Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Probleme mit allen Browsern nach unbekanntem Programmstart

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.07.2013, 17:57   #1
Hamann
 
Probleme mit allen Browsern nach unbekanntem Programmstart - Standard

Probleme mit allen Browsern nach unbekanntem Programmstart



Guten Tag allerseits,

heute habe ich beim Schauen eines Videos mit einem Kollegen auf der Seite Youporn ein Problem mit meinen Browsern bekommen. Im laufe des Videos bekam ich von meinem Microsoft Security Essential oder von meinem Anti-Virusprogramm von Avast die Meldung aufgezeigt, dass ein Programm laufen möchte und dafür meine Erlaubnis braucht. Diese soll sich angeblich in einem der Systemordnern befinden. Beim genauen Hinschauen habe ich festgestellt, dass es einen komischen Namen hat, einen französischen ''connaiss....afrolegend.us...'' so was in der Art. Ich habe dem Programm die Erlaubnis nicht gegeben. Und genau von da an hatte ich plötzlich kein Ton mehr auf meinen Browsern. Aber sonst normal habe ich Ton, auch auf Youtube (habe ich ausprobiert), es ist nur Youporn. War das Programm ein Virus oder was harmloses? Kennt jemand das Programm? Gibt es ein Programm welches es suchen aus isolieren kann? Habe mehrmals verschiedene Virenscanner laufen lassen, einschl. Online scanner von Micro, Panda ... aber keins von ihnen hat was gefunden. Das Problem jedoch bleibt bestehen auf allen Pornoseiten Woran könnte das liegen? Bitte um Hife.

mit freundlichen Grüßen

Alt 24.07.2013, 18:29   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme mit allen Browsern nach unbekanntem Programmstart - Standard

Probleme mit allen Browsern nach unbekanntem Programmstart



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 24.07.2013, 22:44   #3
Hamann
 
Probleme mit allen Browsern nach unbekanntem Programmstart - Standard

Probleme mit allen Browsern nach unbekanntem Programmstart



Code:
ATTFilter
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft) C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [BrowserMask] - C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe [101328 2012-08-14] (Microsoft)
MountPoints2: {43b27acf-ac7d-11df-95ad-806e6f6e6963} - G:\start.exe
MountPoints2: {4aa59d0a-ee64-11df-9942-001999734202} - L:\start.exe
MountPoints2: {7bc6dbf3-acaa-11df-b137-806e6f6e6963} - G:\Start.exe
MountPoints2: {c54fad6a-f27a-11e0-98ed-001999734202} - M:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {c54fad75-f27a-11e0-98ed-001999734202} - M:\setup_vmc_lite.exe /checkApplicationPresence
HKLM-x32\...\Run: [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1263952 2013-02-13] ()
AppInit_DLLs-x32:      [0 ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=DE&userid=90d611e1-f6a9-44d1-84e5-d91cd0a6d099&searchtype=ds&q={searchTerms}&installDate=08/07/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=DE&userid=90d611e1-f6a9-44d1-84e5-d91cd0a6d099&searchtype=ds&q={searchTerms}&installDate=08/07/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll (AVAST Software)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {0470E62C-C97E-4317-81E5-0774D8CBF7B7} hxxp://www.gfi.com/endpointscan/EndPointScan.cab
DPF: HKLM-x32 {7253A666-804A-1107-A4DC-00E04C504708} hxxp://98.126.13.202/bmc.cab
DPF: HKLM-x32 {7253A666-804A-1107-A4DC-00E04C504788} hxxp://server1.blue-mms.com/inc/bmc.cab
DPF: HKLM-x32 {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Khorasanzada\AppData\Roaming\Mozilla\Firefox\Profiles\pbz0ytug.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Khorasanzada\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Khorasanzada\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Khorasanzada\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: adblocker - C:\Program Files (x86)\Mozilla Firefox\extensions\adblocker@avast.com.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Users\Khorasanzada\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Khorasanzada\AppData\Roaming\IDM\idmmzcc5
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Users\Khorasanzada\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Khorasanzada\AppData\Roaming\IDM\idmmzcc5
FF StartMenuInternet: FIREFOX.EXE - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Khorasanzada\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Khorasanzada\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Khorasanzada\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (avast! Ad Blocker) - C:\Users\KHORAS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0
CHR Extension: (IDM Integration) - C:\Users\KHORAS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.4_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\KHORAS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR HKLM-x32\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-07-21] (Taiwan Shui Mu Chih Ching Technology Limited.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-22] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-22] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [32768 2009-08-24] (Hauppauge Computer Works, Inc.)
S2 lirsgt; C:\Windows\SysWow64\DRIVERS\lirsgt.sys [18048 2011-05-03] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R0 ShredderVolumeDriver; C:\Windows\System32\Drivers\ShredderDriver64.sys [33152 2011-05-09] (ITOS)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S2 lirsgt; system32\DRIVERS\lirsgt.sys [x]
S3 nmwcdx64; system32\drivers\nmwcdx64.sys [x]
S3 TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [x]
U2 TMAgent; 

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\Drivers\aswFsBlk.sys 0BAEFD3F648C6E7AB52990DD9565E4E2
C:\Windows\system32\drivers\aswMonFlt.sys FA562F34ED6633C66170B09182B4C049
C:\Windows\System32\Drivers\aswrdr2.sys 64E2BAB4096C13D2342BC4661C967E07
C:\Windows\System32\Drivers\aswRvrt.sys 5573AA70993A2BB81525B1C704B88763
C:\Windows\System32\Drivers\aswSnx.sys 8C0800CDB501CFC1164B286A0478DC10
C:\Windows\System32\Drivers\aswSP.sys 3815DB16CDA62190F5C0A65118F3D714
C:\Windows\System32\Drivers\aswTdi.sys 29DD8E458A84171202AA4979364C30C0
C:\Windows\System32\Drivers\aswVmm.sys 22F521108881DC59837F6FC614E0568F
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys AAFCB52FE0037207FB6FBEA070D25EFE
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys B9430166FEB246F6070A62B3554932C9
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDIO.sys 9A47AC3DFCF81D30922CDAAF1C2D579F
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbnet.sys 251AF86E0A4DDF3A6B181ED5103B06B1
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\GEARAspiWDM.sys 7508FCFB8D93556213F530DFFAEDEC45
C:\Windows\System32\drivers\HCW85BDA.sys CDF3E6F65007CE30845FF3CECF11773E
C:\Windows\System32\drivers\hcw85cir3.sys AF84E64405113B84CEA7B57FA6368DC7
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbmdm.sys 4B5C07DB91A0099272FAAE732E1152BD
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbfake.sys 9C13A2691AC410CC7469F298684DCA5D
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\idmwfp.sys 728D82A4A2A875F96AEF1F0A44B9A309
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys EE64207F2F5C20BFE5F73DB2566C4601
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 7EFB9333E4ECCE6AE4AE9D777D9E553E
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\SysWow64\DRIVERS\lirsgt.sys 975B6CF65F44E95883F3855BAE8CECAF
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys FC1D590039EF06A381768710E6C07E75
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 8FB3C853E886E1E4D57271672486111C
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\System32\drivers\nvhda64v.sys 1F07B814C0BB5AABA703ABFF1F31F2E8
C:\Windows\System32\DRIVERS\nvlddmkm.sys AAF5559039E99D0CC22E25255F3DC06E
C:\Windows\System32\DRIVERS\nvmf6264.sys BD25E03EAD63AC3365F25175B4DBD56A
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\DRIVERS\nvstor64.sys EBFE363AAB0D6E4086ADBF04C41EBDF8
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ShredderDriver64.sys 153E31A70871F73EBEC85532F391F196
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys C692C94FE55CAD0633440236022C27B3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\DRIVERS\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\System32\DRIVERS\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VClone.sys 84BB306B7863883018D7F3EB0C453BD5
C:\Windows\System32\DRIVERS\vcsvad.sys 3A4B01C2BDB07DFEF29B0B369487503A
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-24 20:32 - 2013-07-24 20:32 - 00000000 ___DC C:\FRST
2013-07-24 20:31 - 2013-07-24 20:32 - 01779761 _____ (Farbar) C:\Users\Khorasanzada\Downloads\FRST64.exe
2013-07-24 17:33 - 2013-07-24 17:33 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Registry Mechanic
2013-07-24 17:25 - 2013-07-24 17:25 - 00003212 _____ C:\Windows\System32\Tasks\{36B1A804-2669-4850-B978-8F52801DA213}
2013-07-23 23:18 - 2013-07-24 14:59 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\IDM
2013-07-23 23:18 - 2013-07-24 14:42 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\DMCache
2013-07-23 23:18 - 2013-07-24 14:01 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Compressed
2013-07-23 23:18 - 2013-07-23 23:18 - 00000000 ____D C:\ProgramData\IDM
2013-07-23 23:17 - 2013-07-24 13:14 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2013-07-23 23:17 - 2013-07-23 23:18 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2013-07-23 20:26 - 2013-07-23 20:26 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Opera
2013-07-22 20:11 - 2013-07-22 20:11 - 00000000 ____D C:\Program Files (x86)\AVAST Software
2013-07-22 19:59 - 2013-07-24 17:00 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\vlc
2013-07-22 19:58 - 2013-07-22 19:58 - 00001062 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-22 19:55 - 2013-07-22 19:55 - 00001148 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-22 19:43 - 2013-07-22 19:43 - 00009412 _____ C:\Windows\SysWOW64\RunLegacyCPLElevated.exe.Z-missing.txt
2013-07-22 19:43 - 2013-07-22 19:43 - 00003174 _____ C:\Windows\System32\Tasks\{5A852D1B-B84D-447E-826E-F2A97E9D3720}
2013-07-22 19:38 - 2013-07-24 14:23 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-22 19:38 - 2013-07-24 14:23 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-22 19:38 - 2013-07-22 19:38 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-22 19:38 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-22 19:38 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-07-22 19:38 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-07-22 19:38 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-22 19:38 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-22 19:38 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-07-22 19:37 - 2013-07-22 19:37 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-22 19:37 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-07-22 19:36 - 2013-07-22 19:37 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-22 19:23 - 2013-07-22 19:23 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\PDF Architect
2013-07-22 18:40 - 2013-07-22 18:40 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\EZDownloader
2013-07-22 17:58 - 2013-07-22 17:58 - 00000000 ____D C:\Users\Khorasanzada\Dokumente\Updater
2013-07-22 17:58 - 2013-07-22 17:58 - 00000000 ____D C:\Users\Khorasanzada\Dokumente\AdobeStockPhotos
2013-07-22 17:54 - 2013-07-22 17:54 - 00003196 _____ C:\Windows\System32\Tasks\{0E8B80A5-4DBD-415D-9237-C991F82A758F}
2013-07-22 17:49 - 2004-08-17 02:40 - 00016384 _____ C:\Windows\SysWOW64\FileOps.exe
2013-07-22 17:44 - 2013-07-22 17:44 - 00003196 _____ C:\Windows\System32\Tasks\{CE201D5A-A75B-44F8-A11F-265E73CDDD65}
2013-07-22 17:30 - 2013-07-22 17:30 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-07-22 17:12 - 2013-07-22 17:12 - 00001075 _____ C:\Users\Khorasanzada\Desktop\AntiBrowserSpy.lnk
2013-07-22 17:12 - 2013-07-22 17:12 - 00000000 ____D C:\Program Files (x86)\AntiBrowserSpy
2013-07-22 16:18 - 2013-07-22 16:18 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-07-22 16:13 - 2013-07-22 16:13 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-07-21 14:28 - 2013-07-24 17:12 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-07-21 14:28 - 2013-07-22 16:14 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\WinZipper
2013-07-21 14:09 - 2013-07-21 14:09 - 00000000 ____D C:\Users\Khorasanzada\Dokumente\Abelssoft
2013-07-20 22:23 - 2013-07-21 12:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-20 22:23 - 2013-07-21 12:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-20 22:17 - 2013-07-20 22:17 - 00000584 _____ C:\Windows\system32\TmInstall.log
2013-07-20 21:33 - 2013-07-20 22:12 - 00000000 ____D C:\Users\KHORAS~1\AppData\Local\Trend Micro
2013-07-20 21:30 - 2013-07-20 22:12 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-07-20 21:26 - 2013-07-20 22:13 - 00000000 ____D C:\ProgramData\Trend Micro
2013-07-20 21:09 - 2013-07-20 22:16 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-07-20 20:49 - 2013-07-20 20:48 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-20 20:48 - 2013-07-20 20:48 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-20 20:46 - 2013-07-20 20:46 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\DownLite
2013-07-20 20:43 - 2013-07-20 20:43 - 00000865 _____ C:\Users\Khorasanzada\Desktop\µTorrent.lnk
2013-07-20 20:43 - 2013-07-20 20:43 - 00000845 _____ C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-20 20:42 - 2013-07-22 21:18 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\uTorrent
2013-07-20 18:46 - 2013-07-20 18:46 - 00000000 ____C C:\autoexec.bat
2013-07-20 18:45 - 2013-07-20 18:45 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-20 18:44 - 2013-07-20 18:47 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-20 00:37 - 2013-07-20 00:37 - 00035116 _____ C:\Users\Khorasanzada\Downloads\Secret document reveals Afghan language policy.odt
2013-07-20 00:23 - 2013-07-20 00:24 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Islam. Sammlung
2013-07-19 21:14 - 2013-07-19 23:10 - 00000000 ____D C:\Users\Khorasanzada\Downloads\The Bitches
2013-07-19 14:06 - 2013-06-27 11:57 - 00172920 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2013-07-18 23:42 - 2013-07-21 21:49 - 00001075 _____ C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-07-18 22:11 - 2013-07-18 22:16 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Sport u. Ernährung
2013-07-17 18:42 - 2013-07-17 18:43 - 00000000 ____D C:\Windows\system32\MRT
2013-07-15 16:21 - 2013-07-15 16:21 - 00027569 _____ C:\Users\Khorasanzada\Downloads\Ashraf Ghani Ahmadzai.odt
2013-07-12 16:25 - 2013-07-12 16:25 - 00000000 ____D C:\ProgramData\Real
2013-07-11 09:04 - 2013-07-11 09:04 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-07-10 19:22 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 19:22 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 19:22 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 19:22 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 19:22 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 19:22 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 19:22 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 19:22 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 19:22 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 17:19 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 17:19 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 17:19 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 17:19 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 17:19 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 17:19 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 17:19 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-08 20:14 - 2013-07-08 20:14 - 00000000 ____D C:\Users\Khorasanzada\Dokumente\my games
2013-07-08 20:12 - 2013-07-08 20:12 - 00000000 ____D C:\Program Files (x86)\1C Company
2013-07-08 19:53 - 2013-07-08 19:53 - 00001069 _____ C:\Users\Khorasanzada\Desktop\Men of War.lnk
2013-07-08 19:47 - 2013-07-11 12:29 - 00000000 ____D C:\Program Files (x86)\1C
2013-07-08 15:27 - 2013-07-08 15:27 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Apowersoft

==================== One Month Modified Files and Folders =======

2013-07-24 20:32 - 2013-07-24 20:32 - 00000000 ___DC C:\FRST
2013-07-24 20:32 - 2013-07-24 20:31 - 01779761 _____ (Farbar) C:\Users\Khorasanzada\Downloads\FRST64.exe
2013-07-24 20:29 - 2011-08-13 18:42 - 07289505 _____ C:\Users\KHORAS~1\AppData\Local\census.cache
2013-07-24 20:24 - 2013-01-06 22:51 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-24 20:24 - 2011-08-13 18:40 - 00103068 _____ C:\Users\KHORAS~1\AppData\Local\ars.cache
2013-07-24 19:56 - 2013-02-12 12:02 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-24 19:55 - 2013-02-22 01:55 - 00001148 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001UA.job
2013-07-24 19:40 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-24 19:40 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-24 18:18 - 2011-12-09 17:26 - 00001869 _____ C:\Users\Khorasanzada\Desktop\Google Chrome.lnk
2013-07-24 17:36 - 2010-08-20 22:47 - 00000000 ____D C:\Users\KHORAS~1\AppData\Local\Adobe
2013-07-24 17:34 - 2013-01-06 22:51 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-24 17:34 - 2012-04-05 13:28 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-24 17:34 - 2012-01-12 15:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-24 17:33 - 2013-07-24 17:33 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Registry Mechanic
2013-07-24 17:25 - 2013-07-24 17:25 - 00003212 _____ C:\Windows\System32\Tasks\{36B1A804-2669-4850-B978-8F52801DA213}
2013-07-24 17:25 - 2012-02-19 18:29 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-07-24 17:13 - 2012-04-05 21:05 - 01835647 ____N C:\Windows\WindowsUpdate.log
2013-07-24 17:12 - 2013-07-21 14:28 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-07-24 17:12 - 2013-02-12 12:02 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-24 17:09 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-24 17:00 - 2013-07-22 19:59 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\vlc
2013-07-24 14:59 - 2013-07-23 23:18 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\IDM
2013-07-24 14:42 - 2013-07-23 23:18 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\DMCache
2013-07-24 14:23 - 2013-07-22 19:38 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-24 14:23 - 2013-07-22 19:38 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-24 14:01 - 2013-07-23 23:18 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Compressed
2013-07-24 13:56 - 2010-08-21 12:15 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-07-24 13:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-24 13:14 - 2013-07-23 23:17 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2013-07-24 13:07 - 2010-08-20 22:47 - 00000000 ____D C:\ProgramData\Adobe
2013-07-24 13:04 - 2011-05-24 23:13 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Adobe
2013-07-24 13:00 - 2011-06-17 22:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-24 10:55 - 2013-02-22 01:55 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001Core.job
2013-07-23 23:18 - 2013-07-23 23:18 - 00000000 ____D C:\ProgramData\IDM
2013-07-23 23:18 - 2013-07-23 23:17 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2013-07-23 21:43 - 2009-07-14 04:34 - 00000403 _____ C:\Windows\win.ini
2013-07-23 20:26 - 2013-07-23 20:26 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Opera
2013-07-23 13:09 - 2012-05-18 13:36 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-22 21:19 - 2010-08-21 16:52 - 00002700 _____ C:\Users\Khorasanzada\Dokumente\cc_20100821_165221.reg
2013-07-22 21:18 - 2013-07-20 20:42 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\uTorrent
2013-07-22 20:11 - 2013-07-22 20:11 - 00000000 ____D C:\Program Files (x86)\AVAST Software
2013-07-22 20:00 - 2010-08-21 13:59 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-07-22 20:00 - 2010-08-21 13:59 - 00000000 ____D C:\Program Files\WinRAR
2013-07-22 19:58 - 2013-07-22 19:58 - 00001062 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-22 19:56 - 2011-04-22 22:41 - 00001619 _____ C:\Users\Khorasanzada\Desktop\DivX Movies.lnk
2013-07-22 19:56 - 2010-12-13 15:22 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-22 19:56 - 2010-12-13 15:20 - 00000000 ____D C:\ProgramData\DivX
2013-07-22 19:55 - 2013-07-22 19:55 - 00001148 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-22 19:55 - 2012-06-30 21:31 - 00001108 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-07-22 19:55 - 2010-12-13 15:29 - 00000000 ____D C:\Program Files\DivX
2013-07-22 19:43 - 2013-07-22 19:43 - 00009412 _____ C:\Windows\SysWOW64\RunLegacyCPLElevated.exe.Z-missing.txt
2013-07-22 19:43 - 2013-07-22 19:43 - 00003174 _____ C:\Windows\System32\Tasks\{5A852D1B-B84D-447E-826E-F2A97E9D3720}
2013-07-22 19:38 - 2013-07-22 19:38 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-22 19:37 - 2013-07-22 19:37 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-22 19:37 - 2013-07-22 19:36 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-22 19:23 - 2013-07-22 19:23 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\PDF Architect
2013-07-22 18:51 - 2013-01-04 04:53 - 00000000 ____D C:\Windows\pss
2013-07-22 18:44 - 2010-08-20 20:11 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-22 18:40 - 2013-07-22 18:40 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\EZDownloader
2013-07-22 17:58 - 2013-07-22 17:58 - 00000000 ____D C:\Users\Khorasanzada\Dokumente\Updater
2013-07-22 17:58 - 2013-07-22 17:58 - 00000000 ____D C:\Users\Khorasanzada\Dokumente\AdobeStockPhotos
2013-07-22 17:58 - 2010-08-20 19:15 - 00000000 ___RD C:\Users\Khorasanzada\Dokumente
2013-07-22 17:54 - 2013-07-22 17:54 - 00003196 _____ C:\Windows\System32\Tasks\{0E8B80A5-4DBD-415D-9237-C991F82A758F}
2013-07-22 17:44 - 2013-07-22 17:44 - 00003196 _____ C:\Windows\System32\Tasks\{CE201D5A-A75B-44F8-A11F-265E73CDDD65}
2013-07-22 17:30 - 2013-07-22 17:30 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-07-22 17:12 - 2013-07-22 17:12 - 00001075 _____ C:\Users\Khorasanzada\Desktop\AntiBrowserSpy.lnk
2013-07-22 17:12 - 2013-07-22 17:12 - 00000000 ____D C:\Program Files (x86)\AntiBrowserSpy
2013-07-22 16:18 - 2013-07-22 16:18 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-07-22 16:14 - 2013-07-21 14:28 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\WinZipper
2013-07-22 16:13 - 2013-07-22 16:13 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-07-21 21:49 - 2013-07-18 23:42 - 00001075 _____ C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-07-21 21:49 - 2012-02-14 22:13 - 00001045 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-21 21:49 - 2011-12-09 17:26 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-07-21 21:49 - 2010-08-20 19:16 - 00001009 _____ C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-21 18:14 - 2010-08-21 05:05 - 00000000 ____D C:\Windows\PANTHER
2013-07-21 14:09 - 2013-07-21 14:09 - 00000000 ____D C:\Users\Khorasanzada\Dokumente\Abelssoft
2013-07-21 14:09 - 2011-11-21 21:02 - 00001173 _____ C:\Users\Public\Desktop\YouTube Song Downloader.lnk
2013-07-21 14:09 - 2011-11-21 21:02 - 00000000 ____D C:\Program Files (x86)\YouTube Song Downloader
2013-07-21 14:09 - 2011-11-21 21:02 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2013-07-21 14:09 - 2011-07-23 18:12 - 00000000 ____D C:\Users\KHORAS~1\AppData\Local\Abelssoft
2013-07-21 12:38 - 2013-07-20 22:23 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-21 12:38 - 2013-07-20 22:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-21 12:38 - 2012-04-05 13:30 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-20 22:17 - 2013-07-20 22:17 - 00000584 _____ C:\Windows\system32\TmInstall.log
2013-07-20 22:16 - 2013-07-20 21:09 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-07-20 22:13 - 2013-07-20 21:26 - 00000000 ____D C:\ProgramData\Trend Micro
2013-07-20 22:12 - 2013-07-20 21:33 - 00000000 ____D C:\Users\KHORAS~1\AppData\Local\Trend Micro
2013-07-20 22:12 - 2013-07-20 21:30 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-07-20 21:30 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-07-20 20:48 - 2013-07-20 20:49 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-20 20:48 - 2013-07-20 20:48 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-20 20:48 - 2012-06-30 13:05 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-20 20:48 - 2010-08-23 17:00 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-20 20:46 - 2013-07-20 20:46 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\DownLite
2013-07-20 20:43 - 2013-07-20 20:43 - 00000865 _____ C:\Users\Khorasanzada\Desktop\µTorrent.lnk
2013-07-20 20:43 - 2013-07-20 20:43 - 00000845 _____ C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-20 18:47 - 2013-07-20 18:44 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-20 18:46 - 2013-07-20 18:46 - 00000000 ____C C:\autoexec.bat
2013-07-20 18:45 - 2013-07-20 18:45 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-20 18:24 - 2012-03-20 17:53 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Dreck
2013-07-20 16:03 - 2010-08-20 22:45 - 00000000 ____D C:\DeskUpdate.tmp
2013-07-20 12:50 - 2010-08-21 00:34 - 00000000 ____D C:\Windows\System32\Tasks\Fujitsu
2013-07-20 00:46 - 2013-02-10 14:20 - 00057397 _____ C:\Users\Khorasanzada\Downloads\paschtunischer Terror - Pashtunisierung.odt
2013-07-20 00:44 - 2012-06-08 21:27 - 00036972 _____ C:\Users\Khorasanzada\Downloads\PAKISTAN-AFGHANISTANDAWOODKHAN.odt
2013-07-20 00:43 - 2013-02-10 14:20 - 00036105 _____ C:\Users\Khorasanzada\Downloads\Taliban und ihr Zug nach Norden.odt
2013-07-20 00:37 - 2013-07-20 00:37 - 00035116 _____ C:\Users\Khorasanzada\Downloads\Secret document reveals Afghan language policy.odt
2013-07-20 00:33 - 2011-09-15 13:54 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Khorasan
2013-07-20 00:24 - 2013-07-20 00:23 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Islam. Sammlung
2013-07-19 23:10 - 2013-07-19 21:14 - 00000000 ____D C:\Users\Khorasanzada\Downloads\The Bitches
2013-07-18 23:34 - 2010-08-20 19:16 - 00000000 ___RD C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-18 23:30 - 2012-08-29 14:37 - 00000000 ____D C:\Program Files (x86)\Brother
2013-07-18 23:30 - 2010-08-20 19:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-18 23:26 - 2010-11-05 17:01 - 00001013 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-18 23:26 - 2010-08-20 19:36 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-07-18 22:58 - 2011-10-22 13:09 - 00000000 ____D C:\Users\Khorasanzada\Tamim
2013-07-18 22:51 - 2010-08-20 19:15 - 00000000 ____D C:\Users\Khorasanzada
2013-07-18 22:50 - 2010-08-21 13:33 - 00000000 ____D C:\Users\Khorasanzada\Samim
2013-07-18 22:16 - 2013-07-18 22:11 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Sport u. Ernährung
2013-07-18 21:07 - 2010-10-16 19:34 - 00000000 ____D C:\Users\KHORAS~1\AppData\Local\Windows Live
2013-07-17 18:43 - 2013-07-17 18:42 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 18:38 - 2010-08-20 22:46 - 00001149 _____ C:\Users\Public\Desktop\DeskUpdate.lnk
2013-07-15 16:21 - 2013-07-15 16:21 - 00027569 _____ C:\Users\Khorasanzada\Downloads\Ashraf Ghani Ahmadzai.odt
2013-07-13 10:51 - 2013-02-12 12:02 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 10:51 - 2013-02-12 12:02 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 10:50 - 2013-02-22 01:55 - 00004132 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001UA
2013-07-13 10:50 - 2013-02-22 01:55 - 00003736 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001Core
2013-07-12 16:25 - 2013-07-12 16:25 - 00000000 ____D C:\ProgramData\Real
2013-07-11 12:29 - 2013-07-08 19:47 - 00000000 ____D C:\Program Files (x86)\1C
2013-07-11 09:04 - 2013-07-11 09:04 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-07-10 20:13 - 2013-03-16 04:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 20:13 - 2013-03-16 04:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 20:13 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 20:13 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 20:13 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 19:27 - 2010-08-21 05:05 - 00707324 _____ C:\Windows\system32\perfh007.dat
2013-07-10 19:27 - 2010-08-21 05:05 - 00152916 _____ C:\Windows\system32\perfc007.dat
2013-07-10 19:27 - 2009-07-14 07:13 - 01663308 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-08 20:14 - 2013-07-08 20:14 - 00000000 ____D C:\Users\Khorasanzada\Dokumente\my games
2013-07-08 20:12 - 2013-07-08 20:12 - 00000000 ____D C:\Program Files (x86)\1C Company
2013-07-08 19:53 - 2013-07-08 19:53 - 00001069 _____ C:\Users\Khorasanzada\Desktop\Men of War.lnk
2013-07-08 15:27 - 2013-07-08 15:27 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Apowersoft
2013-07-08 13:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources
2013-07-04 21:02 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-04 13:24 - 2010-08-20 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 11:57 - 2013-07-19 14:06 - 00172920 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2013-06-24 00:57 - 2010-08-20 19:58 - 78277128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\ntuser.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows-Start-Manager
---------------------
Bezeichner              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  de-DE
inherit                 {globalsettings}
default                 {current}
resumeobject            {fa8addc0-acd0-11df-9009-df3f2cf18d3f}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows-Startladeprogramm
-------------------------
Bezeichner              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  de-DE
inherit                 {bootloadersettings}
recoverysequence        {fa8addc2-acd0-11df-9009-df3f2cf18d3f}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {fa8addc0-acd0-11df-9009-df3f2cf18d3f}
nx                      OptIn

Windows-Startladeprogramm
-------------------------
Bezeichner              {fa8addc2-acd0-11df-9009-df3f2cf18d3f}
device                  ramdisk=[C:]\Recovery\fa8addc2-acd0-11df-9009-df3f2cf18d3f\Winre.wim,{fa8addc3-acd0-11df-9009-df3f2cf18d3f}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\fa8addc2-acd0-11df-9009-df3f2cf18d3f\Winre.wim,{fa8addc3-acd0-11df-9009-df3f2cf18d3f}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Wiederaufnahme aus dem Ruhezustand
----------------------------------
Bezeichner              {fa8addc0-acd0-11df-9009-df3f2cf18d3f}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  de-DE
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows-Speichertestprogramm
----------------------------
Bezeichner              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows-Speicherdiagnose
locale                  de-DE
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS-Einstellungen
-----------------
Bezeichner              {emssettings}
bootems                 Yes

Debuggereinstellungen
---------------------
Bezeichner              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM-Defekte
-----------
Bezeichner              {badmemory}

Globale Einstellungen
---------------------
Bezeichner              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Startladeprogramm-Einstellungen
-------------------------------
Bezeichner              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisoreinstellungen
-------------------
Bezeichner              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Einstellungen zur Ladeprogrammfortsetzung
-----------------------------------------
Bezeichner              {resumeloadersettings}
inherit                 {globalsettings}

Ger„teoptionen
--------------
Bezeichner              {fa8addc3-acd0-11df-9009-df3f2cf18d3f}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\fa8addc2-acd0-11df-9009-df3f2cf18d3f\boot.sdi



LastRegBack: 2013-07-23 12:41

==================== End Of Log ============================
         
Code:
ATTFilter
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
µTorrent (HKCU Version: 3.3.1.29812)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
Adobe SVG Viewer 3.0 (x32 Version:  3.0)
AntiBrowserSpy (x32 Version: 4.0.110)
avast! Ad Blocker (x32 Version: 1.0.0.0)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
COMPUTERBILD-Abzockschutz (x32 Version: 1.0.42)
D3DX10 (x32 Version: 15.4.2368.0902)
DeskUpdate (x32 Version: 4.14.0122)
DivX-Setup (x32 Version: 2.6.1.44)
eaner (Version: 4.03)
ElsterFormular für Privatanwender (x32 Version: 13.2.0.8623p)
EPSON Copy Utility 3 (x32 Version: 3.1.5.0)
EPSON File Manager (x32 Version: 1.1.0.0)
EPSON Image Clip Palette (x32 Version: 1.02.00)
EPSON Scan (x32)
EPSON Scan Assistant (x32 Version: 1.10.00)
FileWing Pro (x32 Version: 2.3)
FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25))
Google Chrome (HKCU Version: 28.0.1500.72)
Google Update Helper (x32 Version: 1.3.21.153)
Internet Download Manager (x32)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
K-Lite Codec Pack 6.0.4 (Basic) (x32 Version: 6.0.4)
Men of War (Nur entfernen) (x32 Version: 1.0.2.0)
Men of War patch Version 1.17.5.1 (x32 Version: 1.17.5.1)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (x32 Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC100_CRT_x86 (x32 Version: 1.0.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
NVIDIA Display Control Panel (Version: 6.14.11.9745)
NVIDIA Drivers (Version: 1.3)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA PhysX (x32 Version: 9.09.0814)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Paltalk Messenger  10.2 (x32 Version: 10.2.0)
PDF Architect (x32 Version: 1.1.83.9982)
Picasa 3 (x32 Version: 3.9)
POIbase 1.041 (x32)
PVSonyDll (Version: 1.00.0001)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5953)
Skype™ 5.10 (x32 Version: 5.10.116)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
swMSM (x32 Version: 12.0.0.1)
SystemDiagnostics (x32 Version: 3.02.0010)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VirtualCloneDrive (x32)
VLC media player 2.0.7 (x32 Version: 2.0.7)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 5.00 beta 7 (64-bit) (Version: 5.00.7)
WinZipper (x32 Version: 1.4.8)
Yahoo! Messenger (x32)
YouTube Song Downloader (x32 Version: 8.2)

==================== Restore Points  =========================

24-07-2013 11:19:25 Windows Update
24-07-2013 15:05:25 Panda ZAcccess init
24-07-2013 15:13:01 Panda ZAcccess Cleanup

==================== Hosts content: ==========================

2009-07-14 04:34 - 2013-07-24 16:54 - 00000871 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 google-analytics.com


==================== Scheduled Tasks (whitelisted) =============

Task: {13CB4D35-4C1B-4C2D-9609-6899D1B8AE6C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {2D7DB19E-A12E-4BD8-9245-42CD5D446BA9} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {2E3957F4-1F7A-4F1B-93B2-DBF4E4F22A33} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001Core => C:\Users\Khorasanzada\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-02] (Google Inc.)
Task: {7868A7CC-4C1C-412B-918C-9A25180814D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28] (Google Inc.)
Task: {80B2DB78-120B-4CC3-9F04-02153DC80BA0} - System32\Tasks\Games\UpdateCheck_S-1-5-21-64600392-19469391-1865109702-1001
Task: {8C470DD6-1FDD-466D-AA15-052F134CD3AC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {91193B73-E658-42B0-BC6A-F9E9C98989AD} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {91BE0421-445D-40B5-AA6B-808A5FEFB67D} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {A71746F2-C25C-409A-8E9C-081EC523CAD8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-24] (Adobe Systems Incorporated)
Task: {BC5DC250-66F0-4A05-8026-1801C00311DF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001UA => C:\Users\Khorasanzada\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-02] (Google Inc.)
Task: {C423D20A-3360-4ED6-AF8A-E27FC0C4C642} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28] (Google Inc.)
Task: {C81D0E07-3DA4-4542-BFBB-11E356AF2914} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {E75A15F5-1338-4BB7-A3EF-546A499A53B2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {EBD5B1EF-9802-4813-883E-13E2BB527D29} - System32\Tasks\Fujitsu\DeskUpdate => C:\Program Files (x86)\Fujitsu\DeskUpdate\ducmd.exe [2013-05-17] (Fujitsu Technology Solutions)
Task: {EE36F17C-1069-4ED5-BB3F-F97CDA1F656F} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001Core.job => C:\Users\Khorasanzada\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001UA.job => C:\Users\Khorasanzada\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2013 04:20:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce6c3
ID des fehlerhaften Prozesses: 0xed8
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (07/24/2013 04:20:42 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce6c3
ID des fehlerhaften Prozesses: 0x4a0
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (07/24/2013 04:20:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce6c3
ID des fehlerhaften Prozesses: 0x858
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (07/24/2013 04:20:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce6c3
ID des fehlerhaften Prozesses: 0xf3c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (07/24/2013 04:19:13 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce6c3
ID des fehlerhaften Prozesses: 0x604
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (07/24/2013 04:19:08 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce6c3
ID des fehlerhaften Prozesses: 0x1140
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (07/24/2013 04:18:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce6c3
ID des fehlerhaften Prozesses: 0x650
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (07/24/2013 04:18:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16635, Zeitstempel: 0x51b7a921
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce6c3
ID des fehlerhaften Prozesses: 0x13e0
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (07/23/2013 10:50:34 AM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/23/2013 10:50:34 AM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (07/24/2013 06:21:29 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "KHORASANZADA-PC" auf Transport "NetBT_Tcpip_{6DB7F341-449E-49C2-9C9A-F4E8AB6DCE06}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (07/24/2013 06:21:21 PM) (Source: bowser) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "KHORASANZADA-PC" auf Transport "NetBT_Tcpip_{6DB7F341-449E-49C2-9C9A-F4E8AB6DCE06}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (07/24/2013 05:09:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/24/2013 05:09:40 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\lirsgt.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/24/2013 04:54:24 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.

Error: (07/24/2013 04:44:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/24/2013 04:44:43 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\lirsgt.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/24/2013 02:38:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/24/2013 02:38:32 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\lirsgt.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/24/2013 02:38:09 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎24.‎07.‎2013 um 14:33:43 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (07/24/2013 04:20:53 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1663551b7a921ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3ed801ce8878fbdd7404C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll3f0fefa4-f46c-11e2-81de-001999734202

Error: (07/24/2013 04:20:42 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1663551b7a921ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c34a001ce8878f55ff444C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll387840c4-f46c-11e2-81de-001999734202

Error: (07/24/2013 04:20:22 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1663551b7a921ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c385801ce8878e96f8ec4C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll2ca46bc4-f46c-11e2-81de-001999734202

Error: (07/24/2013 04:20:05 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1663551b7a921ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3f3c01ce8878d0e1d63cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll2292b924-f46c-11e2-81de-001999734202

Error: (07/24/2013 04:19:13 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1663551b7a921ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c360401ce8878c3b4d9dcC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll03aaf6fc-f46c-11e2-81de-001999734202

Error: (07/24/2013 04:19:08 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1663551b7a921ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c3114001ce887897e6964cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dll002e535c-f46c-11e2-81de-001999734202

Error: (07/24/2013 04:18:57 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1663551b7a921ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c365001ce8878b9a1621cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dllf9b5965c-f46b-11e2-81de-001999734202

Error: (07/24/2013 04:18:37 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.1663551b7a921ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c313e001ce88786c36fa64C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SysWOW64\ntdll.dlledf2f79c-f46b-11e2-81de-001999734202

Error: (07/23/2013 10:50:34 AM) (Source: Windows Search Service)(User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/23/2013 10:50:34 AM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


CodeIntegrity Errors:
===================================
  Date: 2013-07-21 15:51:40.278
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-21 15:51:40.278
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-21 15:51:33.819
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-21 15:51:33.819
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-21 15:51:08.703
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-21 15:51:08.703
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-21 15:51:07.767
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-21 15:51:07.767
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-21 15:51:00.903
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-21 15:51:00.903
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 4094.42 MB
Available physical RAM: 2512.84 MB
Total Pagefile: 8187.03 MB
Available Pagefile: 6552.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:889.64 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32 (Disk=1 Partition=1)
Drive e: () (Fixed) (Total:40 GB) (Free:39.87 GB) NTFS (Disk=1 Partition=2)
Drive f: () (Fixed) (Total:15 GB) (Free:15 GB) FAT32 (Disk=1 Partition=3)
Drive g: (GS0113DVD16) (CDROM) (Total:7.04 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1883EF77)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 241C6624)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)
Partition 2: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=0C)

==================== End Of Log ============================
         
Ich hoffe, dass das erstmal reicht

Was ich vergessen habe zu erwähnen ist, dass heute einmal mein Microsoft Security Essential deaktiviert war nach einem Neustart... vlt hilft das auch bei der Problembehandlung?
__________________

Alt 25.07.2013, 08:39   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme mit allen Browsern nach unbekanntem Programmstart - Standard

Probleme mit allen Browsern nach unbekanntem Programmstart



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.07.2013, 13:09   #5
Hamann
 
Probleme mit allen Browsern nach unbekanntem Programmstart - Standard

Probleme mit allen Browsern nach unbekanntem Programmstart



Code:
ATTFilter
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-25 bis 2013-07-25  ))))))))))))))))))))))))))))))
.
.
2013-07-25 10:16 . 2013-07-25 10:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-07-24 18:32 . 2013-07-24 18:32	--------	dc----w-	C:\FRST
2013-07-24 15:33 . 2013-07-24 15:33	--------	d-----w-	c:\users\Khorasanzada\AppData\Roaming\Registry Mechanic
2013-07-24 12:43 . 2013-07-01 23:34	9460976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FBFAD13F-1DC8-4DB6-BFC7-672FA53C94B2}\mpengine.dll
2013-07-24 11:20 . 2013-07-01 23:34	9460976	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-24 10:59 . 2013-07-24 10:59	--------	d-----w-	c:\users\Khorasanzada\AppData\Local\Diagnostics
2013-07-23 21:18 . 2013-07-24 12:59	--------	d-----w-	c:\users\Khorasanzada\AppData\Roaming\IDM
2013-07-23 21:18 . 2013-07-24 12:42	--------	d-----w-	c:\users\Khorasanzada\AppData\Roaming\DMCache
2013-07-23 21:18 . 2013-07-23 21:18	--------	d-----w-	c:\programdata\IDM
2013-07-23 21:17 . 2013-07-24 11:14	--------	d-----w-	c:\program files (x86)\Internet Download Manager
2013-07-22 18:11 . 2013-07-22 18:11	--------	d-----w-	c:\program files (x86)\AVAST Software
2013-07-22 17:59 . 2013-07-24 15:00	--------	d-----w-	c:\users\Khorasanzada\AppData\Roaming\vlc
2013-07-22 17:38 . 2013-07-22 17:38	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-07-22 17:38 . 2013-05-09 08:59	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-07-22 17:38 . 2013-05-09 08:59	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-07-22 17:38 . 2013-07-22 17:38	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-07-22 17:38 . 2013-05-09 08:59	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-07-22 17:38 . 2013-07-22 17:38	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-07-22 17:38 . 2013-05-09 08:59	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-07-22 17:38 . 2013-05-09 08:59	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-07-22 17:38 . 2013-05-09 08:58	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-07-22 17:37 . 2013-05-09 08:58	41664	----a-w-	c:\windows\avastSS.scr
2013-07-22 17:37 . 2013-07-22 17:37	--------	d-----w-	c:\program files\AVAST Software
2013-07-22 17:36 . 2013-07-22 17:37	--------	d-----w-	c:\programdata\AVAST Software
2013-07-22 17:23 . 2013-07-22 17:23	--------	d-----w-	c:\users\Khorasanzada\AppData\Roaming\PDF Architect
2013-07-22 16:40 . 2013-07-22 16:40	--------	d-----w-	c:\users\Khorasanzada\AppData\Roaming\EZDownloader
2013-07-22 15:49 . 2004-08-17 00:40	16384	----a-w-	c:\windows\SysWow64\FileOps.exe
2013-07-22 15:12 . 2013-07-22 15:12	--------	d-----w-	c:\program files (x86)\AntiBrowserSpy
2013-07-22 14:18 . 2013-07-22 14:18	--------	d-----w-	c:\program files (x86)\VideoLAN
2013-07-22 14:13 . 2013-07-22 14:13	--------	d-----w-	c:\program files (x86)\COMPUTERBILD-Abzockschutz
2013-07-21 12:28 . 2013-07-25 10:01	--------	d-----w-	c:\program files (x86)\WinZipper
2013-07-21 12:28 . 2013-07-22 14:14	--------	d-----w-	c:\users\Khorasanzada\AppData\Roaming\WinZipper
2013-07-20 20:26 . 2013-07-20 20:26	941720	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{276D21C3-9535-4B74-B6B4-430157C70168}\gapaengine.dll
2013-07-20 20:23 . 2013-07-21 10:38	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2013-07-20 20:23 . 2013-07-21 10:38	--------	d-----w-	c:\program files\Microsoft Security Client
2013-07-20 19:33 . 2013-07-20 20:12	--------	d-----w-	c:\users\Khorasanzada\AppData\Local\Trend Micro
2013-07-20 19:32 . 2013-07-15 01:34	9460976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7740775-72C9-4C5B-ABC6-51CCF2162B90}\mpengine.dll
2013-07-20 19:26 . 2013-07-20 20:13	--------	d-----w-	c:\programdata\Trend Micro
2013-07-20 19:09 . 2013-07-20 20:16	--------	d-----w-	c:\program files (x86)\Trend Micro
2013-07-20 18:49 . 2013-07-20 18:49	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-07-20 18:48 . 2013-07-20 18:48	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-20 18:48 . 2013-07-20 18:48	--------	d-----w-	c:\program files (x86)\Java
2013-07-20 18:46 . 2013-07-20 18:46	--------	d-----w-	c:\users\Khorasanzada\AppData\Roaming\DownLite
2013-07-20 18:42 . 2013-07-22 19:18	--------	d-----w-	c:\users\Khorasanzada\AppData\Roaming\uTorrent
2013-07-20 16:45 . 2013-07-20 16:45	--------	d-----w-	c:\program files\Enigma Software Group
2013-07-20 16:44 . 2013-07-20 16:47	--------	d-----w-	c:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-19 12:06 . 2013-06-27 09:57	172920	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2013-07-17 16:42 . 2013-07-17 16:43	--------	d-----w-	c:\windows\system32\MRT
2013-07-11 07:04 . 2013-07-11 07:04	--------	d-----w-	c:\users\Khorasanzada\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-07-10 15:19 . 2013-05-27 05:50	1011712	----a-w-	c:\program files\Windows Defender\MpSvc.dll
2013-07-08 18:12 . 2013-07-08 18:12	--------	d-----w-	c:\program files (x86)\1C Company
2013-07-08 17:47 . 2013-07-11 10:29	--------	d-----w-	c:\program files (x86)\1C
2013-07-08 13:27 . 2013-07-08 13:27	--------	d-----w-	c:\users\Khorasanzada\AppData\Roaming\Apowersoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-24 15:34 . 2012-04-05 11:28	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-24 15:34 . 2012-01-12 13:43	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-20 18:48 . 2012-06-30 11:05	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-07-20 18:48 . 2010-08-23 15:00	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-23 22:57 . 2010-08-20 17:58	78277128	----a-w-	c:\windows\system32\MRT.exe
2013-06-18 19:50 . 2013-06-18 19:50	247216	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2013-06-18 19:50 . 2013-01-20 13:59	139616	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-15 10:50 . 2013-06-15 10:50	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-06-15 10:50 . 2013-06-15 10:50	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-06-15 10:50 . 2013-06-15 10:50	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-06-15 10:50 . 2013-06-15 10:50	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-15 10:50 . 2013-06-15 10:50	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-06-15 10:50 . 2013-06-15 10:50	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-06-15 10:50 . 2013-06-15 10:50	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-06-15 10:50 . 2013-06-15 10:50	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-06-15 10:50 . 2013-06-15 10:50	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-06-15 10:50 . 2013-06-15 10:50	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-06-15 10:50 . 2013-06-15 10:50	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-06-15 10:50 . 2013-06-15 10:50	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-06-15 10:50 . 2013-06-15 10:50	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-15 10:50 . 2013-06-15 10:50	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-06-15 10:50 . 2013-06-15 10:50	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-06-15 10:50 . 2013-06-15 10:50	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-06-15 10:50 . 2013-06-15 10:50	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-06-15 10:50 . 2013-06-15 10:50	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-06-15 10:50 . 2013-06-15 10:50	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-06-15 10:50 . 2013-06-15 10:50	81408	----a-w-	c:\windows\system32\icardie.dll
2013-06-15 10:50 . 2013-06-15 10:50	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-06-15 10:50 . 2013-06-15 10:50	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-06-15 10:50 . 2013-06-15 10:50	441856	----a-w-	c:\windows\system32\html.iec
2013-06-15 10:50 . 2013-06-15 10:50	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-06-15 10:50 . 2013-06-15 10:50	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-06-15 10:50 . 2013-06-15 10:50	235008	----a-w-	c:\windows\system32\url.dll
2013-06-15 10:50 . 2013-06-15 10:50	216064	----a-w-	c:\windows\system32\msls31.dll
2013-06-15 10:50 . 2013-06-15 10:50	197120	----a-w-	c:\windows\system32\msrating.dll
2013-06-15 10:50 . 2013-06-15 10:50	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-06-15 10:50 . 2013-06-15 10:50	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-06-15 10:50 . 2013-06-15 10:50	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-06-15 10:50 . 2013-06-15 10:50	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-06-15 10:50 . 2013-06-15 10:50	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-06-15 10:50 . 2013-06-15 10:50	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-06-15 10:50 . 2013-06-15 10:50	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-06-15 10:50 . 2013-06-15 10:50	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-06-15 10:50 . 2013-06-15 10:50	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-06-15 10:50 . 2013-06-15 10:50	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-06-15 10:50 . 2013-06-15 10:50	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-06-15 10:50 . 2013-06-15 10:50	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-06-15 10:50 . 2013-06-15 10:50	149504	----a-w-	c:\windows\system32\occache.dll
2013-06-15 10:50 . 2013-06-15 10:50	144896	----a-w-	c:\windows\system32\wextract.exe
2013-06-15 10:50 . 2013-06-15 10:50	13824	----a-w-	c:\windows\system32\mshta.exe
2013-06-15 10:50 . 2013-06-15 10:50	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-06-15 10:50 . 2013-06-15 10:50	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-06-15 10:50 . 2013-06-15 10:50	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-06-15 10:50 . 2013-06-15 10:50	102912	----a-w-	c:\windows\system32\inseng.dll
2013-06-15 10:50 . 2013-06-15 10:50	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-06-15 10:50 . 2013-06-15 10:50	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-06-07 14:48 . 2011-08-07 15:18	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-14 12:01	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-14 12:01	1464320	----a-w-	c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-14 12:01	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-14 12:01	52224	----a-w-	c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-14 12:01	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-14 12:01	1160192	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-14 12:01	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-14 12:01	1192448	----a-w-	c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-14 12:01	903168	----a-w-	c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-14 12:01	43008	----a-w-	c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-14 12:01	30720	----a-w-	c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-14 12:01	24576	----a-w-	c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-14 12:01	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-02 00:06 . 2010-08-20 17:32	278800	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrowserMask"="c:\program files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe" [2012-08-14 101328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdx64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 ShredderVolumeDriver;Helper driver for shredding volume;c:\windows\system32\Drivers\ShredderDriver64.sys;c:\windows\SYSNATIVE\Drivers\ShredderDriver64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 winzipersvc;WinZiper service;c:\program files (x86)\WinZipper\winzipersvc.exe;c:\program files (x86)\WinZipper\winzipersvc.exe [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys;c:\windows\SYSNATIVE\drivers\HCW85BDA.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys;c:\windows\SYSNATIVE\DRIVERS\vcsvad.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 15:34]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 08:34]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-28 08:34]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001Core.job
- c:\users\Khorasanzada\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-23 14:17]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001UA.job
- c:\users\Khorasanzada\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-23 14:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07	23496	----a-w-	c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=DE&userid=90d611e1-f6a9-44d1-84e5-d91cd0a6d099&searchtype=ds&q={searchTerms}&installDate=08/07/2013
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download aller Links mit IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download mit IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.2.1
DPF: {0470E62C-C97E-4317-81E5-0774D8CBF7B7} - hxxp://www.gfi.com/endpointscan/EndPointScan.cab
DPF: {7253A666-804A-1107-A4DC-00E04C504708} - hxxp://98.126.13.202/bmc.cab
DPF: {7253A666-804A-1107-A4DC-00E04C504788} - hxxp://server1.blue-mms.com/inc/bmc.cab
FF - ProfilePath - c:\users\Khorasanzada\AppData\Roaming\Mozilla\Firefox\Profiles\pbz0ytug.default-1374422108007\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - ExtSQL: 2013-07-22 16:13; {d49175b3-3fd8-43b8-b28e-da5d47f3c398}; c:\users\Khorasanzada\AppData\Roaming\Mozilla\Firefox\Profiles\pbz0ytug.default-1374422108007\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi
FF - ExtSQL: 2013-07-22 19:38; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-07-23 23:20; mozilla_cc@internetdownloadmanager.com; c:\users\Khorasanzada\AppData\Roaming\IDM\idmmzcc5
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{4BC59D0D-5428-EE2C-3968-70797DC93B80} - c:\progra~3\INSTAL~1\{D5570~1\Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-64600392-19469391-1865109702-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-64600392-19469391-1865109702-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-25  12:19:17
ComboFix-quarantined-files.txt  2013-07-25 10:19
.
Vor Suchlauf: 8 Verzeichnis(se), 954.867.818.496 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 954.544.398.336 Bytes frei
.
- - End Of File - - 6FDDD1E9EB3ADE6727162369001053CD
A36C5E4F47E84449FF07ED3517B43A31
         
Auf bestimmten Seiten ist mein Browser sehr langsam, was vorher nicht der Fall war... liegt das damit zusammen?


Alt 25.07.2013, 15:41   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme mit allen Browsern nach unbekanntem Programmstart - Standard

Probleme mit allen Browsern nach unbekanntem Programmstart



Welcher Browser?

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


udn ein frisches FRST log bitte.
__________________
--> Probleme mit allen Browsern nach unbekanntem Programmstart

Alt 25.07.2013, 22:55   #7
Hamann
 
Probleme mit allen Browsern nach unbekanntem Programmstart - Standard

Probleme mit allen Browsern nach unbekanntem Programmstart



Alle drei Browser (Mozilla, IE u. Chrome). Aber auf Chrome habe ich wieder Ton, nur auf Mozilla und IE nicht.

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 25/07/2013 um 15:51:33 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Khorasanzada - KHORASANZADA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Khorasanzada\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Khorasanzada\AppData\Roaming\registry mechanic

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Khorasanzada\AppData\Roaming\Mozilla\Firefox\Profiles\pbz0ytug.default-1374422108007\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v28.0.1500.72

Datei : C:\Users\Khorasanzada\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R9].txt - [1123 octets] - [25/07/2013 15:51:06]
AdwCleaner[S5].txt - [1057 octets] - [25/07/2013 15:51:33]

########## EOF - C:\AdwCleaner[S5].txt - [1117 octets] ##########
         
--- --- ---


JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Home Premium x64
Ran by Khorasanzada on 25.07.2013 at 15:58:36,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Khorasanzada\AppData\Roaming\mozilla\firefox\profiles\pbz0ytug.default-1374422108007\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.07.2013 at 16:05:05,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---


Ist es ratsam zwei Firewalls zu installieren?

Alt 26.07.2013, 10:39   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme mit allen Browsern nach unbekanntem Programmstart - Standard

Probleme mit allen Browsern nach unbekanntem Programmstart



Frisches FRST log fehlt
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.07.2013, 21:33   #9
Hamann
 
Probleme mit allen Browsern nach unbekanntem Programmstart - Standard

Probleme mit allen Browsern nach unbekanntem Programmstart



Code:
ATTFilter
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft) C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corp.) C:\Windows\system32\defrag.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [BrowserMask] - C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe [101328 2012-08-14] (Microsoft)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll (AVAST Software)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {0470E62C-C97E-4317-81E5-0774D8CBF7B7} hxxp://www.gfi.com/endpointscan/EndPointScan.cab
DPF: HKLM-x32 {7253A666-804A-1107-A4DC-00E04C504708} hxxp://98.126.13.202/bmc.cab
DPF: HKLM-x32 {7253A666-804A-1107-A4DC-00E04C504788} hxxp://server1.blue-mms.com/inc/bmc.cab
DPF: HKLM-x32 {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Khorasanzada\AppData\Roaming\Mozilla\Firefox\Profiles\pbz0ytug.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Khorasanzada\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Khorasanzada\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Khorasanzada\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: adblocker - C:\Program Files (x86)\Mozilla Firefox\extensions\adblocker@avast.com.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Users\Khorasanzada\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Khorasanzada\AppData\Roaming\IDM\idmmzcc5
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Users\Khorasanzada\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Khorasanzada\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Khorasanzada\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Khorasanzada\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Khorasanzada\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (avast! Ad Blocker) - C:\Users\KHORAS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0
CHR Extension: (IDM Integration) - C:\Users\KHORAS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.4_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\KHORAS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR HKLM-x32\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-07-21] (Taiwan Shui Mu Chih Ching Technology Limited.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-22] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-22] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [32768 2009-08-24] (Hauppauge Computer Works, Inc.)
S2 lirsgt; C:\Windows\SysWow64\DRIVERS\lirsgt.sys [18048 2011-05-03] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R0 ShredderVolumeDriver; C:\Windows\System32\Drivers\ShredderDriver64.sys [33152 2011-05-09] (ITOS)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 lirsgt; system32\DRIVERS\lirsgt.sys [x]
S3 nmwcdx64; system32\drivers\nmwcdx64.sys [x]
S3 TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [x]
U2 TMAgent; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-26 15:14 - 2013-07-26 15:14 - 01779853 _____ (Farbar) C:\Users\Khorasanzada\Downloads\FRST64.exe
2013-07-26 14:31 - 2013-07-26 14:34 - 07401344 _____ C:\Users\Khorasanzada\Downloads\npp.6.4.2.Installer.exe
2013-07-26 14:31 - 2013-07-26 14:34 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Notepad++
2013-07-26 14:31 - 2013-07-26 14:31 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-07-26 14:31 - 2013-07-26 14:31 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-07-26 14:29 - 2013-07-26 14:29 - 00003004 _____ C:\Windows\System32\Tasks\{C0101B0D-57EC-4A0F-9CB7-0D4D6DCAFB11}
2013-07-25 15:58 - 2013-07-25 15:58 - 00000000 ____D C:\Windows\ERUNT
2013-07-25 15:54 - 2013-07-26 09:26 - 00000907 _____ C:\Windows\setupact.log
2013-07-25 15:54 - 2013-07-25 15:55 - 05177936 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-25 15:54 - 2013-07-25 15:54 - 00065208 _____ C:\Users\KHORAS~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-25 15:54 - 2013-07-25 15:54 - 00000000 _____ C:\Windows\setuperr.log
2013-07-25 15:53 - 2013-07-25 15:53 - 00006058 _____ C:\Windows\PFRO.log
2013-07-25 15:50 - 2013-07-25 15:50 - 00666633 _____ C:\Users\Khorasanzada\Desktop\adwcleaner.exe
2013-07-25 15:49 - 2013-07-25 15:50 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Khorasanzada\Desktop\JRT.exe
2013-07-25 15:49 - 2013-07-25 15:50 - 00519759 _____ (Oleg N. Scherbakov) C:\Users\Khorasanzada\Downloads\JRT.exe.part
2013-07-25 13:13 - 2013-07-25 13:13 - 00000051 _____ C:\Users\Khorasanzada\Downloads\yasmin.txt
2013-07-25 13:04 - 2013-07-25 13:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-25 12:41 - 2013-07-25 12:47 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\QuickScan
2013-07-25 12:10 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-25 12:10 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-25 12:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-25 12:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-25 12:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-25 12:10 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-25 12:10 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-25 12:10 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-25 12:09 - 2013-07-25 12:19 - 00000000 ___DC C:\Qoobox
2013-07-25 12:09 - 2013-07-25 12:16 - 00000000 ____D C:\Windows\erdnt
2013-07-25 12:05 - 2013-07-25 12:06 - 05094311 ____R (Swearware) C:\Users\Khorasanzada\Desktop\ComboFix.exe
2013-07-24 20:32 - 2013-07-24 20:32 - 00000000 ___DC C:\FRST
2013-07-24 17:25 - 2013-07-24 17:25 - 00003212 _____ C:\Windows\System32\Tasks\{36B1A804-2669-4850-B978-8F52801DA213}
2013-07-23 23:18 - 2013-07-24 14:59 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\IDM
2013-07-23 23:18 - 2013-07-24 14:42 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\DMCache
2013-07-23 23:18 - 2013-07-24 14:01 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Compressed
2013-07-23 23:18 - 2013-07-23 23:18 - 00000000 ____D C:\ProgramData\IDM
2013-07-23 23:17 - 2013-07-24 13:14 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2013-07-23 23:17 - 2013-07-23 23:18 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2013-07-23 20:26 - 2013-07-23 20:26 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Opera
2013-07-22 20:11 - 2013-07-22 20:11 - 00000000 ____D C:\Program Files (x86)\AVAST Software
2013-07-22 19:59 - 2013-07-24 17:00 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\vlc
2013-07-22 19:58 - 2013-07-22 19:58 - 00001062 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-22 19:55 - 2013-07-22 19:55 - 00001148 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-22 19:43 - 2013-07-22 19:43 - 00009412 _____ C:\Windows\SysWOW64\RunLegacyCPLElevated.exe.Z-missing.txt
2013-07-22 19:43 - 2013-07-22 19:43 - 00003174 _____ C:\Windows\System32\Tasks\{5A852D1B-B84D-447E-826E-F2A97E9D3720}
2013-07-22 19:38 - 2013-07-25 12:21 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-22 19:38 - 2013-07-25 12:21 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-22 19:38 - 2013-07-22 19:38 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-22 19:38 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-22 19:38 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-07-22 19:38 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-07-22 19:38 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-22 19:38 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-22 19:38 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-07-22 19:37 - 2013-07-22 19:37 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-22 19:37 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-07-22 19:36 - 2013-07-22 19:37 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-22 19:23 - 2013-07-22 19:23 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\PDF Architect
2013-07-22 18:40 - 2013-07-22 18:40 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\EZDownloader
2013-07-22 17:54 - 2013-07-22 17:54 - 00003196 _____ C:\Windows\System32\Tasks\{0E8B80A5-4DBD-415D-9237-C991F82A758F}
2013-07-22 17:49 - 2004-08-17 02:40 - 00016384 _____ C:\Windows\SysWOW64\FileOps.exe
2013-07-22 17:44 - 2013-07-22 17:44 - 00003196 _____ C:\Windows\System32\Tasks\{CE201D5A-A75B-44F8-A11F-265E73CDDD65}
2013-07-22 17:30 - 2013-07-22 17:30 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-07-22 17:12 - 2013-07-22 17:12 - 00001075 _____ C:\Users\Khorasanzada\Desktop\AntiBrowserSpy.lnk
2013-07-22 17:12 - 2013-07-22 17:12 - 00000000 ____D C:\Program Files (x86)\AntiBrowserSpy
2013-07-22 16:18 - 2013-07-22 16:18 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-07-22 16:13 - 2013-07-22 16:13 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-07-21 14:28 - 2013-07-26 13:00 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-07-21 14:28 - 2013-07-22 16:14 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\WinZipper
2013-07-21 14:09 - 2013-07-21 14:09 - 00000000 ____D C:\Users\Khorasanzada\Dokumente\Abelssoft
2013-07-20 22:23 - 2013-07-21 12:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-20 22:23 - 2013-07-21 12:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-20 22:17 - 2013-07-20 22:17 - 00000584 _____ C:\Windows\system32\TmInstall.log
2013-07-20 21:33 - 2013-07-20 22:12 - 00000000 ____D C:\Users\KHORAS~1\AppData\Local\Trend Micro
2013-07-20 21:30 - 2013-07-20 22:12 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-07-20 21:26 - 2013-07-20 22:13 - 00000000 ____D C:\ProgramData\Trend Micro
2013-07-20 21:09 - 2013-07-20 22:16 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-07-20 20:49 - 2013-07-20 20:48 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-20 20:48 - 2013-07-20 20:48 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-20 20:46 - 2013-07-20 20:46 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\DownLite
2013-07-20 20:43 - 2013-07-20 20:43 - 00000865 _____ C:\Users\Khorasanzada\Desktop\µTorrent.lnk
2013-07-20 20:43 - 2013-07-20 20:43 - 00000845 _____ C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-20 20:42 - 2013-07-22 21:18 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\uTorrent
2013-07-20 18:46 - 2013-07-20 18:46 - 00000000 ____C C:\autoexec.bat
2013-07-20 18:45 - 2013-07-20 18:45 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-20 18:44 - 2013-07-20 18:47 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-20 00:37 - 2013-07-20 00:37 - 00035116 _____ C:\Users\Khorasanzada\Downloads\Secret document reveals Afghan language policy.odt
2013-07-20 00:23 - 2013-07-20 00:24 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Islam. Sammlung
2013-07-19 21:14 - 2013-07-19 23:10 - 00000000 ____D C:\Users\Khorasanzada\Downloads\The Bitches
2013-07-19 14:06 - 2013-06-27 11:57 - 00172920 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2013-07-18 23:42 - 2013-07-21 21:49 - 00001075 _____ C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-07-18 22:11 - 2013-07-18 22:16 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Sport u. Ernährung
2013-07-17 18:42 - 2013-07-17 18:43 - 00000000 ____D C:\Windows\system32\MRT
2013-07-15 16:21 - 2013-07-15 16:21 - 00027569 _____ C:\Users\Khorasanzada\Downloads\Ashraf Ghani Ahmadzai.odt
2013-07-12 16:25 - 2013-07-12 16:25 - 00000000 ____D C:\ProgramData\Real
2013-07-11 09:04 - 2013-07-11 09:04 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-07-10 19:22 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 19:22 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 19:22 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 19:22 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 19:22 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 19:22 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 19:22 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 19:22 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 19:22 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 17:19 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 17:19 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 17:19 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 17:19 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 17:19 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 17:19 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 17:19 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-08 20:14 - 2013-07-08 20:14 - 00000000 ____D C:\Users\Khorasanzada\Dokumente\my games
2013-07-08 20:12 - 2013-07-08 20:12 - 00000000 ____D C:\Program Files (x86)\1C Company
2013-07-08 19:53 - 2013-07-08 19:53 - 00001069 _____ C:\Users\Khorasanzada\Desktop\Men of War.lnk
2013-07-08 19:47 - 2013-07-11 12:29 - 00000000 ____D C:\Program Files (x86)\1C
2013-07-08 15:27 - 2013-07-08 15:27 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Apowersoft

==================== One Month Modified Files and Folders =======

2013-07-26 15:14 - 2013-07-26 15:14 - 01779853 _____ (Farbar) C:\Users\Khorasanzada\Downloads\FRST64.exe
2013-07-26 14:56 - 2013-02-12 12:02 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-26 14:55 - 2013-02-22 01:55 - 00001148 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001UA.job
2013-07-26 14:34 - 2013-07-26 14:31 - 07401344 _____ C:\Users\Khorasanzada\Downloads\npp.6.4.2.Installer.exe
2013-07-26 14:34 - 2013-07-26 14:31 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Notepad++
2013-07-26 14:33 - 2011-12-09 17:26 - 00001871 _____ C:\Users\Khorasanzada\Desktop\Google Chrome.lnk
2013-07-26 14:31 - 2013-07-26 14:31 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-07-26 14:31 - 2013-07-26 14:31 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-07-26 14:29 - 2013-07-26 14:29 - 00003004 _____ C:\Windows\System32\Tasks\{C0101B0D-57EC-4A0F-9CB7-0D4D6DCAFB11}
2013-07-26 14:26 - 2010-08-21 13:33 - 00000000 ____D C:\Users\Khorasanzada\Samim
2013-07-26 14:24 - 2013-01-06 22:51 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-26 13:08 - 2012-04-05 21:05 - 01957553 _____ C:\Windows\WindowsUpdate.log
2013-07-26 13:00 - 2013-07-21 14:28 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-07-26 12:57 - 2013-02-22 01:55 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001Core.job
2013-07-26 12:57 - 2013-02-12 12:02 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-26 09:34 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-26 09:34 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-26 09:26 - 2013-07-25 15:54 - 00000907 _____ C:\Windows\setupact.log
2013-07-26 09:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-25 17:25 - 2010-08-21 05:05 - 00707324 _____ C:\Windows\system32\perfh007.dat
2013-07-25 17:25 - 2010-08-21 05:05 - 00152916 _____ C:\Windows\system32\perfc007.dat
2013-07-25 17:25 - 2009-07-14 07:13 - 01642252 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-25 15:58 - 2013-07-25 15:58 - 00000000 ____D C:\Windows\ERUNT
2013-07-25 15:55 - 2013-07-25 15:54 - 05177936 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-25 15:54 - 2013-07-25 15:54 - 00065208 _____ C:\Users\KHORAS~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-25 15:54 - 2013-07-25 15:54 - 00000000 _____ C:\Windows\setuperr.log
2013-07-25 15:53 - 2013-07-25 15:53 - 00006058 _____ C:\Windows\PFRO.log
2013-07-25 15:50 - 2013-07-25 15:50 - 00666633 _____ C:\Users\Khorasanzada\Desktop\adwcleaner.exe
2013-07-25 15:50 - 2013-07-25 15:49 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Khorasanzada\Desktop\JRT.exe
2013-07-25 15:50 - 2013-07-25 15:49 - 00519759 _____ (Oleg N. Scherbakov) C:\Users\Khorasanzada\Downloads\JRT.exe.part
2013-07-25 13:13 - 2013-07-25 13:13 - 00000051 _____ C:\Users\Khorasanzada\Downloads\yasmin.txt
2013-07-25 13:04 - 2013-07-25 13:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-25 13:04 - 2012-02-14 22:13 - 00001143 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-25 13:03 - 2010-08-20 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-25 12:47 - 2013-07-25 12:41 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\QuickScan
2013-07-25 12:21 - 2013-07-22 19:38 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-25 12:21 - 2013-07-22 19:38 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-25 12:19 - 2013-07-25 12:09 - 00000000 ___DC C:\Qoobox
2013-07-25 12:19 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-25 12:16 - 2013-07-25 12:09 - 00000000 ____D C:\Windows\erdnt
2013-07-25 12:16 - 2009-07-14 04:34 - 00000215 ____C C:\Windows\system.ini
2013-07-25 12:06 - 2013-07-25 12:05 - 05094311 ____R (Swearware) C:\Users\Khorasanzada\Desktop\ComboFix.exe
2013-07-24 22:36 - 2010-08-20 19:15 - 00000000 ___RD C:\Users\Khorasanzada\Dokumente
2013-07-24 20:32 - 2013-07-24 20:32 - 00000000 ___DC C:\FRST
2013-07-24 20:29 - 2011-08-13 18:42 - 07289505 _____ C:\Users\KHORAS~1\AppData\Local\census.cache
2013-07-24 20:24 - 2011-08-13 18:40 - 00103068 _____ C:\Users\KHORAS~1\AppData\Local\ars.cache
2013-07-24 17:36 - 2010-08-20 22:47 - 00000000 ____D C:\Users\KHORAS~1\AppData\Local\Adobe
2013-07-24 17:34 - 2013-01-06 22:51 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-24 17:34 - 2012-04-05 13:28 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-24 17:34 - 2012-01-12 15:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-24 17:25 - 2013-07-24 17:25 - 00003212 _____ C:\Windows\System32\Tasks\{36B1A804-2669-4850-B978-8F52801DA213}
2013-07-24 17:25 - 2012-02-19 18:29 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-07-24 17:00 - 2013-07-22 19:59 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\vlc
2013-07-24 14:59 - 2013-07-23 23:18 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\IDM
2013-07-24 14:42 - 2013-07-23 23:18 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\DMCache
2013-07-24 14:01 - 2013-07-23 23:18 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Compressed
2013-07-24 13:56 - 2010-08-21 12:15 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-07-24 13:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-24 13:14 - 2013-07-23 23:17 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2013-07-24 13:07 - 2010-08-20 22:47 - 00000000 ____D C:\ProgramData\Adobe
2013-07-24 13:04 - 2011-05-24 23:13 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Adobe
2013-07-24 13:00 - 2011-06-17 22:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-23 23:18 - 2013-07-23 23:18 - 00000000 ____D C:\ProgramData\IDM
2013-07-23 23:18 - 2013-07-23 23:17 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2013-07-23 21:43 - 2009-07-14 04:34 - 00000403 _____ C:\Windows\win.ini
2013-07-23 20:26 - 2013-07-23 20:26 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Opera
2013-07-23 13:09 - 2012-05-18 13:36 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-22 21:19 - 2010-08-21 16:52 - 00002700 _____ C:\Users\Khorasanzada\Dokumente\cc_20100821_165221.reg
2013-07-22 21:18 - 2013-07-20 20:42 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\uTorrent
2013-07-22 20:11 - 2013-07-22 20:11 - 00000000 ____D C:\Program Files (x86)\AVAST Software
2013-07-22 20:00 - 2010-08-21 13:59 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-07-22 20:00 - 2010-08-21 13:59 - 00000000 ____D C:\Program Files\WinRAR
2013-07-22 19:58 - 2013-07-22 19:58 - 00001062 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-22 19:56 - 2011-04-22 22:41 - 00001619 _____ C:\Users\Khorasanzada\Desktop\DivX Movies.lnk
2013-07-22 19:56 - 2010-12-13 15:22 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-22 19:56 - 2010-12-13 15:20 - 00000000 ____D C:\ProgramData\DivX
2013-07-22 19:55 - 2013-07-22 19:55 - 00001148 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-22 19:55 - 2012-06-30 21:31 - 00001108 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-07-22 19:55 - 2010-12-13 15:29 - 00000000 ____D C:\Program Files\DivX
2013-07-22 19:43 - 2013-07-22 19:43 - 00009412 _____ C:\Windows\SysWOW64\RunLegacyCPLElevated.exe.Z-missing.txt
2013-07-22 19:43 - 2013-07-22 19:43 - 00003174 _____ C:\Windows\System32\Tasks\{5A852D1B-B84D-447E-826E-F2A97E9D3720}
2013-07-22 19:38 - 2013-07-22 19:38 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-22 19:37 - 2013-07-22 19:37 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-22 19:37 - 2013-07-22 19:36 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-22 19:23 - 2013-07-22 19:23 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\PDF Architect
2013-07-22 18:51 - 2013-01-04 04:53 - 00000000 ____D C:\Windows\pss
2013-07-22 18:44 - 2010-08-20 20:11 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-22 18:40 - 2013-07-22 18:40 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\EZDownloader
2013-07-22 17:54 - 2013-07-22 17:54 - 00003196 _____ C:\Windows\System32\Tasks\{0E8B80A5-4DBD-415D-9237-C991F82A758F}
2013-07-22 17:44 - 2013-07-22 17:44 - 00003196 _____ C:\Windows\System32\Tasks\{CE201D5A-A75B-44F8-A11F-265E73CDDD65}
2013-07-22 17:30 - 2013-07-22 17:30 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-07-22 17:12 - 2013-07-22 17:12 - 00001075 _____ C:\Users\Khorasanzada\Desktop\AntiBrowserSpy.lnk
2013-07-22 17:12 - 2013-07-22 17:12 - 00000000 ____D C:\Program Files (x86)\AntiBrowserSpy
2013-07-22 16:18 - 2013-07-22 16:18 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-07-22 16:14 - 2013-07-21 14:28 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\WinZipper
2013-07-22 16:13 - 2013-07-22 16:13 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-07-21 21:49 - 2013-07-18 23:42 - 00001075 _____ C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-07-21 21:49 - 2011-12-09 17:26 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-07-21 21:49 - 2010-08-20 19:16 - 00001009 _____ C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-21 18:14 - 2010-08-21 05:05 - 00000000 ____D C:\Windows\PANTHER
2013-07-21 14:09 - 2013-07-21 14:09 - 00000000 ____D C:\Users\Khorasanzada\Dokumente\Abelssoft
2013-07-21 14:09 - 2011-11-21 21:02 - 00001173 _____ C:\Users\Public\Desktop\YouTube Song Downloader.lnk
2013-07-21 14:09 - 2011-11-21 21:02 - 00000000 ____D C:\Program Files (x86)\YouTube Song Downloader
2013-07-21 14:09 - 2011-11-21 21:02 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2013-07-21 14:09 - 2011-07-23 18:12 - 00000000 ____D C:\Users\KHORAS~1\AppData\Local\Abelssoft
2013-07-21 12:38 - 2013-07-20 22:23 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-21 12:38 - 2013-07-20 22:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-21 12:38 - 2012-04-05 13:30 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-20 22:17 - 2013-07-20 22:17 - 00000584 _____ C:\Windows\system32\TmInstall.log
2013-07-20 22:16 - 2013-07-20 21:09 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-07-20 22:13 - 2013-07-20 21:26 - 00000000 ____D C:\ProgramData\Trend Micro
2013-07-20 22:12 - 2013-07-20 21:33 - 00000000 ____D C:\Users\KHORAS~1\AppData\Local\Trend Micro
2013-07-20 22:12 - 2013-07-20 21:30 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-07-20 21:30 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-07-20 20:48 - 2013-07-20 20:49 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-20 20:48 - 2013-07-20 20:48 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-20 20:48 - 2012-06-30 13:05 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-20 20:48 - 2010-08-23 17:00 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-20 20:46 - 2013-07-20 20:46 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\DownLite
2013-07-20 20:43 - 2013-07-20 20:43 - 00000865 _____ C:\Users\Khorasanzada\Desktop\µTorrent.lnk
2013-07-20 20:43 - 2013-07-20 20:43 - 00000845 _____ C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-20 18:47 - 2013-07-20 18:44 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-20 18:46 - 2013-07-20 18:46 - 00000000 ____C C:\autoexec.bat
2013-07-20 18:45 - 2013-07-20 18:45 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-20 18:24 - 2012-03-20 17:53 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Dreck
2013-07-20 16:03 - 2010-08-20 22:45 - 00000000 ____D C:\DeskUpdate.tmp
2013-07-20 12:50 - 2010-08-21 00:34 - 00000000 ____D C:\Windows\System32\Tasks\Fujitsu
2013-07-20 00:46 - 2013-02-10 14:20 - 00057397 _____ C:\Users\Khorasanzada\Downloads\paschtunischer Terror - Pashtunisierung.odt
2013-07-20 00:44 - 2012-06-08 21:27 - 00036972 _____ C:\Users\Khorasanzada\Downloads\PAKISTAN-AFGHANISTANDAWOODKHAN.odt
2013-07-20 00:43 - 2013-02-10 14:20 - 00036105 _____ C:\Users\Khorasanzada\Downloads\Taliban und ihr Zug nach Norden.odt
2013-07-20 00:37 - 2013-07-20 00:37 - 00035116 _____ C:\Users\Khorasanzada\Downloads\Secret document reveals Afghan language policy.odt
2013-07-20 00:33 - 2011-09-15 13:54 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Khorasan
2013-07-20 00:24 - 2013-07-20 00:23 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Islam. Sammlung
2013-07-19 23:10 - 2013-07-19 21:14 - 00000000 ____D C:\Users\Khorasanzada\Downloads\The Bitches
2013-07-18 23:34 - 2010-08-20 19:16 - 00000000 ___RD C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-18 23:30 - 2012-08-29 14:37 - 00000000 ____D C:\Program Files (x86)\Brother
2013-07-18 23:30 - 2010-08-20 19:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-18 23:26 - 2010-11-05 17:01 - 00001013 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-18 23:26 - 2010-08-20 19:36 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-07-18 22:58 - 2011-10-22 13:09 - 00000000 ____D C:\Users\Khorasanzada\Tamim
2013-07-18 22:51 - 2010-08-20 19:15 - 00000000 ____D C:\Users\Khorasanzada
2013-07-18 22:16 - 2013-07-18 22:11 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Sport u. Ernährung
2013-07-18 21:07 - 2010-10-16 19:34 - 00000000 ____D C:\Users\KHORAS~1\AppData\Local\Windows Live
2013-07-17 18:43 - 2013-07-17 18:42 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 18:38 - 2010-08-20 22:46 - 00001149 _____ C:\Users\Public\Desktop\DeskUpdate.lnk
2013-07-15 16:21 - 2013-07-15 16:21 - 00027569 _____ C:\Users\Khorasanzada\Downloads\Ashraf Ghani Ahmadzai.odt
2013-07-13 10:51 - 2013-02-12 12:02 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 10:51 - 2013-02-12 12:02 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 10:50 - 2013-02-22 01:55 - 00004132 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001UA
2013-07-13 10:50 - 2013-02-22 01:55 - 00003736 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001Core
2013-07-12 16:25 - 2013-07-12 16:25 - 00000000 ____D C:\ProgramData\Real
2013-07-11 12:29 - 2013-07-08 19:47 - 00000000 ____D C:\Program Files (x86)\1C
2013-07-11 09:04 - 2013-07-11 09:04 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-07-10 20:13 - 2013-03-16 04:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 20:13 - 2013-03-16 04:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 20:13 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 20:13 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 20:13 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-08 20:14 - 2013-07-08 20:14 - 00000000 ____D C:\Users\Khorasanzada\Dokumente\my games
2013-07-08 20:12 - 2013-07-08 20:12 - 00000000 ____D C:\Program Files (x86)\1C Company
2013-07-08 19:53 - 2013-07-08 19:53 - 00001069 _____ C:\Users\Khorasanzada\Desktop\Men of War.lnk
2013-07-08 15:27 - 2013-07-08 15:27 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Apowersoft
2013-07-08 13:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources
2013-07-04 21:02 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-27 11:57 - 2013-07-19 14:06 - 00172920 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 12:41

==================== End Of Log ============================
         
Bitte sehr

Wäre es vielleicht möglich von der Zeit her, Herr Schrauber, wenn wir das vielleicht stürmisch hinter uns bringen können? Ich frage deshalb, weil ich mich seit dem Vorfall nicht traue irgend eine Akte oder das Archiv auf meinem Rechner zu öffnen oder auch irgendwelche Passwörter einzugeben, sei es privat oder ''social networks'' oder Mails und es ist sehr sehr dringend. Meine Kunden müssen abgearbeitet werden :S

will aber nicht hetzen!

Alt 27.07.2013, 12:04   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme mit allen Browsern nach unbekanntem Programmstart - Standard

Probleme mit allen Browsern nach unbekanntem Programmstart



Sorry für die Verspätung, liege flach mit Grippe und Fieber.

Noch nen Onlinescan und wir sind durch.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST Log bitte. noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.07.2013, 15:45   #11
Hamann
 
Probleme mit allen Browsern nach unbekanntem Programmstart - Standard

Probleme mit allen Browsern nach unbekanntem Programmstart



Ich hoffe Sie erholen sich schnell

was wäre denn, wenn ich bei dem Programm Remove Found Threads anklicke? Ist doch eigentlich gut, oder nicht?

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9edec21a047c36469fd23952697fcca5
# engine=14548
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-27 12:46:30
# local_time=2013-07-27 02:46:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 181497 151639062 0 0
# compatibility_mode=5893 16776574 100 94 241880 126559040 0 0
# scanned=131377
# found=0
# cleaned=0
# scan_time=3680
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.70  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
avast! Antivirus                
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 AntiBrowserSpy     
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.94  
 Adobe Reader 9 Adobe Reader out of Date! 
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Mozilla Firefox (22.0) 
 Google Chrome 28.0.1500.71  
 Google Chrome 28.0.1500.72  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Code:
ATTFilter
Ran by Khorasanzada (administrator) on 27-07-2013 15:31:55
Running from C:\Users\Khorasanzada\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft) C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [BrowserMask] - C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe [101328 2012-08-14] (Microsoft)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKU\Default\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1475584 2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker64.dll (AVAST Software)
BHO-x32: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files (x86)\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {0470E62C-C97E-4317-81E5-0774D8CBF7B7} hxxp://www.gfi.com/endpointscan/EndPointScan.cab
DPF: HKLM-x32 {7253A666-804A-1107-A4DC-00E04C504708} hxxp://98.126.13.202/bmc.cab
DPF: HKLM-x32 {7253A666-804A-1107-A4DC-00E04C504788} hxxp://server1.blue-mms.com/inc/bmc.cab
DPF: HKLM-x32 {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Khorasanzada\AppData\Roaming\Mozilla\Firefox\Profiles\pbz0ytug.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Khorasanzada\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Khorasanzada\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\Khorasanzada\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: adblocker - C:\Program Files (x86)\Mozilla Firefox\extensions\adblocker@avast.com.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Users\Khorasanzada\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Khorasanzada\AppData\Roaming\IDM\idmmzcc5
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] C:\Users\Khorasanzada\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Khorasanzada\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Khorasanzada\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Khorasanzada\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Khorasanzada\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (avast! Ad Blocker) - C:\Users\KHORAS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd\8.0_0
CHR Extension: (IDM Integration) - C:\Users\KHORAS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.17.4_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\KHORAS~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR HKLM-x32\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Program Files\AVAST Software\Avast\AdBlocker\Chrome\avast-adblocker-chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S3 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\HaDTMan.exe [384792 2010-09-24] (Fujitsu Technology Solutions)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424104 2013-07-21] (Taiwan Shui Mu Chih Ching Technology Limited.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-22] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-22] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-22] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [132608 2009-06-29] (Huawei Technologies Co., Ltd.)
R3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [32768 2009-08-24] (Hauppauge Computer Works, Inc.)
S2 lirsgt; C:\Windows\SysWow64\DRIVERS\lirsgt.sys [18048 2011-05-03] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R0 ShredderVolumeDriver; C:\Windows\System32\Drivers\ShredderDriver64.sys [33152 2011-05-09] (ITOS)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 lirsgt; system32\DRIVERS\lirsgt.sys [x]
S3 nmwcdx64; system32\drivers\nmwcdx64.sys [x]
S3 TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [x]
U2 TMAgent; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-27 15:31 - 2013-07-27 15:31 - 01780815 _____ (Farbar) C:\Users\Khorasanzada\Downloads\FRST64.exe
2013-07-27 14:52 - 2013-07-27 14:52 - 00891062 _____ C:\Users\Khorasanzada\Desktop\SecurityCheck.exe
2013-07-27 13:43 - 2013-07-27 13:43 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-27 13:42 - 2013-07-27 13:42 - 02347384 _____ (ESET) C:\Users\Khorasanzada\Downloads\esetsmartinstaller_enu.exe
2013-07-26 19:08 - 2013-07-26 19:10 - 60760341 _____ C:\Users\Khorasanzada\Downloads\131844814.mp4
2013-07-26 14:31 - 2013-07-26 14:34 - 07401344 _____ C:\Users\Khorasanzada\Downloads\npp.6.4.2.Installer.exe
2013-07-26 14:31 - 2013-07-26 14:34 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Notepad++
2013-07-26 14:31 - 2013-07-26 14:31 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-07-26 14:31 - 2013-07-26 14:31 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-07-26 14:29 - 2013-07-26 14:29 - 00003004 _____ C:\Windows\System32\Tasks\{C0101B0D-57EC-4A0F-9CB7-0D4D6DCAFB11}
2013-07-25 15:58 - 2013-07-25 15:58 - 00000000 ____D C:\Windows\ERUNT
2013-07-25 15:54 - 2013-07-27 11:14 - 00001019 _____ C:\Windows\setupact.log
2013-07-25 15:54 - 2013-07-25 15:55 - 05177936 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-25 15:54 - 2013-07-25 15:54 - 00065208 _____ C:\Users\KHORAS~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-25 15:54 - 2013-07-25 15:54 - 00000000 _____ C:\Windows\setuperr.log
2013-07-25 15:53 - 2013-07-25 15:53 - 00006058 _____ C:\Windows\PFRO.log
2013-07-25 15:50 - 2013-07-25 15:50 - 00666633 _____ C:\Users\Khorasanzada\Desktop\adwcleaner.exe
2013-07-25 15:49 - 2013-07-25 15:50 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Khorasanzada\Desktop\JRT.exe
2013-07-25 15:49 - 2013-07-25 15:50 - 00519759 _____ (Oleg N. Scherbakov) C:\Users\Khorasanzada\Downloads\JRT.exe.part
2013-07-25 13:13 - 2013-07-25 13:13 - 00000051 _____ C:\Users\Khorasanzada\Downloads\yasmin.txt
2013-07-25 13:04 - 2013-07-25 13:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-25 12:41 - 2013-07-25 12:47 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\QuickScan
2013-07-25 12:10 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-25 12:10 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-25 12:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-25 12:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-25 12:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-25 12:10 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-25 12:10 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-25 12:10 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-25 12:09 - 2013-07-25 12:19 - 00000000 ___DC C:\Qoobox
2013-07-25 12:09 - 2013-07-25 12:16 - 00000000 ____D C:\Windows\erdnt
2013-07-25 12:05 - 2013-07-25 12:06 - 05094311 ____R (Swearware) C:\Users\Khorasanzada\Desktop\ComboFix.exe
2013-07-24 20:32 - 2013-07-24 20:32 - 00000000 ___DC C:\FRST
2013-07-24 17:25 - 2013-07-24 17:25 - 00003212 _____ C:\Windows\System32\Tasks\{36B1A804-2669-4850-B978-8F52801DA213}
2013-07-23 23:18 - 2013-07-24 14:59 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\IDM
2013-07-23 23:18 - 2013-07-24 14:42 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\DMCache
2013-07-23 23:18 - 2013-07-24 14:01 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Compressed
2013-07-23 23:18 - 2013-07-23 23:18 - 00000000 ____D C:\ProgramData\IDM
2013-07-23 23:17 - 2013-07-24 13:14 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2013-07-23 23:17 - 2013-07-23 23:18 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2013-07-23 20:26 - 2013-07-23 20:26 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Opera
2013-07-22 20:11 - 2013-07-22 20:11 - 00000000 ____D C:\Program Files (x86)\AVAST Software
2013-07-22 19:59 - 2013-07-26 15:36 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\vlc
2013-07-22 19:58 - 2013-07-22 19:58 - 00001062 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-22 19:55 - 2013-07-22 19:55 - 00001148 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-22 19:43 - 2013-07-22 19:43 - 00009412 _____ C:\Windows\SysWOW64\RunLegacyCPLElevated.exe.Z-missing.txt
2013-07-22 19:43 - 2013-07-22 19:43 - 00003174 _____ C:\Windows\System32\Tasks\{5A852D1B-B84D-447E-826E-F2A97E9D3720}
2013-07-22 19:38 - 2013-07-25 12:21 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-22 19:38 - 2013-07-25 12:21 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-22 19:38 - 2013-07-22 19:38 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-22 19:38 - 2013-05-09 10:59 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-07-22 19:38 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-07-22 19:38 - 2013-05-09 10:59 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-07-22 19:38 - 2013-05-09 10:59 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-07-22 19:38 - 2013-05-09 10:59 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-07-22 19:38 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-07-22 19:37 - 2013-07-22 19:37 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-22 19:37 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-07-22 19:36 - 2013-07-22 19:37 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-22 19:23 - 2013-07-22 19:23 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\PDF Architect
2013-07-22 18:40 - 2013-07-22 18:40 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\EZDownloader
2013-07-22 17:54 - 2013-07-22 17:54 - 00003196 _____ C:\Windows\System32\Tasks\{0E8B80A5-4DBD-415D-9237-C991F82A758F}
2013-07-22 17:49 - 2004-08-17 02:40 - 00016384 _____ C:\Windows\SysWOW64\FileOps.exe
2013-07-22 17:44 - 2013-07-22 17:44 - 00003196 _____ C:\Windows\System32\Tasks\{CE201D5A-A75B-44F8-A11F-265E73CDDD65}
2013-07-22 17:30 - 2013-07-22 17:30 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-07-22 17:12 - 2013-07-22 17:12 - 00001075 _____ C:\Users\Khorasanzada\Desktop\AntiBrowserSpy.lnk
2013-07-22 17:12 - 2013-07-22 17:12 - 00000000 ____D C:\Program Files (x86)\AntiBrowserSpy
2013-07-22 16:18 - 2013-07-22 16:18 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-07-22 16:13 - 2013-07-22 16:13 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-07-21 14:28 - 2013-07-27 11:17 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-07-21 14:28 - 2013-07-22 16:14 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\WinZipper
2013-07-21 14:09 - 2013-07-21 14:09 - 00000000 ____D C:\Users\Khorasanzada\Dokumente\Abelssoft
2013-07-20 22:23 - 2013-07-21 12:38 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-20 22:23 - 2013-07-21 12:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-20 22:17 - 2013-07-20 22:17 - 00000584 _____ C:\Windows\system32\TmInstall.log
2013-07-20 21:33 - 2013-07-20 22:12 - 00000000 ____D C:\Users\KHORAS~1\AppData\Local\Trend Micro
2013-07-20 21:30 - 2013-07-20 22:12 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-07-20 21:26 - 2013-07-20 22:13 - 00000000 ____D C:\ProgramData\Trend Micro
2013-07-20 21:09 - 2013-07-20 22:16 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-07-20 20:49 - 2013-07-20 20:48 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-20 20:48 - 2013-07-20 20:48 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-20 20:46 - 2013-07-20 20:46 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\DownLite
2013-07-20 20:43 - 2013-07-20 20:43 - 00000865 _____ C:\Users\Khorasanzada\Desktop\µTorrent.lnk
2013-07-20 20:43 - 2013-07-20 20:43 - 00000845 _____ C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-20 20:42 - 2013-07-22 21:18 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\uTorrent
2013-07-20 18:46 - 2013-07-20 18:46 - 00000000 ____C C:\autoexec.bat
2013-07-20 18:45 - 2013-07-20 18:45 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-20 18:44 - 2013-07-20 18:47 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-20 00:37 - 2013-07-20 00:37 - 00035116 _____ C:\Users\Khorasanzada\Downloads\Secret document reveals Afghan language policy.odt
2013-07-20 00:23 - 2013-07-20 00:24 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Islam. Sammlung
2013-07-19 21:14 - 2013-07-19 23:10 - 00000000 ____D C:\Users\Khorasanzada\Downloads\The Bitches
2013-07-19 14:06 - 2013-06-27 11:57 - 00172920 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2013-07-18 23:42 - 2013-07-21 21:49 - 00001075 _____ C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-07-18 22:11 - 2013-07-18 22:16 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Sport u. Ernährung
2013-07-17 18:42 - 2013-07-17 18:43 - 00000000 ____D C:\Windows\system32\MRT
2013-07-15 16:21 - 2013-07-15 16:21 - 00027569 _____ C:\Users\Khorasanzada\Downloads\Ashraf Ghani Ahmadzai.odt
2013-07-12 16:25 - 2013-07-12 16:25 - 00000000 ____D C:\ProgramData\Real
2013-07-11 09:04 - 2013-07-11 09:04 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-07-10 19:22 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 19:22 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 19:22 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 19:22 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 19:22 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 19:22 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 19:22 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 19:22 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 19:22 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 19:22 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 19:22 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 19:22 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 17:19 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 17:19 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 17:19 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 17:19 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 17:19 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 17:19 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 17:19 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-08 20:14 - 2013-07-08 20:14 - 00000000 ____D C:\Users\Khorasanzada\Dokumente\my games
2013-07-08 20:12 - 2013-07-08 20:12 - 00000000 ____D C:\Program Files (x86)\1C Company
2013-07-08 19:53 - 2013-07-08 19:53 - 00001069 _____ C:\Users\Khorasanzada\Desktop\Men of War.lnk
2013-07-08 19:47 - 2013-07-11 12:29 - 00000000 ____D C:\Program Files (x86)\1C
2013-07-08 15:27 - 2013-07-08 15:27 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Apowersoft

==================== One Month Modified Files and Folders =======

2013-07-27 15:31 - 2013-07-27 15:31 - 01780815 _____ (Farbar) C:\Users\Khorasanzada\Downloads\FRST64.exe
2013-07-27 15:24 - 2013-01-06 22:51 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-27 14:56 - 2013-02-12 12:02 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-27 14:55 - 2013-02-22 01:55 - 00001148 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001UA.job
2013-07-27 14:52 - 2013-07-27 14:52 - 00891062 _____ C:\Users\Khorasanzada\Desktop\SecurityCheck.exe
2013-07-27 14:31 - 2012-04-05 21:05 - 01973350 _____ C:\Windows\WindowsUpdate.log
2013-07-27 13:46 - 2011-12-09 17:26 - 00001865 _____ C:\Users\Khorasanzada\Desktop\Google Chrome.lnk
2013-07-27 13:43 - 2013-07-27 13:43 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-27 13:42 - 2013-07-27 13:42 - 02347384 _____ (ESET) C:\Users\Khorasanzada\Downloads\esetsmartinstaller_enu.exe
2013-07-27 11:21 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-27 11:21 - 2009-07-14 06:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-27 11:17 - 2013-07-21 14:28 - 00000000 ____D C:\Program Files (x86)\WinZipper
2013-07-27 11:14 - 2013-07-25 15:54 - 00001019 _____ C:\Windows\setupact.log
2013-07-27 11:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-26 19:10 - 2013-07-26 19:08 - 60760341 _____ C:\Users\Khorasanzada\Downloads\131844814.mp4
2013-07-26 18:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-26 18:14 - 2010-08-21 13:33 - 00000000 ____D C:\Users\Khorasanzada\Samim
2013-07-26 15:36 - 2013-07-22 19:59 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\vlc
2013-07-26 14:34 - 2013-07-26 14:31 - 07401344 _____ C:\Users\Khorasanzada\Downloads\npp.6.4.2.Installer.exe
2013-07-26 14:34 - 2013-07-26 14:31 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Notepad++
2013-07-26 14:31 - 2013-07-26 14:31 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-07-26 14:31 - 2013-07-26 14:31 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-07-26 14:29 - 2013-07-26 14:29 - 00003004 _____ C:\Windows\System32\Tasks\{C0101B0D-57EC-4A0F-9CB7-0D4D6DCAFB11}
2013-07-26 12:57 - 2013-02-22 01:55 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001Core.job
2013-07-26 12:57 - 2013-02-12 12:02 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-25 17:25 - 2010-08-21 05:05 - 00707324 _____ C:\Windows\system32\perfh007.dat
2013-07-25 17:25 - 2010-08-21 05:05 - 00152916 _____ C:\Windows\system32\perfc007.dat
2013-07-25 17:25 - 2009-07-14 07:13 - 01642252 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-25 15:58 - 2013-07-25 15:58 - 00000000 ____D C:\Windows\ERUNT
2013-07-25 15:55 - 2013-07-25 15:54 - 05177936 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-25 15:54 - 2013-07-25 15:54 - 00065208 _____ C:\Users\KHORAS~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-25 15:54 - 2013-07-25 15:54 - 00000000 _____ C:\Windows\setuperr.log
2013-07-25 15:53 - 2013-07-25 15:53 - 00006058 _____ C:\Windows\PFRO.log
2013-07-25 15:50 - 2013-07-25 15:50 - 00666633 _____ C:\Users\Khorasanzada\Desktop\adwcleaner.exe
2013-07-25 15:50 - 2013-07-25 15:49 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Khorasanzada\Desktop\JRT.exe
2013-07-25 15:50 - 2013-07-25 15:49 - 00519759 _____ (Oleg N. Scherbakov) C:\Users\Khorasanzada\Downloads\JRT.exe.part
2013-07-25 13:13 - 2013-07-25 13:13 - 00000051 _____ C:\Users\Khorasanzada\Downloads\yasmin.txt
2013-07-25 13:04 - 2013-07-25 13:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-25 13:04 - 2012-02-14 22:13 - 00001143 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-07-25 13:03 - 2010-08-20 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-25 12:47 - 2013-07-25 12:41 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\QuickScan
2013-07-25 12:21 - 2013-07-22 19:38 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-07-25 12:21 - 2013-07-22 19:38 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-07-25 12:19 - 2013-07-25 12:09 - 00000000 ___DC C:\Qoobox
2013-07-25 12:19 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-25 12:16 - 2013-07-25 12:09 - 00000000 ____D C:\Windows\erdnt
2013-07-25 12:16 - 2009-07-14 04:34 - 00000215 ____C C:\Windows\system.ini
2013-07-25 12:06 - 2013-07-25 12:05 - 05094311 ____R (Swearware) C:\Users\Khorasanzada\Desktop\ComboFix.exe
2013-07-24 22:36 - 2010-08-20 19:15 - 00000000 ___RD C:\Users\Khorasanzada\Dokumente
2013-07-24 20:32 - 2013-07-24 20:32 - 00000000 ___DC C:\FRST
2013-07-24 20:29 - 2011-08-13 18:42 - 07289505 _____ C:\Users\KHORAS~1\AppData\Local\census.cache
2013-07-24 20:24 - 2011-08-13 18:40 - 00103068 _____ C:\Users\KHORAS~1\AppData\Local\ars.cache
2013-07-24 17:36 - 2010-08-20 22:47 - 00000000 ____D C:\Users\KHORAS~1\AppData\Local\Adobe
2013-07-24 17:34 - 2013-01-06 22:51 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-24 17:34 - 2012-04-05 13:28 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-24 17:34 - 2012-01-12 15:43 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-24 17:25 - 2013-07-24 17:25 - 00003212 _____ C:\Windows\System32\Tasks\{36B1A804-2669-4850-B978-8F52801DA213}
2013-07-24 17:25 - 2012-02-19 18:29 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-07-24 14:59 - 2013-07-23 23:18 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\IDM
2013-07-24 14:42 - 2013-07-23 23:18 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\DMCache
2013-07-24 14:01 - 2013-07-23 23:18 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Compressed
2013-07-24 13:56 - 2010-08-21 12:15 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-07-24 13:14 - 2013-07-23 23:17 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2013-07-24 13:07 - 2010-08-20 22:47 - 00000000 ____D C:\ProgramData\Adobe
2013-07-24 13:04 - 2011-05-24 23:13 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Adobe
2013-07-24 13:00 - 2011-06-17 22:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-07-23 23:18 - 2013-07-23 23:18 - 00000000 ____D C:\ProgramData\IDM
2013-07-23 23:18 - 2013-07-23 23:17 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2013-07-23 21:43 - 2009-07-14 04:34 - 00000403 _____ C:\Windows\win.ini
2013-07-23 20:26 - 2013-07-23 20:26 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Opera
2013-07-23 13:09 - 2012-05-18 13:36 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-22 21:19 - 2010-08-21 16:52 - 00002700 _____ C:\Users\Khorasanzada\Dokumente\cc_20100821_165221.reg
2013-07-22 21:18 - 2013-07-20 20:42 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\uTorrent
2013-07-22 20:11 - 2013-07-22 20:11 - 00000000 ____D C:\Program Files (x86)\AVAST Software
2013-07-22 20:00 - 2010-08-21 13:59 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-07-22 20:00 - 2010-08-21 13:59 - 00000000 ____D C:\Program Files\WinRAR
2013-07-22 19:58 - 2013-07-22 19:58 - 00001062 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-22 19:56 - 2011-04-22 22:41 - 00001619 _____ C:\Users\Khorasanzada\Desktop\DivX Movies.lnk
2013-07-22 19:56 - 2010-12-13 15:22 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-22 19:56 - 2010-12-13 15:20 - 00000000 ____D C:\ProgramData\DivX
2013-07-22 19:55 - 2013-07-22 19:55 - 00001148 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-22 19:55 - 2012-06-30 21:31 - 00001108 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-07-22 19:55 - 2010-12-13 15:29 - 00000000 ____D C:\Program Files\DivX
2013-07-22 19:43 - 2013-07-22 19:43 - 00009412 _____ C:\Windows\SysWOW64\RunLegacyCPLElevated.exe.Z-missing.txt
2013-07-22 19:43 - 2013-07-22 19:43 - 00003174 _____ C:\Windows\System32\Tasks\{5A852D1B-B84D-447E-826E-F2A97E9D3720}
2013-07-22 19:38 - 2013-07-22 19:38 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00189936 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-07-22 19:38 - 2013-07-22 19:38 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-07-22 19:38 - 2013-07-22 19:38 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-07-22 19:37 - 2013-07-22 19:37 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-22 19:37 - 2013-07-22 19:36 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-22 19:23 - 2013-07-22 19:23 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\PDF Architect
2013-07-22 18:51 - 2013-01-04 04:53 - 00000000 ____D C:\Windows\pss
2013-07-22 18:44 - 2010-08-20 20:11 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-07-22 18:40 - 2013-07-22 18:40 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\EZDownloader
2013-07-22 17:54 - 2013-07-22 17:54 - 00003196 _____ C:\Windows\System32\Tasks\{0E8B80A5-4DBD-415D-9237-C991F82A758F}
2013-07-22 17:44 - 2013-07-22 17:44 - 00003196 _____ C:\Windows\System32\Tasks\{CE201D5A-A75B-44F8-A11F-265E73CDDD65}
2013-07-22 17:30 - 2013-07-22 17:30 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-07-22 17:12 - 2013-07-22 17:12 - 00001075 _____ C:\Users\Khorasanzada\Desktop\AntiBrowserSpy.lnk
2013-07-22 17:12 - 2013-07-22 17:12 - 00000000 ____D C:\Program Files (x86)\AntiBrowserSpy
2013-07-22 16:18 - 2013-07-22 16:18 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-07-22 16:14 - 2013-07-21 14:28 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\WinZipper
2013-07-22 16:13 - 2013-07-22 16:13 - 00000000 ____D C:\Program Files (x86)\COMPUTERBILD-Abzockschutz
2013-07-21 21:49 - 2013-07-18 23:42 - 00001075 _____ C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2013-07-21 21:49 - 2011-12-09 17:26 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-07-21 21:49 - 2010-08-20 19:16 - 00001009 _____ C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-21 18:14 - 2010-08-21 05:05 - 00000000 ____D C:\Windows\PANTHER
2013-07-21 14:09 - 2013-07-21 14:09 - 00000000 ____D C:\Users\Khorasanzada\Dokumente\Abelssoft
2013-07-21 14:09 - 2011-11-21 21:02 - 00001173 _____ C:\Users\Public\Desktop\YouTube Song Downloader.lnk
2013-07-21 14:09 - 2011-11-21 21:02 - 00000000 ____D C:\Program Files (x86)\YouTube Song Downloader
2013-07-21 14:09 - 2011-11-21 21:02 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2013-07-21 14:09 - 2011-07-23 18:12 - 00000000 ____D C:\Users\KHORAS~1\AppData\Local\Abelssoft
2013-07-21 12:38 - 2013-07-20 22:23 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-07-21 12:38 - 2013-07-20 22:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-07-21 12:38 - 2012-04-05 13:30 - 00001912 _____ C:\Windows\epplauncher.mif
2013-07-20 22:17 - 2013-07-20 22:17 - 00000584 _____ C:\Windows\system32\TmInstall.log
2013-07-20 22:16 - 2013-07-20 21:09 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-07-20 22:13 - 2013-07-20 21:26 - 00000000 ____D C:\ProgramData\Trend Micro
2013-07-20 22:12 - 2013-07-20 21:33 - 00000000 ____D C:\Users\KHORAS~1\AppData\Local\Trend Micro
2013-07-20 22:12 - 2013-07-20 21:30 - 00000306 __RSH C:\ProgramData\ntuser.pol
2013-07-20 21:30 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-07-20 20:48 - 2013-07-20 20:49 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-20 20:48 - 2013-07-20 20:48 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-20 20:48 - 2013-07-20 20:48 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-20 20:48 - 2012-06-30 13:05 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-07-20 20:48 - 2010-08-23 17:00 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-20 20:46 - 2013-07-20 20:46 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\DownLite
2013-07-20 20:43 - 2013-07-20 20:43 - 00000865 _____ C:\Users\Khorasanzada\Desktop\µTorrent.lnk
2013-07-20 20:43 - 2013-07-20 20:43 - 00000845 _____ C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2013-07-20 18:47 - 2013-07-20 18:44 - 00000000 ____D C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2013-07-20 18:46 - 2013-07-20 18:46 - 00000000 ____C C:\autoexec.bat
2013-07-20 18:45 - 2013-07-20 18:45 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-20 18:24 - 2012-03-20 17:53 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Dreck
2013-07-20 16:03 - 2010-08-20 22:45 - 00000000 ____D C:\DeskUpdate.tmp
2013-07-20 12:50 - 2010-08-21 00:34 - 00000000 ____D C:\Windows\System32\Tasks\Fujitsu
2013-07-20 00:46 - 2013-02-10 14:20 - 00057397 _____ C:\Users\Khorasanzada\Downloads\paschtunischer Terror - Pashtunisierung.odt
2013-07-20 00:44 - 2012-06-08 21:27 - 00036972 _____ C:\Users\Khorasanzada\Downloads\PAKISTAN-AFGHANISTANDAWOODKHAN.odt
2013-07-20 00:43 - 2013-02-10 14:20 - 00036105 _____ C:\Users\Khorasanzada\Downloads\Taliban und ihr Zug nach Norden.odt
2013-07-20 00:37 - 2013-07-20 00:37 - 00035116 _____ C:\Users\Khorasanzada\Downloads\Secret document reveals Afghan language policy.odt
2013-07-20 00:33 - 2011-09-15 13:54 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Khorasan
2013-07-20 00:24 - 2013-07-20 00:23 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Islam. Sammlung
2013-07-19 23:10 - 2013-07-19 21:14 - 00000000 ____D C:\Users\Khorasanzada\Downloads\The Bitches
2013-07-18 23:34 - 2010-08-20 19:16 - 00000000 ___RD C:\Users\Khorasanzada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-18 23:30 - 2012-08-29 14:37 - 00000000 ____D C:\Program Files (x86)\Brother
2013-07-18 23:30 - 2010-08-20 19:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-18 23:26 - 2010-11-05 17:01 - 00001013 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-18 23:26 - 2010-08-20 19:36 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-07-18 22:58 - 2011-10-22 13:09 - 00000000 ____D C:\Users\Khorasanzada\Tamim
2013-07-18 22:51 - 2010-08-20 19:15 - 00000000 ____D C:\Users\Khorasanzada
2013-07-18 22:16 - 2013-07-18 22:11 - 00000000 ____D C:\Users\Khorasanzada\Downloads\Sport u. Ernährung
2013-07-18 21:07 - 2010-10-16 19:34 - 00000000 ____D C:\Users\KHORAS~1\AppData\Local\Windows Live
2013-07-17 18:43 - 2013-07-17 18:42 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 18:38 - 2010-08-20 22:46 - 00001149 _____ C:\Users\Public\Desktop\DeskUpdate.lnk
2013-07-15 16:21 - 2013-07-15 16:21 - 00027569 _____ C:\Users\Khorasanzada\Downloads\Ashraf Ghani Ahmadzai.odt
2013-07-13 10:51 - 2013-02-12 12:02 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-13 10:51 - 2013-02-12 12:02 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 10:50 - 2013-02-22 01:55 - 00004132 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001UA
2013-07-13 10:50 - 2013-02-22 01:55 - 00003736 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-64600392-19469391-1865109702-1001Core
2013-07-12 16:25 - 2013-07-12 16:25 - 00000000 ____D C:\ProgramData\Real
2013-07-11 12:29 - 2013-07-08 19:47 - 00000000 ____D C:\Program Files (x86)\1C
2013-07-11 09:04 - 2013-07-11 09:04 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-07-10 20:13 - 2013-03-16 04:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 20:13 - 2013-03-16 04:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-10 20:13 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 20:13 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 20:13 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-08 20:14 - 2013-07-08 20:14 - 00000000 ____D C:\Users\Khorasanzada\Dokumente\my games
2013-07-08 20:12 - 2013-07-08 20:12 - 00000000 ____D C:\Program Files (x86)\1C Company
2013-07-08 19:53 - 2013-07-08 19:53 - 00001069 _____ C:\Users\Khorasanzada\Desktop\Men of War.lnk
2013-07-08 15:27 - 2013-07-08 15:27 - 00000000 ____D C:\Users\Khorasanzada\AppData\Roaming\Apowersoft
2013-07-08 13:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources
2013-07-04 21:02 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-27 11:57 - 2013-07-19 14:06 - 00172920 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 12:41

==================== End Of Log ============================
         

Alt 27.07.2013, 19:02   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme mit allen Browsern nach unbekanntem Programmstart - Standard

Probleme mit allen Browsern nach unbekanntem Programmstart



weil Du nie weißt ob da auch legitime Falschmeldungen dabei sind.

Adobe updaten. Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.07.2013, 19:08   #13
Hamann
 
Probleme mit allen Browsern nach unbekanntem Programmstart - Standard

Probleme mit allen Browsern nach unbekanntem Programmstart



Adobe ist laut Updateverlauf aktuell. Keine Ahnung, warum das so gezeigt wird.

Alt 27.07.2013, 19:21   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme mit allen Browsern nach unbekanntem Programmstart - Standard

Probleme mit allen Browsern nach unbekanntem Programmstart



Dann ist ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.07.2013, 20:23   #15
Hamann
 
Probleme mit allen Browsern nach unbekanntem Programmstart - Standard

Probleme mit allen Browsern nach unbekanntem Programmstart



Auf dem Rechner ist kein Virus und keine Malwares mehr zu finden. Dafür möchte ich mich bei Ihnen herzlichst bedanken. Ich weiß Ihre Arbeit und Zeitaufwand zu schätzen.

Mein Problem mit den Browsern (Mozilla und IE) sind leider geblieben. Ich habe schnell mal durchgecheckt auf Youporn und da hatte ich immernoch kein Ton, aber auf andere Schmuddelseiten habe ich ein Ton. Und das Problem existiert nur bei Mozilla und IE, während Chrome normal funktioniert....

Ansonsten funktioniert alles wie es soll und Rechner läuft sauber

Antwort

Themen zu Probleme mit allen Browsern nach unbekanntem Programmstart
avast, brauch, browser, festgestellt, guten, kein ton, komische, meldung, microsoft, namen, online, panda, plötzlich, problem, probleme, programmstart, scan, scanner, security, seite, suche, verschiedene, virenscan, virenscanner, youtube



Ähnliche Themen: Probleme mit allen Browsern nach unbekanntem Programmstart


  1. Ständige Werbung in allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 30.06.2014 (10)
  2. Pop-Up Fenster in allen Browsern - Win 7
    Log-Analyse und Auswertung - 23.06.2014 (5)
  3. Werbung in allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 27.11.2013 (12)
  4. Blaue Werbung in allen Browsern!
    Log-Analyse und Auswertung - 14.10.2013 (4)
  5. Instant Savings in allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (17)
  6. Internet mit allen Browsern langsam nach BizCoaching
    Plagegeister aller Art und deren Bekämpfung - 06.07.2013 (7)
  7. Werbung in allen Browsern
    Log-Analyse und Auswertung - 06.12.2012 (22)
  8. Ad Aware, Incredibar - mysearch auf allen 3 Browsern
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (45)
  9. VLC download - eröffnet in allen browsern Startseite.com
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (1)
  10. Ad.Yieldmanager.Com - Werbefenster und Weiterleitungen in allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (13)
  11. ichanti.ru als Startseite in allen Browsern
    Log-Analyse und Auswertung - 25.03.2012 (4)
  12. startsear.ch als Browserstartseite bei allen Browsern
    Log-Analyse und Auswertung - 23.01.2012 (11)
  13. Seitenladefehler bei Youtube mit allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 21.10.2011 (16)
  14. Seitenladefehler bei Youtube mit allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 03.10.2011 (52)
  15. Unerwünschte Popups in allen Browsern
    Mülltonne - 06.01.2009 (0)
  16. immer werbung bei allen browsern
    Log-Analyse und Auswertung - 19.10.2008 (48)
  17. Probleme mit allen Browsern
    Log-Analyse und Auswertung - 01.10.2006 (9)

Zum Thema Probleme mit allen Browsern nach unbekanntem Programmstart - Guten Tag allerseits, heute habe ich beim Schauen eines Videos mit einem Kollegen auf der Seite Youporn ein Problem mit meinen Browsern bekommen. Im laufe des Videos bekam ich von - Probleme mit allen Browsern nach unbekanntem Programmstart...
Archiv
Du betrachtest: Probleme mit allen Browsern nach unbekanntem Programmstart auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.