D122E0547} - System32\Tasks\USTSPCO-USTSPCOOneClickCare => C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe [2014-04-21] (USTechSupport, LLC (www.ustechsupport.com))
Task: {78EEDD94-A836-4B6F-9E79-25A982493758} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2435969490-785047729-4073554876-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {7CE75080-03F0-4644-AA65-17E832F2F0AF} - System32\Tasks\PC Health Advisor Defrag => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
Task: {95E4D4B6-08C5-4515-9FF8-6FE6DB2A9111} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {9F88A27D-6C2B-48DC-B387-D8552F1954AE} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {A6CEAE67-411A-44A8-8E73-3531902CED88} - System32\Tasks\{1A0998B0-572D-478E-9376-CC84A3C81FEC} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.136.217&amp;LastError=12007
Task: {AACF03A2-104F-4790-BB55-C9D82B4C528C} - System32\Tasks\LAUNCH CDPCO => C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe [2014-04-21] (USTechSupport, LLC (www.ustechsupport.com))
Task: {AF0EFB45-E738-4231-9805-A67C5A4CCFEF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {B1969CFD-2CBB-44E6-8D7B-B4FD42432C6E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2435969490-785047729-4073554876-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CDE0363C-D4FB-4AD8-8D10-4C2172670484} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2435969490-785047729-4073554876-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D7033B0E-4591-4062-B2F1-20E346D0EF67} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-05-08] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ParetoLogic Registration3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\UUS3.dll
Task: C:\Windows\Tasks\ParetoLogic Update Version3.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: C:\Windows\Tasks\PC Health Advisor Defrag.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
Task: C:\Windows\Tasks\PC Health Advisor.job => C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
Task: C:\Windows\Tasks\USTSPCO-USTSPCOOneClickCare.job => C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-05-17 03:46 - 2014-05-17 03:46 - 00317720 _____ () C:\Program Files (x86)\webget\updatewebget.exe
2014-05-17 06:52 - 2014-05-17 06:52 - 00317720 _____ () C:\Program Files (x86)\webget\bin\utilwebget.exe
2011-04-24 03:29 - 2011-04-24 03:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 03:29 - 2011-04-24 03:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-05-02 21:50 - 2012-05-02 21:50 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\717bc129b29a2f6299fe221ef19b91ba\IsdiInterop.ni.dll
2011-08-12 09:24 - 2011-01-13 02:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-05-17 06:43 - 2014-04-21 12:19 - 00325912 _____ () C:\Program Files (x86)\USTechSupport\PC Optimizer\asohtm.dll
2014-05-17 06:43 - 2014-04-21 12:19 - 00568496 _____ () C:\Program Files (x86)\USTechSupport\PC Optimizer\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\msriv.exe:1850017577
AlternateDataStreams: C:\ProgramData\msriv.exe:357016887
AlternateDataStreams: C:\ProgramData\msriv.exe:41622440

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2014 08:08:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d
Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002357
ID des fehlerhaften Prozesses: 0x4dc4
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (05/17/2014 06:42:44 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (05/17/2014 05:06:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/17/2014 05:06:05 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/17/2014 05:06:03 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" in Zeile  Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (05/17/2014 05:06:03 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" in Zeile  Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (05/16/2014 08:05:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Die abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/16/2014 08:05:10 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (05/16/2014 08:05:00 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" in Zeile  Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (05/16/2014 08:04:59 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" in Zeile  Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.


System errors:
=============
Error: (05/16/2014 06:20:37 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.

Error: (05/16/2014 06:20:37 AM) (Source: Schannel) (EventID: 4106) (User: NT-AUTORITÄT)
Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.

Error: (05/16/2014 06:20:37 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.

Error: (05/16/2014 06:20:37 AM) (Source: Schannel) (EventID: 4106) (User: NT-AUTORITÄT)
Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.

Error: (05/16/2014 06:20:37 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.

Error: (05/16/2014 06:20:37 AM) (Source: Schannel) (EventID: 4106) (User: NT-AUTORITÄT)
Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.

Error: (05/16/2014 06:20:37 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.

Error: (05/16/2014 06:20:37 AM) (Source: Schannel) (EventID: 4106) (User: NT-AUTORITÄT)
Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.

Error: (05/16/2014 06:20:28 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.

Error: (05/16/2014 06:20:28 AM) (Source: Schannel) (EventID: 4106) (User: NT-AUTORITÄT)
Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.


Microsoft Office Sessions:
=========================
Error: (05/17/2014 08:08:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255dMSVCR100.dll10.0.40219.3254df2be1ec0000005000023574dc401cf7195e3bc76f2C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\MSVCR100.dll9f2aa6cf-dd89-11e3-b4b9-b870f4f53fb4

Error: (05/17/2014 06:42:44 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\mochenmo1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ME43STKO\MyCleanPC.exe

Error: (05/17/2014 05:06:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/17/2014 05:06:05 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\TC UP\PLUGINS\Media\SiMail\DelphiZip.dllc:\program files (x86)\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll8

Error: (05/17/2014 05:06:03 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files (x86)\NTI\acer backup manager\Migrate\OutlookMsgNet64.exec:\program files (x86)\NTI\acer backup manager\Migrate\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST11

Error: (05/17/2014 05:06:03 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files (x86)\NTI\acer backup manager\OutlookMsgNet64.exec:\program files (x86)\NTI\acer backup manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST11

Error: (05/16/2014 08:05:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/16/2014 08:05:10 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\TC UP\PLUGINS\Media\SiMail\DelphiZip.dllc:\program files (x86)\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll8

Error: (05/16/2014 08:05:00 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files (x86)\NTI\acer backup manager\Migrate\OutlookMsgNet64.exec:\program files (x86)\NTI\acer backup manager\Migrate\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST11

Error: (05/16/2014 08:04:59 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files (x86)\NTI\acer backup manager\OutlookMsgNet64.exec:\program files (x86)\NTI\acer backup manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST11


CodeIntegrity Errors:
===================================
  Date: 2014-05-14 00:17:12.225
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\a527eb6.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-05-14 00:17:12.210
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\a527eb6.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-24 17:59:55.606
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\TC UP\PLUGINS\Media\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-24 17:59:55.575
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\TC UP\PLUGINS\Media\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-24 17:59:55.559
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\TC UP\PLUGINS\Media\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-24 17:59:55.543
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\TC UP\PLUGINS\Media\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-24 17:59:40.536
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\TC UP\PLUGINS\Media\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-24 17:59:40.521
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\TC UP\PLUGINS\Media\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-24 17:59:40.505
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\TC UP\PLUGINS\Media\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-08-24 17:59:40.474
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\TC UP\PLUGINS\Media\Unlocker\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 8173.86 MB
Available physical RAM: 5917.1 MB
Total Pagefile: 16345.91 MB
Available Pagefile: 14095.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:95.69 GB) (Free:35.06 GB) NTFS
Drive d: (DATA) (Fixed) (Total:698.63 GB) (Free:457.26 GB) NTFS
Drive g: () (Fixed) (Total:931.51 GB) (Free:197.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: DC6D59A0)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=96 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: DC6D59D6)
Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 547BE012)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

schrauber 18.05.2014 12:19
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

chetumal 18.05.2014 14:35
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 18.05.2014
Suchlauf-Zeit: 15:01:46
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.18.03
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: mochenmo1

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 253688
Verstrichene Zeit: 6 Min, 14 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 4
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1432, Löschen bei Neustart, [3ba09ab885f6fd39c93e2432af528d73]
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, 1564, Löschen bei Neustart, [17c43f13d6a53501a5bebea20cf5b64a]
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\updatewebget.exe, 1844, Löschen bei Neustart, [8d4e163c29523600e1e48ceb2bd6ca36]
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\bin\utilwebget.exe, 2108, Löschen bei Neustart, [a437aea4ef8cb18518ad85f28f72817f]

Module: 4
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, Löschen bei Neustart, [2fac5bf7b7c44aecf259d85d41bffe02],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, Löschen bei Neustart, [2fac5bf7b7c44aecf259d85d41bffe02],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\webgetBHO.dll, Löschen bei Neustart, [fdde2c265c1ff046388cc6b159a860a0],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Löschen bei Neustart, [4b90fe541b60ab8b3cca8119f0120ff1],

Registrierungsschlüssel: 28
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, In Quarantäne, [3ba09ab885f6fd39c93e2432af528d73],
PUP.Optional.WpManager, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Wpm, In Quarantäne, [17c43f13d6a53501a5bebea20cf5b64a],
PUP.Optional.WpManager, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WPM, In Quarantäne, [17c43f13d6a53501a5bebea20cf5b64a],
PUP.Optional.Webget.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update webget, In Quarantäne, [8d4e163c29523600e1e48ceb2bd6ca36],
PUP.Optional.Webget.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util webget, In Quarantäne, [a437aea4ef8cb18518ad85f28f72817f],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [2fac5bf7b7c44aecf259d85d41bffe02],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [2fac5bf7b7c44aecf259d85d41bffe02],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [2fac5bf7b7c44aecf259d85d41bffe02],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [2fac5bf7b7c44aecf259d85d41bffe02],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [2fac5bf7b7c44aecf259d85d41bffe02],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [2fac5bf7b7c44aecf259d85d41bffe02],
PUP.Optional.SupTab.A, HKU\S-1-5-21-2435969490-785047729-4073554876-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Löschen bei Neustart, [2fac5bf7b7c44aecf259d85d41bffe02],
PUP.Optional.SupTab.A, HKU\S-1-5-21-2435969490-785047729-4073554876-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Löschen bei Neustart, [2fac5bf7b7c44aecf259d85d41bffe02],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [2fac5bf7b7c44aecf259d85d41bffe02],
PUP.Optional.Webget.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{0A4AA078-E14F-4459-901A-D5F6ACB22DD6}, In Quarantäne, [fdde2c265c1ff046388cc6b159a860a0],
PUP.Optional.Webget.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F88A773B-C7D6-4097-AD99-144D59C291E1}, In Quarantäne, [fdde2c265c1ff046388cc6b159a860a0],
PUP.Optional.Webget.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F88A773B-C7D6-4097-AD99-144D59C291E1}, In Quarantäne, [fdde2c265c1ff046388cc6b159a860a0],
PUP.Optional.Webget.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{0A4AA078-E14F-4459-901A-D5F6ACB22DD6}, In Quarantäne, [fdde2c265c1ff046388cc6b159a860a0],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [4497054de4972f070bbb1648fc068779],
PUP.Optional.Webget.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\webget, In Quarantäne, [5685ed65abd083b3a9e42c5bff03b947],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [a338b1a15f1c9e983fd5b50aed168977],
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, In Quarantäne, [9843430fd9a241f5ee1db31558ab10f0],
PUP.Optional.Webget.A, HKLM\SOFTWARE\WOW6432NODE\webget, In Quarantäne, [db002d25d9a26ccaa4ebf98e5fa3ec14],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [23b8c9897a015dd9b65e8a35b84b60a0],
PUP.Optional.Webget.A, HKU\S-1-5-21-2435969490-785047729-4073554876-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\webget, Löschen bei Neustart, [8358b79b84f7e4520a84d4b3ff03b24e],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2435969490-785047729-4073554876-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Löschen bei Neustart, [b328cf839cdf92a460e4b3eaab57fd03],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2435969490-785047729-4073554876-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Löschen bei Neustart, [37a473df4338092de06f51624ab9b64a],
PUP.Optional.Qone8, HKU\S-1-5-21-2435969490-785047729-4073554876-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Löschen bei Neustart, [6774341e8dee64d2040f605f669d06fa],

Registrierungswerte: 4
Spyware.Zbot.VXGen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|36467805, C:\PROGRA~3\msriv.exe, In Quarantäne, [578492c01f5c6dc9a293f376de23b34d]
Spyware.Zbot.VXGen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|36467805, C:\PROGRA~3\msriv.exe, In Quarantäne, [578492c01f5c6dc9a293f376de23b34d]
PUP.Optional.WpManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WPM|ImagePath, C:\ProgramData\WPM\wprotectmanager.exe -service, In Quarantäne, [8a51064c0e6da88eaf42fec529dadb25]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2435969490-785047729-4073554876-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0V1D1S1R1D0V1O, Löschen bei Neustart, [37a473df4338092de06f51624ab9b64a]

Registrierungsdaten: 11
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~1.DLL, Gut: (), Schlecht: (C:\PROGRA~2\SupTab\SEARCH~1.DLL),Ersetzt,[4b90fe541b60ab8b3cca8119f0120ff1]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~2.DLL, Gut: (), Schlecht: (C:\PROGRA~2\SupTab\SEARCH~2.DLL),Ersetzt,[4b90fe541b60ab8b3cca8119f0120ff1]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN&q={searchTerms}),Ersetzt,[bc1f71e12952bc7a1f2981cc30d4db25]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN),Ersetzt,[21ba71e1651687af4007de6ff3111ee2]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN),Ersetzt,[a23955fdaecde155440575d8e420ee12]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[4e8d71e1f88380b639a16ce00bf906fa]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN&q={searchTerms}),Ersetzt,[796268ea9eddae8891b7bd9008fc55ab]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN),Ersetzt,[b7249eb486f5fc3a4700c885996b0000]
PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN),Ersetzt,[2ab15ff386f59a9c3910bd90ba4a718f]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[db00aba73a419c9af6e487c5de267987]
PUP.Optional.SweetPage.A, HKU\S-1-5-21-2435969490-785047729-4073554876-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1400298711&from=cor&uid=INTELXSSDSA2BW120G3A_CVPR1261026R120LGN),Löschen bei Neustart,[e1fadb77403b33035ce7a2abf80c5fa1]

Ordner: 28
PUP.Optional.Webget.A, C:\Program Files (x86)\webget, Löschen bei Neustart, [5685ed65abd083b3a9e42c5bff03b947],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\bin, Löschen bei Neustart, [5685ed65abd083b3a9e42c5bff03b947],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\bin\plugins, In Quarantäne, [5685ed65abd083b3a9e42c5bff03b947],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Löschen bei Neustart, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],

Dateien: 82
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Löschen bei Neustart, [3ba09ab885f6fd39c93e2432af528d73],
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Löschen bei Neustart, [17c43f13d6a53501a5bebea20cf5b64a],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\updatewebget.exe, Löschen bei Neustart, [8d4e163c29523600e1e48ceb2bd6ca36],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\bin\utilwebget.exe, Löschen bei Neustart, [a437aea4ef8cb18518ad85f28f72817f],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, Löschen bei Neustart, [2fac5bf7b7c44aecf259d85d41bffe02],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\webgetBHO.dll, In Quarantäne, [fdde2c265c1ff046388cc6b159a860a0],
Spyware.Zbot.VXGen, C:\ProgramData\msriv.exe, In Quarantäne, [578492c01f5c6dc9a293f376de23b34d],
Trojan.FakeMS.ED, C:\Users\mochenmo1\AppData\Local\Temp\dlbc.dll, In Quarantäne, [03d8a2b05823c274916be496cb36c13f],
PUP.Optional.SkyTech.A, C:\Users\mochenmo1\AppData\Local\Temp\99185186\99185186.zipDir\alilog.dll, In Quarantäne, [7e5d3c1699e2b97de82d49e9817f4ab6],
PUP.Optional.IePluginService.A, C:\Users\mochenmo1\AppData\Local\Temp\99185186\99185186.zipDir\tmp\SupTab_Setup302.exe, In Quarantäne, [5586034fe3980432c740fb5ba65b4db3],
PUP.Optional.WpManager, C:\Users\mochenmo1\AppData\Local\Temp\99185186\99185186.zipDir\tmp\wpm_v18.8.0.304.exe, In Quarantäne, [eeeda5ade2990135224198c8c938649c],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\webget.ico, In Quarantäne, [5685ed65abd083b3a9e42c5bff03b947],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\7za.exe, In Quarantäne, [5685ed65abd083b3a9e42c5bff03b947],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\updatewebget.InstallState, In Quarantäne, [5685ed65abd083b3a9e42c5bff03b947],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\webgetUninstall.exe, In Quarantäne, [5685ed65abd083b3a9e42c5bff03b947],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\bin\utilwebget.InstallState, In Quarantäne, [5685ed65abd083b3a9e42c5bff03b947],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\bin\webget.PurBrowse64.exe, In Quarantäne, [5685ed65abd083b3a9e42c5bff03b947],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\bin\webget.PurBrowseG.zip, In Quarantäne, [5685ed65abd083b3a9e42c5bff03b947],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\bin\plugins\webget.Bromon.dll, In Quarantäne, [5685ed65abd083b3a9e42c5bff03b947],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\bin\plugins\webget.BrowserAdapterS.dll, In Quarantäne, [5685ed65abd083b3a9e42c5bff03b947],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\bin\plugins\webget.CompatibilityChecker.dll, In Quarantäne, [5685ed65abd083b3a9e42c5bff03b947],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\bin\plugins\webget.FFUpdate.dll, In Quarantäne, [5685ed65abd083b3a9e42c5bff03b947],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\bin\plugins\webget.IEUpdate.dll, In Quarantäne, [5685ed65abd083b3a9e42c5bff03b947],
PUP.Optional.Webget.A, C:\Program Files (x86)\webget\bin\plugins\webget.PurBrowseG.dll, In Quarantäne, [5685ed65abd083b3a9e42c5bff03b947],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Löschen bei Neustart, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, Löschen bei Neustart, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [4b90fe541b60ab8b3cca8119f0120ff1],
Trojan.Dropper, C:\Users\mochenmo1\update.exe, In Quarantäne, [ca11d47ea2d948eeb200ef0c0df5916f],

Physische Sektoren: 0
(No malicious items detected)


(end)



AdwCleaner Logfile:
Code:
# AdwCleaner v3.208 - Bericht erstellt am 18/05/2014 um 15:13:56
# Aktualisiert 11/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : mochenmo1 - MOCHENMO1-PC
# Gestartet von : C:\Users\mochenmo1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QLA6PCEM\adwcleaner_3.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\driver-soft
Ordner Gelöscht : C:\Users\mochenmo1\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\MOCHEN~1\AppData\Local\Temp\webget
Ordner Gelöscht : C:\Users\mochenmo1\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\mochenmo1\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\mochenmo1\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\mochenmo1\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\mochenmo1\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\mochenmo1\Documents\Mobogenie
Datei Gelöscht : C:\Users\mochenmo1\Uninstall.exe
Datei Gelöscht : C:\Windows\Tasks\paretologic registration3.job
Datei Gelöscht : C:\Windows\System32\Tasks\paretologic registration3
Datei Gelöscht : C:\Windows\Tasks\paretologic update version3.job
Datei Gelöscht : C:\Windows\System32\Tasks\paretologic update version3
Datei Gelöscht : C:\Windows\Tasks\PC Health Advisor Defrag.job
Datei Gelöscht : C:\Windows\System32\Tasks\PC Health Advisor Defrag
Datei Gelöscht : C:\Windows\Tasks\PC Health Advisor.job
Datei Gelöscht : C:\Windows\System32\Tasks\PC Health Advisor

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_curse-client_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_curse-client_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_prism-video-converter_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_prism-video-converter_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Driver-Soft
Schlüssel Gelöscht : HKLM\Software\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\ParetoLogic

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16421

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

*************************

AdwCleaner[R0].txt - [5394 octets] - [18/05/2014 15:13:02]
AdwCleaner[S0].txt - [4823 octets] - [18/05/2014 15:13:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4883 octets] ##########
--- --- ---




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by mochenmo1 on 18.05.2014 at 15:24:46,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\driver genius



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\drivergenius"
Successfully deleted: [Folder] "C:\ProgramData\ustechsupport"
Successfully deleted: [Folder] "C:\Users\mochenmo1\AppData\Roaming\ustechsupport"
Successfully deleted: [Folder] "C:\Program Files (x86)\ustechsupport"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.05.2014 at 15:28:44,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by mochenmo1 (administrator) on MOCHENMO1-PC on 18-05-2014 15:30:59
Running from C:\Users\mochenmo1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0VDOL6S
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\elantech\etdctrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => c:\program files\realtek\audio\hda\ravcpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => c:\program files\realtek\audio\hda\ravbg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => c:\program files\acer\acer epower management\epowertray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "c:\program files\intel\turboboost\runtbgadgetonce.vbs"
HKLM\...\Run: [AtherosBtStack] => c:\program files (x86)\bluetooth suite\btvstack.exe [976032 2011-09-16] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => c:\program files (x86)\bluetooth suite\athbttray.exe [799904 2011-09-16] (Atheros Commnucations)
HKLM-x32\...\Run: [BackupManagerTray] => c:\program files (x86)\nti\acer backup manager\backupmanagertray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [OOTag] => c:\program files (x86)\acer\oobeoffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [StartCCC] => c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [336384 2011-02-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => c:\program files (x86)\launch manager\lmanager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-03] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => c:\dolby pcee4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-05-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Run: [UZmedia Update] => regsvr32.exe
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\MountPoints2: {1232592b-8fba-11e1-95c9-e4d53d088c7c} - G:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\MountPoints2: {4701b1ef-9c7b-11e2-8905-e4d53d088c7c} - G:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\MountPoints2: {88a6e618-80e9-11e1-9204-e4d53d088c7c} - F:\setup.exe
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\MountPoints2: {b6f3effd-758d-11e1-960b-e4d53d088c7c} - "F:\WD SmartWare.exe" autoplay=true

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-05-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-05-16] (Avira Operations GmbH & Co. KG)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-05-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-05-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-16] (Avira Operations GmbH & Co. KG)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-04-07] ()
U5 UnlockerDriver5; C:\Program Files (x86)\TC UP\PLUGINS\Media\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
R1 VD_FileDisk; C:\Windows\System32\Drivers\VD_FileDisk.sys [30312 2011-01-26] (CaptainFlint Software)
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [61112 2014-05-16] (StdLib)
U3 a3h2opvh; C:\Windows\System32\Drivers\a3h2opvh.sys [0 ] (Microsoft Corporation)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 USBMULCD; system32\drivers\CM10664.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-18 15:28 - 2014-05-18 15:28 - 00001032 _____ () C:\Users\mochenmo1\Desktop\JRT.txt
2014-05-18 15:24 - 2014-05-18 15:24 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 15:15 - 2014-05-18 15:15 - 00004971 _____ () C:\Users\mochenmo1\Desktop\AdwCleaner[S0].txt
2014-05-18 15:12 - 2014-05-18 15:22 - 00000000 ____D () C:\AdwCleaner
2014-05-18 15:11 - 2014-05-18 15:11 - 00025573 _____ () C:\Users\mochenmo1\Desktop\mbam.txt.txt
2014-05-18 14:54 - 2014-05-18 15:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 14:54 - 2014-05-18 14:54 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-18 14:54 - 2014-05-18 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 14:54 - 2014-05-18 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-18 14:54 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-18 14:54 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-18 14:54 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-18 14:50 - 2014-05-18 14:50 - 00003408 _____ () C:\Windows\System32\Tasks\aviraSWU
2014-05-18 14:50 - 2014-05-18 14:50 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Avira
2014-05-18 14:49 - 2014-05-18 14:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-18 14:49 - 2014-05-18 14:49 - 00001958 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-18 14:49 - 2014-05-18 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-18 14:49 - 2014-05-18 14:49 - 00000000 ____D () C:\ProgramData\Avira
2014-05-18 14:49 - 2014-05-16 23:52 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-18 14:49 - 2014-05-16 23:52 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-18 14:49 - 2014-05-16 23:52 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-17 14:48 - 2014-05-18 15:30 - 00000000 ____D () C:\FRST
2014-05-17 08:03 - 2014-05-17 08:03 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\TrojanHunter
2014-05-17 07:22 - 2014-05-16 18:34 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
2014-05-17 06:47 - 2014-05-18 14:48 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5
2014-05-17 06:47 - 2014-05-17 06:47 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll
2014-05-17 05:54 - 2014-05-17 05:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-17 05:52 - 2014-05-17 05:52 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-05-17 05:51 - 2014-05-17 05:51 - 00669799 _____ () C:\Users\mochenmo1\Downloads\voxware_audio.zip
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack
2014-05-16 01:33 - 2014-05-16 01:38 - 00000000 ____D () C:\Program Files (x86)\Total Video Converter
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GSpot
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSpot
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\Program Files (x86)\GSpot
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Win7codecs
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win7codecs
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\Program Files (x86)\Win7codecs
2014-05-16 01:28 - 2014-05-16 01:28 - 00008629 _____ () C:\Windows\LDPINST.LOG
2014-05-16 00:35 - 2014-05-18 09:44 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\vlc
2014-05-16 00:35 - 2014-05-17 05:54 - 00001030 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\soundbackends
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\sound
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\plugins
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\platforms
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\imageformats
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\accessible
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\translations
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\styles
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\news
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\gfx
2014-05-16 00:29 - 2014-05-16 01:21 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Overwolf
2014-05-16 00:29 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-16 00:29 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\TeamSpeak 3 Client
2014-05-16 00:29 - 2014-05-16 00:32 - 00000798 _____ () C:\Users\mochenmo1\Desktop\TeamSpeak 3 Client.lnk
2014-05-16 00:29 - 2014-05-16 00:29 - 01301028 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-16 00_29_42.913393.dmp
2014-05-16 00:25 - 2014-05-16 00:25 - 01293740 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-16 00_25_21.003342.dmp
2014-05-15 23:30 - 2009-03-24 12:52 - 00155984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-05-15 23:05 - 2014-05-15 23:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 23:05 - 2014-05-15 23:05 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-15 23:04 - 2014-05-16 01:16 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-15 22:34 - 2014-05-15 22:34 - 01171946 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 22_34_22.992244.dmp
2014-05-15 22:23 - 2014-05-15 22:23 - 00001228 _____ () C:\Users\mochenmo1\Desktop\Revo Uninstaller.lnk
2014-05-15 22:23 - 2014-05-15 22:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 21:49 - 2014-05-15 21:49 - 00000000 ____D () C:\backup
2014-05-15 21:44 - 2014-05-18 15:22 - 00126644 _____ () C:\Windows\PFRO.log
2014-05-15 21:44 - 2014-05-18 15:22 - 00001232 _____ () C:\Windows\setupact.log
2014-05-15 21:44 - 2014-05-15 21:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-15 21:09 - 2014-05-15 21:09 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-15 21:00 - 2014-05-15 21:00 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 21_00_16.075060.dmp
2014-05-15 20:52 - 2014-05-15 21:07 - 00000991 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-15 20:52 - 2014-05-15 20:52 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-15 20:52 - 2014-05-15 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-15 20:52 - 2014-05-15 20:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-15 20:48 - 2014-05-15 20:48 - 00003170 _____ () C:\Windows\System32\Tasks\{0DE29827-F5F2-483D-8333-7C424F679B3D}
2014-05-15 20:41 - 2014-05-15 20:41 - 01194692 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_41_01.371074.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01306049 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_30.614315.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01295455 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_34.385530.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01294943 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_36.714664.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01195948 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_40_39.795840.dmp
2014-05-15 20:39 - 2014-05-15 20:39 - 01296113 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_39_44.959703.dmp
2014-05-15 20:32 - 2014-05-15 20:32 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_32_33.183978.dmp
2014-05-15 20:28 - 2014-05-15 20:28 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_28_41.318444.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_32.635991.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_26.306629.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_07.048527.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_48.781482.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_46.346343.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_42.550126.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_38.440891.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_36.935805.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_28.041296.dmp
2014-05-15 20:20 - 2014-05-15 20:20 - 01166445 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_20_40.076257.dmp
2014-05-15 01:51 - 2014-05-15 01:51 - 00008802 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:51 - 2014-05-15 01:51 - 00008802 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:51 - 2014-05-15 01:51 - 00004742 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:51 - 2014-05-15 01:51 - 00004742 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:51 - 2014-05-15 01:51 - 00000280 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-05-15 01:51 - 2014-05-15 01:51 - 00000280 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.URL
2014-05-15 01:50 - 2014-05-15 01:50 - 00008802 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:50 - 2014-05-15 01:50 - 00008802 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:50 - 2014-05-15 01:50 - 00004742 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:50 - 2014-05-15 01:50 - 00004742 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:50 - 2014-05-15 01:50 - 00000280 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-05-15 01:50 - 2014-05-15 01:50 - 00000280 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-05-15 01:48 - 2014-05-15 20:26 - 00000000 ___HD () C:\2ce2165
2014-05-14 00:17 - 2014-05-14 00:17 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Astuma
2014-05-13 19:38 - 2014-05-13 19:38 - 00204280 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-13 19_38_36.980195.dmp
2014-05-13 19:38 - 2014-05-13 19:38 - 00203536 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-13 19_38_36.981195.dmp
2014-05-11 22:19 - 2014-05-15 20:30 - 00000000 ____D () C:\Program Files (x86)\ROCCAT
2014-05-09 00:23 - 2014-05-09 00:23 - 00000000 ____D () C:\Users\mochenmo1\Documents\Screen Recording Suite
2014-05-09 00:22 - 2014-05-15 20:30 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Apowersoft
2014-05-09 00:22 - 2014-05-15 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2014-05-09 00:22 - 2014-05-15 20:30 - 00000000 ____D () C:\Program Files (x86)\Apowersoft
2014-05-02 00:30 - 2014-05-02 00:31 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\cache
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\.android
2014-05-02 00:13 - 2014-05-02 00:13 - 00000000 ____D () C:\Users\Public\Documents\DriverGenius
2014-05-02 00:10 - 2014-05-15 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
2014-05-01 23:55 - 2014-05-18 15:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-01 23:55 - 2014-05-15 01:50 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Malwarebytes
2014-04-26 00:57 - 2014-05-15 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-26 00:57 - 2014-05-15 20:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-26 00:57 - 2014-05-15 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-26 00:06 - 2014-05-16 02:43 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\UZmedia
2014-04-26 00:04 - 2014-05-15 20:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-20 16:44 - 2014-05-15 21:43 - 00000000 ____D () C:\ProgramData\2992199F9A

==================== One Month Modified Files and Folders =======

2014-05-18 15:30 - 2014-05-17 14:48 - 00000000 ____D () C:\FRST
2014-05-18 15:30 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 15:30 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 15:29 - 2012-04-07 22:00 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\CrashDumps
2014-05-18 15:28 - 2014-05-18 15:28 - 00001032 _____ () C:\Users\mochenmo1\Desktop\JRT.txt
2014-05-18 15:28 - 2011-10-31 06:19 - 00654166 _____ () C:\Windows\system32\perfh007.dat
2014-05-18 15:28 - 2011-10-31 06:19 - 00130006 _____ () C:\Windows\system32\perfc007.dat
2014-05-18 15:28 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-18 15:24 - 2014-05-18 15:24 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 15:23 - 2013-08-30 04:17 - 00003356 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-18 15:23 - 2013-08-08 19:21 - 00003230 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-18 15:22 - 2014-05-18 15:12 - 00000000 ____D () C:\AdwCleaner
2014-05-18 15:22 - 2014-05-15 21:44 - 00126644 _____ () C:\Windows\PFRO.log
2014-05-18 15:22 - 2014-05-15 21:44 - 00001232 _____ () C:\Windows\setupact.log
2014-05-18 15:22 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 15:15 - 2014-05-18 15:15 - 00004971 _____ () C:\Users\mochenmo1\Desktop\AdwCleaner[S0].txt
2014-05-18 15:14 - 2012-03-24 10:34 - 00000000 ____D () C:\Users\mochenmo1
2014-05-18 15:11 - 2014-05-18 15:11 - 00025573 _____ () C:\Users\mochenmo1\Desktop\mbam.txt.txt
2014-05-18 15:10 - 2014-05-18 14:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 15:06 - 2014-05-01 23:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-18 15:06 - 2012-08-28 12:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-18 15:02 - 2014-05-17 05:52 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-05-18 15:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech
2014-05-18 14:54 - 2014-05-18 14:54 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-18 14:54 - 2014-05-18 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 14:54 - 2014-05-18 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-18 14:50 - 2014-05-18 14:50 - 00003408 _____ () C:\Windows\System32\Tasks\aviraSWU
2014-05-18 14:50 - 2014-05-18 14:50 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Avira
2014-05-18 14:50 - 2014-05-18 14:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-18 14:49 - 2014-05-18 14:49 - 00001958 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-18 14:49 - 2014-05-18 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-18 14:49 - 2014-05-18 14:49 - 00000000 ____D () C:\ProgramData\Avira
2014-05-18 14:48 - 2014-05-17 06:47 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5
2014-05-18 09:53 - 2012-09-18 00:07 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-05-18 09:52 - 2011-10-30 21:48 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-18 09:52 - 2011-08-12 09:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-18 09:44 - 2014-05-16 00:35 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\vlc
2014-05-17 14:46 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-17 08:03 - 2014-05-17 08:03 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\TrojanHunter
2014-05-17 06:58 - 2011-10-30 21:26 - 01610618 _____ () C:\Windows\WindowsUpdate.log
2014-05-17 06:47 - 2014-05-17 06:47 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll
2014-05-17 05:54 - 2014-05-17 05:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-17 05:54 - 2014-05-16 00:35 - 00001030 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-17 05:51 - 2014-05-17 05:51 - 00669799 _____ () C:\Users\mochenmo1\Downloads\voxware_audio.zip
2014-05-16 23:52 - 2014-05-18 14:49 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-16 23:52 - 2014-05-18 14:49 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-16 23:52 - 2014-05-18 14:49 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack
2014-05-16 22:29 - 2013-07-20 22:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-16 22:17 - 2013-09-23 23:58 - 00003378 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-16 22:17 - 2013-09-23 23:58 - 00003252 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-16 18:34 - 2014-05-17 07:22 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
2014-05-16 06:24 - 2012-04-25 11:56 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\QuickPar
2014-05-16 02:43 - 2014-04-26 00:06 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\UZmedia
2014-05-16 01:50 - 2013-06-20 02:30 - 00003398 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-16 01:42 - 2012-09-18 00:07 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-05-16 01:38 - 2014-05-16 01:33 - 00000000 ____D () C:\Program Files (x86)\Total Video Converter
2014-05-16 01:37 - 2012-03-24 10:34 - 00060360 _____ () C:\Users\mochenmo1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-16 01:36 - 2009-07-14 06:45 - 00283136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GSpot
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSpot
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\Program Files (x86)\GSpot
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Win7codecs
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win7codecs
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\Program Files (x86)\Win7codecs
2014-05-16 01:30 - 2012-04-01 19:47 - 00000000 ____D () C:\ProgramData\Win7codecs
2014-05-16 01:28 - 2014-05-16 01:28 - 00008629 _____ () C:\Windows\LDPINST.LOG
2014-05-16 01:28 - 2012-04-01 19:42 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-05-16 01:28 - 2012-04-01 19:42 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
2014-05-16 01:21 - 2014-05-16 00:29 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Overwolf
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\soundbackends
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\sound
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\plugins
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\platforms
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\imageformats
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\accessible
2014-05-16 01:17 - 2014-05-16 00:29 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-16 01:17 - 2014-05-16 00:29 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\TeamSpeak 3 Client
2014-05-16 01:17 - 2013-08-09 23:23 - 00000000 ____D () C:\Program Files (x86)\TC UP
2014-05-16 01:17 - 2012-06-08 23:57 - 00000000 ____D () C:\ProgramData\Real
2014-05-16 01:17 - 2011-10-30 21:43 - 00000000 ____D () C:\ProgramData\Atheros
2014-05-16 01:17 - 2011-08-12 10:02 - 00000000 ____D () C:\ProgramData\BackupManager
2014-05-16 01:17 - 2011-08-12 10:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-16 01:17 - 2011-08-12 09:59 - 00000000 ____D () C:\ProgramData\oem
2014-05-16 01:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-05-16 01:16 - 2014-05-15 23:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-16 01:16 - 2012-04-01 19:45 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\translations
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\styles
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\news
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\gfx
2014-05-16 00:32 - 2014-05-16 00:29 - 00000798 _____ () C:\Users\mochenmo1\Desktop\TeamSpeak 3 Client.lnk
2014-05-16 00:29 - 2014-05-16 00:29 - 01301028 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-16 00_29_42.913393.dmp
2014-05-16 00:25 - 2014-05-16 00:25 - 01293740 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-16 00_25_21.003342.dmp
2014-05-15 23:45 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 23:05 - 2014-05-15 23:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 23:05 - 2014-05-15 23:05 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-15 22:55 - 2012-08-31 16:35 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Adobe
2014-05-15 22:42 - 2012-04-30 23:21 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Deployment
2014-05-15 22:34 - 2014-05-15 22:34 - 01171946 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 22_34_22.992244.dmp
2014-05-15 22:23 - 2014-05-15 22:23 - 00001228 _____ () C:\Users\mochenmo1\Desktop\Revo Uninstaller.lnk
2014-05-15 22:23 - 2014-05-15 22:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 21:49 - 2014-05-15 21:49 - 00000000 ____D () C:\backup
2014-05-15 21:44 - 2014-05-15 21:44 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-15 21:43 - 2014-04-20 16:44 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-15 21:09 - 2014-05-15 21:09 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-15 21:09 - 2012-08-28 12:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 21:09 - 2012-05-18 21:01 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 21:09 - 2011-08-12 10:01 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 21:07 - 2014-05-15 20:52 - 00000991 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-15 21:00 - 2014-05-15 21:00 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 21_00_16.075060.dmp
2014-05-15 20:56 - 2012-09-29 01:53 - 00000000 ____D () C:\Windows\Minidump
2014-05-15 20:56 - 2012-04-25 00:56 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Media Player Classic
2014-05-15 20:56 - 2012-04-07 21:39 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\DAEMON Tools Lite
2014-05-15 20:56 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2014-05-15 20:52 - 2014-05-15 20:52 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-15 20:52 - 2014-05-15 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-15 20:52 - 2014-05-15 20:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-15 20:48 - 2014-05-15 20:48 - 00003170 _____ () C:\Windows\System32\Tasks\{0DE29827-F5F2-483D-8333-7C424F679B3D}
2014-05-15 20:45 - 2014-04-09 22:30 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-05-15 20:43 - 2014-05-02 00:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
2014-05-15 20:42 - 2014-04-26 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-15 20:42 - 2014-04-26 00:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-15 20:42 - 2014-04-26 00:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-15 20:42 - 2014-04-26 00:04 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-15 20:42 - 2013-09-03 19:22 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-05-15 20:42 - 2013-03-30 12:20 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-05-15 20:42 - 2012-05-26 13:08 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Real
2014-05-15 20:42 - 2012-05-18 21:01 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-15 20:42 - 2012-03-26 21:27 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Skype
2014-05-15 20:42 - 2011-08-12 10:01 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-05-15 20:42 - 2011-08-12 10:00 - 00000000 ___HD () C:\OEM
2014-05-15 20:42 - 2011-08-12 09:45 - 00000000 ____D () C:\ProgramData\Acer
2014-05-15 20:42 - 2011-08-12 09:43 - 00000000 ____D () C:\ProgramData\Skype
2014-05-15 20:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-15 20:41 - 2014-05-15 20:41 - 01194692 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_41_01.371074.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01306049 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_30.614315.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01295455 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_34.385530.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01294943 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_36.714664.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01195948 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_40_39.795840.dmp
2014-05-15 20:39 - 2014-05-15 20:39 - 01296113 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_39_44.959703.dmp
2014-05-15 20:32 - 2014-05-15 20:32 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_32_33.183978.dmp
2014-05-15 20:30 - 2014-05-11 22:19 - 00000000 ____D () C:\Program Files (x86)\ROCCAT
2014-05-15 20:30 - 2014-05-09 00:22 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Apowersoft
2014-05-15 20:30 - 2014-05-09 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2014-05-15 20:30 - 2014-05-09 00:22 - 00000000 ____D () C:\Program Files (x86)\Apowersoft
2014-05-15 20:30 - 2014-03-08 21:20 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-15 20:30 - 2013-05-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any Video Converter
2014-05-15 20:28 - 2014-05-15 20:28 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_28_41.318444.dmp
2014-05-15 20:26 - 2014-05-15 01:48 - 00000000 ___HD () C:\2ce2165
2014-05-15 20:26 - 2013-04-06 23:05 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_32.635991.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_26.306629.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_07.048527.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_48.781482.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_46.346343.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_42.550126.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_38.440891.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_36.935805.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_28.041296.dmp
2014-05-15 20:20 - 2014-05-15 20:20 - 01166445 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_20_40.076257.dmp
2014-05-15 01:51 - 2014-05-15 01:51 - 00008802 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:51 - 2014-05-15 01:51 - 00008802 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:51 - 2014-05-15 01:51 - 00004742 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:51 - 2014-05-15 01:51 - 00004742 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:51 - 2014-05-15 01:51 - 00000280 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-05-15 01:51 - 2014-05-15 01:51 - 00000280 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.URL
2014-05-15 01:51 - 2013-07-02 20:18 - 00000000 ____D () C:\Users\mochenmo1\Documents\Any Video Converter
2014-05-15 01:51 - 2012-04-25 01:02 - 00000000 ____D () C:\Users\mochenmo1\Documents\CyberLink
2014-05-15 01:50 - 2014-05-15 01:50 - 00008802 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:50 - 2014-05-15 01:50 - 00008802 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:50 - 2014-05-15 01:50 - 00004742 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:50 - 2014-05-15 01:50 - 00004742 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:50 - 2014-05-15 01:50 - 00000280 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-05-15 01:50 - 2014-05-15 01:50 - 00000280 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-05-15 01:50 - 2014-05-01 23:55 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Malwarebytes
2014-05-15 01:50 - 2013-05-01 18:21 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Any Video Converter
2014-05-15 01:50 - 2012-04-26 18:10 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\InternetEverywhere
2014-05-15 01:50 - 2012-03-24 10:56 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Western Digital
2014-05-15 01:49 - 2011-10-30 21:25 - 00000000 ____D () C:\book
2014-05-15 01:49 - 2011-08-12 10:09 - 00008728 __RSH () C:\BOOTSECT.BAK
2014-05-14 00:17 - 2014-05-14 00:17 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Astuma
2014-05-13 19:38 - 2014-05-13 19:38 - 00204280 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-13 19_38_36.980195.dmp
2014-05-13 19:38 - 2014-05-13 19:38 - 00203536 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-13 19_38_36.981195.dmp
2014-05-12 00:10 - 2009-07-14 04:34 - 54525952 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-12 00:10 - 2009-07-14 04:34 - 16777216 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-12 00:10 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-09 00:23 - 2014-05-09 00:23 - 00000000 ____D () C:\Users\mochenmo1\Documents\Screen Recording Suite
2014-05-08 20:06 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-05-02 00:31 - 2014-05-02 00:30 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\cache
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\.android
2014-05-02 00:13 - 2014-05-02 00:13 - 00000000 ____D () C:\Users\Public\Documents\DriverGenius
2014-05-02 00:07 - 2013-05-01 18:21 - 00000000 ____D () C:\Program Files (x86)\Any Video Converter
2014-05-01 16:19 - 2009-07-14 07:38 - 00067584 ____S () C:\Windows\bootstat(32).dat
2014-04-30 11:07 - 2013-09-17 19:21 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Guild Wars 2
2014-04-20 16:57 - 2010-11-21 09:16 - 00000000 ___RD () C:\Users\Public\Recorded TV

Files to move or delete:
====================
C:\Users\mochenmo1\createfileassoc.exe
C:\Users\mochenmo1\error_report.exe
C:\Users\mochenmo1\libeay32.dll
C:\Users\mochenmo1\msvcp110.dll
C:\Users\mochenmo1\msvcr110.dll
C:\Users\mochenmo1\OverwolfTeamSpeakInstaller.exe
C:\Users\mochenmo1\package_inst.exe
C:\Users\mochenmo1\Qt5Core.dll
C:\Users\mochenmo1\Qt5Gui.dll
C:\Users\mochenmo1\Qt5Network.dll
C:\Users\mochenmo1\Qt5Sql.dll
C:\Users\mochenmo1\Qt5Widgets.dll
C:\Users\mochenmo1\quazip.dll
C:\Users\mochenmo1\ssleay32.dll
C:\Users\mochenmo1\ts3client_win64.exe


Some content of TEMP:
====================
C:\Users\mochenmo1\AppData\Local\Temp\9t6h.difxapi.dll
C:\Users\mochenmo1\AppData\Local\Temp\AskSLib.dll
C:\Users\mochenmo1\AppData\Local\Temp\avgnt.exe
C:\Users\mochenmo1\AppData\Local\Temp\del.dll
C:\Users\mochenmo1\AppData\Local\Temp\Difx64.exe
C:\Users\mochenmo1\AppData\Local\Temp\ffmpeg17.exe
C:\Users\mochenmo1\AppData\Local\Temp\Quarantine.exe
C:\Users\mochenmo1\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\mochenmo1\AppData\Local\Temp\W2NTSo.difxapi.dll
C:\Users\mochenmo1\AppData\Local\Temp\zuYJ.Difx64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-14 02:30

==================== End Of Log ============================
--- --- ---


oh je, eine ganze menge mist drauf:(

schrauber 19.05.2014 09:41

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

chetumal 19.05.2014 15:21
hallo schrauber,

zu viele Zeichen, hab die logfiles angehängt.
Btw. ich rühr den Lappi nicht an bis Du sagst, das es o.k. ist:)

schrauber 20.05.2014 11:17
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

chetumal 20.05.2014 17:24
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=abb602aabfa37042b9c9699b4c7dba83
# engine=18336
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-20 03:59:56
# local_time=2014-05-20 05:59:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 10550 146368216 3322 0
# compatibility_mode=5893 16776574 100 94 330593 152231446 0 0
# scanned=123633
# found=10
# cleaned=0
# scan_time=9465
sh=E176D7F68E9CC6D03E8555B51565423033CDF6A9 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mochenmo1\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie2.2.5.zip.vir"
sh=CD814F8CAC8880831029BCA4568031141FFE8534 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\mochenmo1\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\MUServer.apk.vir"
sh=7F135C126608B0FB67E978662D40D9AA75680BAA ft=1 fh=1355d210bff29425 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Win7codecs\Tools\renderer32.exe"
sh=BF11FA093B18DD4274176CCF8F943D4274A0753A ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Win7codecs\{3C32D47E-419E-48B9-8D9F-F9C489A2D299}\Win7codecs.msi"
sh=BF11FA093B18DD4274176CCF8F943D4274A0753A ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Win7codecs\{3C32D47E-419E-48B9-8D9F-F9C489A2D299}\Win7codecs.msi"
sh=BF11FA093B18DD4274176CCF8F943D4274A0753A ft=0 fh=0000000000000000 vn="Win32/Packed.Autoit.E.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\17379.msi"
sh=732E11F53021D41E4DEF9578388D8CE1A879F06D ft=1 fh=0695a500a3275bf5 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="G:\Software,Musik,Fotos,Thailand,Hörbücher,Sounds\Software\Diverses\Format Factory (umwandeln von GIF zu WMV)\FFSetup3.3.2.0.exe"
sh=48F3407EC8E4BF22BB6C95D49794514F584B7FF1 ft=1 fh=2deee5a30a7ba551 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\Software,Musik,Fotos,Thailand,Hörbücher,Sounds\Software\Diverses\ISOBuster 2.4.0.1 Multilingual\isobuster_all_lang.exe"
sh=4BE15D2477C80300083D8EBE25843D5F398DDD74 ft=1 fh=cac44e7c562e98ca vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="G:\Software,Musik,Fotos,Thailand,Hörbücher,Sounds\Software\DVD und Clip-Bearbeitung\FreeFlvConverter\Setup_FreeFlvConverter.exe"
sh=6E46A0A077930B1B9D25C3105F629D399CB8EBD1 ft=1 fh=88cd3388df6e5029 vn="Win32/Adware.Toolbar.Shopper Anwendung" ac=I fn="G:\Software,Musik,Fotos,Thailand,Hörbücher,Sounds\Software\Virtuelle Laufwerkserstellung\Daemon Tools\daemon4123-lite.exe"



Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````




v
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by mochenmo1 (administrator) on MOCHENMO1-PC on 19-05-2014 16:01:51
Running from C:\Users\mochenmo1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UNMZWHC8
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Robert Łajka & Pawel Porwisz) C:\Program Files (x86)\TC UP\TC UP.exe
(Ghisler Software GmbH) C:\Program Files (x86)\TC UP\TOTALCMD.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\elantech\etdctrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => c:\program files\realtek\audio\hda\ravcpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => c:\program files\realtek\audio\hda\ravbg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => c:\program files\acer\acer epower management\epowertray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "c:\program files\intel\turboboost\runtbgadgetonce.vbs"
HKLM\...\Run: [AtherosBtStack] => c:\program files (x86)\bluetooth suite\btvstack.exe [976032 2011-09-16] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => c:\program files (x86)\bluetooth suite\athbttray.exe [799904 2011-09-16] (Atheros Commnucations)
HKLM-x32\...\Run: [BackupManagerTray] => c:\program files (x86)\nti\acer backup manager\backupmanagertray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [OOTag] => c:\program files (x86)\acer\oobeoffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [StartCCC] => c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [336384 2011-02-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => c:\program files (x86)\launch manager\lmanager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-03] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => c:\dolby pcee4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-05-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Run: [UZmedia Update] => regsvr32.exe
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\MountPoints2: {1232592b-8fba-11e1-95c9-e4d53d088c7c} - G:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\MountPoints2: {4701b1ef-9c7b-11e2-8905-e4d53d088c7c} - G:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\MountPoints2: {88a6e618-80e9-11e1-9204-e4d53d088c7c} - F:\setup.exe
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\MountPoints2: {b6f3effd-758d-11e1-960b-e4d53d088c7c} - "F:\WD SmartWare.exe" autoplay=true

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-05-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-05-16] (Avira Operations GmbH & Co. KG)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-05-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-05-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-16] (Avira Operations GmbH & Co. KG)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-04-07] ()
U5 UnlockerDriver5; C:\Program Files (x86)\TC UP\PLUGINS\Media\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
R1 VD_FileDisk; C:\Windows\System32\Drivers\VD_FileDisk.sys [30312 2011-01-26] (CaptainFlint Software)
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [61112 2014-05-16] (StdLib)
U3 asc4kq4u; C:\Windows\System32\Drivers\asc4kq4u.sys [0 ] (Microsoft Corporation)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 USBMULCD; system32\drivers\CM10664.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-19 15:59 - 2014-05-19 15:59 - 00000778 _____ () C:\Users\mochenmo1\Desktop\Security Check.txt
2014-05-19 15:57 - 2014-05-19 15:57 - 00855379 _____ () C:\Users\mochenmo1\Desktop\SecurityCheck.exe
2014-05-19 14:34 - 2014-05-19 14:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-18 20:50 - 2014-05-18 20:50 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-05-18 15:38 - 2014-05-19 14:30 - 00000168 _____ () C:\Windows\setupact.log
2014-05-18 15:38 - 2014-05-18 15:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-18 15:24 - 2014-05-18 15:24 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 15:12 - 2014-05-18 15:22 - 00000000 ____D () C:\AdwCleaner
2014-05-18 14:54 - 2014-05-18 15:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 14:54 - 2014-05-18 14:54 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-18 14:54 - 2014-05-18 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 14:54 - 2014-05-18 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-18 14:54 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-18 14:54 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-18 14:54 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-18 14:50 - 2014-05-18 14:50 - 00003408 _____ () C:\Windows\System32\Tasks\aviraSWU
2014-05-18 14:50 - 2014-05-18 14:50 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Avira
2014-05-18 14:49 - 2014-05-18 14:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-18 14:49 - 2014-05-18 14:49 - 00001958 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-18 14:49 - 2014-05-18 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-18 14:49 - 2014-05-18 14:49 - 00000000 ____D () C:\ProgramData\Avira
2014-05-18 14:49 - 2014-05-16 23:52 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-18 14:49 - 2014-05-16 23:52 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-18 14:49 - 2014-05-16 23:52 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-17 14:48 - 2014-05-19 16:01 - 00000000 ____D () C:\FRST
2014-05-17 08:03 - 2014-05-17 08:03 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\TrojanHunter
2014-05-17 07:22 - 2014-05-16 18:34 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
2014-05-17 06:47 - 2014-05-18 14:48 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5
2014-05-17 06:47 - 2014-05-17 06:47 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll
2014-05-17 05:54 - 2014-05-17 05:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-17 05:52 - 2014-05-18 15:02 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-05-17 05:51 - 2014-05-17 05:51 - 00669799 _____ () C:\Users\mochenmo1\Downloads\voxware_audio.zip
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack
2014-05-16 01:33 - 2014-05-16 01:38 - 00000000 ____D () C:\Program Files (x86)\Total Video Converter
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GSpot
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSpot
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\Program Files (x86)\GSpot
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Win7codecs
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win7codecs
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\Program Files (x86)\Win7codecs
2014-05-16 00:35 - 2014-05-19 08:34 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\vlc
2014-05-16 00:35 - 2014-05-17 05:54 - 00001030 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\soundbackends
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\sound
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\plugins
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\platforms
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\imageformats
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\accessible
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\translations
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\styles
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\news
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\gfx
2014-05-16 00:29 - 2014-05-16 01:21 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Overwolf
2014-05-16 00:29 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-16 00:29 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\TeamSpeak 3 Client
2014-05-16 00:29 - 2014-05-16 00:32 - 00000798 _____ () C:\Users\mochenmo1\Desktop\TeamSpeak 3 Client.lnk
2014-05-16 00:29 - 2014-05-16 00:29 - 01301028 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-16 00_29_42.913393.dmp
2014-05-16 00:25 - 2014-05-16 00:25 - 01293740 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-16 00_25_21.003342.dmp
2014-05-15 23:30 - 2009-03-24 12:52 - 00155984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-05-15 23:05 - 2014-05-15 23:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 23:05 - 2014-05-15 23:05 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-15 23:04 - 2014-05-16 01:16 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-15 22:34 - 2014-05-15 22:34 - 01171946 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 22_34_22.992244.dmp
2014-05-15 22:23 - 2014-05-15 22:23 - 00001228 _____ () C:\Users\mochenmo1\Desktop\Revo Uninstaller.lnk
2014-05-15 22:23 - 2014-05-15 22:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 21:49 - 2014-05-15 21:49 - 00000000 ____D () C:\backup
2014-05-15 21:09 - 2014-05-15 21:09 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-15 21:00 - 2014-05-15 21:00 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 21_00_16.075060.dmp
2014-05-15 20:52 - 2014-05-15 21:07 - 00000991 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-15 20:52 - 2014-05-15 20:52 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-15 20:52 - 2014-05-15 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-15 20:52 - 2014-05-15 20:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-15 20:48 - 2014-05-15 20:48 - 00003170 _____ () C:\Windows\System32\Tasks\{0DE29827-F5F2-483D-8333-7C424F679B3D}
2014-05-15 20:41 - 2014-05-15 20:41 - 01194692 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_41_01.371074.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01306049 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_30.614315.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01295455 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_34.385530.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01294943 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_36.714664.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01195948 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_40_39.795840.dmp
2014-05-15 20:39 - 2014-05-15 20:39 - 01296113 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_39_44.959703.dmp
2014-05-15 20:32 - 2014-05-15 20:32 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_32_33.183978.dmp
2014-05-15 20:28 - 2014-05-15 20:28 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_28_41.318444.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_32.635991.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_26.306629.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_07.048527.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_48.781482.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_46.346343.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_42.550126.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_38.440891.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_36.935805.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_28.041296.dmp
2014-05-15 20:20 - 2014-05-15 20:20 - 01166445 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_20_40.076257.dmp
2014-05-15 01:51 - 2014-05-15 01:51 - 00008802 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:51 - 2014-05-15 01:51 - 00008802 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:51 - 2014-05-15 01:51 - 00004742 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:51 - 2014-05-15 01:51 - 00004742 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:51 - 2014-05-15 01:51 - 00000280 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-05-15 01:51 - 2014-05-15 01:51 - 00000280 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.URL
2014-05-15 01:50 - 2014-05-15 01:50 - 00008802 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:50 - 2014-05-15 01:50 - 00008802 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:50 - 2014-05-15 01:50 - 00004742 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:50 - 2014-05-15 01:50 - 00004742 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:50 - 2014-05-15 01:50 - 00000280 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-05-15 01:50 - 2014-05-15 01:50 - 00000280 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-05-15 01:48 - 2014-05-15 20:26 - 00000000 ___HD () C:\2ce2165
2014-05-14 00:17 - 2014-05-14 00:17 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Astuma
2014-05-13 19:38 - 2014-05-13 19:38 - 00204280 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-13 19_38_36.980195.dmp
2014-05-13 19:38 - 2014-05-13 19:38 - 00203536 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-13 19_38_36.981195.dmp
2014-05-11 22:19 - 2014-05-15 20:30 - 00000000 ____D () C:\Program Files (x86)\ROCCAT
2014-05-09 00:23 - 2014-05-09 00:23 - 00000000 ____D () C:\Users\mochenmo1\Documents\Screen Recording Suite
2014-05-09 00:22 - 2014-05-15 20:30 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Apowersoft
2014-05-09 00:22 - 2014-05-15 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2014-05-09 00:22 - 2014-05-15 20:30 - 00000000 ____D () C:\Program Files (x86)\Apowersoft
2014-05-02 00:30 - 2014-05-02 00:31 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\cache
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\.android
2014-05-02 00:13 - 2014-05-02 00:13 - 00000000 ____D () C:\Users\Public\Documents\DriverGenius
2014-05-02 00:10 - 2014-05-15 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
2014-05-01 23:55 - 2014-05-18 15:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-01 23:55 - 2014-05-15 01:50 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Malwarebytes
2014-04-26 00:57 - 2014-05-15 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-26 00:57 - 2014-05-15 20:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-26 00:57 - 2014-05-15 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-26 00:06 - 2014-05-16 02:43 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\UZmedia
2014-04-26 00:04 - 2014-05-15 20:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-20 16:44 - 2014-05-15 21:43 - 00000000 ____D () C:\ProgramData\2992199F9A

==================== One Month Modified Files and Folders =======

2014-05-19 16:01 - 2014-05-17 14:48 - 00000000 ____D () C:\FRST
2014-05-19 15:59 - 2014-05-19 15:59 - 00000778 _____ () C:\Users\mochenmo1\Desktop\Security Check.txt
2014-05-19 15:57 - 2014-05-19 15:57 - 00855379 _____ () C:\Users\mochenmo1\Desktop\SecurityCheck.exe
2014-05-19 15:06 - 2012-08-28 12:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-19 14:34 - 2014-05-19 14:34 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-19 14:33 - 2011-10-31 06:19 - 00654166 _____ () C:\Windows\system32\perfh007.dat
2014-05-19 14:33 - 2011-10-31 06:19 - 00130006 _____ () C:\Windows\system32\perfc007.dat
2014-05-19 14:33 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-19 14:30 - 2014-05-18 15:38 - 00000168 _____ () C:\Windows\setupact.log
2014-05-19 08:34 - 2014-05-16 00:35 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\vlc
2014-05-18 20:50 - 2014-05-18 20:50 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-05-18 16:19 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-18 16:19 - 2009-07-14 06:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 16:11 - 2013-08-30 04:17 - 00003356 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-18 16:11 - 2013-08-08 19:21 - 00003230 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-18 16:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 15:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-18 15:38 - 2014-05-18 15:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-18 15:37 - 2012-04-07 22:00 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\CrashDumps
2014-05-18 15:24 - 2014-05-18 15:24 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 15:22 - 2014-05-18 15:12 - 00000000 ____D () C:\AdwCleaner
2014-05-18 15:14 - 2012-03-24 10:34 - 00000000 ____D () C:\Users\mochenmo1
2014-05-18 15:10 - 2014-05-18 14:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 15:06 - 2014-05-01 23:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-18 15:02 - 2014-05-17 05:52 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-05-18 15:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech
2014-05-18 14:54 - 2014-05-18 14:54 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-18 14:54 - 2014-05-18 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 14:54 - 2014-05-18 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-18 14:50 - 2014-05-18 14:50 - 00003408 _____ () C:\Windows\System32\Tasks\aviraSWU
2014-05-18 14:50 - 2014-05-18 14:50 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Avira
2014-05-18 14:50 - 2014-05-18 14:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-18 14:49 - 2014-05-18 14:49 - 00001958 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-18 14:49 - 2014-05-18 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-18 14:49 - 2014-05-18 14:49 - 00000000 ____D () C:\ProgramData\Avira
2014-05-18 14:48 - 2014-05-17 06:47 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5
2014-05-18 09:53 - 2012-09-18 00:07 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-05-18 09:52 - 2011-10-30 21:48 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-18 09:52 - 2011-08-12 09:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-17 08:03 - 2014-05-17 08:03 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\TrojanHunter
2014-05-17 06:47 - 2014-05-17 06:47 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll
2014-05-17 05:54 - 2014-05-17 05:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-17 05:54 - 2014-05-16 00:35 - 00001030 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-17 05:51 - 2014-05-17 05:51 - 00669799 _____ () C:\Users\mochenmo1\Downloads\voxware_audio.zip
2014-05-16 23:52 - 2014-05-18 14:49 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-16 23:52 - 2014-05-18 14:49 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-16 23:52 - 2014-05-18 14:49 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack
2014-05-16 22:29 - 2013-07-20 22:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-16 22:17 - 2013-09-23 23:58 - 00003378 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-16 22:17 - 2013-09-23 23:58 - 00003252 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-16 18:34 - 2014-05-17 07:22 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
2014-05-16 06:24 - 2012-04-25 11:56 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\QuickPar
2014-05-16 02:43 - 2014-04-26 00:06 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\UZmedia
2014-05-16 01:50 - 2013-06-20 02:30 - 00003398 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-16 01:42 - 2012-09-18 00:07 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-05-16 01:38 - 2014-05-16 01:33 - 00000000 ____D () C:\Program Files (x86)\Total Video Converter
2014-05-16 01:37 - 2012-03-24 10:34 - 00060360 _____ () C:\Users\mochenmo1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-16 01:36 - 2009-07-14 06:45 - 00283136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GSpot
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSpot
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\Program Files (x86)\GSpot
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Win7codecs
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win7codecs
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\Program Files (x86)\Win7codecs
2014-05-16 01:30 - 2012-04-01 19:47 - 00000000 ____D () C:\ProgramData\Win7codecs
2014-05-16 01:28 - 2012-04-01 19:42 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-05-16 01:28 - 2012-04-01 19:42 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
2014-05-16 01:21 - 2014-05-16 00:29 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Overwolf
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\soundbackends
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\sound
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\plugins
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\platforms
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\imageformats
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\accessible
2014-05-16 01:17 - 2014-05-16 00:29 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-16 01:17 - 2014-05-16 00:29 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\TeamSpeak 3 Client
2014-05-16 01:17 - 2013-08-09 23:23 - 00000000 ____D () C:\Program Files (x86)\TC UP
2014-05-16 01:17 - 2012-06-08 23:57 - 00000000 ____D () C:\ProgramData\Real
2014-05-16 01:17 - 2011-10-30 21:43 - 00000000 ____D () C:\ProgramData\Atheros
2014-05-16 01:17 - 2011-08-12 10:02 - 00000000 ____D () C:\ProgramData\BackupManager
2014-05-16 01:17 - 2011-08-12 10:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-16 01:17 - 2011-08-12 09:59 - 00000000 ____D () C:\ProgramData\oem
2014-05-16 01:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-05-16 01:16 - 2014-05-15 23:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-16 01:16 - 2012-04-01 19:45 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\translations
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\styles
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\news
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\gfx
2014-05-16 00:32 - 2014-05-16 00:29 - 00000798 _____ () C:\Users\mochenmo1\Desktop\TeamSpeak 3 Client.lnk
2014-05-16 00:29 - 2014-05-16 00:29 - 01301028 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-16 00_29_42.913393.dmp
2014-05-16 00:25 - 2014-05-16 00:25 - 01293740 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-16 00_25_21.003342.dmp
2014-05-15 23:45 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 23:05 - 2014-05-15 23:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 23:05 - 2014-05-15 23:05 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-15 22:55 - 2012-08-31 16:35 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Adobe
2014-05-15 22:42 - 2012-04-30 23:21 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Deployment
2014-05-15 22:34 - 2014-05-15 22:34 - 01171946 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 22_34_22.992244.dmp
2014-05-15 22:23 - 2014-05-15 22:23 - 00001228 _____ () C:\Users\mochenmo1\Desktop\Revo Uninstaller.lnk
2014-05-15 22:23 - 2014-05-15 22:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 21:49 - 2014-05-15 21:49 - 00000000 ____D () C:\backup
2014-05-15 21:43 - 2014-04-20 16:44 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-15 21:09 - 2014-05-15 21:09 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-15 21:09 - 2012-08-28 12:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 21:09 - 2012-05-18 21:01 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 21:09 - 2011-08-12 10:01 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 21:07 - 2014-05-15 20:52 - 00000991 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-15 21:00 - 2014-05-15 21:00 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 21_00_16.075060.dmp
2014-05-15 20:56 - 2012-09-29 01:53 - 00000000 ____D () C:\Windows\Minidump
2014-05-15 20:56 - 2012-04-25 00:56 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Media Player Classic
2014-05-15 20:56 - 2012-04-07 21:39 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\DAEMON Tools Lite
2014-05-15 20:56 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2014-05-15 20:52 - 2014-05-15 20:52 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-15 20:52 - 2014-05-15 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-15 20:52 - 2014-05-15 20:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-15 20:48 - 2014-05-15 20:48 - 00003170 _____ () C:\Windows\System32\Tasks\{0DE29827-F5F2-483D-8333-7C424F679B3D}
2014-05-15 20:45 - 2014-04-09 22:30 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-05-15 20:43 - 2014-05-02 00:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
2014-05-15 20:42 - 2014-04-26 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-15 20:42 - 2014-04-26 00:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-15 20:42 - 2014-04-26 00:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-15 20:42 - 2014-04-26 00:04 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-15 20:42 - 2013-09-03 19:22 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-05-15 20:42 - 2013-03-30 12:20 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-05-15 20:42 - 2012-05-26 13:08 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Real
2014-05-15 20:42 - 2012-05-18 21:01 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-15 20:42 - 2012-03-26 21:27 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Skype
2014-05-15 20:42 - 2011-08-12 10:01 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-05-15 20:42 - 2011-08-12 10:00 - 00000000 ___HD () C:\OEM
2014-05-15 20:42 - 2011-08-12 09:45 - 00000000 ____D () C:\ProgramData\Acer
2014-05-15 20:42 - 2011-08-12 09:43 - 00000000 ____D () C:\ProgramData\Skype
2014-05-15 20:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-15 20:41 - 2014-05-15 20:41 - 01194692 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_41_01.371074.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01306049 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_30.614315.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01295455 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_34.385530.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01294943 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_36.714664.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01195948 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_40_39.795840.dmp
2014-05-15 20:39 - 2014-05-15 20:39 - 01296113 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_39_44.959703.dmp
2014-05-15 20:32 - 2014-05-15 20:32 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_32_33.183978.dmp
2014-05-15 20:30 - 2014-05-11 22:19 - 00000000 ____D () C:\Program Files (x86)\ROCCAT
2014-05-15 20:30 - 2014-05-09 00:22 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Apowersoft
2014-05-15 20:30 - 2014-05-09 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2014-05-15 20:30 - 2014-05-09 00:22 - 00000000 ____D () C:\Program Files (x86)\Apowersoft
2014-05-15 20:30 - 2014-03-08 21:20 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-15 20:30 - 2013-05-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any Video Converter
2014-05-15 20:28 - 2014-05-15 20:28 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_28_41.318444.dmp
2014-05-15 20:26 - 2014-05-15 01:48 - 00000000 ___HD () C:\2ce2165
2014-05-15 20:26 - 2013-04-06 23:05 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_32.635991.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_26.306629.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_07.048527.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_48.781482.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_46.346343.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_42.550126.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_38.440891.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_36.935805.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_28.041296.dmp
2014-05-15 20:20 - 2014-05-15 20:20 - 01166445 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_20_40.076257.dmp
2014-05-15 01:51 - 2014-05-15 01:51 - 00008802 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:51 - 2014-05-15 01:51 - 00008802 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:51 - 2014-05-15 01:51 - 00004742 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:51 - 2014-05-15 01:51 - 00004742 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:51 - 2014-05-15 01:51 - 00000280 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-05-15 01:51 - 2014-05-15 01:51 - 00000280 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.URL
2014-05-15 01:51 - 2013-07-02 20:18 - 00000000 ____D () C:\Users\mochenmo1\Documents\Any Video Converter
2014-05-15 01:51 - 2012-04-25 01:02 - 00000000 ____D () C:\Users\mochenmo1\Documents\CyberLink
2014-05-15 01:50 - 2014-05-15 01:50 - 00008802 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:50 - 2014-05-15 01:50 - 00008802 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:50 - 2014-05-15 01:50 - 00004742 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:50 - 2014-05-15 01:50 - 00004742 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:50 - 2014-05-15 01:50 - 00000280 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-05-15 01:50 - 2014-05-15 01:50 - 00000280 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-05-15 01:50 - 2014-05-01 23:55 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Malwarebytes
2014-05-15 01:50 - 2013-05-01 18:21 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Any Video Converter
2014-05-15 01:50 - 2012-04-26 18:10 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\InternetEverywhere
2014-05-15 01:50 - 2012-03-24 10:56 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Western Digital
2014-05-15 01:49 - 2011-10-30 21:25 - 00000000 ____D () C:\book
2014-05-15 01:49 - 2011-08-12 10:09 - 00008728 __RSH () C:\BOOTSECT.BAK
2014-05-14 00:17 - 2014-05-14 00:17 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Astuma
2014-05-13 19:38 - 2014-05-13 19:38 - 00204280 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-13 19_38_36.980195.dmp
2014-05-13 19:38 - 2014-05-13 19:38 - 00203536 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-13 19_38_36.981195.dmp
2014-05-12 00:10 - 2009-07-14 04:34 - 54525952 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-12 00:10 - 2009-07-14 04:34 - 16777216 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-12 00:10 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-09 00:23 - 2014-05-09 00:23 - 00000000 ____D () C:\Users\mochenmo1\Documents\Screen Recording Suite
2014-05-08 20:06 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-05-02 00:31 - 2014-05-02 00:30 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\cache
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\.android
2014-05-02 00:13 - 2014-05-02 00:13 - 00000000 ____D () C:\Users\Public\Documents\DriverGenius
2014-05-02 00:07 - 2013-05-01 18:21 - 00000000 ____D () C:\Program Files (x86)\Any Video Converter
2014-05-01 16:19 - 2009-07-14 07:38 - 00067584 ____S () C:\Windows\bootstat(32).dat
2014-04-30 11:07 - 2013-09-17 19:21 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Guild Wars 2
2014-04-20 16:57 - 2010-11-21 09:16 - 00000000 ___RD () C:\Users\Public\Recorded TV

Files to move or delete:
====================
C:\Users\mochenmo1\createfileassoc.exe
C:\Users\mochenmo1\error_report.exe
C:\Users\mochenmo1\libeay32.dll
C:\Users\mochenmo1\msvcp110.dll
C:\Users\mochenmo1\msvcr110.dll
C:\Users\mochenmo1\OverwolfTeamSpeakInstaller.exe
C:\Users\mochenmo1\package_inst.exe
C:\Users\mochenmo1\Qt5Core.dll
C:\Users\mochenmo1\Qt5Gui.dll
C:\Users\mochenmo1\Qt5Network.dll
C:\Users\mochenmo1\Qt5Sql.dll
C:\Users\mochenmo1\Qt5Widgets.dll
C:\Users\mochenmo1\quazip.dll
C:\Users\mochenmo1\ssleay32.dll
C:\Users\mochenmo1\ts3client_win64.exe


Some content of TEMP:
====================
C:\Users\mochenmo1\AppData\Local\Temp\avgnt.exe
C:\Users\mochenmo1\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-14 02:30

==================== End Of Log ============================
--- --- ---

schrauber 21.05.2014 08:33
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Run: [UZmedia Update] => regsvr32.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



chetumal 21.05.2014 09:11
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
Ran by mochenmo1 at 2014-05-21 10:07:51 Run:1
Running from D:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Run: [UZmedia Update] => regsvr32.exe

*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => Value deleted successfully.
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UZmedia Update => Value deleted successfully.

==== End of Fixlog ====





Farbar Service Scanner Version: 14-05-2014
Ran by mochenmo1 (administrator) on 21-05-2014 at 10:09:46
Running from "C:\Users\mochenmo1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVBKHRL9"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

schrauber 22.05.2014 08:35
Das bitte machen:
http://www.trojaner-board.de/126216-...epair-aio.html

Frisches FSS und FRST Log bitte. Noch probleme?

chetumal 22.05.2014 18:44
Code:
Farbar Service Scanner Version: 14-05-2014
Ran by mochenmo1 (administrator) on 21-05-2014 at 10:09:46
Running from "C:\Users\mochenmo1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVBKHRL9"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
Ran by mochenmo1 at 2014-05-21 10:07:51 Run:1
Running from D:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Run: [UZmedia Update] => regsvr32.exe
       
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => Value deleted successfully.
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UZmedia Update => Value deleted successfully.

==== End of Fixlog ====




Code:
Farbar Service Scanner Version: 14-05-2014
Ran by mochenmo1 (administrator) on 21-05-2014 at 10:09:46
Running from "C:\Users\mochenmo1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVBKHRL9"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-05-2014
Ran by mochenmo1 at 2014-05-21 10:07:51 Run:1
Running from D:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Run: [UZmedia Update] => regsvr32.exe
       
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => Value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => Value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IsMyWinLockerReboot => Value deleted successfully.
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UZmedia Update => Value deleted successfully.

==== End of Fixlog ====


Code:
Farbar Service Scanner Version: 14-05-2014
Ran by mochenmo1 (administrator) on 21-05-2014 at 10:09:46
Running from "C:\Users\mochenmo1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVBKHRL9"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is set to Disabled. The default start type is Auto.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
sy für das doppelposting. hab nicht gesehen das wir schon auf seite 2 sind

Code:
Tweaking.com - Windows Repair Change Log.

v2.6.2
Added a new repair "Restore Windows 8 COM+ Unmarshalers" Starting in Windows 8 the COM+ depends on a set of registry keys located under HKEY_CLASSES_ROOT\Unmarshalers\System
There is a bug in Windows 8 where those registry keys are sometimes removed, which when they are COM+ will no longer function and many things in windows stop working including audio, Windows Defender, Windows Firewall, WMI and many more.
When these keys are restored COM+ functions again. These registry keys where not in older versions of Windows and is new to Windows 8.

Updated Repair Registry Permissions

The tree view on the repair window now takes on the colors set for the text boxes and lists instead of the program back and text colors.

Changed the default color theme to make the text boxes and lists a little darker than pure white.

Updated Registry Backup to v1.8.0

v2.6.1
Multiple interface changes and fixes.

Code updates and improvements in multiple locations in the program.

v2.6.0
Added a new option to change all the program colors (under the settings tab). The user can now control the colors of the program and even save their color layout as a preset. This is very helpful for colorblind, or hard of seeing users or just users who don't like my default colors :-)

Added a new system monitor to the repair window. The repair window will now show the current memory usage, process count, cpu usage and current read and right speeds of the hard drives. This way a user can keep track if they are running out of memory or if the drives are doing anything during a repair. Very useful so the user can tell if a repair is working or has stalled.

There are now 5 step tabs before the repairs. I changed the Welcome tab to Step 1 and changed the order of the rest. On the new step 1 it tells the user to do a proper power reset before anything else and gives them a quick 4 step instruction on how to do so.

Changed the default colors of the program. Replaced the green text with a easier to read color. Also change the button colors to stand out more and multiple other changes.

A large amount of interface and layout changes.

Code cleanup, removed old code that I was no longer using.

Updated the code on step 3 when doing a read only chkdsk on the drive.

Updated the Register System Files repair.

Updated Restore Important Services.

Updated Repair WMI to make a backup of the antivirus, firewall and antispyware information. It will export that data out first since it is lost when WMI is built and then import it back in once WMI is finished. Normally the Windows security center would complain you have no AV install and such after the repair. The AV and such would update it self back to WMI after it updates itself or after another reboot. But this confused some users who thought their AV wasn't working. By exporting and then importing that information back will keep that from happening and confusing users.

Multiple Code improvements and changes through out the whole program.

v2.5.1
Important update to the "Set Windows Services To Default Startup" repair. A few services Windows changes the default startup for based on the hardware you have installed. Such as the wireless service is set to manual but if Windows detects a wireless card then the service is changed to automatic. The services that get changed have been updated and is now fixed.

v2.5.0
The "Reset File Permissions" Repair has been totally redone. The old way the program would run a bat file for each folder on the root of the drive. So if you had 100 folders on the root of the drive it would run 100 bat files in order to set the permissions on each folder. This was done so the program could skip certain folders. The repair now does the whole drive in just 1 bat file, making things much faster for this repair.

Also added a exclude list option to the "Reset File Permissions" Repair. This new excluded list will allow power users to tweak the repair and have it skip certain folders or files. This new option was what made it possible to streamline the repair. 2 new files where added to the files folder file_permissions_excludes.txt and file_permissions_profiles_excludes.txt.

Updated the "Repair WMI" to skip the system volume information folder when looking for wmi files to add back. Normally this wasn't a problem but if for some reason a user had taken ownership over the system volume folder then the program had access to it and then the WMI repair would loop through the restore points, which we don't want.

The "Set Windows Services To Default Startup" has been redone as well. Before it pulled what services to set from the services_startup.txt file in the files folder. With Windows having so many different services for each version of Windows I have now made the repair pull from a txt file based on what version of Windows the user is on. This now gives even more control to power users and also makes the repair better suited for each version of Windows. 5 new files have been added to the files folder services_startup_xp.txt, services_startup_vista.txt, services_startup_7.txt, services_startup_8.txt, services_startup_8.1.txt.

To help make the "Set Windows Services To Default Startup" even better I installed a fresh copy of Windows XP Pro SP3, Vista Ultimate SP2, 7 Ultimate SP1 , 8 Pro and 8.1 Pro with nothing added to them but their default installs and pulled all the service startup information for every single service. The repair now sets more services than ever and as of right now every known service default in each version of Windows.

Multiple other code changes and improvements.

v2.4.2
The step 3 system file checker cmd.exe window now uses the cmd color options in the program.
On step 2 I added a view log button that will show up after you run check disk on the system, the log file is stored in the log file location but now the user can open it right from the program if they wish.
Added a "View Logs" button to the main repair window. Now users can open the logs folder after doing repairs instead of manually going to them, this will help with users who have trouble knowing where the logs are.
Bug fix for VSS and services for XP systems.

v2.4.1
Fixed bug in the program where if you ran the Repair CD/DVD and had iTunes installed iTunes could complain about a regkey missing. The program did put the registry key back into the registry but it didn't null terminate the line so iTunes still complained. This has now been fixed and iTunes no longer complains.
Reset File Permissions has been improved. The reset file permissions normally skips the profile folders on the system. This was due to a odd bug in Windows Vista, 7 and newer where if "Everyone" permissions was set on a folder under the user profile Windows would think it is shared when it wasn't. Well after helping a user who had a lot of problems on their system it turned out to be because somehow the user had removed "Administrators" and "System" from all the permissions on the folders and files of the profile. Once those where put back everything worked. So I knew I had to get the profiles added to the repair. The new changes will update all the profile folders properly and only add administrators and system, not everyone. Also for the current user profile folder it will also add the current user as it should be that way.
Small code changes.

v2.4.0
Repair Icons has been updated and redone. The repair will now kill explorer.exe to unlock the cache files, delete them and then start explorer.exe back up. Also Starting with vista, 7 and 8 there is a new location for the cache files and that has been added to the repair.
Change the the logs, the program now makes a folder with the date and time the start repairs button was clicked and logs are stored in that folder in the log location. So now instead of the program overwriting logs it now keeps them so you can view logs from different repair runs.
Added a new tab in the main window of the program letting users know about tweaking their system for performance after a repair. It simply tells them about my simple system tweaker and my CleanMem tool from my other site PcWinTech.com. This way users now have an option to try and speed things up afterwards if they like.
I have made a custom CleanMem for Tweaking.com and included it with the program. The program will now cleanup memory on the system instantly before doing the repairs. This will help with systems with little memory or have some processes that are memory hogs or have memory leaks, they get cleaned up before the repairs start.
Updated Repair WMI.
Updated Repair IE to support IE 11.
Program now pulls more system information and adds it to the logs, this has the benefit of letting the user see how memory and other things look and the information can also help when helping a user in the forums.
Added 20 more services to Restore Important Windows Services.
Multiple code changes and updates.
The installer for the program now puts the setup log in the same folder as the program instead of the temp folder. This will make it easier for users to find it if they wish.

v2.3.0
Fixed a bug where the cmd.exe windows where not changing color like they use to.
New feature, you can now set what back and text color to use in the cmd.exe windows. This is useful when running the program from a script and you can tell which cmd.exe windows belong to the program and not the script.
Program now gives a warning if it is unable to create the log file path. If the program is unable to save the log files the repairs will fail. Examples of it failing would be if the path has Unicode chars or is pointing to a ready only folder such as running off a cd.
Small bug fixes and multiple code changes.

v2.2.1
Per user request I have enabled the beta repair for system restore.
Adjusted privileges of the program to fix a loop in the wmi repair and to also give better access for the repairs.
Program now logs if it has trouble loading needed privileges. This can be helpful if the user account the program is running under doesn't have the correct access that is needed for the repairs.

v2.2.0
Remove beta repairs button. The only beta repair was for the system restore which wasn't repairing it, so no point in having it till i find more info on it :-)
The Repair CD/DVD Missing/Not Working now logs if it detects iTunes and if it does it applies the upperfilter regkey so iTunes can burn cds.
The Unhide Non System Files now also sets the show desktop icons back to enabled. Some viruses are putting desktop icons as hidden. If you keep them hidden your self you can rehide them with a simple right click on the desktop and then go to view.
Updated the repair windows firewall to have file and print sharing enabled.
Add a "Defaults" button next to the select all and unselect all repairs. This was by user request. The defaults button will select the default repairs, the same as when you run the Windows Repair for the first time.
The Windows Repair log now record system information such as what version of windows and such. This way when a user posts the log in the forums and doesnt tell me what version of Windows they are on I can see it in the logs.
New repair added for Windows 8 users. Repair Windows 8 Component Store. Microsoft finally added some built in tool to fix and recover corrupt files when sfc /scannow fails and says it couldn't fix some corrupt files. I also have the repair do a cleanup of the component store to shrink the size and also possibly remove errors from old outdated files. Here is the repair info from with in the program.:

"Repair Windows 8 Component Store

The following commands are done.

Dism /Online /Cleanup-Image /StartComponentCleanup
Dism /Online /Cleanup-Image /RestoreHealth

The first command cleans up the component store (WinSxS Folder) in windows, reducing it size and removing old entries.

The 2nd command is used to repair corrupt files and corrupt entries in the component store.

Reasons for this repair:
Used to fix Windows component store corruption when a SFC /SCANNOW command is unable to repair corrupted system files because the store (source) is corrupted, then run the SFC command again.
Used to fix Windows component store corruption when the same Windows Updates continue to appear to be available to install even though they already show successfully installed in update history.

More information on these commands can be found here:
hxxp://technet.microsoft.com/en-us/library/hh824869.aspx
and
hxxp://www.eightforums.com/tutorials/26512-dism-fixing-component-store-corruption-windows-8-a.html
"

v2.1.1
New feature added to the program (Possible speed increase as well). Under the settings tab in the main window of the program you can now set the window state and priority of the cmd.exe. The program uses bat files to run the repairs which goes through cmd.exe in Windows. Now you can choose to have the cmd.exe window be minimized, maximized or normal like it has been. (Useful for techs who are running repairs but are trying to do something else on the system) You can also set what CPU priority to run cmd.exe, so on older systems where the CPU is in use by other processes the cmd.exe window can now get priority, thus getting more CPU when it needs it and possibly speeding up the repairs for some people.
Updated and improved the Repair Winsock & DNS Cache
Updated and improved the Repair Windows Updates.
Multiple small code changes.

v2.1.0
Added new repair "Repair Windows App Store"
Updated Registry backup to 1.6.8
The program now auto skips repairs that are meant for a different version of Windows.
Added a checkbox to give the user an option to not have the program check for updates at startup. While I didn't have this before as it is extremely important to always run the latest version because of bug fixes and changes, it also causes the program to hang for a few seconds if the computer it is running on cant access the site to see what the current version is. So now the user can turn that off.

v2.0.1
Fixed bug where the /silent command didn't work. The bug was when you used /silent the repair window would show but didn't run the repairs. This is because with the new interface the treeview of the repairs wasn't loaded yet, so it didn't see any repair to run. This bug has now been fixed and /silent works again :-)

v2.0.0
New interface. Still the same layout but new colors that match the same look and feel as other programs on tweaking.com
Due to the interface changes I changed controls and graphics to make a smaller exe, smaller setup and use less memory.
Code improvements to Repair WMI.
All new logging. The program now records any output from the cmd.exe, not just errors. Bigger log files, but much better information when needed.
Support for Windows 8.1 added.
Tons of Code changes.
Repair Windows Updates updated.
Repair WMI updated.
Restore Important Windows Services updated.
Multiple bug fixes from the last version have been fixed.

v1.9.18
Bug fix: The program would get stuck in a opening and closing loop when you had it set to auto restart after repairs. This was because of a timer not turning off and wanting to update the window while it was closing down, thus the loop. This has now been fixed and the program closes like it should.

New feature: Since I had to get this bug fixed quickly I decided to take the time to add a new feature I came up with. In the steps before the repairs, Step 2 asks the user to do a check disk (chkdsk) on the system to make sure there is no file system errors before doing any repairs. I hated the fact that I forced the user to reboot to scan it when there may not be any errors on the file system. So I have added a new option to this step where the program will check the drive for errors and let you know if any are found. It is done by making a pipe to a cmd.exe window and running chkdsk in read only mode. Once chkdsk is done it looks for the key words "Windows found problems" and can let the user know if running chkdsk is even needed. Thus saving the user a reboot if there are no errors. I also have it log the chkdsk results to a chkdsk.log file in the logs folder in case a user wants to see the results of the chkdsk. :-)

v1.9.17
Updated the repair list to be numbered. This way when others have users use the program they can tell them what number in the list to choose instead of the repair name, making it easier for the user to check the correct ones.
Unhide non system files has been updated to support Unicode systems and file names and also to skip folders and files with symbolic links so it doesn't get stuck in a loop.
Unhide Non System Files now logs all files it unhides.
Repair WMI has been updated to apply MOF and MFL files back into WMI. So if you have a 3rd party program that added themselves to WMI they will be added back.
Log files have been updated to make a log file for each repair instead of trying to put everything into one log file. This is because the cmd.exe would sometimes give an error on the log file being in use.
Program now deletes old log files before running repairs. This way the log files dont keep growing in size if repairs are ran more than once.
Reset Registry Permissions has been enabled for Windows 8, but only does sections of the registry that doesn't effect the app store.
Repair Windows Firewall has been updated to use subinacl.exe to set the reg permissions instead of regini.exe. That is now 2 less files needed in the program.
Multiple code changes.

v1.9.16
Update to the Reset File and Reset Registry permissions. These repairs now delete orphaned SIDs and no longer follows symbolic links, keeping it from getting stuck in an infinite loop.
Updated the Repair Important Services to apply reg permissions to the service section in the registry (In case the reg permissions repair was skipped, and for users on Windows 8 who can't user the reg permissions repair because of the Windows App store.) and also to remove symbolic links from the Windows defender folder in case a well known virus put those there to break Windows defender.
Added remove_symbolic_links_from_windows_defender_folder.bat file to the files folder. This can be used by users who simply need to remove the symbolic links a virus puts on the Windows defender folder to keep Windows defender from working. The program now does this as well, but I decided to add a file for it for advanced users. The program doesn't not use this file, so changing it will have no effect on the program.
When a new update is available the program will now tell you in the caption bar instead of only at program startup. This is good for users who missed the message that there is a new version.

v1.9.15
Change the scan of malwarebytes from full to quick. Full is normally needed when scanning external drives and such and a quick scan is meant for scanning your system for all known malware locations and is much faster.
Small code changes.

v1.9.14
The awesome guys over at Malwarebytes gave me permission to allow Tweaking.com - Windows Repair to download and install Malwarebytes Anti-Malware and start a scan right from the program. This will now help make things a little easier for novice users and is a few less steps that my fellow techs need to do. When you start the program the scan option is on "Step 1" and is totally optional :-)

v1.9.13
Added msiserver service "Restore Important Windows Services" and "Repair MSI (Windows Installer)"
Added sppsvc service to the "Restore Important Windows Services"
Improved "Repair Internet Explorer", now better supports IE6 to IE 10.
"Repair Internet Explorer" now loads the list of files to register from the ie.txt file in the files folder. This gives users more control if they need it.
Improved "Repair MDAC/MS Jet"
"Repair MDAC/MS Jet" now loads the list of files to register from the mdac.txt file in the files folder. This gives users more control if they need it.

v1.9.12
Added 4 more service repairs to the "Restore Important Windows Services".
Improved repair print spooler.
Moved "Set Windows Services To Default Startup" to the bottom of the list. Since you can edit the file of what services are set to what startup, it made sense to move this last since other repairs that restore services put them back to their startup as well. This way a person can edit this file to keep any tweaks they have done to their services on the system.
Minor bug fixes and code changes.

v1.9.11
Improved "Repair Windows Update". On a very few machines the repair was unable to rename the pending.xml file. On vista and 7 this would cause the "installing update step 3 of 3" screen to never go away at boot up. By simply renaming the pending.xml file fixed this. Even though this was already part of the repair, if the file was in use at the time then it wasn't able to be renamed and the person would get stuck at the next boot. I am changed the repair to now remove any attributes from the file and set a secondary rename option directly in the registry to have windows rename the file at boot up. So now if the repair is unable to rename that file during the repair it will get rename at the next system boot. Hopefully this will now keep the "installing update step 3 of 3" screen from coming up and getting stuck. I was able to replicate this problem in Windows and the new repair fixed it in my testing.

Improved the "Repair Winsock & DNS Cache". The repair reset TCP which would also clear any static IP info set on the system. Per user request the program will now extract the static IP info, run the repair and then put the static IP info back.

v1.9.10
Improved the "Repair Windows Firewall". The program use to only restore the core of the shared access service. It didn't put any policies or rules. While helping a user in the forum they had a virus completely delete the shard access service key, including all rules. When the shared access was put back the firewall worked but he was unable to share any files. This is because there is some core things that have to be in the firewall rules in order to work. I have now added those core rules to the repair and it got his file sharing working just fine. This now makes the repair even better than before.

Added some more settings for the "Repair Windows Firewall". While helping a user in the forum the firewall was working but he couldn't get the firewall to open and would get a Group Policy error. While helping him I found the 2 reg keys that where needed to fix it. This keys are only on Vista and 7. They are not on Xp, 2003 or 8. The repair now puts these keys in on Vista and 7 only.

Added Windows Defender to the "Restore Important Windows Services" repair.

v1.9.9
Fixed bug reported by users where a folder was created on the C: drive called "Program" and windows would ask to delete or rename it, which was safe to do. The bug was with the new log settings. Bat files do not like spaces. If there was a space in the log location name it made that folder and the log was never made. The fix is to just make sure that the path is started and ended with quotation marks. I have updated all 250 locations in the program to make sure the log path has the quotation marks. This bug is now fixed.

v1.9.8
Changed the "Set Windows Services To Default Startup" repair to pull the services startup from a text file in the files folder instead of being hard coded. This will let users tweak this repair if they wish.

The program will now keep Windows from going into sleep mode or hibernation when repairs are running.

Added new repair "Repair Print Spooler"

Added "Time Elapsed" to the repair Window, so now users can see how long the repairs have been running.

Add new settings tab to the main window.

Under the new settings tab you can now change the default location for the log files.

Changed the default location of the log files from the Windows drive to the Logs folder in the program folder.

Added new repair "Restore Important Windows Services", this repair will replace all the services that the other repairs do. And as time goes I will add more services to this repair.

v1.9.7
Major changes to both "Reset Registry Permissions" and "Reset File Permissions". I found out that if you where on a non English system these two repairs simply wouldn't run and thus not change any permissions. This was because it was settings the permissions based on the names such as "Administrators" or "Everyone". On non English systems these are spelled differently and so would fail. I have changed these two repairs to set it by SID now instead of name. Example: Instead of "Administrators" it will use "S-1-5-32-544" (Which is the Windows Default SID for Administrators). These two repairs will now work on non English systems. As an added bonus, the two repairs run much faster now. The reason why is when I was using the names instead of the SID it had to go and lookup the SID of the names. Now that I am using the SID from the start it no longer has to do that lookup, thus making it run nearly twice as fast or better :-)

Fixed bug where if you opened the repair window, then closed it and then went back to it the repairs wouldn't work. This is because the program though it was in close down mode from closing the repair window. This has now been fixed.

Program now shows how many repairs are selected above the repair list. Example: "Repair Options (Selected: 10 of 35)"

The repair wmi was done in 3 steps to simply give a progress of what it is doing. Instead I have combined the 3 steps into 1.

Unhide none system files now gives a count of how many files it unhides. Also made a new status window to show when the unhide repair is running.

The Beta Repairs button will now be disabled when your running repairs.

The program now lists all fixed drives in the system for the Reset File Permissions and Unhide Non System Files repairs. Before it would only do the drive that Windows is on, now you can have it do other fixed drives as well. By default only the Windows drive is selected.

Log window now shows when a repair is being ran under the system account and the current user account.

The cmd.exe windows now show what repair it is doing in the title bar.

The program now checks if it is being run from a network path. If it is it lets the user know that due to Windows network security most repairs will fail and to please run the program locally on the system.

v1.9.6
Added renaming of the pending.xml file to the Repair Windows Updates

Due to an odd bug with the Windows 8 app store I had to disabled the reset reg permissions repair for now for Windows 8 systems. For some reason even though the app store has permissions, if you change the permissions in any way under certain keys under hkey local machine the app store will refuse to install apps and give the error code 0x8007064a. Until I can find out what keys the app store doesn't like touched I will keep this repair disabled for Windows 8.

v1.9.5
Fix bug where the program wouldn't go to the next repair if a cmd.exe was open. That means when the program was run from a bat file it wouldn't move forward. This bug was caused from a previous update. This is now fixed.

Updated the "Set Windows Services To Default Startup"

v1.9.4
On some systems, depending what programs are installed would not leave enough system resources for the reg and file permissions repair. On these systems after those repairs the rest of the repairs wouldn't work because the system was out of resources. There are two simple reg tweaks that increase the system resources Windows will use. Both repairs will now apply those two reg keys. Not only will this fix the resources being used up but should also fix any other program that runs out of resources. A reg file for these two tweaks are in the files folder with the program.

Added more files to the repair system restore.

Nearly all repairs run under the system account. As I work on the repairs I noticed something odd. Some parts of the repairs work when run under the current user account and fail under the system account, and other parts fail under the user account and work with the system account. Such as adding reg files or registering files. Here is an example registering the file blb_ps.dll under the user account works while trying to register it under the system account fails, and this only happens with a few files while the rest work fine under both. To handle this I now have some of the repairs run twice, once under the user account then again under the system account. This should handle any odd permissions between the two accounts and insure that the repairs are successful. This isn't needed on all repairs.

v1.9.3
Added a new section to the program called "Beta Repairs". There is a button on the repair window that will open it for you.
Added new beta repair "Repair System Restore" this is for Windows Vista, 7 and 8. Microsoft has no repair info on the system restore. So I monitored what services and files the system restore needs and I am working on the first known system restore repair. This is in the beta section till I get user feedback on how it works and if it gets system restore working again for people.

v1.9.2
Per user request the main repair window is now resizable.
Added 11 new file association repairs. What makes these repairs different than just clicking a reg file is on vista and newer some of the keys are locked. Since the program runs the repairs under the system account these repairs have access to those locked keys.
Added a "Tips" button that loads a page on the site with some tips on which repairs to run and tricks you can do with the program.
Changed the list in the program to a treeview.
I have some repairs unchecked by default now instead of all repairs checked.
Many code changes.

v1.9.1
Changes to the user interface.

v1.9.0
Minor Interface changes.
Program now pulls the information of each repair from a txt file instead of being directly in the program.
Added the BITS service to the Repair Windows Updates.
Added the wuauserv service to the Repair Windows Updates
Added a few more things to the Repair Windows Updates.
Added more support for Windows 8 repairs.
Added more dll files to the register system files repair.
Added new repair - "Repair Windows Safe Mode". This will put the default reg keys in order to boot into safe mode. Some viruses remove these reg keys. This will simply put the defaults back and allow safe mode to boot again.
Added more to the "Remove Policies Set By Infections" repair.
Multiple Code changes and improvements.

v1.8.0
Replaced Erunt registry backup with Tweaking.com - Registry Backup
Some new viruses have been adding programs to the Image File Execution Options in the registry. Keeping those programs from running. I have added 773 more items to the Remove Policies Set By Infections.
Added new repair "Repair Windows Snipping Tool". This will run on vista or newer and replace the reg keys needed for the snipping tool.
Added new repair "Repair .lnk (Shortcuts) File Association" This will run on vista or newer.
Updated the "Repair CD/DVD Missing/Not Working" to see if iTunes is running (Looks for ituneshelper.exe is running). If it is it puts the iTunes "UpperFilters" for the cd/dvd rom drive so iTunes wont give the error "Warning the registry setting used for importing CD are missing". More info here hxxp://support.apple.com/kb/TS2372?viewlocale=en_US
Multiple code improvements.

v1.7.5
Improved operating system detection code. What does this mean? Some repairs need to know what version of Windows it is running run to run the correct code. The program used WMI to pull this info. But if WMI was broken it didn't pull the info. I now have it use the Windows API to pull the Windows version, and if for any reason it fails it will fall back to using WMI to pull the info.

v1.7.4
The program is now Terminal Server Aware. When you ran the program on a Windows server that had Terminal Services installed the Windows API returned the wrong path to the windows dir. This is now fixed.

v1.7.3
Updated the Repair Windows Firewall. It now restores the reg keys for the BFE, MPSSVC and WSCSVC services. Before it only put back the shared access service. Which in XP is all the firewall needed. But in Vista and 7 it required more services. They are now part of the repair :-)

v1.7.2
Small bug fixes to the log creation of the program.
I have removed the 3 options "Basic" "Advanced" and "Custom" before you start the repairs. Nearly all users that I have talk to, and myself included always choose custom anyways. No need for these other options and they have been removed. Should cut down on the confusion for new users on which to use.
New interface changes to the repair window in the program.
Added "Always On Top" option for the repair window.
Added a minimize button to the repair window. With the always on top option if something opens behind the window and the user needs to get to it they can now minimize the window.
Added a minimize button to the main window in the program for the heck of it :-)
Code improvements.

v1.7.1
Updated the Repair WMI to better handle the commands needed for the different version of Windows. While the WMI works great on XP, Vista and 7 it didn't work correctly on 2003 thus breaking WMI. I have added the commands need to have it run properly on 2003 :-)

v1.7.0
Small improvements to a few repairs.
Better support when running the program through a script. I have a good amount of repair shops that use this repair tool. Some like to run the repair tool with the silent command and from a script in a bat file. The old version of the program would close any cmd.exe window before running the repairs. This of course defeated the purpose of running through a script. So I have changed the way the program waits for a repair to finish. Instead of waiting for cmd.exe to close, each repair will now make a file. When the repair is finished it will delete the file, then the program will know to move onto the next repair.
I now have the cmd.exe windows change to a gray background with black text. This way when running the program through a script you will know which cmd.exe window belongs to the windows repair :-)
The program will now save any errors from the repairs into a txt file on the Windows drive in a folder. Example: "C:\Tweaking.com_Windows_Repair_Logs\" Multiple log files are made for the permission repairs. This is because the MS tool doesn't append to the log file, so a new file has to be made for each section. Since this could create a fair amount of log files I have the program cleanup any empty log files after the repairs are ran.

v1.6.5
Program detects if you are running in safe mode and warns that some repairs may not work in safe mode.
I have also made a few changes for all repairs to run better in safe mode. No guarantees but should definitely run better in safe mode than it has before.
Per user request you can now choose to restart or shutdown the computer after repairs.
I have the repair window resized to 750 x 550 pixels (Now bigger than before). This is the max size to fit on the screen in safe mode which is normally 800 x 600.

v1.6.4
Add ERUNT Registry backup tools. This is another option to backup the system registry before doing repairs. Also very helpful when a users system restore isn't working properly.

v1.6.3
Major improvement for the Reset File Permissions repair. On vista and newer the repair would allow access to folders windows normally blocked. Such as "C:\ProgramData\Application Data". Normally with this folder you would get an access denied. After you ran the reset file permissions repair you could access it. The side effect was that this folder points back to the C:\ProgramData folder. So it made an endless loop! The repair now checks if your on anything newer than XP. If you are then it runs a batch of commands after the repair that puts back the deny permissions on all the folders that are supposed to be blocked. This stops that endless loop from happening. 46 folders total. :-)

v1.6.2
Per user request I have added a silent command option to the program. Set the options in the setting.ini file and run the program with /silent. The program will run in custom mode running the repairs set in the settings and then close it self. Will even reboot when done if set in the settings. (Perfect option for my fellow network admins) :-)
Small code changes.

v1.6.1
Added new repair "Repair Missing Start Menu Icons Removed By Infections" This repair will put back the missing icons in the start menu, quick launch, and desktop that are moved by a rogue virus.

v1.6.0
Added new repair "Repair MSI (Windows Installer)"
Added exe fix (when a virus hijacks the exe section in the registry) to the "Remove Policies Set By Infections" repair.
Improved "Repair Windows Updates".
Small interface changes.

v1.5.8
Bug Fix: I found a very odd bug where some of the repairs were not working right. All repairs run under the system account (because of the trusted installer in vista and newer). For some reason the repairs that set registry keys by a .reg file and with regedit would run but the changes wouldn't take. The fix was to have those repairs run as the logged in account. Still scratching my head on that one, but at least now they work again :-D
Bug Fix: The repair windows firewall wasn't running all the repairs needed for it. This has now been fixed.
The Reset File Permissions now skips the "Users" folder in Vista and newer and "Documents and Settings". The reason for this is in Vista and newer there is a bug where if the file permissions are changed in the user profile then Windows thinks the file is shared when it isn't and you get a shared icon on it. More information is here hxxp://www.tweaking.com/forums/index.php/topic,69.0.html
Small code improvements.

v1.5.7
Changed Windows Image Acquisition (WIA) from "stisvc start= demand" to "stisvc start= auto" in the windows services repair.

v1.5.6
The "Remove Policies Set By Infections" repair wasn't working properly. The commands where deleting the Reg file before it had been applied. I added the start /wait command to the regedit. "Remove Policies Set By Infections" Now works correctly :-)

v1.5.5
Removed "WwanSvc start= demand" from the windows services repair.
The program no longer defaults to the C:\ for repairs. The program now looks at the location of the Windows dir and uses the drive that Windows is on.

v1.5.4
On users machines who's "Path" variable was corrupt none of the repairs would work. To fix this I have added "set path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem" to all the repairs. Now on users systems with a corrupt "path" variable the repairs will still work properly :-)

v1.5.3
Changed 4 service defaults from manual to auto in the set services to default startup repair. Media Center Receiver Service, Media Center Scheduler Service, Windows Media Center Service Launcher and Windows Media Player Network Sharing Service.
Removed Panda cloud antivirus from the program and put Avast as a recommendation (Step 2 Window).
Added ComboFix to the recommendation page (Step 2 Window).

v1.5.2
Interface changes.

v1.5.1
Blackvipers site listed the Windows 7 wireless service startup state as manual. But when it is set to manual it will not start and thus the user has no wireless. I have updated the services startup repair tool to put the wireless to auto instead of manual.

v1.5.0
Added a new repair "Set Windows Services To Default Startup". (Currently 194 services) This will set the Windows services to their default startup state. Special thanks to hxxp://www.blackviper.com/ for having all the default information handy. This will set the services startup by the "sc config" command and not by the registry. The information on the repair in the program lists all the services that are set.

1.4.3
The new setup file for the program was missing some of the repair files it needed. The setup has been updated and I made this new version so people who downloaded the last version will update and get the rest of the files they need.

1.4.2
Removed moving arrow from the repair window. Since the list of repairs is growing and the list is scrollable the arrow didn't work well.
In a past update I removed the custom buttons because they would cause the program to crash. The program then used the default old ugly buttons. I have made a new button control and updated the buttons so they look better, and it doesn't cause the program to crash like the old ones.
Program now asks the user if they want to create a restore point before doing repairs if they didn't have the program create one.
The program now comes in a setup program and the portable version. The new setup is larger because it contains the VB6 SP6 runtimes the program needs in case they are corrupt on the system that is being repaired.
More Code tweaks and changes.

v1.4.1
Added more files to the register system files repair that will fix "Class not registered" when trying to open a .mmc file. Such as Task scheduler, Device Manager, Computer Management and more.
Program now starts the Windows Sidebar after the Windows Sidebar repair.
Removed the security zones in IE being reset with the sidebar repair.
More code tweaks and improvements.

v1.4.0
Removed the custom buttons from the program. It was causing the program to crash on some systems. Program is meant to repair, not look pretty, so ugly standard safe buttons it is :-)
Add new repair "Repair Windows Sidebar/Gadgets"
Changed the window size of the repair window, making it smaller and easier to fit on screen for smaller resolutions.
More code tweaks.

v1.3.1
Minor GUI and code Tweaks.

v1.3.0
If you ran an older version of this repair program and it caused problems on your system, download and run this version and it will fix any problems it caused :-)
Added new repair "Repair Volume Shadow Copy Service"
Major update to the program making it safer and better at repairs. Make sure to use this new version and not the old versions.

v1.2.0
Per user request - Added a new repair "Repair CD/DVD Missing/Not Working"
Fixed bug where when repairing WMI the WMI tester would open and the program wouldn't move forward till the WMI tester was closed. Most users didn't know to close this. I have made the program now look for and close the WMI tester if it pops up during the WMI repair.

v1.1.1
Remove some files from the Register System Files repair. While this repair worked great on a lot of some systems on a few ones it would create more problems. The repair now has a much smaller list of only known good files to register.
Updated Repair IE section.
Updated Repair MDAC Section.

v1.1.0
Major changes to how the program launches the repairs. It now shows the command window doing the repair in the task bar. Also should work better with the UAC enabled and running the commands as administrator. This will also keep the program from not responding during repairs.
Updated the file permissions repair to include everyone and users full rights. It use to do just Administrators & System. But on some machines they needed more to get things working right again. This should fix that.
Replaced some of the controls in the program so the program & zip file is smaller in size.

v1.0.2
Fixed bug in Repair WMI (Hopefully got it this time)
Added link to help fix any problems someone might have with the file permissions repair.

v1.0.1
Fixed bug in Repair WMI
GUI Changes.

v1.0.0
First Release


Code:
Farbar Service Scanner Version: 21-05-2014
Ran by mochenmo1 (administrator) on 22-05-2014 at 19:32:47
Running from "C:\Users\mochenmo1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TVBKHRL9"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-05-2014
Ran by mochenmo1 (administrator) on MOCHENMO1-PC on 22-05-2014 19:30:50
Running from C:\Users\mochenmo1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3CBE0IJZ
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Robert Łajka & Pawel Porwisz) C:\Program Files (x86)\TC UP\TC UP.exe
(Ghisler Software GmbH) C:\Program Files (x86)\TC UP\TOTALCMD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\elantech\etdctrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => c:\program files\realtek\audio\hda\ravcpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => c:\program files\realtek\audio\hda\ravbg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => c:\program files\acer\acer epower management\epowertray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "c:\program files\intel\turboboost\runtbgadgetonce.vbs"
HKLM\...\Run: [AtherosBtStack] => c:\program files (x86)\bluetooth suite\btvstack.exe [976032 2011-09-16] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => c:\program files (x86)\bluetooth suite\athbttray.exe [799904 2011-09-16] (Atheros Commnucations)
HKLM-x32\...\Run: [BackupManagerTray] => c:\program files (x86)\nti\acer backup manager\backupmanagertray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [OOTag] => c:\program files (x86)\acer\oobeoffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [StartCCC] => c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [336384 2011-02-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] => c:\program files (x86)\launch manager\lmanager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-03] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => c:\dolby pcee4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-05-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\MountPoints2: {1232592b-8fba-11e1-95c9-e4d53d088c7c} - G:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\MountPoints2: {4701b1ef-9c7b-11e2-8905-e4d53d088c7c} - G:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\MountPoints2: {88a6e618-80e9-11e1-9204-e4d53d088c7c} - F:\setup.exe
HKU\S-1-5-21-2435969490-785047729-4073554876-1000\...\MountPoints2: {b6f3effd-758d-11e1-960b-e4d53d088c7c} - "F:\WD SmartWare.exe" autoplay=true

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.448 - C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-03]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-05-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-05-16] (Avira Operations GmbH & Co. KG)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-05-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-05-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-16] (Avira Operations GmbH & Co. KG)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-04-07] ()
U5 UnlockerDriver5; C:\Program Files (x86)\TC UP\PLUGINS\Media\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
R1 VD_FileDisk; C:\Windows\System32\Drivers\VD_FileDisk.sys [30312 2011-01-26] (CaptainFlint Software)
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [61112 2014-05-16] (StdLib)
U3 ajhjaib3; C:\Windows\System32\Drivers\ajhjaib3.sys [0 ] (Microsoft Corporation)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 USBMULCD; system32\drivers\CM10664.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-22 19:20 - 2014-05-22 19:20 - 00000352 _____ () C:\Windows\PFRO.log
2014-05-22 19:15 - 2014-05-22 19:24 - 00004140 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 19:12 - 2014-05-22 19:19 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-05-22 19:09 - 2014-05-22 19:09 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MOCHENMO1-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-05-22 19:09 - 2014-05-22 19:09 - 00000000 ____D () C:\RegBackup
2014-05-22 18:58 - 2014-05-22 18:58 - 00003288 _____ () C:\bootsqm.dat
2014-05-20 15:14 - 2014-05-20 15:14 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-19 21:39 - 2014-05-19 21:39 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\ATI
2014-05-19 21:39 - 2014-05-19 21:39 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\ATI
2014-05-19 21:39 - 2014-05-19 21:39 - 00000000 ____D () C:\ProgramData\ATI
2014-05-19 16:07 - 2014-05-19 16:07 - 00000940 _____ () C:\Users\mochenmo1\Desktop\7-Zip File Manager.lnk
2014-05-19 16:06 - 2014-05-19 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-19 16:06 - 2014-05-19 16:06 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-19 15:57 - 2014-05-19 15:57 - 00855379 _____ () C:\Users\mochenmo1\Desktop\SecurityCheck.exe
2014-05-18 20:50 - 2014-05-18 20:50 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-05-18 15:38 - 2014-05-22 19:20 - 00000616 _____ () C:\Windows\setupact.log
2014-05-18 15:38 - 2014-05-18 15:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-18 15:24 - 2014-05-18 15:24 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 15:12 - 2014-05-18 15:22 - 00000000 ____D () C:\AdwCleaner
2014-05-18 14:54 - 2014-05-18 15:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 14:54 - 2014-05-18 14:54 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-18 14:54 - 2014-05-18 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 14:54 - 2014-05-18 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-18 14:54 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-18 14:54 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-18 14:54 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-18 14:50 - 2014-05-18 14:50 - 00003408 _____ () C:\Windows\System32\Tasks\aviraSWU
2014-05-18 14:50 - 2014-05-18 14:50 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Avira
2014-05-18 14:49 - 2014-05-18 14:50 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-18 14:49 - 2014-05-18 14:49 - 00001958 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-18 14:49 - 2014-05-18 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-18 14:49 - 2014-05-18 14:49 - 00000000 ____D () C:\ProgramData\Avira
2014-05-18 14:49 - 2014-05-16 23:52 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-18 14:49 - 2014-05-16 23:52 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-18 14:49 - 2014-05-16 23:52 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-17 14:48 - 2014-05-22 19:30 - 00000000 ____D () C:\FRST
2014-05-17 08:03 - 2014-05-17 08:03 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\TrojanHunter
2014-05-17 07:22 - 2014-05-16 18:34 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
2014-05-17 06:47 - 2014-05-18 14:48 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5
2014-05-17 06:47 - 2014-05-17 06:47 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll
2014-05-17 05:54 - 2014-05-17 05:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-17 05:52 - 2014-05-18 15:02 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-05-17 05:51 - 2014-05-17 05:51 - 00669799 _____ () C:\Users\mochenmo1\Downloads\voxware_audio.zip
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack
2014-05-16 01:33 - 2014-05-16 01:38 - 00000000 ____D () C:\Program Files (x86)\Total Video Converter
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GSpot
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSpot
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\Program Files (x86)\GSpot
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Win7codecs
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win7codecs
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\Program Files (x86)\Win7codecs
2014-05-16 00:35 - 2014-05-22 19:22 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\vlc
2014-05-16 00:35 - 2014-05-17 05:54 - 00001030 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\soundbackends
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\sound
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\plugins
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\platforms
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\imageformats
2014-05-16 00:32 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\accessible
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\translations
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\styles
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\news
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\gfx
2014-05-16 00:29 - 2014-05-16 01:21 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Overwolf
2014-05-16 00:29 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-16 00:29 - 2014-05-16 01:17 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\TeamSpeak 3 Client
2014-05-16 00:29 - 2014-05-16 00:32 - 00000798 _____ () C:\Users\mochenmo1\Desktop\TeamSpeak 3 Client.lnk
2014-05-16 00:29 - 2014-05-16 00:29 - 01301028 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-16 00_29_42.913393.dmp
2014-05-16 00:25 - 2014-05-16 00:25 - 01293740 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-16 00_25_21.003342.dmp
2014-05-15 23:30 - 2009-03-24 12:52 - 00155984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.ocx
2014-05-15 23:05 - 2014-05-15 23:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 23:05 - 2014-05-15 23:05 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-15 23:04 - 2014-05-16 01:16 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-15 22:34 - 2014-05-15 22:34 - 01171946 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 22_34_22.992244.dmp
2014-05-15 22:23 - 2014-05-15 22:23 - 00001228 _____ () C:\Users\mochenmo1\Desktop\Revo Uninstaller.lnk
2014-05-15 22:23 - 2014-05-15 22:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 21:49 - 2014-05-15 21:49 - 00000000 ____D () C:\backup
2014-05-15 21:09 - 2014-05-15 21:09 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-15 21:00 - 2014-05-15 21:00 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 21_00_16.075060.dmp
2014-05-15 20:52 - 2014-05-15 21:07 - 00000991 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-15 20:52 - 2014-05-15 20:52 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-15 20:52 - 2014-05-15 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-15 20:52 - 2014-05-15 20:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-15 20:48 - 2014-05-15 20:48 - 00003170 _____ () C:\Windows\System32\Tasks\{0DE29827-F5F2-483D-8333-7C424F679B3D}
2014-05-15 20:41 - 2014-05-15 20:41 - 01194692 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_41_01.371074.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01306049 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_30.614315.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01295455 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_34.385530.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01294943 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_36.714664.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01195948 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_40_39.795840.dmp
2014-05-15 20:39 - 2014-05-15 20:39 - 01296113 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_39_44.959703.dmp
2014-05-15 20:32 - 2014-05-15 20:32 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_32_33.183978.dmp
2014-05-15 20:28 - 2014-05-15 20:28 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_28_41.318444.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_32.635991.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_26.306629.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_07.048527.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_48.781482.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_46.346343.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_42.550126.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_38.440891.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_36.935805.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_28.041296.dmp
2014-05-15 20:20 - 2014-05-15 20:20 - 01166445 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_20_40.076257.dmp
2014-05-15 01:51 - 2014-05-15 01:51 - 00008802 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:51 - 2014-05-15 01:51 - 00008802 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:51 - 2014-05-15 01:51 - 00004742 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:51 - 2014-05-15 01:51 - 00004742 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:51 - 2014-05-15 01:51 - 00000280 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-05-15 01:51 - 2014-05-15 01:51 - 00000280 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.URL
2014-05-15 01:50 - 2014-05-15 01:50 - 00008802 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:50 - 2014-05-15 01:50 - 00008802 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:50 - 2014-05-15 01:50 - 00004742 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:50 - 2014-05-15 01:50 - 00004742 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:50 - 2014-05-15 01:50 - 00000280 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-05-15 01:50 - 2014-05-15 01:50 - 00000280 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-05-15 01:48 - 2014-05-15 20:26 - 00000000 ____D () C:\2ce2165
2014-05-14 00:17 - 2014-05-14 00:17 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Astuma
2014-05-13 19:38 - 2014-05-13 19:38 - 00204280 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-13 19_38_36.980195.dmp
2014-05-13 19:38 - 2014-05-13 19:38 - 00203536 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-13 19_38_36.981195.dmp
2014-05-11 22:19 - 2014-05-15 20:30 - 00000000 ____D () C:\Program Files (x86)\ROCCAT
2014-05-09 00:23 - 2014-05-09 00:23 - 00000000 ____D () C:\Users\mochenmo1\Documents\Screen Recording Suite
2014-05-09 00:22 - 2014-05-15 20:30 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Apowersoft
2014-05-09 00:22 - 2014-05-15 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2014-05-09 00:22 - 2014-05-15 20:30 - 00000000 ____D () C:\Program Files (x86)\Apowersoft
2014-05-02 00:30 - 2014-05-02 00:31 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\cache
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\.android
2014-05-02 00:13 - 2014-05-02 00:13 - 00000000 ____D () C:\Users\Public\Documents\DriverGenius
2014-05-02 00:10 - 2014-05-15 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
2014-05-01 23:55 - 2014-05-18 15:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-01 23:55 - 2014-05-15 01:50 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Malwarebytes
2014-04-26 00:57 - 2014-05-15 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-26 00:57 - 2014-05-15 20:42 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-26 00:57 - 2014-05-15 20:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-26 00:06 - 2014-05-16 02:43 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\UZmedia
2014-04-26 00:04 - 2014-05-15 20:42 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

==================== One Month Modified Files and Folders =======

2014-05-22 19:30 - 2014-05-17 14:48 - 00000000 ____D () C:\FRST
2014-05-22 19:26 - 2009-07-14 06:45 - 00016976 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-22 19:26 - 2009-07-14 06:45 - 00016976 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-22 19:25 - 2011-10-31 06:19 - 00640458 _____ () C:\Windows\system32\perfh007.dat
2014-05-22 19:25 - 2011-10-31 06:19 - 00125990 _____ () C:\Windows\system32\perfc007.dat
2014-05-22 19:25 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-22 19:24 - 2014-05-22 19:15 - 00004140 _____ () C:\Windows\WindowsUpdate.log
2014-05-22 19:22 - 2014-05-16 00:35 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\vlc
2014-05-22 19:21 - 2013-09-23 23:58 - 00003378 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-22 19:21 - 2013-09-23 23:58 - 00003252 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-22 19:20 - 2014-05-22 19:20 - 00000352 _____ () C:\Windows\PFRO.log
2014-05-22 19:20 - 2014-05-18 15:38 - 00000616 _____ () C:\Windows\setupact.log
2014-05-22 19:20 - 2012-03-24 10:34 - 00060360 _____ () C:\Users\mochenmo1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-22 19:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-22 19:20 - 2009-07-14 06:45 - 00283136 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-22 19:19 - 2014-05-22 19:12 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-05-22 19:16 - 2009-07-14 04:34 - 00000471 _____ () C:\Windows\win.ini
2014-05-22 19:09 - 2014-05-22 19:09 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MOCHENMO1-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-05-22 19:09 - 2014-05-22 19:09 - 00000000 ____D () C:\RegBackup
2014-05-22 19:06 - 2013-08-30 04:17 - 00003356 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-22 19:06 - 2013-08-08 19:21 - 00003230 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-22 19:06 - 2012-08-28 12:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-22 18:58 - 2014-05-22 18:58 - 00003288 _____ () C:\bootsqm.dat
2014-05-20 21:49 - 2013-03-30 12:20 - 00000000 ____D () C:\Program Files (x86)\Guild Wars 2
2014-05-20 15:14 - 2014-05-20 15:14 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-19 21:39 - 2014-05-19 21:39 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\ATI
2014-05-19 21:39 - 2014-05-19 21:39 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\ATI
2014-05-19 21:39 - 2014-05-19 21:39 - 00000000 ____D () C:\ProgramData\ATI
2014-05-19 16:07 - 2014-05-19 16:07 - 00000940 _____ () C:\Users\mochenmo1\Desktop\7-Zip File Manager.lnk
2014-05-19 16:06 - 2014-05-19 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-19 16:06 - 2014-05-19 16:06 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-05-19 15:57 - 2014-05-19 15:57 - 00855379 _____ () C:\Users\mochenmo1\Desktop\SecurityCheck.exe
2014-05-18 20:50 - 2014-05-18 20:50 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-05-18 15:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-18 15:38 - 2014-05-18 15:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-18 15:37 - 2012-04-07 22:00 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\CrashDumps
2014-05-18 15:24 - 2014-05-18 15:24 - 00000000 ____D () C:\Windows\ERUNT
2014-05-18 15:22 - 2014-05-18 15:12 - 00000000 ____D () C:\AdwCleaner
2014-05-18 15:14 - 2012-03-24 10:34 - 00000000 ____D () C:\Users\mochenmo1
2014-05-18 15:10 - 2014-05-18 14:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-18 15:06 - 2014-05-01 23:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-18 15:02 - 2014-05-17 05:52 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-05-18 15:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech
2014-05-18 14:54 - 2014-05-18 14:54 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-18 14:54 - 2014-05-18 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-18 14:54 - 2014-05-18 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-18 14:50 - 2014-05-18 14:50 - 00003408 _____ () C:\Windows\System32\Tasks\aviraSWU
2014-05-18 14:50 - 2014-05-18 14:50 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Avira
2014-05-18 14:50 - 2014-05-18 14:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-05-18 14:49 - 2014-05-18 14:49 - 00001958 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-05-18 14:49 - 2014-05-18 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-05-18 14:49 - 2014-05-18 14:49 - 00000000 ____D () C:\ProgramData\Avira
2014-05-18 14:48 - 2014-05-17 06:47 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5
2014-05-18 09:53 - 2012-09-18 00:07 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2014-05-18 09:52 - 2011-10-30 21:48 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-18 09:52 - 2011-08-12 09:23 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-05-17 08:03 - 2014-05-17 08:03 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\TrojanHunter
2014-05-17 06:47 - 2014-05-17 06:47 - 00059392 ____R () C:\Windows\SysWOW64\streamhlp.dll
2014-05-17 05:54 - 2014-05-17 05:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-05-17 05:54 - 2014-05-16 00:35 - 00001030 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-05-17 05:51 - 2014-05-17 05:51 - 00669799 _____ () C:\Users\mochenmo1\Downloads\voxware_audio.zip
2014-05-16 23:52 - 2014-05-18 14:49 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-05-16 23:52 - 2014-05-18 14:49 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-05-16 23:52 - 2014-05-18 14:49 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
2014-05-16 22:29 - 2014-05-16 22:29 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack
2014-05-16 22:29 - 2013-07-20 22:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-16 18:34 - 2014-05-17 07:22 - 00061112 _____ (StdLib) C:\Windows\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
2014-05-16 06:24 - 2012-04-25 11:56 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\QuickPar
2014-05-16 02:43 - 2014-04-26 00:06 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\UZmedia
2014-05-16 01:50 - 2013-06-20 02:30 - 00003398 _____ () C:\Windows\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2435969490-785047729-4073554876-1000
2014-05-16 01:42 - 2012-09-18 00:07 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-05-16 01:38 - 2014-05-16 01:33 - 00000000 ____D () C:\Program Files (x86)\Total Video Converter
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GSpot
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSpot
2014-05-16 01:31 - 2014-05-16 01:31 - 00000000 ____D () C:\Program Files (x86)\GSpot
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Win7codecs
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Win7codecs
2014-05-16 01:30 - 2014-05-16 01:30 - 00000000 ____D () C:\Program Files (x86)\Win7codecs
2014-05-16 01:30 - 2012-04-01 19:47 - 00000000 ____D () C:\ProgramData\Win7codecs
2014-05-16 01:28 - 2012-04-01 19:42 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-05-16 01:28 - 2012-04-01 19:42 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
2014-05-16 01:21 - 2014-05-16 00:29 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Overwolf
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\soundbackends
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\sound
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\plugins
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\platforms
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\imageformats
2014-05-16 01:17 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\accessible
2014-05-16 01:17 - 2014-05-16 00:29 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-05-16 01:17 - 2014-05-16 00:29 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\TeamSpeak 3 Client
2014-05-16 01:17 - 2013-08-09 23:23 - 00000000 ____D () C:\Program Files (x86)\TC UP
2014-05-16 01:17 - 2012-06-08 23:57 - 00000000 ____D () C:\ProgramData\Real
2014-05-16 01:17 - 2011-10-30 21:43 - 00000000 ____D () C:\ProgramData\Atheros
2014-05-16 01:17 - 2011-08-12 10:02 - 00000000 ____D () C:\ProgramData\BackupManager
2014-05-16 01:17 - 2011-08-12 10:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-16 01:17 - 2011-08-12 09:59 - 00000000 ____D () C:\ProgramData\oem
2014-05-16 01:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-05-16 01:16 - 2014-05-15 23:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-16 01:16 - 2012-04-01 19:45 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\translations
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\styles
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\news
2014-05-16 00:32 - 2014-05-16 00:32 - 00000000 ____D () C:\Users\mochenmo1\gfx
2014-05-16 00:32 - 2014-05-16 00:29 - 00000798 _____ () C:\Users\mochenmo1\Desktop\TeamSpeak 3 Client.lnk
2014-05-16 00:29 - 2014-05-16 00:29 - 01301028 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-16 00_29_42.913393.dmp
2014-05-16 00:25 - 2014-05-16 00:25 - 01293740 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-16 00_25_21.003342.dmp
2014-05-15 23:45 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 23:05 - 2014-05-15 23:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 23:05 - 2014-05-15 23:05 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-05-15 22:55 - 2012-08-31 16:35 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Adobe
2014-05-15 22:42 - 2012-04-30 23:21 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Deployment
2014-05-15 22:34 - 2014-05-15 22:34 - 01171946 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 22_34_22.992244.dmp
2014-05-15 22:23 - 2014-05-15 22:23 - 00001228 _____ () C:\Users\mochenmo1\Desktop\Revo Uninstaller.lnk
2014-05-15 22:23 - 2014-05-15 22:23 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-15 21:49 - 2014-05-15 21:49 - 00000000 ____D () C:\backup
2014-05-15 21:43 - 2014-04-20 16:44 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-15 21:09 - 2014-05-15 21:09 - 17352880 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-05-15 21:09 - 2012-08-28 12:34 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-15 21:09 - 2012-05-18 21:01 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 21:09 - 2011-08-12 10:01 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 21:07 - 2014-05-15 20:52 - 00000991 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-15 21:00 - 2014-05-15 21:00 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 21_00_16.075060.dmp
2014-05-15 20:56 - 2012-09-29 01:53 - 00000000 ____D () C:\Windows\Minidump
2014-05-15 20:56 - 2012-04-25 00:56 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Media Player Classic
2014-05-15 20:56 - 2012-04-07 21:39 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\DAEMON Tools Lite
2014-05-15 20:56 - 2007-07-12 03:49 - 00000000 ____D () C:\Windows\Panther
2014-05-15 20:52 - 2014-05-15 20:52 - 00002780 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-15 20:52 - 2014-05-15 20:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-15 20:52 - 2014-05-15 20:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-15 20:48 - 2014-05-15 20:48 - 00003170 _____ () C:\Windows\System32\Tasks\{0DE29827-F5F2-483D-8333-7C424F679B3D}
2014-05-15 20:45 - 2014-04-09 22:30 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-05-15 20:43 - 2014-05-02 00:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
2014-05-15 20:42 - 2014-04-26 00:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-15 20:42 - 2014-04-26 00:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-15 20:42 - 2014-04-26 00:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-05-15 20:42 - 2014-04-26 00:04 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-15 20:42 - 2013-09-03 19:22 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-05-15 20:42 - 2012-05-26 13:08 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Real
2014-05-15 20:42 - 2012-05-18 21:01 - 00000000 ____D () C:\Windows\system32\Macromed
2014-05-15 20:42 - 2012-03-26 21:27 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Skype
2014-05-15 20:42 - 2011-08-12 10:01 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-05-15 20:42 - 2011-08-12 10:00 - 00000000 ____D () C:\OEM
2014-05-15 20:42 - 2011-08-12 09:45 - 00000000 ____D () C:\ProgramData\Acer
2014-05-15 20:42 - 2011-08-12 09:43 - 00000000 ____D () C:\ProgramData\Skype
2014-05-15 20:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-05-15 20:41 - 2014-05-15 20:41 - 01194692 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_41_01.371074.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01306049 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_30.614315.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01295455 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_34.385530.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01294943 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_40_36.714664.dmp
2014-05-15 20:40 - 2014-05-15 20:40 - 01195948 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_40_39.795840.dmp
2014-05-15 20:39 - 2014-05-15 20:39 - 01296113 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win64-1394624943-2014-05-15 20_39_44.959703.dmp
2014-05-15 20:32 - 2014-05-15 20:32 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_32_33.183978.dmp
2014-05-15 20:30 - 2014-05-11 22:19 - 00000000 ____D () C:\Program Files (x86)\ROCCAT
2014-05-15 20:30 - 2014-05-09 00:22 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Apowersoft
2014-05-15 20:30 - 2014-05-09 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2014-05-15 20:30 - 2014-05-09 00:22 - 00000000 ____D () C:\Program Files (x86)\Apowersoft
2014-05-15 20:30 - 2014-03-08 21:20 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-05-15 20:30 - 2013-05-01 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any Video Converter
2014-05-15 20:28 - 2014-05-15 20:28 - 01170722 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_28_41.318444.dmp
2014-05-15 20:26 - 2014-05-15 01:48 - 00000000 ____D () C:\2ce2165
2014-05-15 20:26 - 2013-04-06 23:05 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_32.635991.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_26.306629.dmp
2014-05-15 20:25 - 2014-05-15 20:25 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_25_07.048527.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_48.781482.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_46.346343.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_42.550126.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_38.440891.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_36.935805.dmp
2014-05-15 20:24 - 2014-05-15 20:24 - 01163707 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_24_28.041296.dmp
2014-05-15 20:20 - 2014-05-15 20:20 - 01166445 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-15 20_20_40.076257.dmp
2014-05-15 01:51 - 2014-05-15 01:51 - 00008802 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:51 - 2014-05-15 01:51 - 00008802 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:51 - 2014-05-15 01:51 - 00004742 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:51 - 2014-05-15 01:51 - 00004742 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:51 - 2014-05-15 01:51 - 00000280 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-05-15 01:51 - 2014-05-15 01:51 - 00000280 _____ () C:\Users\mochenmo1\Documents\DECRYPT_INSTRUCTION.URL
2014-05-15 01:51 - 2013-07-02 20:18 - 00000000 ____D () C:\Users\mochenmo1\Documents\Any Video Converter
2014-05-15 01:51 - 2012-04-25 01:02 - 00000000 ____D () C:\Users\mochenmo1\Documents\CyberLink
2014-05-15 01:50 - 2014-05-15 01:50 - 00008802 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:50 - 2014-05-15 01:50 - 00008802 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-05-15 01:50 - 2014-05-15 01:50 - 00004742 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:50 - 2014-05-15 01:50 - 00004742 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-05-15 01:50 - 2014-05-15 01:50 - 00000280 _____ () C:\Users\mochenmo1\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-05-15 01:50 - 2014-05-15 01:50 - 00000280 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-05-15 01:50 - 2014-05-01 23:55 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Malwarebytes
2014-05-15 01:50 - 2013-05-01 18:21 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Any Video Converter
2014-05-15 01:50 - 2012-04-26 18:10 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\InternetEverywhere
2014-05-15 01:50 - 2012-03-24 10:56 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\Western Digital
2014-05-15 01:49 - 2011-10-30 21:25 - 00000000 ____D () C:\book
2014-05-15 01:49 - 2011-08-12 10:09 - 00008728 __RSH () C:\BOOTSECT.BAK
2014-05-14 00:17 - 2014-05-14 00:17 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Astuma
2014-05-13 19:38 - 2014-05-13 19:38 - 00204280 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-13 19_38_36.980195.dmp
2014-05-13 19:38 - 2014-05-13 19:38 - 00203536 _____ () C:\Users\mochenmo1\Documents\ts3_clientui-win32-1378715177-2014-05-13 19_38_36.981195.dmp
2014-05-12 00:10 - 2009-07-14 04:34 - 54525952 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-12 00:10 - 2009-07-14 04:34 - 16777216 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-12 00:10 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-09 00:23 - 2014-05-09 00:23 - 00000000 ____D () C:\Users\mochenmo1\Documents\Screen Recording Suite
2014-05-08 20:06 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-05-02 00:31 - 2014-05-02 00:30 - 00000000 ____D () C:\Windows\system32\config\RCCBakup
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\AppData\Local\cache
2014-05-02 00:25 - 2014-05-02 00:25 - 00000000 ____D () C:\Users\mochenmo1\.android
2014-05-02 00:13 - 2014-05-02 00:13 - 00000000 ____D () C:\Users\Public\Documents\DriverGenius
2014-05-02 00:07 - 2013-05-01 18:21 - 00000000 ____D () C:\Program Files (x86)\Any Video Converter
2014-05-01 16:19 - 2009-07-14 07:38 - 00067584 ____S () C:\Windows\bootstat(32).dat
2014-04-30 11:07 - 2013-09-17 19:21 - 00000000 ____D () C:\Users\mochenmo1\AppData\Roaming\Guild Wars 2

Files to move or delete:
====================
C:\Users\mochenmo1\createfileassoc.exe
C:\Users\mochenmo1\error_report.exe
C:\Users\mochenmo1\libeay32.dll
C:\Users\mochenmo1\msvcp110.dll
C:\Users\mochenmo1\msvcr110.dll
C:\Users\mochenmo1\OverwolfTeamSpeakInstaller.exe
C:\Users\mochenmo1\package_inst.exe
C:\Users\mochenmo1\Qt5Core.dll
C:\Users\mochenmo1\Qt5Gui.dll
C:\Users\mochenmo1\Qt5Network.dll
C:\Users\mochenmo1\Qt5Sql.dll
C:\Users\mochenmo1\Qt5Widgets.dll
C:\Users\mochenmo1\quazip.dll
C:\Users\mochenmo1\ssleay32.dll
C:\Users\mochenmo1\ts3client_win64.exe


Some content of TEMP:
====================
C:\Users\mochenmo1\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-20 22:19

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

die filme, serien etc, lassen sich immer noch nicht abspielen.
fällt dir noch was ein?
Ich würde ja windows komplett neu aufsetzen.Ich weiß nicht ob das was nützen würde.
Allerdings koennte ich dann nicht mehr ein gewisses online game spielen, da ich da die insatllations cd's nicht mit habe.Auuserdem habe ich keine Windows cd dabei.
zum verständnis...ich bin noch bis november in italien, nicht zuhause in deutschland:(

Die dateien scheinen beschädigt zu sein,denke ich. keine player erkennt sie.
wenn mir jetzt z.b eine flv datei von youtube runterlade, wird sie ja korrekt abgespielt.

ich weiß jetzt nicht ob auf dem system noch i-welche trojaner und viren, etc. sind. es ist ja wirklich gut dass du da aufgeräumt hast. kennst du eine möglichkeit die wahrscheinlich beschädigten avi's zu reparieren?

schrauber 23.05.2014 16:15
Also es geht um lokal bei dir gespeicherte Filme und so, die werden nicht abgespielt? Mach mal auf einen Film nen Rechtsklick > Eigenschaften, davon einen Screenshot.

chetumal 24.05.2014 16:40
Liste der Anhänge anzeigen (Anzahl: 2)
keine ahnung wie ich dir die bilder ausser als anhang schicken soll.
bei einigen dateien sagt mir der vlc player "undf" format. bei einigen läuft die Zeit aber kein bild und ton. bei einigen läuft noch nicht mal die zeit. Jegliche dateiformate ausser mkv sind betroffen. und noch Ordner die noch entpackt werden müssen, gehen auch noch.

L.G.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:35 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131