Hallo und guten Morgen!! Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.09.01.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Ernst :: ELINEU [Administrator]
Schutz: Aktiviert
01.09.2013 08:30:04
mbam-log-2013-09-01 (08-30-04).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 268594
Laufzeit: 10 Minute(n), 29 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 1
C:\Users\Ernst\AppData\Roaming\BabSolution\Shared\enhancedNT.dll (PUP.Optional.BabSolution.A) -> Löschen bei Neustart.
Infizierte Registrierungsschlüssel: 13
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2316C625-B487-4410-A1A5-FF040B65245F} (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2316C625-B487-4410-A1A5-FF040B65245F} (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F225A2E3-8EE1-4204-B7A0-F4C551578A87} (PUP.Optional.SeeSimilar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F225A2E3-8EE1-4204-B7A0-F4C551578A87} (PUP.Optional.SeeSimilar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Redir (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\babylontoolbar (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0S1S1T0E1J1L1H1R -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 6
C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ernst\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ernst\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Löschen bei Neustart.
C:\Users\Ernst\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Löschen bei Neustart.
C:\Users\Ernst\AppData\Local\Temp\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ernst\AppData\Local\Temp\Iminent\Log (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 16
C:\Users\Ernst\AppData\Local\Temp\SeeSimilarSetup-16-.exe (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ernst\AppData\Local\Temp\395871A3-BAB0-7891-87D2-949E18F48BB8\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ernst\AppData\Local\Temp\is-T6AAD.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ernst\AppData\Local\Temp\is2036094744\cor_ar_201381417179_qvo6.exe (PUP.Optional.Elex) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ernst\AppData\Local\Temp\is2036094744\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ernst\AppData\Local\Temp\is2036094744\WebConnect.exe (PUP.Optional.WebConnect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ernst\Downloads\SoftonicDownloader_fuer_regcleaner.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ernst\Downloads\SoftonicDownloader_fuer_super.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ernst\Downloads\SoftonicDownloader_fuer_virtualdub.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ernst\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ernst\Downloads\windows.7.codec.pack.v2.7.0.setup.exe (PUP.Dealio.TB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\4ed7869.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\4ed7870.msi (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ernst\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ernst\AppData\Roaming\BabSolution\Shared\enhancedNT.dll (PUP.Optional.BabSolution.A) -> Löschen bei Neustart.
(Ende) Code:
# AdwCleaner v3.001 - Report created 01/09/2013 at 09:01:29
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Ernst - ELINEU
# Running from : C:\Users\Ernst\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\Program Files\Iminent
Folder Deleted : C:\Users\Ernst\AppData\Local\Temp\eIntaller
Folder Deleted : C:\Users\Ernst\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Ernst\AppData\LocalLow\holasearch
Folder Deleted : C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Ernst\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\searchplugins\holasearch.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\qvo6.xml
File Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\bProtector_extensions.rdf
File Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\\invalidprefs.js
File Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\iyg7iybg.default\user.js
File Deleted : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\user.js
File Deleted : C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Ernst\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Ernst\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Ernst\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Ernst\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic-de3AutoUpdaterHelper_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic-de3AutoUpdaterHelper_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\5c2d7deb13dea40
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\UpdateStar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\qvo6Software
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Product Deleted : Ask Toolbar
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v23.0.1 (de)
[ File : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\iyg7iybg.default\prefs.js ]
[ File : C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\prefs.js ]
Line Deleted : user_pref("extensions.holasearch.admin", false);
Line Deleted : user_pref("extensions.holasearch.aflt", "babsst");
Line Deleted : user_pref("extensions.holasearch.appId", "{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}");
Line Deleted : user_pref("extensions.holasearch.autoRvrt", "false");
Line Deleted : user_pref("extensions.holasearch.dfltLng", "de");
Line Deleted : user_pref("extensions.holasearch.excTlbr", false);
Line Deleted : user_pref("extensions.holasearch.ffxUnstlRst", false);
Line Deleted : user_pref("extensions.holasearch.id", "7497516100000000000000241da32dd8");
Line Deleted : user_pref("extensions.holasearch.instlDay", "15942");
Line Deleted : user_pref("extensions.holasearch.instlRef", "sst");
Line Deleted : user_pref("extensions.holasearch.newTab", false);
Line Deleted : user_pref("extensions.holasearch.prdct", "holasearch");
Line Deleted : user_pref("extensions.holasearch.prtnrId", "holasearch");
Line Deleted : user_pref("extensions.holasearch.rvrt", "false");
Line Deleted : user_pref("extensions.holasearch.smplGrp", "none");
Line Deleted : user_pref("extensions.holasearch.tlbrId", "base");
Line Deleted : user_pref("extensions.holasearch.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.holasearch.vrsn", "1.8.16.16");
Line Deleted : user_pref("extensions.holasearch.vrsnTs", "1.8.16.1611:16:37");
Line Deleted : user_pref("extensions.holasearch.vrsni", "1.8.16.16");
[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\9woxdmhz.default\prefs.js ]
-\\ Google Chrome v29.0.1547.62
[ File : C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [107478 octets] - [25/08/2013 10:31:31]
AdwCleaner[R1].txt - [15496 octets] - [01/09/2013 09:00:34]
AdwCleaner[S0].txt - [103104 octets] - [25/08/2013 10:32:33]
AdwCleaner[S1].txt - [12486 octets] - [01/09/2013 09:01:29]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12547 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.6 (08.30.2013:1)
OS: Windows 7 Home Premium x86
Ran by Ernst on 01.09.2013 at 9:09:54,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2269050
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2431245
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2625848
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic-de3ToolbarHelper_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic-de3ToolbarHelper_RASMANCS
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Ernst\appdata\locallow\datamngr"
~~~ FireFox
Successfully deleted the following from C:\Users\Ernst\AppData\Roaming\mozilla\firefox\profiles\z3lqlojh.default\prefs.js
user_pref("iminent.displayFavLinks", "1");
user_pref("iminent.registerToolbarEvent102", "1377604404645");
user_pref("iminent.version", "7.33.3.1");
Emptied folder: C:\Users\Ernst\AppData\Roaming\mozilla\firefox\profiles\z3lqlojh.default\minidumps [26 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.09.2013 at 9:14:29,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-08-2013 (ATTENTION: ====> FRST version is 7 days old and could be outdated)
Ran by Ernst (administrator) on 01-09-2013 09:19:13
Running from C:\Users\Ernst\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Aladdin Knowledge Systems, Ltd.) C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\CDBurnerXP\NMSAccessU.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Chicony Electronics Co., Ltd.) C:\Windows\System32\DVAPTray.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\tv_w32.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
() C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Nero AG) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Aladdin Knowledge Systems, Ltd.) C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe
() C:\Program Files\EssentialFax\essfaxcontrol.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(ArcSoft) C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe
(Panasonic Corporation) C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Dropbox, Inc.) C:\Users\Ernst\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [DVAPTray] - C:\Windows\System32\DVAPTray.exe [188416 2009-10-29] (Chicony Electronics Co., Ltd.)
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5145824 2010-12-11] ()
HKLM\...\Run: [NBKeyScan] - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [1647912 2007-11-28] (Nero AG)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [220552 2011-08-05] (Geek Software GmbH)
HKLM\...\Run: [eTMonitor] - C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe [221184 2008-11-03] (Aladdin Knowledge Systems, Ltd.)
HKLM\...\Run: [Essential Fax Print Controller] - C:\Program Files\EssentialFax\essfaxcontrol.exe [94208 2009-09-01] ()
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [GoogleChromeAutoLaunch_287411394436779AA61D8F96A0780726] - C:\Program Files\Google\Chrome\Application\chrome.exe [829392 2013-08-24] (Google Inc.)
MountPoints2: {d6597927-0299-11df-997b-806e6f6e6963} - D:\guggi.exe
HKU\Administrator\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2008-01-24] (Hewlett-Packard Company)
HKU\Administrator\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [ 2009-03-05] (Safer-Networking Ltd.)
HKU\Administrator\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [ 2013-04-05] (Apple Inc.)
HKU\Administrator\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [ 2007-06-27] (Nero AG)
HKU\Administrator\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\Administrator\...\Run: [Browser Infrastructure Helper] - C:\Users\Administrator\AppData\Local\Smartbar\Application\Linkury.exe startup [x]
HKU\Administrator\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [ 2013-04-05] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor.lnk
ShortcutTarget: Device Monitor.lnk -> C:\Program Files\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.3 HD Lite Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO 6.3 HD Lite Edition.lnk -> C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ernst\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: msdaipp - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @innoplus.de/ino3DViewer - C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\Ernst\AppData\Roaming\Mozilla\Firefox\Profiles\z3lqlojh.default\searchplugins\winamp-search.xml
FF Extension: No Name - C:\Users\Ernst\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
FF Extension: No Name - C:\Users\Ernst\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: No Name - C:\Users\Ernst\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@holasearch.com
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
FF Extension: Internet Video Downloader - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (qvo6) - hxxp://www.google.com
CHR DefaultSuggestURL: (qvo6) - "suggest_url": ""
CHR Extension: (Freemake Video Converter) - C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Ernst\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [764552 2010-12-11] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2011-02-01] (Acronis)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 eTSrv; C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe [7168 2008-11-03] (Aladdin Knowledge Systems, Ltd.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()
S2 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 vToolbarUpdater12.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x]
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [48296 2008-07-29] (Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [34472 2008-07-29] (Aladdin Knowledge Systems, Ltd.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-08-25] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-08-25] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-08-25] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [27496 2012-09-04] (AVG Technologies)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2011-03-24] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2011-03-24] ()
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [60104 2010-07-12] (FTDI Ltd.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [7168 2009-11-12] ()
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [27648 2010-04-29] (Acronis)
S3 ZMHHPAudioSrv; C:\Windows\System32\drivers\zmhhpau.sys [32000 2010-04-16] (ZOOM)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [110592 2009-04-09] (ZTE Corporation)
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105344 2009-04-09] (ZTE Incorporated)
S3 DCamUSBSTK02N; system32\DRIVERS\STK02NW2.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-01 09:09 - 2013-09-01 09:09 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 09:06 - 2013-09-01 09:06 - 01027511 _____ (Thisisu) C:\Users\Ernst\Downloads\JRT.exe
2013-09-01 09:04 - 2013-09-01 09:04 - 00012628 _____ C:\Users\Ernst\Desktop\AdwCleaner[S1].txt
2013-09-01 08:59 - 2013-09-01 09:00 - 00994642 _____ C:\Users\Ernst\Downloads\adwcleaner.exe
2013-09-01 07:01 - 2013-09-01 07:09 - 00000000 ____D C:\JosiGebFoto
2013-09-01 07:01 - 2013-09-01 07:08 - 00000000 ____D C:\JosiGebVideo
2013-08-31 22:36 - 2013-08-31 22:36 - 00015272 _____ C:\Users\Ernst\Downloads\FRST.zip
2013-08-31 22:36 - 2013-08-31 22:36 - 00012768 _____ C:\Users\Ernst\Downloads\Addition.zip
2013-08-31 22:35 - 2013-08-31 22:35 - 01110476 _____ C:\Users\Ernst\Downloads\7z920.exe
2013-08-31 22:35 - 2013-08-31 22:35 - 00000000 ____D C:\Program Files\7-Zip
2013-08-31 22:01 - 2013-08-31 22:01 - 02828552 _____ (AVAST Software) C:\Users\Ernst\Downloads\avast-browser-cleanup_8.0.1484.29(1).exe
2013-08-31 19:01 - 2013-08-31 19:01 - 00001376 _____ C:\Users\Public\Desktop\Heroglyph + Studio.lnk
2013-08-31 19:01 - 2013-08-31 19:01 - 00001102 _____ C:\Users\Public\Desktop\Heroglyph Video-Workshops.lnk
2013-08-31 18:58 - 2013-08-31 18:59 - 00407104 _____ (proDAD GmbH) C:\Users\Ernst\Downloads\Download-(1)(support+heroglyph-2.0)-heroglyph-25-pinstudio.exe
2013-08-31 18:46 - 2013-08-31 18:46 - 00407104 _____ (proDAD GmbH) C:\Users\Ernst\Downloads\Download-(1)(support+heroglyph)-heroglyph-40-full32bit.exe
2013-08-31 18:46 - 2013-08-31 18:46 - 00000000 ____D C:\ProgramData\proDAD
2013-08-31 18:11 - 2013-08-31 18:11 - 00000647 _____ C:\Users\UpdatusUser\Desktop\PAIP.LNK
2013-08-31 18:09 - 2013-08-31 18:10 - 23614253 _____ C:\Users\Ernst\Downloads\paipw(14).exe
2013-08-31 16:32 - 2013-08-31 16:33 - 82752240 _____ (DVDVideoSoft Ltd. ) C:\Users\Ernst\Downloads\FreeStudio(5).exe
2013-08-31 16:19 - 2013-08-31 16:19 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\CD-LabelPrint
2013-08-31 16:18 - 2013-08-31 18:30 - 00000000 ____D C:\Program Files\CD-LabelPrint
2013-08-31 16:17 - 2013-08-31 16:17 - 10032536 _____ C:\Users\Ernst\Downloads\cdlp-win-1_4_2-en.exe
2013-08-31 16:16 - 2013-08-31 16:16 - 00634552 _____ C:\Users\Ernst\Downloads\cd-labelprint.exe
2013-08-31 16:00 - 2013-08-31 16:00 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2013-08-31 15:54 - 2013-08-31 15:54 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-08-31 15:54 - 2013-08-31 15:54 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-08-31 15:53 - 2013-08-31 15:53 - 00002300 _____ C:\Users\Public\Desktop\Canon iP7200 series Online-Handbuch.lnk
2013-08-31 15:52 - 2013-08-31 15:52 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-08-31 15:52 - 2012-04-16 05:00 - 00314880 _____ (CANON INC.) C:\Windows\system32\CNMLMBA.DLL
2013-08-31 15:51 - 2013-08-31 15:51 - 00000000 ___HD C:\Program Files\CanonBJ
2013-08-31 15:51 - 2013-08-31 15:51 - 00000000 ____D C:\Windows\system32\STRING
2013-08-31 15:51 - 2012-03-28 19:00 - 00035840 _____ (CANON INC.) C:\Windows\system32\CNMNPUI.DLL
2013-08-31 15:45 - 2013-08-31 15:45 - 00000000 ___HD C:\ProgramData\CanonIJETV
2013-08-28 14:41 - 2013-08-28 14:45 - 00000000 ____D C:\Users\Ernst\Desktop\2013-08-28
2013-08-28 14:05 - 2013-08-28 14:05 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-28 14:04 - 2013-08-28 14:04 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-28 14:04 - 2013-08-28 14:04 - 00000000 ____D C:\Program Files\iTunes
2013-08-28 14:04 - 2013-08-28 14:04 - 00000000 ____D C:\Program Files\iPod
2013-08-28 13:54 - 2013-08-28 13:54 - 01767640 _____ C:\Users\Ernst\Downloads\wrar50b8.exe
2013-08-28 13:52 - 2013-08-28 13:53 - 00000000 ____D C:\Program Files\QuickTime
2013-08-28 13:52 - 2013-08-28 13:52 - 00001809 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-28 13:49 - 2013-08-28 13:49 - 00002006 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2013-08-28 13:46 - 2013-08-28 13:47 - 36047576 _____ (Foxit Corporation ) C:\Users\Ernst\Downloads\FoxitReader604.0719_L10N_Setup.exe
2013-08-28 13:42 - 2013-08-28 13:43 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-28 08:21 - 2013-08-28 08:21 - 22240760 _____ (Mozilla) C:\Users\Ernst\Downloads\Firefox Setup 23.0.1.exe
2013-08-28 08:19 - 2013-08-28 08:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-28 07:18 - 2013-08-28 07:18 - 02828552 _____ (AVAST Software) C:\Users\Ernst\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-08-28 06:54 - 2013-09-01 09:02 - 00011656 _____ C:\Windows\PFRO.log
2013-08-27 18:45 - 2013-08-27 18:47 - 148050925 _____ C:\Users\Ernst\Downloads\Med7v793.exe
2013-08-27 14:29 - 2013-09-01 09:04 - 00000000 ___RD C:\Users\Ernst\Dropbox
2013-08-27 14:29 - 2013-08-27 14:29 - 00001037 _____ C:\Users\Ernst\Desktop\Dropbox.lnk
2013-08-27 14:27 - 2013-08-27 14:27 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-27 14:25 - 2013-09-01 09:04 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\Dropbox
2013-08-27 14:24 - 2013-08-27 14:25 - 33641960 _____ (Dropbox, Inc.) C:\Users\Ernst\Downloads\Dropbox_2.2.13.exe
2013-08-27 13:42 - 2013-08-27 13:42 - 00000000 ____D C:\Windows\system32\searchplugins
2013-08-27 13:42 - 2013-08-27 13:42 - 00000000 ____D C:\Windows\system32\Extensions
2013-08-27 13:12 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-08-27 13:04 - 2013-09-01 09:03 - 00000672 _____ C:\Windows\setupact.log
2013-08-27 13:04 - 2013-08-27 13:04 - 00000000 _____ C:\Windows\setuperr.log
2013-08-25 11:17 - 2013-08-28 07:25 - 00000830 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-08-25 11:17 - 2013-08-25 11:17 - 00000000 ____D C:\Users\Ernst\AppData\Local\avgchrome
2013-08-25 11:16 - 2013-08-25 11:16 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\SeeSimilar
2013-08-25 11:00 - 2013-08-25 11:00 - 02168848 _____ (WiseCleaner.com ) C:\Users\Ernst\Downloads\WRCFree-7.83.exe
2013-08-25 10:55 - 2013-08-25 11:19 - 00000000 ____D C:\Program Files\RegCleaner
2013-08-25 10:54 - 2013-08-25 10:54 - 00553687 _____ C:\Users\Ernst\Downloads\RegCleaner.exe
2013-08-25 10:31 - 2013-09-01 09:01 - 00000000 ____D C:\AdwCleaner
2013-08-25 10:22 - 2013-08-31 22:28 - 00053966 _____ C:\Users\Ernst\Downloads\Addition.txt
2013-08-25 10:21 - 2013-08-25 10:21 - 00000000 ____D C:\FRST
2013-08-25 10:20 - 2013-08-25 10:21 - 01070459 _____ (Farbar) C:\Users\Ernst\Downloads\FRST.exe
2013-08-25 10:02 - 2013-08-25 10:02 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-25 10:02 - 2013-08-25 10:02 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-25 10:02 - 2013-08-25 10:02 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-25 10:02 - 2013-08-25 10:02 - 00002073 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-08-25 10:02 - 2013-08-25 10:02 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-08-25 10:02 - 2013-08-25 10:02 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-08-25 10:02 - 2013-08-25 10:02 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-08-25 10:02 - 2013-05-09 10:59 - 00061680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-25 10:02 - 2013-05-09 10:59 - 00056080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-25 10:02 - 2013-05-09 10:59 - 00029816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-25 10:01 - 2013-05-09 10:59 - 00066336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-25 10:01 - 2013-05-09 10:59 - 00049376 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-25 10:01 - 2013-05-09 10:58 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-25 10:01 - 2013-05-09 10:58 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-25 10:00 - 2013-08-25 10:00 - 00000000 ____D C:\ProgramData\AVAST Software
2013-08-25 10:00 - 2013-08-25 10:00 - 00000000 ____D C:\Program Files\AVAST Software
2013-08-25 09:58 - 2013-08-25 09:59 - 117478104 _____ C:\Users\Ernst\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-08-25 09:44 - 2013-08-25 09:44 - 00001065 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-25 09:44 - 2013-08-25 09:44 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\Malwarebytes
2013-08-25 09:44 - 2013-08-25 09:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-25 09:44 - 2013-08-25 09:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-25 09:44 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-25 09:42 - 2013-08-25 09:42 - 00002164 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-25 09:33 - 2013-08-25 09:33 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\TeamViewer
2013-08-25 09:04 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-25 00:16 - 2012-12-16 16:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-08-25 00:16 - 2012-12-16 16:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-08-25 00:05 - 2013-08-25 00:09 - 00000000 ____D C:\Windows\system32\MRT
2013-08-24 23:52 - 2012-07-26 05:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-08-24 23:52 - 2012-07-26 05:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-08-24 23:52 - 2012-07-26 05:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-08-24 23:52 - 2012-07-26 05:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-08-24 23:52 - 2012-07-26 05:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-08-24 23:52 - 2012-07-26 04:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-08-24 23:52 - 2012-07-26 04:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-08-24 23:52 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-08-24 23:42 - 2013-08-24 23:42 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-24 23:42 - 2013-08-24 23:42 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-24 23:42 - 2013-08-24 23:42 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-24 23:42 - 2013-08-24 23:42 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-24 23:42 - 2013-08-24 23:42 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-24 23:42 - 2013-08-24 23:42 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-24 23:42 - 2013-08-24 23:42 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-24 23:42 - 2013-08-24 23:42 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-24 23:42 - 2013-08-24 23:42 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-24 23:42 - 2013-08-24 23:42 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-24 23:42 - 2013-08-24 23:42 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-24 23:42 - 2013-08-24 23:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-24 23:42 - 2013-08-24 23:42 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-24 23:42 - 2013-08-24 23:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-24 23:41 - 2013-08-24 23:41 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-08-24 23:40 - 2013-08-24 23:40 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-24 23:38 - 2013-08-24 23:38 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-08-24 23:36 - 2013-08-24 23:36 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-08-24 23:36 - 2013-08-24 23:36 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-08-24 23:36 - 2013-08-24 23:36 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-08-24 23:36 - 2013-08-24 23:36 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-08-24 23:36 - 2013-08-24 23:36 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-08-24 23:36 - 2013-08-24 23:36 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-08-24 23:36 - 2013-08-24 23:36 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-08-24 23:35 - 2013-08-24 23:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-08-24 23:35 - 2013-02-26 00:22 - 00053024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-08-24 23:34 - 2013-08-24 23:37 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-24 23:21 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-08-24 23:19 - 2013-04-12 15:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-08-24 23:18 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-24 23:18 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-24 23:18 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-24 23:18 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-24 23:18 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-24 23:18 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-24 23:18 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-24 23:18 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-24 23:18 - 2013-03-19 06:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-08-24 23:18 - 2013-03-19 04:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-08-24 23:18 - 2013-02-12 05:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-08-24 23:18 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-08-24 23:11 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-24 23:11 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-08-24 23:11 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-08-24 23:11 - 2013-04-10 07:18 - 00728424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-08-24 23:11 - 2013-04-10 07:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-08-24 23:11 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-08-24 23:11 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-08-24 23:11 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-08-24 23:11 - 2013-01-24 06:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-08-24 23:11 - 2012-11-20 06:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-08-24 23:10 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-24 23:10 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-24 23:10 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-24 23:10 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-08-24 23:10 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-24 23:10 - 2013-03-19 06:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-24 23:10 - 2013-03-19 05:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-08-24 23:10 - 2013-01-03 07:04 - 00187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-08-24 23:10 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-08-24 23:10 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-08-24 23:09 - 2012-11-30 06:47 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-08-24 23:09 - 2012-11-30 06:47 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 04:55 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-08-24 23:09 - 2012-11-30 04:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 04:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 04:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 04:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-24 23:09 - 2012-11-30 01:17 - 00420064 _____ C:\Windows\system32\locale.nls
2013-08-24 23:09 - 2012-10-03 18:42 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-08-24 23:09 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-08-24 23:09 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-08-24 23:09 - 2012-10-03 18:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-08-24 23:09 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-08-24 23:09 - 2012-10-03 18:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-08-24 23:09 - 2012-10-03 17:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-08-24 23:08 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-24 23:08 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-08-24 23:08 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-08-24 23:08 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-08-24 23:08 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-08-24 23:08 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-08-24 23:08 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-08-24 23:08 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-08-24 23:08 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-08-24 23:08 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-08-24 23:08 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-08-24 23:08 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-08-24 23:08 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-08-24 23:08 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-08-24 23:08 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-08-24 23:08 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-08-24 23:08 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-08-24 23:08 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-08-24 23:08 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-08-24 23:05 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-24 23:02 - 2012-07-26 05:39 - 00526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-08-24 23:02 - 2012-07-26 05:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-08-24 23:02 - 2012-07-26 04:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-08-24 23:02 - 2012-06-02 16:34 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-08-24 23:01 - 2013-08-24 23:01 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-08-24 22:53 - 2013-01-04 06:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-08-24 22:52 - 2013-02-27 07:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-08-24 22:52 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-08-24 22:52 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-08-24 22:52 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-08-24 22:52 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
==================== One Month Modified Files and Folders =======
2013-09-01 09:14 - 2013-09-01 09:14 - 00001852 _____ C:\Users\Ernst\Desktop\JRT.txt
2013-09-01 09:10 - 2009-07-14 06:34 - 00014928 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-01 09:10 - 2009-07-14 06:34 - 00014928 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-01 09:09 - 2013-09-01 09:09 - 00000000 ____D C:\Windows\ERUNT
2013-09-01 09:06 - 2013-09-01 09:06 - 01027511 _____ (Thisisu) C:\Users\Ernst\Downloads\JRT.exe
2013-09-01 09:04 - 2013-09-01 09:04 - 00012628 _____ C:\Users\Ernst\Desktop\AdwCleaner[S1].txt
2013-09-01 09:04 - 2013-08-27 14:29 - 00000000 ___RD C:\Users\Ernst\Dropbox
2013-09-01 09:04 - 2013-08-27 14:25 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\Dropbox
2013-09-01 09:03 - 2013-08-27 13:04 - 00000672 _____ C:\Windows\setupact.log
2013-09-01 09:03 - 2011-01-08 10:44 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-01 09:03 - 2010-01-16 14:45 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-01 09:03 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-01 09:02 - 2013-08-28 06:54 - 00011656 _____ C:\Windows\PFRO.log
2013-09-01 09:02 - 2010-01-16 14:40 - 01243375 _____ C:\Windows\WindowsUpdate.log
2013-09-01 09:01 - 2013-08-25 10:31 - 00000000 ____D C:\AdwCleaner
2013-09-01 09:01 - 2011-01-08 10:46 - 00001242 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-01 09:01 - 2010-01-16 18:16 - 00001005 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-09-01 09:01 - 2010-01-16 14:42 - 00001146 _____ C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-01 09:00 - 2013-09-01 08:59 - 00994642 _____ C:\Users\Ernst\Downloads\adwcleaner.exe
2013-09-01 08:57 - 2012-09-23 10:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-01 08:51 - 2010-02-09 14:39 - 00000013 _____ C:\ProgramData\__FileUploader.log
2013-09-01 08:39 - 2011-01-08 10:44 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-01 08:02 - 2010-01-17 15:09 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2013-09-01 08:02 - 2010-01-16 14:40 - 00000000 ____D C:\Users\Ernst\AppData\Local\VirtualStore
2013-09-01 07:09 - 2013-09-01 07:01 - 00000000 ____D C:\JosiGebFoto
2013-09-01 07:08 - 2013-09-01 07:01 - 00000000 ____D C:\JosiGebVideo
2013-09-01 07:03 - 2010-01-16 14:43 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-31 22:44 - 2010-01-16 22:18 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-08-31 22:36 - 2013-08-31 22:36 - 00015272 _____ C:\Users\Ernst\Downloads\FRST.zip
2013-08-31 22:36 - 2013-08-31 22:36 - 00012768 _____ C:\Users\Ernst\Downloads\Addition.zip
2013-08-31 22:35 - 2013-08-31 22:35 - 01110476 _____ C:\Users\Ernst\Downloads\7z920.exe
2013-08-31 22:35 - 2013-08-31 22:35 - 00000000 ____D C:\Program Files\7-Zip
2013-08-31 22:28 - 2013-08-25 10:22 - 00053966 _____ C:\Users\Ernst\Downloads\Addition.txt
2013-08-31 22:01 - 2013-08-31 22:01 - 02828552 _____ (AVAST Software) C:\Users\Ernst\Downloads\avast-browser-cleanup_8.0.1484.29(1).exe
2013-08-31 21:53 - 2011-12-07 16:35 - 00000811 _____ C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Zertifikatsmanager.lnk
2013-08-31 21:53 - 2010-05-05 18:41 - 00000787 _____ C:\Users\Ernst\Desktop\Zertifikatsmanager.lnk
2013-08-31 19:01 - 2013-08-31 19:01 - 00001376 _____ C:\Users\Public\Desktop\Heroglyph + Studio.lnk
2013-08-31 19:01 - 2013-08-31 19:01 - 00001102 _____ C:\Users\Public\Desktop\Heroglyph Video-Workshops.lnk
2013-08-31 18:59 - 2013-08-31 18:58 - 00407104 _____ (proDAD GmbH) C:\Users\Ernst\Downloads\Download-(1)(support+heroglyph-2.0)-heroglyph-25-pinstudio.exe
2013-08-31 18:46 - 2013-08-31 18:46 - 00407104 _____ (proDAD GmbH) C:\Users\Ernst\Downloads\Download-(1)(support+heroglyph)-heroglyph-40-full32bit.exe
2013-08-31 18:46 - 2013-08-31 18:46 - 00000000 ____D C:\ProgramData\proDAD
2013-08-31 18:30 - 2013-08-31 16:18 - 00000000 ____D C:\Program Files\CD-LabelPrint
2013-08-31 18:26 - 2011-02-27 18:34 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-31 18:11 - 2013-08-31 18:11 - 00000647 _____ C:\Users\UpdatusUser\Desktop\PAIP.LNK
2013-08-31 18:11 - 2011-06-20 14:26 - 00000647 _____ C:\Users\Administrator\Desktop\PAIP.LNK
2013-08-31 18:11 - 2010-01-19 22:11 - 00000647 _____ C:\Users\Ernst\Desktop\PAIP.LNK
2013-08-31 18:11 - 2010-01-19 22:11 - 00000016 _____ C:\Windows\HPAIPWUE.INI
2013-08-31 18:10 - 2013-08-31 18:09 - 23614253 _____ C:\Users\Ernst\Downloads\paipw(14).exe
2013-08-31 16:33 - 2013-08-31 16:32 - 82752240 _____ (DVDVideoSoft Ltd. ) C:\Users\Ernst\Downloads\FreeStudio(5).exe
2013-08-31 16:19 - 2013-08-31 16:19 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\CD-LabelPrint
2013-08-31 16:17 - 2013-08-31 16:17 - 10032536 _____ C:\Users\Ernst\Downloads\cdlp-win-1_4_2-en.exe
2013-08-31 16:16 - 2013-08-31 16:16 - 00634552 _____ C:\Users\Ernst\Downloads\cd-labelprint.exe
2013-08-31 16:00 - 2013-08-31 16:00 - 00000000 ___HD C:\ProgramData\CanonIJEGV
2013-08-31 16:00 - 2010-02-18 14:12 - 00000000 ____D C:\Program Files\Canon
2013-08-31 15:59 - 2013-08-31 15:59 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2013-08-31 15:54 - 2013-08-31 15:54 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-08-31 15:54 - 2013-08-31 15:54 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-08-31 15:53 - 2013-08-31 15:53 - 00002300 _____ C:\Users\Public\Desktop\Canon iP7200 series Online-Handbuch.lnk
2013-08-31 15:52 - 2013-08-31 15:52 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-08-31 15:51 - 2013-08-31 15:51 - 00000000 ___HD C:\Program Files\CanonBJ
2013-08-31 15:51 - 2013-08-31 15:51 - 00000000 ____D C:\Windows\system32\STRING
2013-08-31 15:45 - 2013-08-31 15:45 - 00000000 ___HD C:\ProgramData\CanonIJETV
2013-08-28 16:39 - 2010-09-30 21:16 - 00000000 ____D C:\Windows\rescache
2013-08-28 15:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-28 14:45 - 2013-08-28 14:41 - 00000000 ____D C:\Users\Ernst\Desktop\2013-08-28
2013-08-28 14:13 - 2012-05-06 18:05 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-28 14:13 - 2010-01-26 21:55 - 00000000 ____D C:\Program Files\WinRAR
2013-08-28 14:05 - 2013-08-28 14:05 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-28 14:04 - 2013-08-28 14:04 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-28 14:04 - 2013-08-28 14:04 - 00000000 ____D C:\Program Files\iTunes
2013-08-28 14:04 - 2013-08-28 14:04 - 00000000 ____D C:\Program Files\iPod
2013-08-28 14:04 - 2010-04-20 12:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-28 13:55 - 2010-01-26 21:56 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2013-08-28 13:54 - 2013-08-28 13:54 - 01767640 _____ C:\Users\Ernst\Downloads\wrar50b8.exe
2013-08-28 13:53 - 2013-08-28 13:52 - 00000000 ____D C:\Program Files\QuickTime
2013-08-28 13:52 - 2013-08-28 13:52 - 00001809 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-28 13:49 - 2013-08-28 13:49 - 00002006 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2013-08-28 13:49 - 2010-07-27 21:12 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\Foxit Software
2013-08-28 13:48 - 2010-06-11 19:45 - 00000000 ____D C:\Program Files\Foxit Software
2013-08-28 13:47 - 2013-08-28 13:46 - 36047576 _____ (Foxit Corporation ) C:\Users\Ernst\Downloads\FoxitReader604.0719_L10N_Setup.exe
2013-08-28 13:43 - 2013-08-28 13:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-28 08:22 - 2013-08-28 08:19 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-28 08:21 - 2013-08-28 08:21 - 22240760 _____ (Mozilla) C:\Users\Ernst\Downloads\Firefox Setup 23.0.1.exe
2013-08-28 07:25 - 2013-08-25 11:17 - 00000830 _____ C:\Windows\system32\InstallUtil.InstallLog
2013-08-28 07:18 - 2013-08-28 07:18 - 02828552 _____ (AVAST Software) C:\Users\Ernst\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-08-28 07:01 - 2011-05-29 11:38 - 00167248 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-27 18:52 - 2010-02-07 11:43 - 00000000 ____D C:\med7net
2013-08-27 18:52 - 2010-02-07 11:42 - 00000000 ____D C:\Med7
2013-08-27 18:49 - 2010-02-07 11:40 - 00000000 ____D C:\Windows\Downloaded Installations
2013-08-27 18:47 - 2013-08-27 18:45 - 148050925 _____ C:\Users\Ernst\Downloads\Med7v793.exe
2013-08-27 14:50 - 2012-01-22 18:10 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-08-27 14:29 - 2013-08-27 14:29 - 00001037 _____ C:\Users\Ernst\Desktop\Dropbox.lnk
2013-08-27 14:29 - 2010-01-16 14:40 - 00000000 ____D C:\Users\Ernst
2013-08-27 14:27 - 2013-08-27 14:27 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-27 14:25 - 2013-08-27 14:24 - 33641960 _____ (Dropbox, Inc.) C:\Users\Ernst\Downloads\Dropbox_2.2.13.exe
2013-08-27 13:56 - 2010-01-17 19:24 - 00000000 ____D C:\ProgramData\Adobe
2013-08-27 13:47 - 2011-04-09 10:13 - 00000913 ____H C:\Windows\EPMBatch.ept
2013-08-27 13:42 - 2013-08-27 13:42 - 00000000 ____D C:\Windows\system32\searchplugins
2013-08-27 13:42 - 2013-08-27 13:42 - 00000000 ____D C:\Windows\system32\Extensions
2013-08-27 13:04 - 2013-08-27 13:04 - 00000000 _____ C:\Windows\setuperr.log
2013-08-25 11:27 - 2011-01-13 20:29 - 00000000 ____D C:\Windows\system32\Adobe
2013-08-25 11:27 - 2010-01-16 22:24 - 00000000 ____D C:\Windows\system32\Macromed
2013-08-25 11:19 - 2013-08-25 10:55 - 00000000 ____D C:\Program Files\RegCleaner
2013-08-25 11:17 - 2013-08-25 11:17 - 00000000 ____D C:\Users\Ernst\AppData\Local\avgchrome
2013-08-25 11:16 - 2013-08-25 11:16 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\SeeSimilar
2013-08-25 11:15 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-08-25 11:00 - 2013-08-25 11:00 - 02168848 _____ (WiseCleaner.com ) C:\Users\Ernst\Downloads\WRCFree-7.83.exe
2013-08-25 10:54 - 2013-08-25 10:54 - 00553687 _____ C:\Users\Ernst\Downloads\RegCleaner.exe
2013-08-25 10:27 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-08-25 10:21 - 2013-08-25 10:21 - 00000000 ____D C:\FRST
2013-08-25 10:21 - 2013-08-25 10:20 - 01070459 _____ (Farbar) C:\Users\Ernst\Downloads\FRST.exe
2013-08-25 10:02 - 2013-08-25 10:02 - 00770344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-25 10:02 - 2013-08-25 10:02 - 00369584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-25 10:02 - 2013-08-25 10:02 - 00175176 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-25 10:02 - 2013-08-25 10:02 - 00002073 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-08-25 10:02 - 2013-08-25 10:02 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum
2013-08-25 10:02 - 2013-08-25 10:02 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum
2013-08-25 10:02 - 2013-08-25 10:02 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum
2013-08-25 10:00 - 2013-08-25 10:00 - 00000000 ____D C:\ProgramData\AVAST Software
2013-08-25 10:00 - 2013-08-25 10:00 - 00000000 ____D C:\Program Files\AVAST Software
2013-08-25 09:59 - 2013-08-25 09:58 - 117478104 _____ C:\Users\Ernst\Downloads\avast_free_antivirus_setup_8.0.1489.300.exe
2013-08-25 09:44 - 2013-08-25 09:44 - 00001065 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-25 09:44 - 2013-08-25 09:44 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\Malwarebytes
2013-08-25 09:44 - 2013-08-25 09:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-25 09:44 - 2013-08-25 09:44 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-25 09:42 - 2013-08-25 09:42 - 00002164 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-25 09:42 - 2011-01-08 10:44 - 00000000 ____D C:\Program Files\Google
2013-08-25 09:33 - 2013-08-25 09:33 - 00000000 ____D C:\Users\Ernst\AppData\Roaming\TeamViewer
2013-08-25 09:28 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-25 09:00 - 2010-01-16 21:00 - 00167248 _____ C:\Users\Ernst\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-25 08:57 - 2009-07-14 06:33 - 00527064 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-25 08:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-25 08:54 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-25 08:54 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-HK
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\tr-TR
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ru-RU
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nb-NO
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ko-KR
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ja-JP
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\it-IT
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\hu-HU
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fr-FR
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fi-FI
2013-08-25 08:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\el-GR
2013-08-25 00:09 - 2013-08-25 00:05 - 00000000 ____D C:\Windows\system32\MRT
2013-08-24 23:57 - 2012-09-23 10:36 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-24 23:57 - 2011-07-10 18:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-24 23:42 - 2013-08-24 23:42 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-24 23:42 - 2013-08-24 23:42 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-24 23:42 - 2013-08-24 23:42 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-24 23:42 - 2013-08-24 23:42 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-24 23:42 - 2013-08-24 23:42 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-24 23:42 - 2013-08-24 23:42 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-24 23:42 - 2013-08-24 23:42 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-24 23:42 - 2013-08-24 23:42 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-24 23:42 - 2013-08-24 23:42 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-24 23:42 - 2013-08-24 23:42 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-24 23:42 - 2013-08-24 23:42 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-24 23:42 - 2013-08-24 23:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-24 23:42 - 2013-08-24 23:42 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-24 23:42 - 2013-08-24 23:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-24 23:42 - 2013-08-24 23:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-24 23:41 - 2013-08-24 23:41 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-08-24 23:40 - 2013-08-24 23:40 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-24 23:40 - 2013-08-24 23:40 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-24 23:38 - 2013-08-24 23:38 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-08-24 23:37 - 2013-08-24 23:34 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-24 23:36 - 2013-08-24 23:36 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-08-24 23:36 - 2013-08-24 23:36 - 00000000 _SHDL C:\Users\UpdatusUser\Startmenü
2013-08-24 23:36 - 2013-08-24 23:36 - 00000000 _SHDL C:\Users\UpdatusUser\Netzwerkumgebung
2013-08-24 23:36 - 2013-08-24 23:36 - 00000000 _SHDL C:\Users\UpdatusUser\Druckumgebung
2013-08-24 23:36 - 2013-08-24 23:36 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Musik
2013-08-24 23:36 - 2013-08-24 23:36 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-08-24 23:36 - 2013-08-24 23:36 - 00000000 _SHDL C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-08-24 23:35 - 2013-08-24 23:35 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-08-24 23:30 - 2010-02-05 19:46 - 00000000 ____D C:\Program Files\Java
2013-08-24 23:12 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-08-24 23:01 - 2013-08-24 23:01 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-08-24 23:01 - 2012-08-30 18:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-05 16:00 - 2010-12-08 23:11 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Files to move or delete:
====================
C:\Users\Administrator\AppData\Local\Temp\AskSLib.dll
C:\Users\Ernst\AppData\Local\Temp\heroglyph-25-pinstudio.exe
C:\Users\Ernst\AppData\Local\Temp\heroglyph-40-full32bit.exe
C:\Users\Ernst\AppData\Local\Temp\IminentSetup.exe
C:\Users\Ernst\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Ernst\AppData\Local\Temp\MTDMS7t3.exe.part
C:\Users\Ernst\AppData\Local\Temp\nsuA321.exe
C:\Users\Ernst\AppData\Local\Temp\nsuF4F9.exe
C:\Users\Ernst\AppData\Local\Temp\QnYojE8s.exe.part
C:\Users\Ernst\AppData\Local\Temp\Quarantine.exe
C:\Users\Ernst\AppData\Local\Temp\setup.exe
C:\Users\Ernst\AppData\Local\Temp\uninst1.exe
C:\Users\Ernst\AppData\Local\Temp\nst6385.tmp\DropboxNSISTools.dll
C:\Users\Ernst\AppData\Local\Temp\nst6385.tmp\UAC.dll
C:\Users\Ernst\AppData\Local\Temp\MozUpdater\updater.exe
C:\Users\Ernst\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Ernst\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest
C:\Users\Ernst\AppData\Local\Temp\is2036094744\427709_Setup.EXE
C:\Users\Ernst\AppData\Local\Temp\is2036094744\427709_Setup.EXE.part
C:\Users\Ernst\AppData\Local\Temp\is2036094744\wajam_validate.exe
C:\Users\Ernst\AppData\Local\Temp\bus6547\enhancedNT.dll
C:\Users\Ernst\AppData\Local\Temp\bus6547\NTRedirectUpdate.exe
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\aswCmnBS.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\aswCmnIS.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\aswCmnOS.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\atl90.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCUCmnRes.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1025.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1026.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1027.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1028.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1029.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1030.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1031.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1032.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1033.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1035.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1036.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1037.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1038.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1040.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1041.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1042.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1043.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1044.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1045.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1046.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1048.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1049.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1050.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1051.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1053.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1054.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1055.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1056.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1057.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1058.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1059.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1060.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1061.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1062.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1065.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1066.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1081.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1086.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1093.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_1909.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_2052.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_2070.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_2074.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BCULangRes_3082.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\BrowserCleanup.exe
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\mfc90u.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\msvcp90.dll
C:\Users\Ernst\AppData\Local\Temp\7zSE9A3.tmp\msvcr90.dll
C:\Users\Ernst\AppData\Local\Temp\395871A3-BAB0-7891-87D2-949E18F48BB8\sqlite3.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-28 16:28
==================== End Of Log ============================ --- --- --- |