| |
| |||||||
Log-Analyse und Auswertung: FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.07.2013, 23:44
| #1 |
 |  FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehr Hallo, ich habe mir gestern den FreeYoutubeToMP3Converter5628.exe auf Chip.de heruntergeladen, und nur ein einziges Mal benutzt. Anschließend hatte ich als Startseite zuerst die Deltasearch und nachdem sich das wieder umstellen lies. Eine Leere Firefox Seite. Ich habe den Anti-Vir Scanner einmal durchlaufen lassen. Anschließend habe ich den Adw-Cleaner heruntergeladen und zweimal Suchen und Löschen lassen. Nach der letzten Suche zeigte er folgendes an: # AdwCleaner v2.304 - Datei am 11/07/2013 um 00:33:49 erstellt # Aktualisiert am 03/07/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : xxx - xxx-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\xxx\Downloads\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Program Files (x86)\MapsGalaxy_39EI Ordner Gefunden : C:\Users\xxx\AppData\LocalLow\MapsGalaxy_39EI ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v22.0 (de) Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\it0d8jas.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [10897 octets] - [10/07/2013 21:43:36] AdwCleaner[R2].txt - [1731 octets] - [10/07/2013 23:32:01] AdwCleaner[R3].txt - [1109 octets] - [10/07/2013 23:36:16] AdwCleaner[R4].txt - [1169 octets] - [10/07/2013 23:36:59] AdwCleaner[R5].txt - [1233 octets] - [11/07/2013 00:33:49] AdwCleaner[S1].txt - [10940 octets] - [10/07/2013 21:44:34] AdwCleaner[S2].txt - [1633 octets] - [10/07/2013 23:32:53] ########## EOF - C:\AdwCleaner[R5].txt - [1414 octets] ########## Danach habe ich mich an eure Anweisung gehalten und den OTL.exe heruntergeladen und den Scannen lassen Dabei kam folgender Bericht raus: OTL logfile created on: 11.07.2013 00:06:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,79 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 50,41% Memory free 7,59 Gb Paging File | 5,36 Gb Available in Paging File | 70,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 174,66 Gb Total Space | 118,99 Gb Free Space | 68,13% Space Free | Partition Type: NTFS Drive D: | 502,49 Gb Total Space | 433,59 Gb Free Space | 86,29% Space Free | Partition Type: NTFS Drive F: | 7,43 Gb Total Space | 3,31 Gb Free Space | 44,56% Space Free | Partition Type: FAT32 Computer Name: xxx-PC | User Name: xxx| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.11 00:05:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Downloads\OTL.exe PRC - [2013.07.11 00:03:43 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Downloads\Defogger.exe PRC - [2013.06.29 12:55:05 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe PRC - [2013.06.27 12:27:22 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.06.26 10:54:01 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.06.26 10:53:52 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.06.26 10:53:52 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.05 19:52:10 | 000,188,600 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe PRC - [2011.01.28 15:32:36 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2010.12.14 20:03:55 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.11.20 04:17:58 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010.09.30 15:15:20 | 001,078,912 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe PRC - [2010.09.24 02:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010.08.21 04:47:58 | 000,077,312 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe PRC - [2010.08.18 00:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.08.17 08:34:22 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.08.17 08:30:54 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.08.13 03:52:16 | 000,021,504 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe PRC - [2010.07.10 08:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe PRC - [2010.05.04 00:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.05.04 00:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.12.08 08:51:50 | 000,774,144 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe PRC - [2009.11.03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.08.12 22:32:56 | 000,365,936 | ---- | M] (Boingo Wireless, Inc.) -- C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe PRC - [2009.07.31 20:38:26 | 000,428,600 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe PRC - [2009.07.31 20:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009.07.06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2009.06.19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (No Company Name) ========== MOD - [2013.07.11 00:03:43 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Downloads\Defogger.exe MOD - [2013.07.10 22:25:31 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll MOD - [2013.07.10 22:24:39 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4a8709f71eba20cc71c7905bba3dee\PresentationFramework.ni.dll MOD - [2013.07.10 22:24:12 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013.07.10 22:24:01 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013.07.10 22:23:56 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef17be93e209cc95b9768c7822530432\PresentationCore.ni.dll MOD - [2013.07.10 22:23:38 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll MOD - [2013.07.10 22:23:27 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013.07.10 22:23:20 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013.07.10 22:23:18 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013.07.10 22:23:07 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013.06.29 12:55:05 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013.06.27 12:27:22 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.04 17:58:10 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2010.09.30 15:14:04 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll MOD - [2010.09.30 15:13:38 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll MOD - [2010.09.30 15:13:12 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll MOD - [2010.09.30 15:13:06 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll MOD - [2010.09.24 02:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2010.08.16 15:49:59 | 000,010,856 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2010.08.13 03:52:16 | 000,021,504 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe MOD - [2009.11.03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.08.04 11:50:05 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Services (SafeList) ========== SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2010.09.23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.06.22 21:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.04.17 02:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010.03.05 20:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2010.03.05 20:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2010.03.05 20:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2013.06.29 13:28:36 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.27 12:27:22 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.26 10:54:01 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.06.26 10:53:52 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.18 14:35:50 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2010.08.21 04:47:58 | 000,077,312 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService) SRV - [2010.08.17 08:34:22 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.08.17 08:30:54 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.25 18:41:32 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.04.25 18:41:32 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.04.25 18:41:32 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.25 05:24:26 | 000,229,376 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) DRV:64bit: - [2010.09.25 05:24:26 | 000,069,120 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) DRV:64bit: - [2010.09.23 10:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.09.08 19:39:32 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.08.25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.08.16 15:49:59 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2010.05.31 22:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2010.04.17 02:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.04.16 21:45:50 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2010.03.04 11:53:01 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.03.03 13:51:39 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.26 23:02:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.11.19 15:06:43 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic) DRV:64bit: - [2009.11.19 15:06:43 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex) DRV:64bit: - [2009.11.19 15:06:43 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5) DRV:64bit: - [2009.11.19 15:06:41 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt) DRV:64bit: - [2009.11.19 15:06:40 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm) DRV:64bit: - [2009.11.19 15:06:39 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl) DRV:64bit: - [2009.11.19 15:06:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.20 04:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.13 19:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2008.05.24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010.02.24 21:14:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/12/14 09:10:47] [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 03:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.27 12:27:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.27 12:27:16 | 000,000,000 | ---D | M] [2013.04.21 14:00:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions [2013.07.10 21:44:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\it0d8jas.default\extensions [2013.07.09 17:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions [2013.06.27 12:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.06.27 12:27:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.11.12 11:41:04 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe File not found O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe () O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16D59507-4109-46FC-911A-7DD493B27D5D}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d183ba6f-b27c-11e2-b8c2-bcaec51feecb}\Shell - "" = AutoRun O33 - MountPoints2\{d183ba6f-b27c-11e2-b8c2-bcaec51feecb}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.10 22:01:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.07.09 17:54:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.07.09 17:54:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.07.04 13:30:55 | 000,000,000 | ---D | C] -- C:\PFS8.0 AE_TMP [2013.06.29 12:54:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Adobe [2013.06.28 00:04:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Freemake [2013.06.28 00:04:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake [2013.06.28 00:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake [2013.06.28 00:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2013.06.28 00:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake [2013.06.27 23:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2013.06.27 23:14:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\AVS4YOU [2013.06.27 23:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2013.06.27 23:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2013.06.27 23:10:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft [2013.06.27 12:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic [2013.06.27 12:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.23 14:30:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Panasonic [2013.06.23 14:30:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\InstallShield [2013.06.23 14:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic [2013.06.23 14:22:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Panasonic [2013.06.23 14:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic [2013.06.23 14:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2013.06.23 14:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2013.06.23 14:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2013.06.23 12:01:55 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Microsoft Games ========== Files - Modified Within 30 Days ========== [2013.07.11 00:03:58 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2013.07.10 23:42:26 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.10 23:42:26 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.10 23:34:12 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013.07.10 23:34:10 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.10 23:33:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.10 23:33:53 | 3054,878,720 | -HS- | M] () -- C:\hiberfil.sys [2013.07.10 23:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.10 23:23:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.10 22:20:49 | 000,355,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.10 22:14:38 | 001,550,634 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.10 22:14:38 | 000,665,578 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.10 22:14:38 | 000,627,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.10 22:14:38 | 000,133,758 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.10 22:14:38 | 000,110,140 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.10 21:44:57 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.07.09 19:50:06 | 000,001,402 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013.06.26 10:54:04 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.06.23 20:24:20 | 000,002,032 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013.06.23 14:30:27 | 000,002,485 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.0 AE.lnk [2013.06.23 14:25:57 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.0 AE.lnk [2013.06.20 23:21:22 | 000,002,192 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2013.07.11 00:03:58 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2013.07.10 21:44:43 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.06.29 12:55:06 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.23 14:30:39 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2013.06.23 14:30:39 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2013.06.23 14:30:39 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2013.06.23 14:30:39 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2013.06.23 14:30:39 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2013.06.23 14:30:39 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2013.06.23 14:30:39 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2013.06.23 14:30:39 | 000,013,732 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg [2013.06.23 14:30:39 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2013.06.23 14:30:39 | 000,006,442 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_IT.cfg [2013.06.23 14:30:39 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg [2013.06.23 14:30:39 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg [2013.06.23 14:30:39 | 000,006,335 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_GE.cfg [2013.06.23 14:30:39 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg [2013.06.23 14:30:39 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg [2013.06.23 14:30:39 | 000,006,122 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_DU.cfg [2013.06.23 14:30:39 | 000,006,103 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg [2013.06.23 14:30:39 | 000,005,817 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_KO.cfg [2013.06.23 14:30:39 | 000,005,436 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_SC.cfg [2013.06.23 14:30:39 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2013.06.23 14:30:39 | 000,002,889 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_RU.cfg [2013.06.23 14:30:39 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_TC.cfg [2013.06.23 14:30:39 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2013.06.23 14:30:39 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2013.06.23 14:30:39 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2013.06.23 14:30:39 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2013.06.23 14:30:39 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2013.06.23 14:30:39 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2013.06.23 14:30:39 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2013.06.23 14:30:39 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2013.06.23 14:30:39 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2013.06.23 14:30:39 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2013.06.23 14:30:27 | 000,002,485 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.0 AE.lnk [2013.06.23 14:25:57 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.0 AE.lnk [2010.12.14 19:32:40 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.20 13:29:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Asus WebStorage [2013.07.09 21:20:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft ========== Purity Check ========== < End of report > Die Startseite beim Firefox hat sich bislang nicht neu festlegen lassen. Vielen Dank im Vorraus! |
|
11.07.2013, 03:36
| #2 |
| /// the machine /// TB-Ausbilder    | FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehr hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
11.07.2013, 09:42
| #3 |
| | FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehr Hier ist FRST:
__________________FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 04
Ran by Christoph (administrator) on 11-07-2013 10:32:46
Running from C:\Users\Christoph\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUS) C:\Windows\AsScrPro.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sony Ericsson Mobile Communications AB) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\CHRIST~1\AppData\Local\Temp\IS3571~1\QtraxInstaller.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Avira Operations GmbH & Co. KG) c:\program files (x86)\avira\antivir desktop\avscan.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2121320 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [ETDWare] - %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelWireless] - "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-17] ()
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM-x32\...\Runonce: [Del1105220] - cmd.exe /Q /D /c del "C:\Users\CHRIST~1\AppData\Local\Temp\0.del" [x]
HKLM-x32\...\Runonce: [Del1107560] - cmd.exe /Q /D /c del "C:\Users\CHRIST~1\AppData\Local\Temp\0.del" [x]
HKCU\...\Run: [Sony Ericsson PC Companion] - "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon [774144 2009-12-08] (Sony Ericsson Mobile Communications AB)
HKCU\...\Runonce: [Del1105220] - cmd.exe /Q /D /c del "C:\Users\CHRIST~1\AppData\Local\Temp\0.del" [x]
HKCU\...\Runonce: [Del1107560] - cmd.exe /Q /D /c del "C:\Users\CHRIST~1\AppData\Local\Temp\0.del" [x]
HKCU\...\Runonce: [Qtrax] - C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe 377104193.portal.qtrax.com [x]
MountPoints2: {d183ba6f-b27c-11e2-b8c2-bcaec51feecb} - F:\Startme.exe
HKLM-x32\...\Run: [RemoteControl9] - "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] - "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2429 2010-12-14] ()
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-04] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [SessionLogon] - C:\ExpressGateUtil\SessionLogon.exe [x]
HKLM-x32\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-13] ()
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-26] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [112232 2010-08-16] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll c:\windows\syswow64\nvinit.dll [100968 2010-08-16] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.0 AE.lnk
ShortcutTarget: PHOTOfunSTUDIO 8.0 AE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=3EDD0026C7C977C5&affID=119357&tsp=4940
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=3EDD0026C7C977C5&affID=119357&tsp=4940
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: DealPly - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\it0d8jas.default
FF user.js: detected! => C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\it0d8jas.default\user.js
FF NewTab: hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=3EDD0026C7C977C5&affID=119357&tsp=4940
FF SelectedSearchEngine: Delta Search
FF Homepage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=3EDD0026C7C977C5&affID=119357&tsp=4940
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\it0d8jas.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\it0d8jas.default\searchplugins\delta.xml
FF Extension: Delta Toolbar - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\it0d8jas.default\Extensions\ffxtlbr@delta.com
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF Extension: No Name - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-18] (CyberLink)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] ()
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-21] ()
R2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2013-05-02] (Wajam)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-25] (Avira Operations GmbH & Co. KG)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69120 2010-09-25] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2009-11-19] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2009-11-19] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2009-11-19] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2009-11-19] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2009-11-19] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2009-11-19] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2009-11-19] (MCCI Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [146928 2010-02-24] (CyberLink Corp.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [146928 2010-02-24] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-11 10:32 - 2013-07-11 10:32 - 00000000 ____D C:\FRST
2013-07-11 10:31 - 2013-07-11 10:31 - 01777775 ____A (Farbar) C:\Users\Christoph\Downloads\FRST64.exe
2013-07-11 10:29 - 2013-07-11 10:29 - 00003826 ____A C:\Windows\System32\Tasks\QtraxPlayer
2013-07-11 10:29 - 2013-07-11 10:29 - 00003536 ____A C:\Windows\System32\Tasks\DealPly
2013-07-11 10:29 - 2013-07-11 10:29 - 00003436 ____A C:\Windows\System32\Tasks\BrowserDefendert
2013-07-11 10:29 - 2013-07-11 10:29 - 00003374 ____A C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-11 10:29 - 2013-07-11 10:29 - 00003256 ____A C:\Windows\System32\Tasks\DSite
2013-07-11 10:29 - 2013-07-11 10:29 - 00002394 ____A C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-11 10:29 - 2013-07-11 10:29 - 00002364 ____A C:\Users\Christoph\Desktop\Qtrax Player.lnk
2013-07-11 10:29 - 2013-07-11 10:29 - 00001119 ____A C:\Users\Public\Desktop\Open It!.lnk
2013-07-11 10:29 - 2013-07-11 10:29 - 00000300 ____A C:\Windows\Tasks\DSite.job
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\DSite
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\DealPly
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Babylon
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\BabSolution
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Users\Christoph\AppData\Local\Wajam
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\ProgramData\Babylon
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-07-11 10:28 - 2013-07-11 10:28 - 00793536 ____A C:\Users\Christoph\Downloads\ZipOpenerSetup.exe
2013-07-11 00:33 - 2013-07-11 00:34 - 00001483 ____A C:\AdwCleaner[R5].txt
2013-07-11 00:22 - 2013-07-11 00:22 - 00091826 ____A C:\Users\Christoph\Desktop\OTL.Txt
2013-07-11 00:19 - 2013-07-11 00:19 - 00090478 ____A C:\Users\Christoph\Downloads\Extras.Txt
2013-07-11 00:18 - 2013-07-11 00:18 - 00091852 ____A C:\Users\Christoph\Downloads\OTL.Txt
2013-07-11 00:05 - 2013-07-11 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\Christoph\Downloads\OTL.exe
2013-07-11 00:03 - 2013-07-11 00:04 - 00000480 ____A C:\Users\Christoph\Downloads\defogger_disable.log
2013-07-11 00:03 - 2013-07-11 00:03 - 00050477 ____A C:\Users\Christoph\Downloads\Defogger.exe
2013-07-11 00:03 - 2013-07-11 00:03 - 00000000 ____A C:\Users\Christoph\defogger_reenable
2013-07-10 23:36 - 2013-07-10 23:37 - 00001169 ____A C:\AdwCleaner[R4].txt
2013-07-10 23:36 - 2013-07-10 23:36 - 00001109 ____A C:\AdwCleaner[R3].txt
2013-07-10 23:32 - 2013-07-10 23:33 - 00001633 ____A C:\AdwCleaner[S2].txt
2013-07-10 23:32 - 2013-07-10 23:32 - 00001731 ____A C:\AdwCleaner[R2].txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00022395 ____A C:\Users\Christoph\Desktop\dds.txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00009181 ____A C:\Users\Christoph\Desktop\attach.txt
2013-07-10 23:21 - 2013-07-10 23:21 - 00688992 ____R (Swearware) C:\Users\Christoph\Downloads\dds(1).com
2013-07-10 22:06 - 2013-05-29 08:15 - 17829376 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 22:06 - 2013-05-29 07:50 - 10926080 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 22:06 - 2013-05-29 07:43 - 02312704 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 22:06 - 2013-05-29 07:36 - 01346560 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 22:06 - 2013-05-29 07:35 - 01392128 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 22:06 - 2013-05-29 07:34 - 01494528 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-10 22:06 - 2013-05-29 07:33 - 00237056 ____A (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 22:06 - 2013-05-29 07:31 - 00085504 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 22:06 - 2013-05-29 07:29 - 00816640 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 22:06 - 2013-05-29 07:29 - 00599040 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-10 22:06 - 2013-05-29 07:29 - 00173056 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-10 22:06 - 2013-05-29 07:27 - 02147840 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 22:06 - 2013-05-29 07:27 - 00729088 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 22:06 - 2013-05-29 07:25 - 02382848 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 22:06 - 2013-05-29 07:25 - 00096768 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 22:06 - 2013-05-29 07:18 - 00248320 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 22:06 - 2013-05-29 03:56 - 12333568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 22:06 - 2013-05-29 03:50 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 22:06 - 2013-05-29 03:48 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 22:06 - 2013-05-29 03:41 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-10 22:06 - 2013-05-29 03:41 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 22:06 - 2013-05-29 03:41 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 22:06 - 2013-05-29 03:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 22:06 - 2013-05-29 03:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 22:06 - 2013-05-29 03:37 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-10 22:06 - 2013-05-29 03:36 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-10 22:06 - 2013-05-29 03:35 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 22:06 - 2013-05-29 03:35 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 22:06 - 2013-05-29 03:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 22:06 - 2013-05-29 03:33 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 22:06 - 2013-05-29 03:33 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 22:06 - 2013-05-29 03:29 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-10 21:50 - 2013-07-10 21:50 - 00688992 ____A (Swearware) C:\Users\Christoph\Downloads\dds.com
2013-07-10 21:44 - 2013-07-10 21:44 - 00010940 ____A C:\AdwCleaner[S1].txt
2013-07-10 21:44 - 2013-07-10 21:44 - 00000098 ____A C:\Windows\DeleteOnReboot.bat
2013-07-10 21:43 - 2013-07-10 21:43 - 00650027 ____A C:\Users\Christoph\Downloads\adwcleaner.exe
2013-07-10 21:43 - 2013-07-10 21:43 - 00010897 ____A C:\AdwCleaner[R1].txt
2013-07-10 21:10 - 2013-06-05 05:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 21:10 - 2013-06-04 08:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 21:10 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 21:10 - 2013-05-06 08:03 - 01887744 ____A (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 21:10 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 21:09 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 21:09 - 2013-04-03 00:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 20:49 - 2013-07-09 20:55 - 95741915 ____A C:\Users\Christoph\Downloads\Free1972Heartbreaker.rar
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-09 17:31 - 2013-07-11 10:29 - 00003410 ____A C:\Windows\System32\Tasks\EPUpdater
2013-07-09 17:29 - 2013-07-09 17:29 - 25328416 ____A (DVDVideoSoft Ltd. ) C:\Users\Christoph\Downloads\FreeYouTubeToMP3Converter5628.exe
2013-07-04 13:30 - 2013-07-04 13:37 - 00000000 ____D C:\PFS8.0 AE_TMP
2013-06-29 12:55 - 2013-07-11 10:28 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 12:55 - 2013-06-29 13:28 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-29 12:54 - 2013-06-29 12:55 - 00000000 ____D C:\Users\Christoph\AppData\Local\Adobe
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\Christoph\Documents\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\ProgramData\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-06-28 00:03 - 2013-06-28 00:03 - 01264824 ____A (Ellora Assets Corporation ) C:\Users\Christoph\Downloads\FreemakeAudioConverterSetup.exe
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\AVS4YOU
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-06-27 23:13 - 2013-06-28 00:00 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-06-27 23:13 - 2012-12-17 15:02 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-06-27 23:10 - 2013-07-09 21:20 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\DVDVideoSoft
2013-06-27 23:09 - 2013-06-27 23:09 - 25373136 ____A (DVDVideoSoft Ltd. ) C:\Users\Christoph\Downloads\FreeYouTubeToMP3Converter-3.12.4.622.exe
2013-06-27 12:34 - 2013-06-27 12:34 - 00000000 ____D C:\ProgramData\Panasonic
2013-06-27 12:27 - 2013-07-09 17:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\InstallShield
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users\Christoph\AppData\Local\Panasonic
2013-06-23 14:30 - 2007-06-22 00:10 - 00501912 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2013-06-23 14:30 - 2007-06-22 00:10 - 00000097 ____A C:\Windows\SysWOW64\PICSDK.ini
2013-06-23 14:30 - 2006-10-31 00:10 - 00120992 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2013-06-23 14:30 - 2006-10-31 00:10 - 00071840 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EPPicMgr.dll
2013-06-23 14:30 - 2006-10-20 00:10 - 00108704 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2013-06-23 14:30 - 2006-10-20 00:10 - 00080024 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2013-06-23 14:30 - 2005-06-01 00:20 - 00111932 ____A C:\Windows\SysWOW64\EPPICPrinterDB.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00031053 ____A C:\Windows\SysWOW64\EPPICPattern131.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00027417 ____A C:\Windows\SysWOW64\EPPICPattern121.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00026154 ____A C:\Windows\SysWOW64\EPPICPattern1.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00024903 ____A C:\Windows\SysWOW64\EPPICPattern3.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00021390 ____A C:\Windows\SysWOW64\EPPICPattern5.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00020148 ____A C:\Windows\SysWOW64\EPPICPattern2.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00013732 ____A C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00011811 ____A C:\Windows\SysWOW64\EPPICPattern4.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00006442 ____A C:\Windows\SysWOW64\EPPICLocal_IT.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006347 ____A C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006347 ____A C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006335 ____A C:\Windows\SysWOW64\EPPICLocal_GE.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006195 ____A C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006195 ____A C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006122 ____A C:\Windows\SysWOW64\EPPICLocal_DU.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006103 ____A C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00005817 ____A C:\Windows\SysWOW64\EPPICLocal_KO.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00005436 ____A C:\Windows\SysWOW64\EPPICLocal_SC.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00004943 ____A C:\Windows\SysWOW64\EPPICPattern6.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00002889 ____A C:\Windows\SysWOW64\EPPICLocal_RU.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00002426 ____A C:\Windows\SysWOW64\EPPICLocal_TC.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00001146 ____A C:\Windows\SysWOW64\EPPICPresetData_DU.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001139 ____A C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001139 ____A C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001136 ____A C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001129 ____A C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001129 ____A C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001120 ____A C:\Windows\SysWOW64\EPPICPresetData_IT.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001107 ____A C:\Windows\SysWOW64\EPPICPresetData_GE.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001104 ____A C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2013-06-23 14:25 - 2013-06-23 14:25 - 00002215 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.0 AE.lnk
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-06-23 12:01 - 2013-06-23 12:02 - 00000000 ____D C:\Users\Christoph\AppData\Local\Microsoft Games
2013-06-12 19:20 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 19:20 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 19:20 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 19:20 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 19:20 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 19:20 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 19:20 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 19:20 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 19:20 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-12 19:19 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 19:19 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 19:19 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 19:19 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 19:19 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 19:19 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 19:19 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 19:19 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 19:19 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 19:19 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll
==================== One Month Modified Files and Folders =======
2013-07-11 10:32 - 2013-07-11 10:32 - 00000000 ____D C:\FRST
2013-07-11 10:32 - 2009-07-14 06:45 - 00010016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-11 10:32 - 2009-07-14 06:45 - 00010016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 10:31 - 2013-07-11 10:31 - 01777775 ____A (Farbar) C:\Users\Christoph\Downloads\FRST64.exe
2013-07-11 10:29 - 2013-07-11 10:29 - 00003826 ____A C:\Windows\System32\Tasks\QtraxPlayer
2013-07-11 10:29 - 2013-07-11 10:29 - 00003536 ____A C:\Windows\System32\Tasks\DealPly
2013-07-11 10:29 - 2013-07-11 10:29 - 00003436 ____A C:\Windows\System32\Tasks\BrowserDefendert
2013-07-11 10:29 - 2013-07-11 10:29 - 00003374 ____A C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-11 10:29 - 2013-07-11 10:29 - 00003256 ____A C:\Windows\System32\Tasks\DSite
2013-07-11 10:29 - 2013-07-11 10:29 - 00002394 ____A C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-11 10:29 - 2013-07-11 10:29 - 00002364 ____A C:\Users\Christoph\Desktop\Qtrax Player.lnk
2013-07-11 10:29 - 2013-07-11 10:29 - 00001119 ____A C:\Users\Public\Desktop\Open It!.lnk
2013-07-11 10:29 - 2013-07-11 10:29 - 00000300 ____A C:\Windows\Tasks\DSite.job
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\DSite
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\DealPly
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Babylon
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\BabSolution
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Users\Christoph\AppData\Local\Wajam
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\ProgramData\Babylon
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-11 10:29 - 2013-07-11 10:29 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-07-11 10:29 - 2013-07-09 17:31 - 00003410 ____A C:\Windows\System32\Tasks\EPUpdater
2013-07-11 10:28 - 2013-07-11 10:28 - 00793536 ____A C:\Users\Christoph\Downloads\ZipOpenerSetup.exe
2013-07-11 10:28 - 2013-06-29 12:55 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-11 10:23 - 2010-12-14 19:14 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-11 10:18 - 2013-04-21 11:35 - 00003962 ____A C:\Windows\System32\Tasks\User_Feed_Synchronization-{FFB44DA8-096C-4808-9FBC-BD03686F00E0}
2013-07-11 10:11 - 2010-12-14 20:08 - 00045056 ____A C:\Windows\system32\acovcnt.exe
2013-07-11 10:11 - 2010-12-14 20:02 - 00000000 ____D C:\Program Files\P4G
2013-07-11 10:11 - 2010-12-14 19:52 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-11 10:11 - 2010-12-14 19:40 - 00257736 ____A C:\Windows\PFRO.log
2013-07-11 10:11 - 2010-12-14 19:14 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-11 10:11 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-11 10:11 - 2009-07-14 06:51 - 00049085 ____A C:\Windows\setupact.log
2013-07-11 01:01 - 2010-12-14 18:38 - 02056752 ____A C:\Windows\WindowsUpdate.log
2013-07-11 00:34 - 2013-07-11 00:33 - 00001483 ____A C:\AdwCleaner[R5].txt
2013-07-11 00:22 - 2013-07-11 00:22 - 00091826 ____A C:\Users\Christoph\Desktop\OTL.Txt
2013-07-11 00:19 - 2013-07-11 00:19 - 00090478 ____A C:\Users\Christoph\Downloads\Extras.Txt
2013-07-11 00:18 - 2013-07-11 00:18 - 00091852 ____A C:\Users\Christoph\Downloads\OTL.Txt
2013-07-11 00:05 - 2013-07-11 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\Christoph\Downloads\OTL.exe
2013-07-11 00:04 - 2013-07-11 00:03 - 00000480 ____A C:\Users\Christoph\Downloads\defogger_disable.log
2013-07-11 00:03 - 2013-07-11 00:03 - 00050477 ____A C:\Users\Christoph\Downloads\Defogger.exe
2013-07-11 00:03 - 2013-07-11 00:03 - 00000000 ____A C:\Users\Christoph\defogger_reenable
2013-07-11 00:03 - 2013-04-20 13:19 - 00000000 ____D C:\Users\Christoph
2013-07-10 23:37 - 2013-07-10 23:36 - 00001169 ____A C:\AdwCleaner[R4].txt
2013-07-10 23:36 - 2013-07-10 23:36 - 00001109 ____A C:\AdwCleaner[R3].txt
2013-07-10 23:33 - 2013-07-10 23:32 - 00001633 ____A C:\AdwCleaner[S2].txt
2013-07-10 23:32 - 2013-07-10 23:32 - 00001731 ____A C:\AdwCleaner[R2].txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00022395 ____A C:\Users\Christoph\Desktop\dds.txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00009181 ____A C:\Users\Christoph\Desktop\attach.txt
2013-07-10 23:21 - 2013-07-10 23:21 - 00688992 ____R (Swearware) C:\Users\Christoph\Downloads\dds(1).com
2013-07-10 22:20 - 2009-07-14 06:45 - 00355968 ____A C:\Windows\system32\FNTCACHE.DAT
2013-07-10 22:18 - 2013-05-04 14:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 22:18 - 2013-05-04 14:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 22:18 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 22:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 22:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 22:14 - 2009-08-04 11:51 - 00665578 ____A C:\Windows\system32\perfh007.dat
2013-07-10 22:14 - 2009-08-04 11:51 - 00133758 ____A C:\Windows\system32\perfc007.dat
2013-07-10 22:14 - 2009-07-14 07:13 - 01550634 ____A C:\Windows\system32\PerfStringBackup.INI
2013-07-10 22:10 - 2013-04-21 12:26 - 78185248 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 22:09 - 2013-04-21 14:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-10 21:50 - 2013-07-10 21:50 - 00688992 ____A (Swearware) C:\Users\Christoph\Downloads\dds.com
2013-07-10 21:44 - 2013-07-10 21:44 - 00010940 ____A C:\AdwCleaner[S1].txt
2013-07-10 21:44 - 2013-07-10 21:44 - 00000098 ____A C:\Windows\DeleteOnReboot.bat
2013-07-10 21:43 - 2013-07-10 21:43 - 00650027 ____A C:\Users\Christoph\Downloads\adwcleaner.exe
2013-07-10 21:43 - 2013-07-10 21:43 - 00010897 ____A C:\AdwCleaner[R1].txt
2013-07-09 21:20 - 2013-06-27 23:10 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\DVDVideoSoft
2013-07-09 20:55 - 2013-07-09 20:49 - 95741915 ____A C:\Users\Christoph\Downloads\Free1972Heartbreaker.rar
2013-07-09 19:50 - 2010-12-14 20:03 - 00001402 ____A C:\Windows\system32\ServiceFilter.ini
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-09 17:31 - 2013-06-27 12:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-09 17:29 - 2013-07-09 17:29 - 25328416 ____A (DVDVideoSoft Ltd. ) C:\Users\Christoph\Downloads\FreeYouTubeToMP3Converter5628.exe
2013-07-09 17:08 - 2013-05-03 22:42 - 00000000 ____D C:\Users\Christoph\AppData\Local\Windows Live
2013-07-04 13:37 - 2013-07-04 13:30 - 00000000 ____D C:\PFS8.0 AE_TMP
2013-07-03 23:18 - 2010-12-14 19:14 - 00004120 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-03 23:18 - 2010-12-14 19:14 - 00003868 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-06-29 13:28 - 2013-06-29 12:55 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-29 13:28 - 2013-04-22 21:46 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-29 13:28 - 2013-04-22 21:46 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-29 12:55 - 2013-06-29 12:54 - 00000000 ____D C:\Users\Christoph\AppData\Local\Adobe
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\Christoph\Documents\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\ProgramData\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-06-28 00:03 - 2013-06-28 00:03 - 01264824 ____A (Ellora Assets Corporation ) C:\Users\Christoph\Downloads\FreemakeAudioConverterSetup.exe
2013-06-28 00:00 - 2013-06-27 23:13 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\AVS4YOU
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-06-27 23:09 - 2013-06-27 23:09 - 25373136 ____A (DVDVideoSoft Ltd. ) C:\Users\Christoph\Downloads\FreeYouTubeToMP3Converter-3.12.4.622.exe
2013-06-27 22:35 - 2013-04-21 14:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 12:34 - 2013-06-27 12:34 - 00000000 ____D C:\ProgramData\Panasonic
2013-06-26 10:54 - 2013-05-07 18:29 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-23 20:24 - 2010-12-14 20:03 - 00002032 ____A C:\Windows\system32\AutoRunFilter.ini
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\InstallShield
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users\Christoph\AppData\Local\Panasonic
2013-06-23 14:30 - 2013-04-20 13:19 - 00091368 ____A C:\Users\Christoph\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-23 14:25 - 2013-06-23 14:25 - 00002215 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.0 AE.lnk
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-06-23 14:22 - 2010-12-14 19:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-06-23 14:21 - 2010-12-14 19:25 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-23 12:02 - 2013-06-23 12:01 - 00000000 ____D C:\Users\Christoph\AppData\Local\Microsoft Games
2013-06-20 23:21 - 2013-04-21 11:13 - 00002192 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-16 21:24 - 2009-07-14 07:08 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-16 17:58 - 2013-04-21 14:11 - 00000000 ____D C:\Users\Christoph\AppData\Local\Microsoft Help
2013-06-13 23:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-03 13:06
==================== End Of Log ============================
--- --- --- --- --- --- und hier AdditionFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-07-2013 04
Ran by Christoph at 2013-07-11 10:33:45
Running from C:\Users\Christoph\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32)
7-Zip 9.20 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Alcor Micro USB Card Reader (x32 Version: 1.7.17.25416)
ASUS AI Recovery (x32 Version: 1.0.11)
ASUS AP Bank (x32 Version: 1.0.0.0)
ASUS FancyStart (x32 Version: 1.0.8)
ASUS Live Update (x32 Version: 2.5.9)
ASUS Power4Gear Hybrid (Version: 1.1.40)
ASUS SmartLogon (x32 Version: 1.0.0008)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0031)
ASUS Video Magic (x32 Version: 6.0.4015)
ASUS Virtual Camera (x32 Version: 1.0.20)
ASUS WebStorage (x32 Version: 2.0.46.1429)
ASUS_N3_Series (x32 Version: 1.0.0002)
ATK Package (x32 Version: 1.0.0006)
Avira Free Antivirus (x32 Version: 13.0.0.3737)
Boingo Wi-Fi (x32 Version: 1.7.0048)
Bookworm Deluxe (x32)
BrowserDefender (x32)
Complément Messenger (x32 Version: 15.4.3502.0922)
Complemento Messenger (x32 Version: 15.4.3502.0922)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
ControlDeck (x32 Version: 1.0.9)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
Cooking Dash (x32)
CyberLink LabelPrint (x32 Version: 2.5.1908)
CyberLink MediaShow Espresso (x32 Version: 5.0.1606_25588)
CyberLink PhotoNow (x32 Version: 1.1.6904)
CyberLink Power2Go (x32 Version: 6.1.3602c)
CyberLink PowerDirector (x32 Version: 8.0.2609a)
CyberLink PowerDVD 9 (x32 Version: 9.0.3815.52)
D3DX10 (x32 Version: 15.4.2368.0902)
DealPly (HKCU)
DealPly (remove only) (x32 Version: 4.8.6.1)
Delta Chrome Toolbar (x32)
Delta toolbar (x32 Version: 1.8.21.5)
ExpressGate Cloud (x32 Version: 2.1.76.380)
Fast Boot (Version: 1.0.6)
Freemake Audio Converter Version 1.1.0 (x32 Version: 1.1.0)
Fresco Logic USB3.0 Host Controller (Version: 3.0.105.11)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Game Park Console (x32 Version: 6.2.1.1)
Google Chrome (x32 Version: 27.0.1453.116)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32)
Google Update Helper (x32 Version: 1.3.21.149)
Governor of Poker (x32)
Hotel Dash Suite Success (x32)
Intel PROSet Wireless
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2189)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) PROSet/Wireless WiFi Software (Version: 13.02.1000)
Intel(R) Turbo Boost Technology Monitor (Version: 1.0.400.4)
Intel(R) Wireless Display (Version: 1.2.15.0)
Jewel Quest 3 (x32)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Luxor 3 (x32)
Mahjongg dimensions (x32)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Messenger 分享元件 (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
NVIDIA Display Control Panel (Version: 6.14.12.5942)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.5942)
NVIDIA Updatus (x32 Version: 1.0.3)
Open It! (x32 Version: 1.1.1)
PDF-Viewer (Version: 2.5.207.0)
PHOTOfunSTUDIO 8.0 AE (x32 Version: 8.00.511)
Plants vs Zombies (x32)
Qtrax Player (HKCU)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6210)
SonicMaster (x32 Version: 1.00.0000)
Sony Ericsson PC Companion 1.60.13 (x32 Version: 1.60.13)
syncables desktop SE (x32 Version: 5.5.746.11492)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update for Zip Opener (HKCU)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
USB2.0 UVC 2M WebCam (Version: 5.8.54000.206)
VLC media player 2.0.6 (x32 Version: 2.0.6)
Wajam (x32 Version: 1.80)
Ware PS/2-x64 7.0.5.16_WHQL (Version: 7.0.5.16)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (x32 Version: 15.4.5722.2)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
WinFlash (x32 Version: 2.31.0)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
Wireless Console 3 (x32 Version: 3.0.19)
World of Goo (x32)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (x32 Version: 15.4.5722.2)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922)
מסייע Messenger (x32 Version: 15.4.3502.0922)
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (x32 Version: 15.4.5722.2)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2)
==================== Restore Points =========================
21-06-2013 17:39:49 Geplanter Prüfpunkt
23-06-2013 12:20:25 Installiert PHOTOfunSTUDIO 8.0 AE
03-07-2013 13:07:15 Geplanter Prüfpunkt
10-07-2013 19:56:34 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {07D42ED6-29C0-4805-84A0-3138C65C9E73} - System32\Tasks\User_Feed_Synchronization-{FFB44DA8-096C-4808-9FBC-BD03686F00E0} => C:\Windows\system32\msfeedssync.exe [2013-04-21] (Microsoft Corporation)
Task: {19816FAB-9CF5-4F5A-B6B7-332296CC5721} - System32\Tasks\DSite => C:\Users\CHRIST~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE [2013-07-11] ()
Task: {2A8F1FEE-DB2F-49B1-B3EC-B47E1F52550C} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {390F6FCA-B762-4A00-AC14-0932620D74D8} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {4A25582E-FA8E-464F-87D9-E55BF45B28D5} - System32\Tasks\DealPlyUpdate => C:\Program No File
Task: {60A7ECA6-ABAB-4387-AE2A-1BF53D03EE5E} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {66E26850-584B-4728-A04E-288782D4C9E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14] (Google Inc.)
Task: {6FBA896A-982A-4C82-95B2-7B168AA9EB9D} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {79234F25-CF26-4BD3-8E99-B7E07FDAC03D} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {9C4147A6-D5E7-45EB-B396-4DBE6E86DF4D} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe [2010-07-29] ()
Task: {9F59EEEB-7BF6-425A-B316-07234E07AEB7} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-08-12] (ASUS)
Task: {A2D2A0E7-C067-4E71-8B6A-43157FF1804E} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {A362348C-3774-4D9E-BFBE-129CDE2EC6DD} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {AD3EDAE9-4BBB-48A5-A93E-66E6AAAD1CC1} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {B4B741DA-C94D-4393-9F3D-56E6F39B0102} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [2013-05-13] (Microsoft Corporation)
Task: {B6AC5188-A9B4-4942-84DA-FF2CAB37F468} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-29] (Adobe Systems Incorporated)
Task: {CF4ECDD2-123C-4B92-9064-2E98DF8BA197} - System32\Tasks\EPUpdater => C:\Users\CHRIST~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] ()
Task: {DC5BA98C-81B8-4336-9AA1-59867E4C2526} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14] (Google Inc.)
Task: {F2E2EE9F-3A44-4AD2-9412-D1ED772AD751} - System32\Tasks\DealPly => C:\Users\CHRIST~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE [2013-02-27] ()
Task: {F516F9AD-33F4-4924-A36C-1D583784BD53} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe [2010-09-30] (asus)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DSite.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/07/2013 10:02:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0xa50
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (07/05/2013 03:17:29 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0x1408
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (07/04/2013 10:06:13 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0xab8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (07/04/2013 00:51:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0x1204
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (06/29/2013 07:59:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0x157c
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (06/29/2013 07:01:06 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0x15a0
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (06/24/2013 05:12:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: SHLWAPI.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9ab
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000011143
ID des fehlerhaften Prozesses: 0x600
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (06/17/2013 05:54:19 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec3cc
Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879, Zeitstempel: 0x518ec306
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001c9789
ID des fehlerhaften Prozesses: 0x634
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (06/17/2013 04:58:16 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: SHLWAPI.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9ab
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000011143
ID des fehlerhaften Prozesses: 0x604
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (06/16/2013 02:11:16 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec3cc
Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879, Zeitstempel: 0x518ec306
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001c9789
ID des fehlerhaften Prozesses: 0xc54
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
System errors:
=============
Error: (07/04/2013 09:24:11 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 04.07.2013 um 21:11:15 unerwartet heruntergefahren.
Error: (07/03/2013 04:42:22 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 03.07.2013 um 16:40:25 unerwartet heruntergefahren.
Error: (06/29/2013 04:29:36 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error: (06/29/2013 04:29:35 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error: (06/29/2013 04:29:35 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error: (06/29/2013 04:29:34 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error: (06/29/2013 04:29:34 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error: (06/18/2013 02:33:40 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (06/18/2013 02:33:40 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (06/18/2013 02:33:39 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 51%
Total physical RAM: 3884.48 MB
Available physical RAM: 1869.66 MB
Total Pagefile: 7767.14 MB
Available Pagefile: 5427.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (W7-SYS-CR) (Fixed) (Total:174.66 GB) (Free:120.41 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA-CR) (Fixed) (Total:502.49 GB) (Free:433.59 GB) NTFS (Disk=0 Partition=3)
Drive f: (ROCK'N'GO) (Removable) (Total:7.43 GB) (Free:3.31 GB) FAT32 (Disk=1 Partition=1)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: E0C5913D)
Partition 1: (Not Active) - (Size=21 GB) - (Type=1C)
Partition 2: (Active) - (Size=175 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=502 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0C)
==================== End Of Log ============================
Geändert von bissi4788 (11.07.2013 um 10:30 Uhr) |
|
11.07.2013, 11:00
| #4 |
| /// the machine /// TB-Ausbilder | FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehr Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.07.2013, 23:10
| #5 |
| | FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehr Ok, gemacht. Adwcleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.305 - Datei am 11/07/2013 um 23:20:42 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : xxx - xxx-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16496
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\it0d8jas.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [10897 octets] - [10/07/2013 21:43:36]
AdwCleaner[R2].txt - [1731 octets] - [10/07/2013 23:32:01]
AdwCleaner[R3].txt - [1109 octets] - [10/07/2013 23:36:16]
AdwCleaner[R4].txt - [1169 octets] - [10/07/2013 23:36:59]
AdwCleaner[R5].txt - [1483 octets] - [11/07/2013 00:33:49]
AdwCleaner[R6].txt - [13300 octets] - [11/07/2013 10:42:55]
AdwCleaner[R7].txt - [2153 octets] - [11/07/2013 10:53:48]
AdwCleaner[R8].txt - [1532 octets] - [11/07/2013 23:20:22]
AdwCleaner[S1].txt - [10940 octets] - [10/07/2013 21:44:34]
AdwCleaner[S2].txt - [1633 octets] - [10/07/2013 23:32:53]
AdwCleaner[S3].txt - [13365 octets] - [11/07/2013 10:43:28]
AdwCleaner[S4].txt - [2055 octets] - [11/07/2013 10:54:31]
AdwCleaner[S5].txt - [1465 octets] - [11/07/2013 23:20:42]
########## EOF - C:\AdwCleaner[S5].txt - [1525 octets] ##########
JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.0.7 (07.11.2013:1) OS: Windows 7 Home Premium x64 Ran by xxx on 11.07.2013 at 23:27:55,08 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\it0d8jas.default\minidumps [403 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.07.2013 at 23:36:22,06 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 04
Ran by xxx (administrator) on 12-07-2013 00:00:43
Running from C:\Users\Christoph\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(ASUS) C:\Windows\AsScrPro.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sony Ericsson Mobile Communications AB) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2121320 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [ETDWare] - %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelWireless] - "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-17] ()
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKCU\...\Run: [Sony Ericsson PC Companion] - "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon [774144 2009-12-08] (Sony Ericsson Mobile Communications AB)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: {d183ba6f-b27c-11e2-b8c2-bcaec51feecb} - F:\Startme.exe
HKLM-x32\...\Run: [RemoteControl9] - "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] - "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2429 2010-12-14] ()
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-04] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [SessionLogon] - C:\ExpressGateUtil\SessionLogon.exe [x]
HKLM-x32\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-13] ()
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-26] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [112232 2010-08-16] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [100968 2010-08-16] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.0 AE.lnk
ShortcutTarget: PHOTOfunSTUDIO 8.0 AE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\it0d8jas.default
FF Homepage: hxxp://www.tagesschau.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-18] (CyberLink)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] ()
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-21] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-25] (Avira Operations GmbH & Co. KG)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69120 2010-09-25] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2009-11-19] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2009-11-19] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2009-11-19] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2009-11-19] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2009-11-19] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2009-11-19] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2009-11-19] (MCCI Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [146928 2010-02-24] (CyberLink Corp.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [146928 2010-02-24] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-11 23:36 - 2013-07-11 23:36 - 00000970 ____A C:\Users\xxx\Desktop\JRT.txt
2013-07-11 23:27 - 2013-07-11 23:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 23:26 - 2013-07-11 23:26 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\xxx\Desktop\JRT.exe
2013-07-11 23:20 - 2013-07-11 23:20 - 00001594 ____A C:\AdwCleaner[S5].txt
2013-07-11 23:20 - 2013-07-11 23:20 - 00001532 ____A C:\AdwCleaner[R8].txt
2013-07-11 23:19 - 2013-07-11 23:19 - 00662345 ____A C:\Users\xxx\Downloads\adwcleaner.exe
2013-07-11 10:54 - 2013-07-11 10:54 - 00002055 ____A C:\AdwCleaner[S4].txt
2013-07-11 10:53 - 2013-07-11 10:53 - 00002153 ____A C:\AdwCleaner[R7].txt
2013-07-11 10:43 - 2013-07-11 10:43 - 00013365 ____A C:\AdwCleaner[S3].txt
2013-07-11 10:42 - 2013-07-11 10:43 - 00013300 ____A C:\AdwCleaner[R6].txt
2013-07-11 10:33 - 2013-07-11 10:34 - 00023464 ____A C:\Users\xxx\Downloads\Addition.txt
2013-07-11 10:32 - 2013-07-11 10:32 - 00000000 ____D C:\FRST
2013-07-11 10:31 - 2013-07-11 10:31 - 01777775 ____A (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2013-07-11 10:29 - 2013-07-11 10:29 - 00003826 ____A C:\Windows\System32\Tasks\QtraxPlayer
2013-07-11 10:29 - 2013-07-11 10:29 - 00003536 ____A C:\Windows\System32\Tasks\DealPly
2013-07-11 10:29 - 2013-07-11 10:29 - 00003436 ____A C:\Windows\System32\Tasks\BrowserDefendert
2013-07-11 10:29 - 2013-07-11 10:29 - 00003374 ____A C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-11 10:29 - 2013-07-11 10:29 - 00002394 ____A C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-11 10:29 - 2013-07-11 10:29 - 00002364 ____A C:\Users\xxx\Desktop\Qtrax Player.lnk
2013-07-11 10:28 - 2013-07-11 10:28 - 00793536 ____A C:\Users\xxx\Downloads\ZipOpenerSetup.exe
2013-07-11 00:33 - 2013-07-11 00:34 - 00001483 ____A C:\AdwCleaner[R5].txt
2013-07-11 00:22 - 2013-07-11 00:22 - 00091826 ____A C:\Users\xxx\Desktop\OTL.Txt
2013-07-11 00:19 - 2013-07-11 00:19 - 00090478 ____A C:\Users\xxx\Downloads\Extras.Txt
2013-07-11 00:18 - 2013-07-11 00:18 - 00091852 ____A C:\Users\xxx\Downloads\OTL.Txt
2013-07-11 00:05 - 2013-07-11 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\xxx\Downloads\OTL.exe
2013-07-11 00:03 - 2013-07-11 00:04 - 00000480 ____A C:\Users\xxx\Downloads\defogger_disable.log
2013-07-11 00:03 - 2013-07-11 00:03 - 00050477 ____A C:\Users\xxx\Downloads\Defogger.exe
2013-07-11 00:03 - 2013-07-11 00:03 - 00000000 ____A C:\Users/xxx\defogger_reenable
2013-07-10 23:36 - 2013-07-10 23:37 - 00001169 ____A C:\AdwCleaner[R4].txt
2013-07-10 23:36 - 2013-07-10 23:36 - 00001109 ____A C:\AdwCleaner[R3].txt
2013-07-10 23:32 - 2013-07-10 23:33 - 00001633 ____A C:\AdwCleaner[S2].txt
2013-07-10 23:32 - 2013-07-10 23:32 - 00001731 ____A C:\AdwCleaner[R2].txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00022395 ____A C:\Users\xxx\Desktop\dds.txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00009181 ____A C:\Users\xxx\Desktop\attach.txt
2013-07-10 23:21 - 2013-07-10 23:21 - 00688992 ____R (Swearware) C:\Users\xxx\Downloads\dds(1).com
2013-07-10 22:06 - 2013-05-29 08:15 - 17829376 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 22:06 - 2013-05-29 07:50 - 10926080 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 22:06 - 2013-05-29 07:43 - 02312704 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 22:06 - 2013-05-29 07:36 - 01346560 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 22:06 - 2013-05-29 07:35 - 01392128 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 22:06 - 2013-05-29 07:34 - 01494528 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-10 22:06 - 2013-05-29 07:33 - 00237056 ____A (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 22:06 - 2013-05-29 07:31 - 00085504 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 22:06 - 2013-05-29 07:29 - 00816640 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 22:06 - 2013-05-29 07:29 - 00599040 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-10 22:06 - 2013-05-29 07:29 - 00173056 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-10 22:06 - 2013-05-29 07:27 - 02147840 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 22:06 - 2013-05-29 07:27 - 00729088 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 22:06 - 2013-05-29 07:25 - 02382848 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 22:06 - 2013-05-29 07:25 - 00096768 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 22:06 - 2013-05-29 07:18 - 00248320 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 22:06 - 2013-05-29 03:56 - 12333568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 22:06 - 2013-05-29 03:50 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 22:06 - 2013-05-29 03:48 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 22:06 - 2013-05-29 03:41 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-10 22:06 - 2013-05-29 03:41 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 22:06 - 2013-05-29 03:41 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 22:06 - 2013-05-29 03:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 22:06 - 2013-05-29 03:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 22:06 - 2013-05-29 03:37 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-10 22:06 - 2013-05-29 03:36 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-10 22:06 - 2013-05-29 03:35 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 22:06 - 2013-05-29 03:35 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 22:06 - 2013-05-29 03:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 22:06 - 2013-05-29 03:33 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 22:06 - 2013-05-29 03:33 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 22:06 - 2013-05-29 03:29 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-10 21:50 - 2013-07-10 21:50 - 00688992 ____A (Swearware) C:\Users\xxx\Downloads\dds.com
2013-07-10 21:44 - 2013-07-11 10:43 - 00000196 ____A C:\Windows\DeleteOnReboot.bat
2013-07-10 21:44 - 2013-07-10 21:44 - 00010940 ____A C:\AdwCleaner[S1].txt
2013-07-10 21:43 - 2013-07-10 21:43 - 00010897 ____A C:\AdwCleaner[R1].txt
2013-07-10 21:10 - 2013-06-05 05:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 21:10 - 2013-06-04 08:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 21:10 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 21:10 - 2013-05-06 08:03 - 01887744 ____A (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 21:10 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 21:09 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 21:09 - 2013-04-03 00:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 20:49 - 2013-07-09 20:55 - 95741915 ____A C:\Users\xxx\Downloads\Free1972Heartbreaker.rar
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-09 17:31 - 2013-07-11 10:29 - 00003410 ____A C:\Windows\System32\Tasks\EPUpdater
2013-07-09 17:29 - 2013-07-09 17:29 - 25328416 ____A (DVDVideoSoft Ltd. ) C:\Users\Christoph\Downloads\FreeYouTubeToMP3Converter5628.exe
2013-07-04 13:30 - 2013-07-04 13:37 - 00000000 ____D C:\PFS8.0 AE_TMP
2013-06-29 12:55 - 2013-07-11 23:28 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 12:55 - 2013-06-29 13:28 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-29 12:54 - 2013-06-29 12:55 - 00000000 ____D C:\Users\xxx\AppData\Local\Adobe
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\xxx\Documents\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\ProgramData\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-06-28 00:03 - 2013-06-28 00:03 - 01264824 ____A (Ellora Assets Corporation ) C:\Users\Christoph\Downloads\FreemakeAudioConverterSetup.exe
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\Users\xxx\AppData\Roaming\AVS4YOU
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-06-27 23:13 - 2013-06-28 00:00 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-06-27 23:13 - 2012-12-17 15:02 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-06-27 23:10 - 2013-07-09 21:20 - 00000000 ____D C:\Users\xxx\AppData\Roaming\DVDVideoSoft
2013-06-27 23:09 - 2013-06-27 23:09 - 25373136 ____A (DVDVideoSoft Ltd. ) C:\Users\Christoph\Downloads\FreeYouTubeToMP3Converter-3.12.4.622.exe
2013-06-27 12:34 - 2013-06-27 12:34 - 00000000 ____D C:\ProgramData\Panasonic
2013-06-27 12:27 - 2013-07-09 17:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users/xxx\AppData\Roaming\InstallShield
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users\xxx\AppData\Local\Panasonic
2013-06-23 14:30 - 2007-06-22 00:10 - 00501912 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2013-06-23 14:30 - 2007-06-22 00:10 - 00000097 ____A C:\Windows\SysWOW64\PICSDK.ini
2013-06-23 14:30 - 2006-10-31 00:10 - 00120992 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2013-06-23 14:30 - 2006-10-31 00:10 - 00071840 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EPPicMgr.dll
2013-06-23 14:30 - 2006-10-20 00:10 - 00108704 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2013-06-23 14:30 - 2006-10-20 00:10 - 00080024 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2013-06-23 14:30 - 2005-06-01 00:20 - 00111932 ____A C:\Windows\SysWOW64\EPPICPrinterDB.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00031053 ____A C:\Windows\SysWOW64\EPPICPattern131.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00027417 ____A C:\Windows\SysWOW64\EPPICPattern121.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00026154 ____A C:\Windows\SysWOW64\EPPICPattern1.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00024903 ____A C:\Windows\SysWOW64\EPPICPattern3.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00021390 ____A C:\Windows\SysWOW64\EPPICPattern5.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00020148 ____A C:\Windows\SysWOW64\EPPICPattern2.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00013732 ____A C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00011811 ____A C:\Windows\SysWOW64\EPPICPattern4.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00006442 ____A C:\Windows\SysWOW64\EPPICLocal_IT.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006347 ____A C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006347 ____A C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006335 ____A C:\Windows\SysWOW64\EPPICLocal_GE.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006195 ____A C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006195 ____A C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006122 ____A C:\Windows\SysWOW64\EPPICLocal_DU.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006103 ____A C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00005817 ____A C:\Windows\SysWOW64\EPPICLocal_KO.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00005436 ____A C:\Windows\SysWOW64\EPPICLocal_SC.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00004943 ____A C:\Windows\SysWOW64\EPPICPattern6.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00002889 ____A C:\Windows\SysWOW64\EPPICLocal_RU.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00002426 ____A C:\Windows\SysWOW64\EPPICLocal_TC.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00001146 ____A C:\Windows\SysWOW64\EPPICPresetData_DU.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001139 ____A C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001139 ____A C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001136 ____A C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001129 ____A C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001129 ____A C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001120 ____A C:\Windows\SysWOW64\EPPICPresetData_IT.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001107 ____A C:\Windows\SysWOW64\EPPICPresetData_GE.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001104 ____A C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2013-06-23 14:25 - 2013-06-23 14:25 - 00002215 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.0 AE.lnk
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-06-23 12:01 - 2013-06-23 12:02 - 00000000 ____D C:\Users\xxx\AppData\Local\Microsoft Games
2013-06-12 19:20 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 19:20 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 19:20 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 19:20 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 19:20 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 19:20 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 19:20 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 19:20 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 19:20 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-12 19:19 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 19:19 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 19:19 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 19:19 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 19:19 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 19:19 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 19:19 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 19:19 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 19:19 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 19:19 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll
==================== One Month Modified Files and Folders =======
2013-07-11 23:36 - 2013-07-11 23:36 - 00000970 ____A C:\Users\xxx\Desktop\JRT.txt
2013-07-11 23:30 - 2009-07-14 06:45 - 00010016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-11 23:30 - 2009-07-14 06:45 - 00010016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-11 23:28 - 2013-06-29 12:55 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-11 23:27 - 2013-07-11 23:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 23:26 - 2013-07-11 23:26 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\xxx\Desktop\JRT.exe
2013-07-11 23:23 - 2010-12-14 19:14 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-11 23:23 - 2010-12-14 19:14 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-11 23:22 - 2010-12-14 20:08 - 00045056 ____A C:\Windows\system32\acovcnt.exe
2013-07-11 23:22 - 2010-12-14 20:02 - 00000000 ____D C:\Program Files\P4G
2013-07-11 23:22 - 2010-12-14 19:52 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-11 23:22 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-11 23:22 - 2009-07-14 06:51 - 00049309 ____A C:\Windows\setupact.log
2013-07-11 23:21 - 2010-12-14 18:38 - 01075339 ____A C:\Windows\WindowsUpdate.log
2013-07-11 23:20 - 2013-07-11 23:20 - 00001594 ____A C:\AdwCleaner[S5].txt
2013-07-11 23:20 - 2013-07-11 23:20 - 00001532 ____A C:\AdwCleaner[R8].txt
2013-07-11 23:19 - 2013-07-11 23:19 - 00662345 ____A C:\Users\xxx\Downloads\adwcleaner.exe
2013-07-11 22:36 - 2009-08-04 11:51 - 00665578 ____A C:\Windows\system32\perfh007.dat
2013-07-11 22:36 - 2009-08-04 11:51 - 00133758 ____A C:\Windows\system32\perfc007.dat
2013-07-11 22:36 - 2009-07-14 07:13 - 01529266 ____A C:\Windows\system32\PerfStringBackup.INI
2013-07-11 12:19 - 2013-04-21 11:35 - 00003962 ____A C:\Windows\System32\Tasks\User_Feed_Synchronization-{FFB44DA8-096C-4808-9FBC-BD03686F00E0}
2013-07-11 10:54 - 2013-07-11 10:54 - 00002055 ____A C:\AdwCleaner[S4].txt
2013-07-11 10:53 - 2013-07-11 10:53 - 00002153 ____A C:\AdwCleaner[R7].txt
2013-07-11 10:43 - 2013-07-11 10:43 - 00013365 ____A C:\AdwCleaner[S3].txt
2013-07-11 10:43 - 2013-07-11 10:42 - 00013300 ____A C:\AdwCleaner[R6].txt
2013-07-11 10:43 - 2013-07-10 21:44 - 00000196 ____A C:\Windows\DeleteOnReboot.bat
2013-07-11 10:34 - 2013-07-11 10:33 - 00023464 ____A C:\Users\xxx\Downloads\Addition.txt
2013-07-11 10:32 - 2013-07-11 10:32 - 00000000 ____D C:\FRST
2013-07-11 10:31 - 2013-07-11 10:31 - 01777775 ____A (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2013-07-11 10:29 - 2013-07-11 10:29 - 00003826 ____A C:\Windows\System32\Tasks\QtraxPlayer
2013-07-11 10:29 - 2013-07-11 10:29 - 00003536 ____A C:\Windows\System32\Tasks\DealPly
2013-07-11 10:29 - 2013-07-11 10:29 - 00003436 ____A C:\Windows\System32\Tasks\BrowserDefendert
2013-07-11 10:29 - 2013-07-11 10:29 - 00003374 ____A C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-11 10:29 - 2013-07-11 10:29 - 00002394 ____A C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-11 10:29 - 2013-07-11 10:29 - 00002364 ____A C:\Users\xxx\Desktop\Qtrax Player.lnk
2013-07-11 10:29 - 2013-07-09 17:31 - 00003410 ____A C:\Windows\System32\Tasks\EPUpdater
2013-07-11 10:28 - 2013-07-11 10:28 - 00793536 ____A C:\Users\xxx\Downloads\ZipOpenerSetup.exe
2013-07-11 10:11 - 2010-12-14 19:40 - 00257736 ____A C:\Windows\PFRO.log
2013-07-11 00:34 - 2013-07-11 00:33 - 00001483 ____A C:\AdwCleaner[R5].txt
2013-07-11 00:22 - 2013-07-11 00:22 - 00091826 ____A C:\Users\xxx\Desktop\OTL.Txt
2013-07-11 00:19 - 2013-07-11 00:19 - 00090478 ____A C:\Users\xxx\Downloads\Extras.Txt
2013-07-11 00:18 - 2013-07-11 00:18 - 00091852 ____A C:\Users\xxx\Downloads\OTL.Txt
2013-07-11 00:05 - 2013-07-11 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\Christoph\Downloads\OTL.exe
2013-07-11 00:04 - 2013-07-11 00:03 - 00000480 ____A C:\Users\xxx\Downloads\defogger_disable.log
2013-07-11 00:03 - 2013-07-11 00:03 - 00050477 ____A C:\Users\xxx\Downloads\Defogger.exe
2013-07-11 00:03 - 2013-07-11 00:03 - 00000000 ____A C:\Users\xxx\defogger_reenable
2013-07-11 00:03 - 2013-04-20 13:19 - 00000000 ____D C:\Users\xxx
2013-07-10 23:37 - 2013-07-10 23:36 - 00001169 ____A C:\AdwCleaner[R4].txt
2013-07-10 23:36 - 2013-07-10 23:36 - 00001109 ____A C:\AdwCleaner[R3].txt
2013-07-10 23:33 - 2013-07-10 23:32 - 00001633 ____A C:\AdwCleaner[S2].txt
2013-07-10 23:32 - 2013-07-10 23:32 - 00001731 ____A C:\AdwCleaner[R2].txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00022395 ____A C:\Users\xxx\Desktop\dds.txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00009181 ____A C:\Users\xxx\Desktop\attach.txt
2013-07-10 23:21 - 2013-07-10 23:21 - 00688992 ____R (Swearware) C:\Users\xxx\Downloads\dds(1).com
2013-07-10 22:20 - 2009-07-14 06:45 - 00355968 ____A C:\Windows\system32\FNTCACHE.DAT
2013-07-10 22:18 - 2013-05-04 14:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 22:18 - 2013-05-04 14:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 22:18 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 22:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 22:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 22:10 - 2013-04-21 12:26 - 78185248 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 22:09 - 2013-04-21 14:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-10 21:50 - 2013-07-10 21:50 - 00688992 ____A (Swearware) C:\Users\xxx\Downloads\dds.com
2013-07-10 21:44 - 2013-07-10 21:44 - 00010940 ____A C:\AdwCleaner[S1].txt
2013-07-10 21:43 - 2013-07-10 21:43 - 00010897 ____A C:\AdwCleaner[R1].txt
2013-07-09 21:20 - 2013-06-27 23:10 - 00000000 ____D C:\Users/xxx\AppData\Roaming\DVDVideoSoft
2013-07-09 20:55 - 2013-07-09 20:49 - 95741915 ____A C:\Users\xxx\Downloads\Free1972Heartbreaker.rar
2013-07-09 19:50 - 2010-12-14 20:03 - 00001402 ____A C:\Windows\system32\ServiceFilter.ini
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-09 17:31 - 2013-06-27 12:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-09 17:29 - 2013-07-09 17:29 - 25328416 ____A (DVDVideoSoft Ltd. ) C:\Users\Christoph\Downloads\FreeYouTubeToMP3Converter5628.exe
2013-07-09 17:08 - 2013-05-03 22:42 - 00000000 ____D C:\Users\xxx\AppData\Local\Windows Live
2013-07-04 13:37 - 2013-07-04 13:30 - 00000000 ____D C:\PFS8.0 AE_TMP
2013-07-03 23:18 - 2010-12-14 19:14 - 00004120 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-03 23:18 - 2010-12-14 19:14 - 00003868 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-06-29 13:28 - 2013-06-29 12:55 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-29 13:28 - 2013-04-22 21:46 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-29 13:28 - 2013-04-22 21:46 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-29 12:55 - 2013-06-29 12:54 - 00000000 ____D C:\Users\xxx\AppData\Local\Adobe
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\xxx\Documents\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\ProgramData\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-06-28 00:03 - 2013-06-28 00:03 - 01264824 ____A (Ellora Assets Corporation ) C:\Users\Christoph\Downloads\FreemakeAudioConverterSetup.exe
2013-06-28 00:00 - 2013-06-27 23:13 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\Users\xxx\AppData\Roaming\AVS4YOU
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-06-27 23:09 - 2013-06-27 23:09 - 25373136 ____A (DVDVideoSoft Ltd. ) C:\Users\Christoph\Downloads\FreeYouTubeToMP3Converter-3.12.4.622.exe
2013-06-27 22:35 - 2013-04-21 14:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 12:34 - 2013-06-27 12:34 - 00000000 ____D C:\ProgramData\Panasonic
2013-06-26 10:54 - 2013-05-07 18:29 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-23 20:24 - 2010-12-14 20:03 - 00002032 ____A C:\Windows\system32\AutoRunFilter.ini
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users\xxx\AppData\Roaming\InstallShield
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users\xxx\AppData\Local\Panasonic
2013-06-23 14:30 - 2013-04-20 13:19 - 00091368 ____A C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-23 14:25 - 2013-06-23 14:25 - 00002215 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.0 AE.lnk
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-06-23 14:22 - 2010-12-14 19:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-06-23 14:21 - 2010-12-14 19:25 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-23 12:02 - 2013-06-23 12:01 - 00000000 ____D C:\Users/xxx\AppData\Local\Microsoft Games
2013-06-20 23:21 - 2013-04-21 11:13 - 00002192 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-16 21:24 - 2009-07-14 07:08 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-16 17:58 - 2013-04-21 14:11 - 00000000 ____D C:\Users\Christoph\AppData\Local\Microsoft Help
2013-06-13 23:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-03 13:06
==================== End Of Log ============================
--- --- --- --- --- --- |
|
12.07.2013, 11:14
| #6 |
| /// the machine /// TB-Ausbilder | FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehrESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehr |
|
12.07.2013, 22:37
| #7 |
| | FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehr Eset: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=7b672c7d4dde2d4898bf922eb35e9b9b # engine=14370 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-12 09:27:33 # local_time=2013-07-12 11:27:33 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 96 17002 239091343 9771 0 # compatibility_mode=5893 16776574 100 94 176918 125294303 0 0 # scanned=184944 # found=9 # cleaned=0 # scan_time=8947 sh=DDDC709162DFB10311CAC662FB37CE31D37B4F17 ft=1 fh=0acc0b6d941ab06d vn="Win32/Adware.1ClickDownload.AE application" ac=I fn="C:\Users\xxx\AppData\Local\Temp\+Jr3WRQ1.exe.part" sh=DDDC709162DFB10311CAC662FB37CE31D37B4F17 ft=1 fh=0acc0b6d941ab06d vn="Win32/Adware.1ClickDownload.AE application" ac=I fn="C:\Users\xxx\AppData\Local\Temp\0th_jYn4.exe.part" sh=DDDC709162DFB10311CAC662FB37CE31D37B4F17 ft=1 fh=0acc0b6d941ab06d vn="Win32/Adware.1ClickDownload.AE application" ac=I fn="C:\Users\xxx\AppData\Local\Temp\2UieQPnS.exe.part" sh=07B9589045B0C614ECCD8211FB9BEB528D8C3FAB ft=1 fh=e6f013263f1ef4bf vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="C:\Users\xxx\AppData\Local\Temp\A+dhW+tJ.exe.part" sh=5456E498C0EE996F6CA34565B93F19CE0A29871D ft=1 fh=67b940a8bcd6d999 vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="C:\Users\xxx\AppData\Local\Temp\DcyO+21N.exe.part" sh=5456E498C0EE996F6CA34565B93F19CE0A29871D ft=1 fh=67b940a8bcd6d999 vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="C:\Users\xxx\AppData\Local\Temp\DSoK7yAx.exe.part" sh=B3E8E059E9B8F4C4464D5C4190A53809018F7387 ft=1 fh=601f3f1b79a75ace vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="C:\Users\xxx\AppData\Local\Temp\ENCmK1p4.exe.part" sh=07B9589045B0C614ECCD8211FB9BEB528D8C3FAB ft=1 fh=e6f013263f1ef4bf vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="C:\Users\xxx\AppData\Local\Temp\hHKgWBJ3.exe.part" sh=07B9589045B0C614ECCD8211FB9BEB528D8C3FAB ft=1 fh=e6f013263f1ef4bf vn="Win32/Adware.1ClickDownload.AM application" ac=I fn="C:\Users\xxx\AppData\Local\Temp\QnAhVwAX.exe.part" Securtiycheck: Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 11.7.700.224 Mozilla Firefox (22.0) Google Chrome 27.0.1453.116 Google Chrome 28.0.1500.71 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` und FRST: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 04
Ran by Christoph (administrator) on 12-07-2013 23:47:54
Running from C:\Users\xxx\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\ExpressGateUtil\VAWinService.exe
(ASUS) C:\Windows\AsScrPro.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sony Ericsson Mobile Communications AB) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2121320 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [ETDWare] - %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelWireless] - "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-17] ()
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKCU\...\Run: [Sony Ericsson PC Companion] - "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon [774144 2009-12-08] (Sony Ericsson Mobile Communications AB)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: {d183ba6f-b27c-11e2-b8c2-bcaec51feecb} - F:\Startme.exe
HKLM-x32\...\Run: [RemoteControl9] - "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] - "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2429 2010-12-14] ()
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-04] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [SessionLogon] - C:\ExpressGateUtil\SessionLogon.exe [x]
HKLM-x32\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-13] ()
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-26] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [112232 2010-08-16] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [100968 2010-08-16] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.0 AE.lnk
ShortcutTarget: PHOTOfunSTUDIO 8.0 AE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\it0d8jas.default
FF Homepage: hxxp://www.tagesschau.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-18] (CyberLink)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] ()
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-21] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-25] (Avira Operations GmbH & Co. KG)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69120 2010-09-25] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2009-11-19] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2009-11-19] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2009-11-19] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2009-11-19] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2009-11-19] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2009-11-19] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2009-11-19] (MCCI Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [146928 2010-02-24] (CyberLink Corp.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [146928 2010-02-24] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-12 23:42 - 2013-07-12 23:42 - 00890988 ____A C:\Users\xxx\Desktop\SecurityCheck.exe
2013-07-11 23:36 - 2013-07-11 23:36 - 00000970 ____A C:\Users\xxx\Desktop\JRT.txt
2013-07-11 23:27 - 2013-07-11 23:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 23:26 - 2013-07-11 23:26 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\xxx\Desktop\JRT.exe
2013-07-11 23:20 - 2013-07-11 23:20 - 00001594 ____A C:\AdwCleaner[S5].txt
2013-07-11 23:20 - 2013-07-11 23:20 - 00001532 ____A C:\AdwCleaner[R8].txt
2013-07-11 23:19 - 2013-07-11 23:19 - 00662345 ____A C:\Users\xxx\Downloads\adwcleaner.exe
2013-07-11 10:54 - 2013-07-11 10:54 - 00002055 ____A C:\AdwCleaner[S4].txt
2013-07-11 10:53 - 2013-07-11 10:53 - 00002153 ____A C:\AdwCleaner[R7].txt
2013-07-11 10:43 - 2013-07-11 10:43 - 00013365 ____A C:\AdwCleaner[S3].txt
2013-07-11 10:42 - 2013-07-11 10:43 - 00013300 ____A C:\AdwCleaner[R6].txt
2013-07-11 10:33 - 2013-07-11 10:34 - 00023464 ____A C:\Users\xxx\Downloads\Addition.txt
2013-07-11 10:32 - 2013-07-11 10:32 - 00000000 ____D C:\FRST
2013-07-11 10:31 - 2013-07-11 10:31 - 01777775 ____A (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2013-07-11 10:29 - 2013-07-11 10:29 - 00003826 ____A C:\Windows\System32\Tasks\QtraxPlayer
2013-07-11 10:29 - 2013-07-11 10:29 - 00003536 ____A C:\Windows\System32\Tasks\DealPly
2013-07-11 10:29 - 2013-07-11 10:29 - 00003436 ____A C:\Windows\System32\Tasks\BrowserDefendert
2013-07-11 10:29 - 2013-07-11 10:29 - 00003374 ____A C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-11 10:29 - 2013-07-11 10:29 - 00002394 ____A C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-11 10:29 - 2013-07-11 10:29 - 00002364 ____A C:\Users\xxx\Desktop\Qtrax Player.lnk
2013-07-11 00:33 - 2013-07-11 00:34 - 00001483 ____A C:\AdwCleaner[R5].txt
2013-07-11 00:22 - 2013-07-11 00:22 - 00091826 ____A C:\Users\xxx\Desktop\OTL.Txt
2013-07-11 00:19 - 2013-07-11 00:19 - 00090478 ____A C:\Users\xxx\Downloads\Extras.Txt
2013-07-11 00:18 - 2013-07-11 00:18 - 00091852 ____A C:\Users\xxx\Downloads\OTL.Txt
2013-07-11 00:05 - 2013-07-11 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\Christoph\Downloads\OTL.exe
2013-07-11 00:03 - 2013-07-11 00:04 - 00000480 ____A C:\Users\xxx\Downloads\defogger_disable.log
2013-07-11 00:03 - 2013-07-11 00:03 - 00050477 ____A C:\Users\xxx\Downloads\Defogger.exe
2013-07-11 00:03 - 2013-07-11 00:03 - 00000000 ____A C:\Users\xxx\defogger_reenable
2013-07-10 23:36 - 2013-07-10 23:37 - 00001169 ____A C:\AdwCleaner[R4].txt
2013-07-10 23:36 - 2013-07-10 23:36 - 00001109 ____A C:\AdwCleaner[R3].txt
2013-07-10 23:32 - 2013-07-10 23:33 - 00001633 ____A C:\AdwCleaner[S2].txt
2013-07-10 23:32 - 2013-07-10 23:32 - 00001731 ____A C:\AdwCleaner[R2].txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00022395 ____A C:\Users\xxx\Desktop\dds.txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00009181 ____A C:\Users\xxx\Desktop\attach.txt
2013-07-10 23:21 - 2013-07-10 23:21 - 00688992 ____R (Swearware) C:\Users\xxx\Downloads\dds(1).com
2013-07-10 22:06 - 2013-05-29 08:15 - 17829376 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 22:06 - 2013-05-29 07:50 - 10926080 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 22:06 - 2013-05-29 07:43 - 02312704 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 22:06 - 2013-05-29 07:36 - 01346560 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 22:06 - 2013-05-29 07:35 - 01392128 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 22:06 - 2013-05-29 07:34 - 01494528 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-10 22:06 - 2013-05-29 07:33 - 00237056 ____A (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 22:06 - 2013-05-29 07:31 - 00085504 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 22:06 - 2013-05-29 07:29 - 00816640 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 22:06 - 2013-05-29 07:29 - 00599040 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-10 22:06 - 2013-05-29 07:29 - 00173056 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-10 22:06 - 2013-05-29 07:27 - 02147840 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 22:06 - 2013-05-29 07:27 - 00729088 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 22:06 - 2013-05-29 07:25 - 02382848 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 22:06 - 2013-05-29 07:25 - 00096768 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 22:06 - 2013-05-29 07:18 - 00248320 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 22:06 - 2013-05-29 03:56 - 12333568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 22:06 - 2013-05-29 03:50 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 22:06 - 2013-05-29 03:48 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 22:06 - 2013-05-29 03:41 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-10 22:06 - 2013-05-29 03:41 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 22:06 - 2013-05-29 03:41 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 22:06 - 2013-05-29 03:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 22:06 - 2013-05-29 03:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 22:06 - 2013-05-29 03:37 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-10 22:06 - 2013-05-29 03:36 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-10 22:06 - 2013-05-29 03:35 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 22:06 - 2013-05-29 03:35 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 22:06 - 2013-05-29 03:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 22:06 - 2013-05-29 03:33 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 22:06 - 2013-05-29 03:33 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 22:06 - 2013-05-29 03:29 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-10 21:50 - 2013-07-10 21:50 - 00688992 ____A (Swearware) C:\Users\Christoph\Downloads\dds.com
2013-07-10 21:44 - 2013-07-11 10:43 - 00000196 ____A C:\Windows\DeleteOnReboot.bat
2013-07-10 21:44 - 2013-07-10 21:44 - 00010940 ____A C:\AdwCleaner[S1].txt
2013-07-10 21:43 - 2013-07-10 21:43 - 00010897 ____A C:\AdwCleaner[R1].txt
2013-07-10 21:10 - 2013-06-05 05:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 21:10 - 2013-06-04 08:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 21:10 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 21:10 - 2013-05-06 08:03 - 01887744 ____A (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 21:10 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 21:09 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 21:09 - 2013-04-03 00:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-09 17:31 - 2013-07-11 10:29 - 00003410 ____A C:\Windows\System32\Tasks\EPUpdater
2013-07-04 13:30 - 2013-07-04 13:37 - 00000000 ____D C:\PFS8.0 AE_TMP
2013-06-29 12:55 - 2013-07-12 23:28 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 12:55 - 2013-06-29 13:28 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-29 12:54 - 2013-06-29 12:55 - 00000000 ____D C:\Users\xxx\AppData\Local\Adobe
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\xxx\Documents\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\ProgramData\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-06-28 00:03 - 2013-06-28 00:03 - 01264824 ____A (Ellora Assets Corporation ) C:\Users\xxx\Downloads\FreemakeAudioConverterSetup.exe
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\Users\xxx\AppData\Roaming\AVS4YOU
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-06-27 23:13 - 2013-06-28 00:00 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-06-27 23:13 - 2012-12-17 15:02 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-06-27 23:10 - 2013-07-09 21:20 - 00000000 ____D C:\Users\xxx\AppData\Roaming\DVDVideoSoft
2013-06-27 12:34 - 2013-06-27 12:34 - 00000000 ____D C:\ProgramData\Panasonic
2013-06-27 12:27 - 2013-07-09 17:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users/xxx\AppData\Roaming\InstallShield
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users\xxx\AppData\Local\Panasonic
2013-06-23 14:30 - 2007-06-22 00:10 - 00501912 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2013-06-23 14:30 - 2007-06-22 00:10 - 00000097 ____A C:\Windows\SysWOW64\PICSDK.ini
2013-06-23 14:30 - 2006-10-31 00:10 - 00120992 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2013-06-23 14:30 - 2006-10-31 00:10 - 00071840 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EPPicMgr.dll
2013-06-23 14:30 - 2006-10-20 00:10 - 00108704 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2013-06-23 14:30 - 2006-10-20 00:10 - 00080024 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2013-06-23 14:30 - 2005-06-01 00:20 - 00111932 ____A C:\Windows\SysWOW64\EPPICPrinterDB.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00031053 ____A C:\Windows\SysWOW64\EPPICPattern131.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00027417 ____A C:\Windows\SysWOW64\EPPICPattern121.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00026154 ____A C:\Windows\SysWOW64\EPPICPattern1.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00024903 ____A C:\Windows\SysWOW64\EPPICPattern3.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00021390 ____A C:\Windows\SysWOW64\EPPICPattern5.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00020148 ____A C:\Windows\SysWOW64\EPPICPattern2.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00013732 ____A C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00011811 ____A C:\Windows\SysWOW64\EPPICPattern4.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00006442 ____A C:\Windows\SysWOW64\EPPICLocal_IT.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006347 ____A C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006347 ____A C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006335 ____A C:\Windows\SysWOW64\EPPICLocal_GE.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006195 ____A C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006195 ____A C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006122 ____A C:\Windows\SysWOW64\EPPICLocal_DU.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006103 ____A C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00005817 ____A C:\Windows\SysWOW64\EPPICLocal_KO.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00005436 ____A C:\Windows\SysWOW64\EPPICLocal_SC.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00004943 ____A C:\Windows\SysWOW64\EPPICPattern6.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00002889 ____A C:\Windows\SysWOW64\EPPICLocal_RU.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00002426 ____A C:\Windows\SysWOW64\EPPICLocal_TC.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00001146 ____A C:\Windows\SysWOW64\EPPICPresetData_DU.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001139 ____A C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001139 ____A C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001136 ____A C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001129 ____A C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001129 ____A C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001120 ____A C:\Windows\SysWOW64\EPPICPresetData_IT.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001107 ____A C:\Windows\SysWOW64\EPPICPresetData_GE.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001104 ____A C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2013-06-23 14:25 - 2013-06-23 14:25 - 00002215 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.0 AE.lnk
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-06-23 12:01 - 2013-06-23 12:02 - 00000000 ____D C:\Users\Christoph\AppData\Local\Microsoft Games
2013-06-12 19:20 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-06-12 19:20 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 19:20 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-06-12 19:20 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 19:20 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-06-12 19:20 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-06-12 19:20 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 19:20 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 19:20 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-12 19:19 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-06-12 19:19 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-06-12 19:19 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-06-12 19:19 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-06-12 19:19 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 19:19 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 19:19 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 19:19 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 19:19 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 19:19 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\system32\d3d11.dll
==================== One Month Modified Files and Folders =======
2013-07-12 23:42 - 2013-07-12 23:42 - 00890988 ____A C:\Users\xxx\Desktop\SecurityCheck.exe
2013-07-12 23:28 - 2013-06-29 12:55 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-12 23:23 - 2010-12-14 19:14 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-12 23:23 - 2010-12-14 19:14 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-12 22:27 - 2010-12-14 18:38 - 01117370 ____A C:\Windows\WindowsUpdate.log
2013-07-12 19:26 - 2013-04-21 11:13 - 00002192 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-12 18:46 - 2009-07-14 06:45 - 00010016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-12 18:46 - 2009-07-14 06:45 - 00010016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-12 18:43 - 2013-04-21 11:35 - 00003962 ____A C:\Windows\System32\Tasks\User_Feed_Synchronization-{FFB44DA8-096C-4808-9FBC-BD03686F00E0}
2013-07-12 18:38 - 2010-12-14 20:08 - 00045056 ____A C:\Windows\system32\acovcnt.exe
2013-07-12 18:38 - 2010-12-14 20:02 - 00000000 ____D C:\Program Files\P4G
2013-07-12 18:38 - 2010-12-14 19:52 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-12 18:38 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-12 18:38 - 2009-07-14 06:51 - 00049365 ____A C:\Windows\setupact.log
2013-07-11 23:36 - 2013-07-11 23:36 - 00000970 ____A C:\Users\xxx\Desktop\JRT.txt
2013-07-11 23:27 - 2013-07-11 23:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 23:26 - 2013-07-11 23:26 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\Christoph\Desktop\JRT.exe
2013-07-11 23:20 - 2013-07-11 23:20 - 00001594 ____A C:\AdwCleaner[S5].txt
2013-07-11 23:20 - 2013-07-11 23:20 - 00001532 ____A C:\AdwCleaner[R8].txt
2013-07-11 23:19 - 2013-07-11 23:19 - 00662345 ____A C:\Users\xxx\Downloads\adwcleaner.exe
2013-07-11 22:36 - 2009-08-04 11:51 - 00665578 ____A C:\Windows\system32\perfh007.dat
2013-07-11 22:36 - 2009-08-04 11:51 - 00133758 ____A C:\Windows\system32\perfc007.dat
2013-07-11 22:36 - 2009-07-14 07:13 - 01529266 ____A C:\Windows\system32\PerfStringBackup.INI
2013-07-11 10:54 - 2013-07-11 10:54 - 00002055 ____A C:\AdwCleaner[S4].txt
2013-07-11 10:53 - 2013-07-11 10:53 - 00002153 ____A C:\AdwCleaner[R7].txt
2013-07-11 10:43 - 2013-07-11 10:43 - 00013365 ____A C:\AdwCleaner[S3].txt
2013-07-11 10:43 - 2013-07-11 10:42 - 00013300 ____A C:\AdwCleaner[R6].txt
2013-07-11 10:43 - 2013-07-10 21:44 - 00000196 ____A C:\Windows\DeleteOnReboot.bat
2013-07-11 10:34 - 2013-07-11 10:33 - 00023464 ____A C:\Users\xxx\Downloads\Addition.txt
2013-07-11 10:32 - 2013-07-11 10:32 - 00000000 ____D C:\FRST
2013-07-11 10:31 - 2013-07-11 10:31 - 01777775 ____A (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2013-07-11 10:29 - 2013-07-11 10:29 - 00003826 ____A C:\Windows\System32\Tasks\QtraxPlayer
2013-07-11 10:29 - 2013-07-11 10:29 - 00003536 ____A C:\Windows\System32\Tasks\DealPly
2013-07-11 10:29 - 2013-07-11 10:29 - 00003436 ____A C:\Windows\System32\Tasks\BrowserDefendert
2013-07-11 10:29 - 2013-07-11 10:29 - 00003374 ____A C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-11 10:29 - 2013-07-11 10:29 - 00002394 ____A C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-11 10:29 - 2013-07-11 10:29 - 00002364 ____A C:\Users\xxx\Desktop\Qtrax Player.lnk
2013-07-11 10:29 - 2013-07-09 17:31 - 00003410 ____A C:\Windows\System32\Tasks\EPUpdater
2013-07-11 10:11 - 2010-12-14 19:40 - 00257736 ____A C:\Windows\PFRO.log
2013-07-11 00:34 - 2013-07-11 00:33 - 00001483 ____A C:\AdwCleaner[R5].txt
2013-07-11 00:22 - 2013-07-11 00:22 - 00091826 ____A C:\Users\xxx\Desktop\OTL.Txt
2013-07-11 00:19 - 2013-07-11 00:19 - 00090478 ____A C:\Users\xxx\Downloads\Extras.Txt
2013-07-11 00:18 - 2013-07-11 00:18 - 00091852 ____A C:\Users\xxx\Downloads\OTL.Txt
2013-07-11 00:05 - 2013-07-11 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\xxx\Downloads\OTL.exe
2013-07-11 00:04 - 2013-07-11 00:03 - 00000480 ____A C:\Users\xxx\Downloads\defogger_disable.log
2013-07-11 00:03 - 2013-07-11 00:03 - 00050477 ____A C:\Users\xxx\Downloads\Defogger.exe
2013-07-11 00:03 - 2013-07-11 00:03 - 00000000 ____A C:\Users\xxx\defogger_reenable
2013-07-11 00:03 - 2013-04-20 13:19 - 00000000 ____D C:\Users\xxx
2013-07-10 23:37 - 2013-07-10 23:36 - 00001169 ____A C:\AdwCleaner[R4].txt
2013-07-10 23:36 - 2013-07-10 23:36 - 00001109 ____A C:\AdwCleaner[R3].txt
2013-07-10 23:33 - 2013-07-10 23:32 - 00001633 ____A C:\AdwCleaner[S2].txt
2013-07-10 23:32 - 2013-07-10 23:32 - 00001731 ____A C:\AdwCleaner[R2].txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00022395 ____A C:\Users/xxx\Desktop\dds.txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00009181 ____A C:\Users\xxx\Desktop\attach.txt
2013-07-10 23:21 - 2013-07-10 23:21 - 00688992 ____R (Swearware) C:\Users\xxx\Downloads\dds(1).com
2013-07-10 22:20 - 2009-07-14 06:45 - 00355968 ____A C:\Windows\system32\FNTCACHE.DAT
2013-07-10 22:18 - 2013-05-04 14:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 22:18 - 2013-05-04 14:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 22:18 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 22:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 22:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 22:10 - 2013-04-21 12:26 - 78185248 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 22:09 - 2013-04-21 14:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-10 21:50 - 2013-07-10 21:50 - 00688992 ____A (Swearware) C:\Users\xxx\Downloads\dds.com
2013-07-10 21:44 - 2013-07-10 21:44 - 00010940 ____A C:\AdwCleaner[S1].txt
2013-07-10 21:43 - 2013-07-10 21:43 - 00010897 ____A C:\AdwCleaner[R1].txt
2013-07-09 21:20 - 2013-06-27 23:10 - 00000000 ____D C:\Users\xxx\AppData\Roaming\DVDVideoSoft
2013-07-09 19:50 - 2010-12-14 20:03 - 00001402 ____A C:\Windows\system32\ServiceFilter.ini
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-09 17:31 - 2013-06-27 12:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-09 17:08 - 2013-05-03 22:42 - 00000000 ____D C:\Users\xxx\AppData\Local\Windows Live
2013-07-04 13:37 - 2013-07-04 13:30 - 00000000 ____D C:\PFS8.0 AE_TMP
2013-07-03 23:18 - 2010-12-14 19:14 - 00004120 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-03 23:18 - 2010-12-14 19:14 - 00003868 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-06-29 13:28 - 2013-06-29 12:55 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-29 13:28 - 2013-04-22 21:46 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-29 13:28 - 2013-04-22 21:46 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-29 12:55 - 2013-06-29 12:54 - 00000000 ____D C:\Users\xxx\AppData\Local\Adobe
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\xxx\Documents\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\ProgramData\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-06-28 00:03 - 2013-06-28 00:03 - 01264824 ____A (Ellora Assets Corporation ) C:\Users\Christoph\Downloads\FreemakeAudioConverterSetup.exe
2013-06-28 00:00 - 2013-06-27 23:13 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\Users\xxx\AppData\Roaming\AVS4YOU
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-06-27 22:35 - 2013-04-21 14:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 12:34 - 2013-06-27 12:34 - 00000000 ____D C:\ProgramData\Panasonic
2013-06-26 10:54 - 2013-05-07 18:29 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-23 20:24 - 2010-12-14 20:03 - 00002032 ____A C:\Windows\system32\AutoRunFilter.ini
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users\xxx\AppData\Roaming\InstallShield
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users\xxx\AppData\Local\Panasonic
2013-06-23 14:30 - 2013-04-20 13:19 - 00091368 ____A C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-23 14:25 - 2013-06-23 14:25 - 00002215 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.0 AE.lnk
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-06-23 14:22 - 2010-12-14 19:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-06-23 14:21 - 2010-12-14 19:25 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-23 12:02 - 2013-06-23 12:01 - 00000000 ____D C:\Users\xxx\AppData\Local\Microsoft Games
2013-06-16 21:24 - 2009-07-14 07:08 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-16 17:58 - 2013-04-21 14:11 - 00000000 ____D C:\Users\xxx\AppData\Local\Microsoft Help
2013-06-13 23:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-03 13:06
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Ja, ein kleines. Bei einem Download wurde mir der Qtraxplayer mitgeliefert. Jedoch ohne ein DeInstallationsprogramm. Wie bekomme ich den los ? Auf jeden Fall vielen Dank! Geändert von bissi4788 (12.07.2013 um 22:46 Uhr) |
|
13.07.2013, 10:17
| #8 |
| /// the machine /// TB-Ausbilder | FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehr Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\FullRemove.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
wo siehst du den Player?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.07.2013, 17:07
| #9 |
| | FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehr Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-07-2013 04 Ran by xxx at 2013-07-13 18:05:19 Run:1 Running from C:\Users\xxx\Downloads Boot Mode: Normal ============================================== C:\ProgramData\FullRemove.exe => Moved successfully. ==== End of Fixlog ==== Den Player habe ich als Verknüpfung auf dem Desktop |
|
13.07.2013, 19:04
| #10 |
| /// the machine /// TB-Ausbilder | FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehr Einfach Löschen vom Desktop. Dann ein frisches FRST Logfile bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.07.2013, 21:05
| #11 |
| | FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehr FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 04
Ran by xxx (administrator) on 13-07-2013 21:51:41
Running from C:\Users\xxx\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\ExpressGateUtil\VAWinService.exe
(ASUS) C:\Windows\AsScrPro.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sony Ericsson Mobile Communications AB) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2121320 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [ETDWare] - %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelWireless] - "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-17] ()
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKCU\...\Run: [Sony Ericsson PC Companion] - "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon [774144 2009-12-08] (Sony Ericsson Mobile Communications AB)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-29] (Adobe Systems Incorporated)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: {d183ba6f-b27c-11e2-b8c2-bcaec51feecb} - F:\Startme.exe
HKLM-x32\...\Run: [RemoteControl9] - "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] - "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2429 2010-12-14] ()
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-04] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [SessionLogon] - C:\ExpressGateUtil\SessionLogon.exe [x]
HKLM-x32\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-13] ()
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-26] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [112232 2010-08-16] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [100968 2010-08-16] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.0 AE.lnk
ShortcutTarget: PHOTOfunSTUDIO 8.0 AE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\it0d8jas.default
FF Homepage: hxxp://www.tagesschau.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-18] (CyberLink)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] ()
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-21] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-25] (Avira Operations GmbH & Co. KG)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69120 2010-09-25] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2009-11-19] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2009-11-19] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2009-11-19] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2009-11-19] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2009-11-19] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2009-11-19] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2009-11-19] (MCCI Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [146928 2010-02-24] (CyberLink Corp.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [146928 2010-02-24] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-12 23:42 - 2013-07-12 23:42 - 00890988 ____A C:\Users\xxx\Desktop\SecurityCheck.exe
2013-07-11 23:36 - 2013-07-11 23:36 - 00000970 ____A C:\Users\xxx\Desktop\JRT.txt
2013-07-11 23:27 - 2013-07-11 23:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 23:26 - 2013-07-11 23:26 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\xxx\Desktop\JRT.exe
2013-07-11 23:20 - 2013-07-11 23:20 - 00001594 ____A C:\AdwCleaner[S5].txt
2013-07-11 23:20 - 2013-07-11 23:20 - 00001532 ____A C:\AdwCleaner[R8].txt
2013-07-11 23:19 - 2013-07-11 23:19 - 00662345 ____A C:\Users\xxx\Downloads\adwcleaner.exe
2013-07-11 10:54 - 2013-07-11 10:54 - 00002055 ____A C:\AdwCleaner[S4].txt
2013-07-11 10:53 - 2013-07-11 10:53 - 00002153 ____A C:\AdwCleaner[R7].txt
2013-07-11 10:43 - 2013-07-11 10:43 - 00013365 ____A C:\AdwCleaner[S3].txt
2013-07-11 10:42 - 2013-07-11 10:43 - 00013300 ____A C:\AdwCleaner[R6].txt
2013-07-11 10:33 - 2013-07-11 10:34 - 00023464 ____A C:\Users\xxx\Downloads\Addition.txt
2013-07-11 10:32 - 2013-07-11 10:32 - 00000000 ____D C:\FRST
2013-07-11 10:31 - 2013-07-11 10:31 - 01777775 ____A (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2013-07-11 10:29 - 2013-07-11 10:29 - 00003826 ____A C:\Windows\System32\Tasks\QtraxPlayer
2013-07-11 10:29 - 2013-07-11 10:29 - 00003536 ____A C:\Windows\System32\Tasks\DealPly
2013-07-11 10:29 - 2013-07-11 10:29 - 00003436 ____A C:\Windows\System32\Tasks\BrowserDefendert
2013-07-11 10:29 - 2013-07-11 10:29 - 00003374 ____A C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-11 10:29 - 2013-07-11 10:29 - 00002394 ____A C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-11 00:33 - 2013-07-11 00:34 - 00001483 ____A C:\AdwCleaner[R5].txt
2013-07-11 00:22 - 2013-07-11 00:22 - 00091826 ____A C:\Users\xxx\Desktop\OTL.Txt
2013-07-11 00:19 - 2013-07-11 00:19 - 00090478 ____A C:\Users\xxx\Downloads\Extras.Txt
2013-07-11 00:18 - 2013-07-11 00:18 - 00091852 ____A C:\Users\xxx\Downloads\OTL.Txt
2013-07-11 00:05 - 2013-07-11 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\xxx\Downloads\OTL.exe
2013-07-11 00:03 - 2013-07-11 00:04 - 00000480 ____A C:\Users\xxx\Downloads\defogger_disable.log
2013-07-11 00:03 - 2013-07-11 00:03 - 00050477 ____A C:\Users\xxx\Downloads\Defogger.exe
2013-07-11 00:03 - 2013-07-11 00:03 - 00000000 ____A C:\Users\xxx\defogger_reenable
2013-07-10 23:36 - 2013-07-10 23:37 - 00001169 ____A C:\AdwCleaner[R4].txt
2013-07-10 23:36 - 2013-07-10 23:36 - 00001109 ____A C:\AdwCleaner[R3].txt
2013-07-10 23:32 - 2013-07-10 23:33 - 00001633 ____A C:\AdwCleaner[S2].txt
2013-07-10 23:32 - 2013-07-10 23:32 - 00001731 ____A C:\AdwCleaner[R2].txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00022395 ____A C:\Users\xxx\Desktop\dds.txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00009181 ____A C:\Users\xxx\Desktop\attach.txt
2013-07-10 23:21 - 2013-07-10 23:21 - 00688992 ____R (Swearware) C:\Users\xxx\Downloads\dds(1).com
2013-07-10 22:06 - 2013-05-29 08:15 - 17829376 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 22:06 - 2013-05-29 07:50 - 10926080 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 22:06 - 2013-05-29 07:43 - 02312704 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 22:06 - 2013-05-29 07:36 - 01346560 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 22:06 - 2013-05-29 07:35 - 01392128 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 22:06 - 2013-05-29 07:34 - 01494528 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-10 22:06 - 2013-05-29 07:33 - 00237056 ____A (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 22:06 - 2013-05-29 07:31 - 00085504 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 22:06 - 2013-05-29 07:29 - 00816640 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 22:06 - 2013-05-29 07:29 - 00599040 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-10 22:06 - 2013-05-29 07:29 - 00173056 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-10 22:06 - 2013-05-29 07:27 - 02147840 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 22:06 - 2013-05-29 07:27 - 00729088 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 22:06 - 2013-05-29 07:25 - 02382848 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 22:06 - 2013-05-29 07:25 - 00096768 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 22:06 - 2013-05-29 07:18 - 00248320 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 22:06 - 2013-05-29 03:56 - 12333568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 22:06 - 2013-05-29 03:50 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 22:06 - 2013-05-29 03:48 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 22:06 - 2013-05-29 03:41 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-10 22:06 - 2013-05-29 03:41 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 22:06 - 2013-05-29 03:41 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 22:06 - 2013-05-29 03:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 22:06 - 2013-05-29 03:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 22:06 - 2013-05-29 03:37 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-10 22:06 - 2013-05-29 03:36 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-10 22:06 - 2013-05-29 03:35 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 22:06 - 2013-05-29 03:35 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 22:06 - 2013-05-29 03:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 22:06 - 2013-05-29 03:33 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 22:06 - 2013-05-29 03:33 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 22:06 - 2013-05-29 03:29 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-10 21:50 - 2013-07-10 21:50 - 00688992 ____A (Swearware) C:\Users\xxx\Downloads\dds.com
2013-07-10 21:44 - 2013-07-11 10:43 - 00000196 ____A C:\Windows\DeleteOnReboot.bat
2013-07-10 21:44 - 2013-07-10 21:44 - 00010940 ____A C:\AdwCleaner[S1].txt
2013-07-10 21:43 - 2013-07-10 21:43 - 00010897 ____A C:\AdwCleaner[R1].txt
2013-07-10 21:10 - 2013-06-05 05:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 21:10 - 2013-06-04 08:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 21:10 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 21:10 - 2013-05-06 08:03 - 01887744 ____A (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 21:10 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 21:09 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 21:09 - 2013-04-03 00:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-09 17:31 - 2013-07-11 10:29 - 00003410 ____A C:\Windows\System32\Tasks\EPUpdater
2013-07-04 13:30 - 2013-07-04 13:37 - 00000000 ____D C:\PFS8.0 AE_TMP
2013-06-29 12:55 - 2013-07-13 21:28 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 12:55 - 2013-06-29 13:28 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-29 12:54 - 2013-06-29 12:55 - 00000000 ____D C:\Users\xxx\AppData\Local\Adobe
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\xxx\Documents\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\ProgramData\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-06-28 00:03 - 2013-06-28 00:03 - 01264824 ____A (Ellora Assets Corporation ) C:\Users\xxx\Downloads\FreemakeAudioConverterSetup.exe
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\Users\xxx\AppData\Roaming\AVS4YOU
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-06-27 23:13 - 2013-06-28 00:00 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-06-27 23:13 - 2012-12-17 15:02 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-06-27 23:10 - 2013-07-09 21:20 - 00000000 ____D C:\Users\xxx\AppData\Roaming\DVDVideoSoft
2013-06-27 12:34 - 2013-06-27 12:34 - 00000000 ____D C:\ProgramData\Panasonic
2013-06-27 12:27 - 2013-07-09 17:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users\xxx\AppData\Roaming\InstallShield
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users\xxx\AppData\Local\Panasonic
2013-06-23 14:30 - 2007-06-22 00:10 - 00501912 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2013-06-23 14:30 - 2007-06-22 00:10 - 00000097 ____A C:\Windows\SysWOW64\PICSDK.ini
2013-06-23 14:30 - 2006-10-31 00:10 - 00120992 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2013-06-23 14:30 - 2006-10-31 00:10 - 00071840 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EPPicMgr.dll
2013-06-23 14:30 - 2006-10-20 00:10 - 00108704 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2013-06-23 14:30 - 2006-10-20 00:10 - 00080024 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2013-06-23 14:30 - 2005-06-01 00:20 - 00111932 ____A C:\Windows\SysWOW64\EPPICPrinterDB.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00031053 ____A C:\Windows\SysWOW64\EPPICPattern131.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00027417 ____A C:\Windows\SysWOW64\EPPICPattern121.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00026154 ____A C:\Windows\SysWOW64\EPPICPattern1.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00024903 ____A C:\Windows\SysWOW64\EPPICPattern3.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00021390 ____A C:\Windows\SysWOW64\EPPICPattern5.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00020148 ____A C:\Windows\SysWOW64\EPPICPattern2.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00013732 ____A C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00011811 ____A C:\Windows\SysWOW64\EPPICPattern4.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00006442 ____A C:\Windows\SysWOW64\EPPICLocal_IT.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006347 ____A C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006347 ____A C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006335 ____A C:\Windows\SysWOW64\EPPICLocal_GE.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006195 ____A C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006195 ____A C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006122 ____A C:\Windows\SysWOW64\EPPICLocal_DU.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006103 ____A C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00005817 ____A C:\Windows\SysWOW64\EPPICLocal_KO.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00005436 ____A C:\Windows\SysWOW64\EPPICLocal_SC.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00004943 ____A C:\Windows\SysWOW64\EPPICPattern6.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00002889 ____A C:\Windows\SysWOW64\EPPICLocal_RU.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00002426 ____A C:\Windows\SysWOW64\EPPICLocal_TC.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00001146 ____A C:\Windows\SysWOW64\EPPICPresetData_DU.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001139 ____A C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001139 ____A C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001136 ____A C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001129 ____A C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001129 ____A C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001120 ____A C:\Windows\SysWOW64\EPPICPresetData_IT.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001107 ____A C:\Windows\SysWOW64\EPPICPresetData_GE.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001104 ____A C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2013-06-23 14:25 - 2013-06-23 14:25 - 00002215 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.0 AE.lnk
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-06-23 12:01 - 2013-06-23 12:02 - 00000000 ____D C:\Users\xxx\AppData\Local\Microsoft Games
==================== One Month Modified Files and Folders =======
2013-07-13 21:28 - 2013-06-29 12:55 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-13 21:28 - 2010-12-14 19:14 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-13 19:24 - 2013-04-21 11:35 - 00003962 ____A C:\Windows\System32\Tasks\User_Feed_Synchronization-{FFB44DA8-096C-4808-9FBC-BD03686F00E0}
2013-07-13 18:31 - 2013-04-21 11:13 - 00002192 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 18:28 - 2010-12-14 19:14 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-13 18:23 - 2010-12-14 19:14 - 00004120 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 18:23 - 2010-12-14 19:14 - 00003868 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 18:01 - 2009-07-14 06:45 - 00010016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-13 18:01 - 2009-07-14 06:45 - 00010016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 17:53 - 2010-12-14 20:08 - 00045056 ____A C:\Windows\system32\acovcnt.exe
2013-07-13 17:53 - 2010-12-14 20:02 - 00000000 ____D C:\Program Files\P4G
2013-07-13 17:53 - 2010-12-14 19:52 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-13 17:53 - 2010-12-14 19:40 - 00258570 ____A C:\Windows\PFRO.log
2013-07-13 17:53 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-13 17:53 - 2009-07-14 06:51 - 00049421 ____A C:\Windows\setupact.log
2013-07-13 00:18 - 2010-12-14 18:38 - 01152571 ____A C:\Windows\WindowsUpdate.log
2013-07-12 23:42 - 2013-07-12 23:42 - 00890988 ____A C:\Users\xxx\Desktop\SecurityCheck.exe
2013-07-11 23:36 - 2013-07-11 23:36 - 00000970 ____A C:\Users\xxx\Desktop\JRT.txt
2013-07-11 23:27 - 2013-07-11 23:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 23:26 - 2013-07-11 23:26 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\xxx\Desktop\JRT.exe
2013-07-11 23:20 - 2013-07-11 23:20 - 00001594 ____A C:\AdwCleaner[S5].txt
2013-07-11 23:20 - 2013-07-11 23:20 - 00001532 ____A C:\AdwCleaner[R8].txt
2013-07-11 23:19 - 2013-07-11 23:19 - 00662345 ____A C:\Users\xxx\Downloads\adwcleaner.exe
2013-07-11 22:36 - 2009-08-04 11:51 - 00665578 ____A C:\Windows\system32\perfh007.dat
2013-07-11 22:36 - 2009-08-04 11:51 - 00133758 ____A C:\Windows\system32\perfc007.dat
2013-07-11 22:36 - 2009-07-14 07:13 - 01529266 ____A C:\Windows\system32\PerfStringBackup.INI
2013-07-11 10:54 - 2013-07-11 10:54 - 00002055 ____A C:\AdwCleaner[S4].txt
2013-07-11 10:53 - 2013-07-11 10:53 - 00002153 ____A C:\AdwCleaner[R7].txt
2013-07-11 10:43 - 2013-07-11 10:43 - 00013365 ____A C:\AdwCleaner[S3].txt
2013-07-11 10:43 - 2013-07-11 10:42 - 00013300 ____A C:\AdwCleaner[R6].txt
2013-07-11 10:43 - 2013-07-10 21:44 - 00000196 ____A C:\Windows\DeleteOnReboot.bat
2013-07-11 10:34 - 2013-07-11 10:33 - 00023464 ____A C:\Users\xxx\Downloads\Addition.txt
2013-07-11 10:32 - 2013-07-11 10:32 - 00000000 ____D C:\FRST
2013-07-11 10:31 - 2013-07-11 10:31 - 01777775 ____A (Farbar) C:\Users/xxx\Downloads\FRST64.exe
2013-07-11 10:29 - 2013-07-11 10:29 - 00003826 ____A C:\Windows\System32\Tasks\QtraxPlayer
2013-07-11 10:29 - 2013-07-11 10:29 - 00003536 ____A C:\Windows\System32\Tasks\DealPly
2013-07-11 10:29 - 2013-07-11 10:29 - 00003436 ____A C:\Windows\System32\Tasks\BrowserDefendert
2013-07-11 10:29 - 2013-07-11 10:29 - 00003374 ____A C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-11 10:29 - 2013-07-11 10:29 - 00002394 ____A C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-11 10:29 - 2013-07-09 17:31 - 00003410 ____A C:\Windows\System32\Tasks\EPUpdater
2013-07-11 00:34 - 2013-07-11 00:33 - 00001483 ____A C:\AdwCleaner[R5].txt
2013-07-11 00:22 - 2013-07-11 00:22 - 00091826 ____A C:\Users\xxx\Desktop\OTL.Txt
2013-07-11 00:19 - 2013-07-11 00:19 - 00090478 ____A C:\Users\xxx\Downloads\Extras.Txt
2013-07-11 00:18 - 2013-07-11 00:18 - 00091852 ____A C:\Users\xxx\Downloads\OTL.Txt
2013-07-11 00:05 - 2013-07-11 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\xxx\Downloads\OTL.exe
2013-07-11 00:04 - 2013-07-11 00:03 - 00000480 ____A C:\Users\xxx\Downloads\defogger_disable.log
2013-07-11 00:03 - 2013-07-11 00:03 - 00050477 ____A C:\Users\xxx\Downloads\Defogger.exe
2013-07-11 00:03 - 2013-07-11 00:03 - 00000000 ____A C:\Users\xxx\defogger_reenable
2013-07-11 00:03 - 2013-04-20 13:19 - 00000000 ____D C:\Users\xxx
2013-07-10 23:37 - 2013-07-10 23:36 - 00001169 ____A C:\AdwCleaner[R4].txt
2013-07-10 23:36 - 2013-07-10 23:36 - 00001109 ____A C:\AdwCleaner[R3].txt
2013-07-10 23:33 - 2013-07-10 23:32 - 00001633 ____A C:\AdwCleaner[S2].txt
2013-07-10 23:32 - 2013-07-10 23:32 - 00001731 ____A C:\AdwCleaner[R2].txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00022395 ____A C:\Users\xxx\Desktop\dds.txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00009181 ____A C:\Users\xxx\Desktop\attach.txt
2013-07-10 23:21 - 2013-07-10 23:21 - 00688992 ____R (Swearware) C:\Users\xxx\Downloads\dds(1).com
2013-07-10 22:20 - 2009-07-14 06:45 - 00355968 ____A C:\Windows\system32\FNTCACHE.DAT
2013-07-10 22:18 - 2013-05-04 14:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 22:18 - 2013-05-04 14:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 22:18 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 22:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 22:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 22:10 - 2013-04-21 12:26 - 78185248 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 22:09 - 2013-04-21 14:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-10 21:50 - 2013-07-10 21:50 - 00688992 ____A (Swearware) C:\Users\xxx\Downloads\dds.com
2013-07-10 21:44 - 2013-07-10 21:44 - 00010940 ____A C:\AdwCleaner[S1].txt
2013-07-10 21:43 - 2013-07-10 21:43 - 00010897 ____A C:\AdwCleaner[R1].txt
2013-07-09 21:20 - 2013-06-27 23:10 - 00000000 ____D C:\Users\xxx\AppData\Roaming\DVDVideoSoft
2013-07-09 19:50 - 2010-12-14 20:03 - 00001402 ____A C:\Windows\system32\ServiceFilter.ini
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-09 17:31 - 2013-06-27 12:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-09 17:08 - 2013-05-03 22:42 - 00000000 ____D C:\Users\xxx\AppData\Local\Windows Live
2013-07-04 13:37 - 2013-07-04 13:30 - 00000000 ____D C:\PFS8.0 AE_TMP
2013-06-29 13:28 - 2013-06-29 12:55 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-29 13:28 - 2013-04-22 21:46 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-29 13:28 - 2013-04-22 21:46 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-29 12:55 - 2013-06-29 12:54 - 00000000 ____D C:\Users\xxx\AppData\Local\Adobe
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\xxx\Documents\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\ProgramData\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-06-28 00:03 - 2013-06-28 00:03 - 01264824 ____A (Ellora Assets Corporation ) C:\Users\xxx\Downloads\FreemakeAudioConverterSetup.exe
2013-06-28 00:00 - 2013-06-27 23:13 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\Users\xxx\AppData\Roaming\AVS4YOU
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-06-27 22:35 - 2013-04-21 14:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 12:34 - 2013-06-27 12:34 - 00000000 ____D C:\ProgramData\Panasonic
2013-06-26 10:54 - 2013-05-07 18:29 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-23 20:24 - 2010-12-14 20:03 - 00002032 ____A C:\Windows\system32\AutoRunFilter.ini
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users/xxx\AppData\Roaming\InstallShield
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users/xxx\AppData\Local\Panasonic
2013-06-23 14:30 - 2013-04-20 13:19 - 00091368 ____A C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-23 14:25 - 2013-06-23 14:25 - 00002215 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.0 AE.lnk
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-06-23 14:22 - 2010-12-14 19:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-06-23 14:21 - 2010-12-14 19:25 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-23 12:02 - 2013-06-23 12:01 - 00000000 ____D C:\Users\xxx\AppData\Local\Microsoft Games
2013-06-16 21:24 - 2009-07-14 07:08 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-16 17:58 - 2013-04-21 14:11 - 00000000 ____D C:\Users\xxx\AppData\Local\Microsoft Help
2013-06-13 23:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 18:31
==================== End Of Log ============================
--- --- --- |
|
13.07.2013, 21:15
| #12 |
| /// the machine /// TB-Ausbilder | FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehr Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter 2013-07-11 10:29 - 2013-07-11 10:29 - 00003826 ____A C:\Windows\System32\Tasks\QtraxPlayer
2013-07-11 10:29 - 2013-07-11 10:29 - 00003536 ____A C:\Windows\System32\Tasks\DealPly
2013-07-11 10:29 - 2013-07-11 10:29 - 00003436 ____A C:\Windows\System32\Tasks\BrowserDefendert
2013-07-11 10:29 - 2013-07-11 10:29 - 00003374 ____A C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-11 10:29 - 2013-07-11 10:29 - 00002394 ____A C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-11 10:29 - 2013-07-11 10:29 - 00003826 ____A C:\Windows\System32\Tasks\QtraxPlayer
2013-07-11 10:29 - 2013-07-11 10:29 - 00003536 ____A C:\Windows\System32\Tasks\DealPly
2013-07-11 10:29 - 2013-07-11 10:29 - 00003436 ____A C:\Windows\System32\Tasks\BrowserDefendert
2013-07-11 10:29 - 2013-07-11 10:29 - 00003374 ____A C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-11 10:29 - 2013-07-11 10:29 - 00002394 ____A C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
und nochmal ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.07.2013, 23:49
| #13 |
| | FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehr Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-07-2013 04 Ran by xxx at 2013-07-14 00:37:34 Run:2 Running from C:\Users\xxx\Downloads Boot Mode: Normal ============================================== C:\Windows\System32\Tasks\QtraxPlayer => Moved successfully. C:\Windows\System32\Tasks\DealPly => Moved successfully. C:\Windows\System32\Tasks\BrowserDefendert => Moved successfully. C:\Windows\System32\Tasks\DealPlyUpdate => Moved successfully. "C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk" => File/Directory not found. "C:\Windows\System32\Tasks\QtraxPlayer" => File/Directory not found. "C:\Windows\System32\Tasks\DealPly" => File/Directory not found. "C:\Windows\System32\Tasks\BrowserDefendert" => File/Directory not found. "C:\Windows\System32\Tasks\DealPlyUpdate" => File/Directory not found. "C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk" => File/Directory not found. ==== End of Fixlog ==== FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-07-2013 04
Ran by xxx (administrator) on 14-07-2013 00:40:05
Running from C:\Users\xxx\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\ExpressGateUtil\VAWinService.exe
(ASUS) C:\Windows\AsScrPro.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sony Ericsson Mobile Communications AB) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Boingo Wireless, Inc.) C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(asus) C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ASUS WebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2121320 2010-09-28] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-05-03] (Alcor Micro Corp.)
HKLM\...\Run: [ETDWare] - %ProgramFiles%\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [IntelWireless] - "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-17] ()
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
HKLM\...\Run: [IgfxTray] - C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKCU\...\Run: [Sony Ericsson PC Companion] - "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon [774144 2009-12-08] (Sony Ericsson Mobile Communications AB)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin [814472 2013-06-29] (Adobe Systems Incorporated)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
MountPoints2: {d183ba6f-b27c-11e2-b8c2-bcaec51feecb} - F:\Startme.exe
HKLM-x32\...\Run: [RemoteControl9] - "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-01-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2010-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [Boingo Wi-Fi] - "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2429 2010-12-14] ()
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-04] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [SessionLogon] - C:\ExpressGateUtil\SessionLogon.exe [x]
HKLM-x32\...\Run: [VAWinAgent] - C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-13] ()
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-26] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [112232 2010-08-16] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [100968 2010-08-16] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.0 AE.lnk
ShortcutTarget: PHOTOfunSTUDIO 8.0 AE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\it0d8jas.default
FF Homepage: hxxp://www.tagesschau.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-18] (CyberLink)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-04-06] ()
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-21] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-25] (Avira Operations GmbH & Co. KG)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69120 2010-09-25] (Fresco Logic)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2009-11-19] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2009-11-19] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2009-11-19] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2009-11-19] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2009-11-19] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2009-11-19] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2009-11-19] (MCCI Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800192 2009-08-20] ()
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [146928 2010-02-24] (CyberLink Corp.)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [146928 2010-02-24] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-12 23:42 - 2013-07-12 23:42 - 00890988 ____A C:\Users\Christoph\Desktop\SecurityCheck.exe
2013-07-11 23:36 - 2013-07-11 23:36 - 00000970 ____A C:\Users\Christoph\Desktop\JRT.txt
2013-07-11 23:27 - 2013-07-11 23:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 23:26 - 2013-07-11 23:26 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\xxx\Desktop\JRT.exe
2013-07-11 23:20 - 2013-07-11 23:20 - 00001594 ____A C:\AdwCleaner[S5].txt
2013-07-11 23:20 - 2013-07-11 23:20 - 00001532 ____A C:\AdwCleaner[R8].txt
2013-07-11 23:19 - 2013-07-11 23:19 - 00662345 ____A C:\Users\xxx\Downloads\adwcleaner.exe
2013-07-11 10:54 - 2013-07-11 10:54 - 00002055 ____A C:\AdwCleaner[S4].txt
2013-07-11 10:53 - 2013-07-11 10:53 - 00002153 ____A C:\AdwCleaner[R7].txt
2013-07-11 10:43 - 2013-07-11 10:43 - 00013365 ____A C:\AdwCleaner[S3].txt
2013-07-11 10:42 - 2013-07-11 10:43 - 00013300 ____A C:\AdwCleaner[R6].txt
2013-07-11 10:33 - 2013-07-11 10:34 - 00023464 ____A C:\Users\xxx\Downloads\Addition.txt
2013-07-11 10:32 - 2013-07-11 10:32 - 00000000 ____D C:\FRST
2013-07-11 10:31 - 2013-07-11 10:31 - 01777775 ____A (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2013-07-11 10:29 - 2013-07-11 10:29 - 00002394 ____A C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-11 00:33 - 2013-07-11 00:34 - 00001483 ____A C:\AdwCleaner[R5].txt
2013-07-11 00:22 - 2013-07-11 00:22 - 00091826 ____A C:\Users\xxx\Desktop\OTL.Txt
2013-07-11 00:19 - 2013-07-11 00:19 - 00090478 ____A C:\Users\xxx\Downloads\Extras.Txt
2013-07-11 00:18 - 2013-07-11 00:18 - 00091852 ____A C:\Users\xxx\Downloads\OTL.Txt
2013-07-11 00:05 - 2013-07-11 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\Christoph\Downloads\OTL.exe
2013-07-11 00:03 - 2013-07-11 00:04 - 00000480 ____A C:\Users\xxx\Downloads\defogger_disable.log
2013-07-11 00:03 - 2013-07-11 00:03 - 00050477 ____A C:\Users\xxx\Downloads\Defogger.exe
2013-07-11 00:03 - 2013-07-11 00:03 - 00000000 ____A C:\Users\xxx\defogger_reenable
2013-07-10 23:36 - 2013-07-10 23:37 - 00001169 ____A C:\AdwCleaner[R4].txt
2013-07-10 23:36 - 2013-07-10 23:36 - 00001109 ____A C:\AdwCleaner[R3].txt
2013-07-10 23:32 - 2013-07-10 23:33 - 00001633 ____A C:\AdwCleaner[S2].txt
2013-07-10 23:32 - 2013-07-10 23:32 - 00001731 ____A C:\AdwCleaner[R2].txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00022395 ____A C:\Users\xxx\Desktop\dds.txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00009181 ____A C:\Users\xxx\Desktop\attach.txt
2013-07-10 23:21 - 2013-07-10 23:21 - 00688992 ____R (Swearware) C:\Users\xxx\Downloads\dds(1).com
2013-07-10 22:06 - 2013-05-29 08:15 - 17829376 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 22:06 - 2013-05-29 07:50 - 10926080 ____A (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 22:06 - 2013-05-29 07:43 - 02312704 ____A (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 22:06 - 2013-05-29 07:36 - 01346560 ____A (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 22:06 - 2013-05-29 07:35 - 01392128 ____A (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 22:06 - 2013-05-29 07:34 - 01494528 ____A (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-10 22:06 - 2013-05-29 07:33 - 00237056 ____A (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 22:06 - 2013-05-29 07:31 - 00085504 ____A (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 22:06 - 2013-05-29 07:29 - 00816640 ____A (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 22:06 - 2013-05-29 07:29 - 00599040 ____A (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-10 22:06 - 2013-05-29 07:29 - 00173056 ____A (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-10 22:06 - 2013-05-29 07:27 - 02147840 ____A (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 22:06 - 2013-05-29 07:27 - 00729088 ____A (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 22:06 - 2013-05-29 07:25 - 02382848 ____A (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 22:06 - 2013-05-29 07:25 - 00096768 ____A (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 22:06 - 2013-05-29 07:18 - 00248320 ____A (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 22:06 - 2013-05-29 03:56 - 12333568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 22:06 - 2013-05-29 03:50 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 22:06 - 2013-05-29 03:48 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 22:06 - 2013-05-29 03:41 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-10 22:06 - 2013-05-29 03:41 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 22:06 - 2013-05-29 03:41 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 22:06 - 2013-05-29 03:40 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 22:06 - 2013-05-29 03:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 22:06 - 2013-05-29 03:37 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-10 22:06 - 2013-05-29 03:36 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-10 22:06 - 2013-05-29 03:35 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 22:06 - 2013-05-29 03:35 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 22:06 - 2013-05-29 03:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 22:06 - 2013-05-29 03:33 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 22:06 - 2013-05-29 03:33 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 22:06 - 2013-05-29 03:29 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-10 21:50 - 2013-07-10 21:50 - 00688992 ____A (Swearware) C:\Users\xxx\Downloads\dds.com
2013-07-10 21:44 - 2013-07-11 10:43 - 00000196 ____A C:\Windows\DeleteOnReboot.bat
2013-07-10 21:44 - 2013-07-10 21:44 - 00010940 ____A C:\AdwCleaner[S1].txt
2013-07-10 21:43 - 2013-07-10 21:43 - 00010897 ____A C:\AdwCleaner[R1].txt
2013-07-10 21:10 - 2013-06-05 05:34 - 03153920 ____A (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 21:10 - 2013-06-04 08:00 - 00624128 ____A (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 21:10 - 2013-06-04 06:53 - 00509440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 21:10 - 2013-05-06 08:03 - 01887744 ____A (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 21:10 - 2013-05-06 06:56 - 01620480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 21:09 - 2013-04-10 01:34 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 21:09 - 2013-04-03 00:51 - 01643520 ____A (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-09 17:31 - 2013-07-11 10:29 - 00003410 ____A C:\Windows\System32\Tasks\EPUpdater
2013-07-04 13:30 - 2013-07-04 13:37 - 00000000 ____D C:\PFS8.0 AE_TMP
2013-06-29 12:55 - 2013-07-14 00:28 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 12:55 - 2013-06-29 13:28 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-29 12:54 - 2013-06-29 12:55 - 00000000 ____D C:\Users\Christoph\AppData\Local\Adobe
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\Christoph\Documents\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\ProgramData\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-06-28 00:03 - 2013-06-28 00:03 - 01264824 ____A (Ellora Assets Corporation ) C:\Users\Christoph\Downloads\FreemakeAudioConverterSetup.exe
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\Users\xxx\AppData\Roaming\AVS4YOU
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-06-27 23:13 - 2013-06-28 00:00 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-06-27 23:13 - 2012-12-17 15:02 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2013-06-27 23:10 - 2013-07-09 21:20 - 00000000 ____D C:\Users\xxx\AppData\Roaming\DVDVideoSoft
2013-06-27 12:34 - 2013-06-27 12:34 - 00000000 ____D C:\ProgramData\Panasonic
2013-06-27 12:27 - 2013-07-09 17:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users\xxxAppData\Roaming\InstallShield
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users\xxx\AppData\Local\Panasonic
2013-06-23 14:30 - 2007-06-22 00:10 - 00501912 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2013-06-23 14:30 - 2007-06-22 00:10 - 00000097 ____A C:\Windows\SysWOW64\PICSDK.ini
2013-06-23 14:30 - 2006-10-31 00:10 - 00120992 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2013-06-23 14:30 - 2006-10-31 00:10 - 00071840 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EPPicMgr.dll
2013-06-23 14:30 - 2006-10-20 00:10 - 00108704 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2013-06-23 14:30 - 2006-10-20 00:10 - 00080024 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2013-06-23 14:30 - 2005-06-01 00:20 - 00111932 ____A C:\Windows\SysWOW64\EPPICPrinterDB.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00031053 ____A C:\Windows\SysWOW64\EPPICPattern131.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00027417 ____A C:\Windows\SysWOW64\EPPICPattern121.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00026154 ____A C:\Windows\SysWOW64\EPPICPattern1.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00024903 ____A C:\Windows\SysWOW64\EPPICPattern3.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00021390 ____A C:\Windows\SysWOW64\EPPICPattern5.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00020148 ____A C:\Windows\SysWOW64\EPPICPattern2.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00013732 ____A C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00011811 ____A C:\Windows\SysWOW64\EPPICPattern4.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00006442 ____A C:\Windows\SysWOW64\EPPICLocal_IT.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006347 ____A C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006347 ____A C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006335 ____A C:\Windows\SysWOW64\EPPICLocal_GE.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006195 ____A C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006195 ____A C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006122 ____A C:\Windows\SysWOW64\EPPICLocal_DU.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00006103 ____A C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00005817 ____A C:\Windows\SysWOW64\EPPICLocal_KO.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00005436 ____A C:\Windows\SysWOW64\EPPICLocal_SC.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00004943 ____A C:\Windows\SysWOW64\EPPICPattern6.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00002889 ____A C:\Windows\SysWOW64\EPPICLocal_RU.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00002426 ____A C:\Windows\SysWOW64\EPPICLocal_TC.cfg
2013-06-23 14:30 - 2004-03-03 06:10 - 00001146 ____A C:\Windows\SysWOW64\EPPICPresetData_DU.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001139 ____A C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001139 ____A C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001136 ____A C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001129 ____A C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001129 ____A C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001120 ____A C:\Windows\SysWOW64\EPPICPresetData_IT.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001107 ____A C:\Windows\SysWOW64\EPPICPresetData_GE.dat
2013-06-23 14:30 - 2004-03-03 06:10 - 00001104 ____A C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2013-06-23 14:25 - 2013-06-23 14:25 - 00002215 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.0 AE.lnk
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-06-23 12:01 - 2013-06-23 12:02 - 00000000 ____D C:\Users\xxx\AppData\Local\Microsoft Games
==================== One Month Modified Files and Folders =======
2013-07-14 00:30 - 2013-04-21 11:35 - 00003962 ____A C:\Windows\System32\Tasks\User_Feed_Synchronization-{FFB44DA8-096C-4808-9FBC-BD03686F00E0}
2013-07-14 00:28 - 2013-06-29 12:55 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-14 00:28 - 2010-12-14 19:14 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-13 20:21 - 2010-12-14 18:38 - 01162660 ____A C:\Windows\WindowsUpdate.log
2013-07-13 18:31 - 2013-04-21 11:13 - 00002192 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 18:28 - 2010-12-14 19:14 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-13 18:23 - 2010-12-14 19:14 - 00004120 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 18:23 - 2010-12-14 19:14 - 00003868 ____A C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 18:01 - 2009-07-14 06:45 - 00010016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-13 18:01 - 2009-07-14 06:45 - 00010016 ___AH C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 17:53 - 2010-12-14 20:08 - 00045056 ____A C:\Windows\system32\acovcnt.exe
2013-07-13 17:53 - 2010-12-14 20:02 - 00000000 ____D C:\Program Files\P4G
2013-07-13 17:53 - 2010-12-14 19:52 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-13 17:53 - 2010-12-14 19:40 - 00258570 ____A C:\Windows\PFRO.log
2013-07-13 17:53 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-13 17:53 - 2009-07-14 06:51 - 00049421 ____A C:\Windows\setupact.log
2013-07-12 23:42 - 2013-07-12 23:42 - 00890988 ____A C:\Users\xxx\Desktop\SecurityCheck.exe
2013-07-11 23:36 - 2013-07-11 23:36 - 00000970 ____A C:\Users\xxx\Desktop\JRT.txt
2013-07-11 23:27 - 2013-07-11 23:27 - 00000000 ____D C:\Windows\ERUNT
2013-07-11 23:26 - 2013-07-11 23:26 - 00559306 ____A (Oleg N. Scherbakov) C:\Users\xxx\Desktop\JRT.exe
2013-07-11 23:20 - 2013-07-11 23:20 - 00001594 ____A C:\AdwCleaner[S5].txt
2013-07-11 23:20 - 2013-07-11 23:20 - 00001532 ____A C:\AdwCleaner[R8].txt
2013-07-11 23:19 - 2013-07-11 23:19 - 00662345 ____A C:\Users\xxx\Downloads\adwcleaner.exe
2013-07-11 22:36 - 2009-08-04 11:51 - 00665578 ____A C:\Windows\system32\perfh007.dat
2013-07-11 22:36 - 2009-08-04 11:51 - 00133758 ____A C:\Windows\system32\perfc007.dat
2013-07-11 22:36 - 2009-07-14 07:13 - 01529266 ____A C:\Windows\system32\PerfStringBackup.INI
2013-07-11 10:54 - 2013-07-11 10:54 - 00002055 ____A C:\AdwCleaner[S4].txt
2013-07-11 10:53 - 2013-07-11 10:53 - 00002153 ____A C:\AdwCleaner[R7].txt
2013-07-11 10:43 - 2013-07-11 10:43 - 00013365 ____A C:\AdwCleaner[S3].txt
2013-07-11 10:43 - 2013-07-11 10:42 - 00013300 ____A C:\AdwCleaner[R6].txt
2013-07-11 10:43 - 2013-07-10 21:44 - 00000196 ____A C:\Windows\DeleteOnReboot.bat
2013-07-11 10:34 - 2013-07-11 10:33 - 00023464 ____A C:\Users\xxx\Downloads\Addition.txt
2013-07-11 10:32 - 2013-07-11 10:32 - 00000000 ____D C:\FRST
2013-07-11 10:31 - 2013-07-11 10:31 - 01777775 ____A (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2013-07-11 10:29 - 2013-07-11 10:29 - 00002394 ____A C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-11 10:29 - 2013-07-09 17:31 - 00003410 ____A C:\Windows\System32\Tasks\EPUpdater
2013-07-11 00:34 - 2013-07-11 00:33 - 00001483 ____A C:\AdwCleaner[R5].txt
2013-07-11 00:22 - 2013-07-11 00:22 - 00091826 ____A C:\Users\xxx\Desktop\OTL.Txt
2013-07-11 00:19 - 2013-07-11 00:19 - 00090478 ____A C:\Users\xxx\Downloads\Extras.Txt
2013-07-11 00:18 - 2013-07-11 00:18 - 00091852 ____A C:\Users\xxx\Downloads\OTL.Txt
2013-07-11 00:05 - 2013-07-11 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\Christoph\Downloads\OTL.exe
2013-07-11 00:04 - 2013-07-11 00:03 - 00000480 ____A C:\Users\xxx\Downloads\defogger_disable.log
2013-07-11 00:03 - 2013-07-11 00:03 - 00050477 ____A C:\Users\xxx\Downloads\Defogger.exe
2013-07-11 00:03 - 2013-07-11 00:03 - 00000000 ____A C:\Users\xxx\defogger_reenable
2013-07-11 00:03 - 2013-04-20 13:19 - 00000000 ____D C:\Users\xxx
2013-07-10 23:37 - 2013-07-10 23:36 - 00001169 ____A C:\AdwCleaner[R4].txt
2013-07-10 23:36 - 2013-07-10 23:36 - 00001109 ____A C:\AdwCleaner[R3].txt
2013-07-10 23:33 - 2013-07-10 23:32 - 00001633 ____A C:\AdwCleaner[S2].txt
2013-07-10 23:32 - 2013-07-10 23:32 - 00001731 ____A C:\AdwCleaner[R2].txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00022395 ____A C:\Users\xxx\Desktop\dds.txt
2013-07-10 23:23 - 2013-07-10 23:23 - 00009181 ____A C:\Users\xxx\Desktop\attach.txt
2013-07-10 23:21 - 2013-07-10 23:21 - 00688992 ____R (Swearware) C:\Users\Christoph\Downloads\dds(1).com
2013-07-10 22:20 - 2009-07-14 06:45 - 00355968 ____A C:\Windows\system32\FNTCACHE.DAT
2013-07-10 22:18 - 2013-05-04 14:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 22:18 - 2013-05-04 14:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 22:18 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 22:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 22:18 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 22:10 - 2013-04-21 12:26 - 78185248 ____A (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-10 22:09 - 2013-04-21 14:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-10 22:00 - 2013-07-10 22:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-10 21:50 - 2013-07-10 21:50 - 00688992 ____A (Swearware) C:\Users\xxx\Downloads\dds.com
2013-07-10 21:44 - 2013-07-10 21:44 - 00010940 ____A C:\AdwCleaner[S1].txt
2013-07-10 21:43 - 2013-07-10 21:43 - 00010897 ____A C:\AdwCleaner[R1].txt
2013-07-09 21:20 - 2013-06-27 23:10 - 00000000 ____D C:\Users\xxx\AppData\Roaming\DVDVideoSoft
2013-07-09 19:50 - 2010-12-14 20:03 - 00001402 ____A C:\Windows\system32\ServiceFilter.ini
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-09 17:54 - 2013-07-09 17:54 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-09 17:31 - 2013-06-27 12:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-09 17:08 - 2013-05-03 22:42 - 00000000 ____D C:\Users\xxx\AppData\Local\Windows Live
2013-07-04 13:37 - 2013-07-04 13:30 - 00000000 ____D C:\PFS8.0 AE_TMP
2013-06-29 13:28 - 2013-06-29 12:55 - 00003822 ____A C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-06-29 13:28 - 2013-04-22 21:46 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-29 13:28 - 2013-04-22 21:46 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-29 12:55 - 2013-06-29 12:54 - 00000000 ____D C:\Users\xxx\AppData\Local\Adobe
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\xxxDocuments\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\ProgramData\Freemake
2013-06-28 00:04 - 2013-06-28 00:04 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-06-28 00:03 - 2013-06-28 00:03 - 01264824 ____A (Ellora Assets Corporation ) C:\Users\Christoph\Downloads\FreemakeAudioConverterSetup.exe
2013-06-28 00:00 - 2013-06-27 23:13 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\Users\xxx\AppData\Roaming\AVS4YOU
2013-06-27 23:14 - 2013-06-27 23:14 - 00000000 ____D C:\ProgramData\AVS4YOU
2013-06-27 22:35 - 2013-04-21 14:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 12:34 - 2013-06-27 12:34 - 00000000 ____D C:\ProgramData\Panasonic
2013-06-26 10:54 - 2013-05-07 18:29 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-23 20:24 - 2010-12-14 20:03 - 00002032 ____A C:\Windows\system32\AutoRunFilter.ini
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users\xxx\AppData\Roaming\InstallShield
2013-06-23 14:30 - 2013-06-23 14:30 - 00000000 ____D C:\Users\xxx\AppData\Local\Panasonic
2013-06-23 14:30 - 2013-04-20 13:19 - 00091368 ____A C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-23 14:25 - 2013-06-23 14:25 - 00002215 ____A C:\Users\Public\Desktop\PHOTOfunSTUDIO 8.0 AE.lnk
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-06-23 14:22 - 2013-06-23 14:22 - 00000000 ____D C:\Program Files (x86)\Panasonic
2013-06-23 14:22 - 2010-12-14 19:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-06-23 14:21 - 2013-06-23 14:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-06-23 14:21 - 2010-12-14 19:25 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-23 12:02 - 2013-06-23 12:01 - 00000000 ____D C:\Users\xxx\AppData\Local\Microsoft Games
2013-06-16 21:24 - 2009-07-14 07:08 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-16 17:58 - 2013-04-21 14:11 - 00000000 ____D C:\Users\xxx\AppData\Local\Microsoft Help
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 18:31
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Ich habe, wenn ich über das Startmenü den Rechner nach Qtrax durchsuchen lasse, noch einen Ordner und das Programm drauf. Darf ich das auch einfach löschen ? Danke. |
|
14.07.2013, 12:36
| #14 |
| /// the machine /// TB-Ausbilder | FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehr Jep einfach löschen. Sonst Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.07.2013, 12:45
| #15 |
| | FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehr Nein, keine Probleme. Danke! |
|
| Themen zu FreeYoutubeToMP3Converter5628.exe heruntergeladen - Firefox ändert die Startseite nicht mehr |
| adobe, adw-cleaner, antivir, application/pdf:, autorun, avg, bho, browser, chip.de, converter, defender, desktop, explorer, firefox, flash player, focus, format, helper, internet, internet browser, internet explorer, logfile, mozilla, nvpciflt.sys, realtek, registrierungsdatenbank, registry, software, tracker, win32/adware.1clickdownload.am, windows, wscript.exe |
