Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.09.19.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
TEC :: TEC-PC [Administrator]
Schutz: Aktiviert
19.09.2013 20:41:08
mbam-log-2013-09-19 (20-41-08).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 426644
Laufzeit: 57 Minute(n), 41 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende) Code:
# AdwCleaner v3.004 - Bericht erstellt am 19/09/2013 um 21:48:19
# Updated 15/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : TEC - TEC-PC
# Gestartet von : C:\Users\TEC\Downloads\adwcleaner(1).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Users\TEC\AppData\LocalLow\DVDVideoSoftTB_DE
Ordner Gelöscht : C:\Users\TEC\AppData\LocalLow\www.Freeware-download.com
Ordner Gelöscht : C:\Users\TEC\AppData\Roaming\HomeTab
Ordner Gelöscht : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787336\Smartbar
Ordner Gelöscht : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787336\Extensions\ffxtlbr@delta.com
Ordner Gelöscht : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787336\Extensions\toolbar@ask.com
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787336\\invalidprefs.js
Datei Gelöscht : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787336\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787336\bprotector_prefs.js
Datei Gelöscht : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787336\foxydeal.sqlite
Datei Gelöscht : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\vgftyq55.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787336\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\vgftyq55.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787336\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787336\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787336\searchplugins\delta.xml
Datei Gelöscht : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787336\searchplugins\dvdvideosofttb-de-customized-web-search.xml
Datei Gelöscht : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\vgftyq55.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
Datei Gelöscht : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787336\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Browser Updater
Datei Gelöscht : C:\Windows\System32\Tasks\BrowserDefendert
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Schlüssel Gelöscht : HKCU\Software\5253dcdee735e544
Schlüssel Gelöscht : HKLM\SOFTWARE\5253dcdee735e544
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26647CA4-A2A7-4EAC-8A72-761AA9141DE7}
[#] Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A25E7121-3DD8-41B3-855B-756C5BC45449}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44041D0F-3D73-4AF7-8DF7-54B235DF09AD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28D3CF6C-5E6E-4AC8-8A72-AD8CADCDC01B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{26647CA4-A2A7-4EAC-8A72-761AA9141DE7}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{26647CA4-A2A7-4EAC-8A72-761AA9141DE7}]
Schlüssel Gelöscht : HKCU\Software\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\www.Freeware-download.com
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB_DE
Schlüssel Gelöscht : HKLM\Software\www.Freeware-download.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB_DE Toolbar
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_787336\prefs.js ]
Zeile gelöscht : user_pref("CT2625848.1000082.isDisplayHidden", "true");
Zeile gelöscht : user_pref("CT2625848.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
Zeile gelöscht : user_pref("CT2625848.2625848a129894023611240511000000paramsGK1", "eyJ1cGRhdGVSZXFUaW1lIjoxMzQ4NDIzOTIwMTk5LCJ1cGRhdGVSZXNwVGltZSI6MTM0ODQyMzkyMDgzMSwiZGF0YSI6eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3N0b3[...]
Zeile gelöscht : user_pref("CT2625848.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.FirstTime", "true");
Zeile gelöscht : user_pref("CT2625848.FirstTimeFF3", "true");
Zeile gelöscht : user_pref("CT2625848.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&q=");
Zeile gelöscht : user_pref("CT2625848.UserID", "UN99911072743862222");
Zeile gelöscht : user_pref("CT2625848.addressBarTakeOverEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2625848.autoDisableScopes", -1);
Zeile gelöscht : user_pref("CT2625848.browser.search.defaultthis.engineName", true);
Zeile gelöscht : user_pref("CT2625848.defaultSearch", "true");
Zeile gelöscht : user_pref("CT2625848.embeddedsData", "[{\"appId\":\"129181467799155027\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Zeile gelöscht : user_pref("CT2625848.enableAlerts", "false");
Zeile gelöscht : user_pref("CT2625848.enableSearchFromAddressBar", "true");
Zeile gelöscht : user_pref("CT2625848.firstTimeDialogOpened", "true");
Zeile gelöscht : user_pref("CT2625848.fixPageNotFoundError", "true");
Zeile gelöscht : user_pref("CT2625848.fixPageNotFoundErrorInHidden", "true");
Zeile gelöscht : user_pref("CT2625848.fixUrls", true);
Zeile gelöscht : user_pref("CT2625848.installId", "ConduitNSISIntegration");
Zeile gelöscht : user_pref("CT2625848.installType", "ConduitNSISIntegration");
Zeile gelöscht : user_pref("CT2625848.isCheckedStartAsHidden", true);
Zeile gelöscht : user_pref("CT2625848.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.isFirstTimeToolbarLoading", "false");
Zeile gelöscht : user_pref("CT2625848.isNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2625848.isPerformedSmartBarTransition", "true");
Zeile gelöscht : user_pref("CT2625848.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT2625848.keyword", true);
Zeile gelöscht : user_pref("CT2625848.migrateAppsAndComponents", true);
Zeile gelöscht : user_pref("CT2625848.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.google.de%2F\",\"EB_MAIN_FRAME_TITLE\":\"Google\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://DVD[...]
Zeile gelöscht : user_pref("CT2625848.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.openThankYouPage", "false");
Zeile gelöscht : user_pref("CT2625848.openUninstallPage", "true");
Zeile gelöscht : user_pref("CT2625848.search.searchAppId", "129181467799155027");
Zeile gelöscht : user_pref("CT2625848.search.searchCount", "0");
Zeile gelöscht : user_pref("CT2625848.searchInNewTabEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2625848.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2625848\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDVideoSoftTBDE.OurToolbar.com//xpi\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB DE\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348420315580");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_appsMetadata_lastUpdate", "1348420391722");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348420317208");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_login_10.13.1.89_lastUpdate", "1348467374003");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_optimizer_lastUpdate", "1348420393221");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348420317093");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_searchAPI_lastUpdate", "1348420313981");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_serviceMap_lastUpdate", "1348420313008");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348420317061");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_toolbarSettings_lastUpdate", "1348467373282");
Zeile gelöscht : user_pref("CT2625848.serviceLayer_services_translation_lastUpdate", "1348420316982");
Zeile gelöscht : user_pref("CT2625848.settingsINI", true);
Zeile gelöscht : user_pref("CT2625848.shouldFirstTimeDialog", "false");
Zeile gelöscht : user_pref("CT2625848.smartbar.CTID", "CT2625848");
Zeile gelöscht : user_pref("CT2625848.smartbar.Uninstall", "0");
Zeile gelöscht : user_pref("CT2625848.smartbar.homepage", true);
Zeile gelöscht : user_pref("CT2625848.smartbar.isHidden", false);
Zeile gelöscht : user_pref("CT2625848.smartbar.toolbarName", "DVDVideoSoftTB DE ");
Zeile gelöscht : user_pref("CT2625848.startPage", "userChanged");
Zeile gelöscht : user_pref("CT2625848.toolbarBornServerTime", "23-9-2012");
Zeile gelöscht : user_pref("CT2625848.toolbarCurrentServerTime", "24-9-2012");
Zeile gelöscht : user_pref("CT2625848_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1348467249416,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "");
Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2625848");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Delta Search");
Zeile gelöscht : user_pref("browser.search.order.1", "Delta Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Delta Search");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "9e27c995000000000000100ba9504018");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15883");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.522:12:01");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121562&tt=250613_gr4&tsp=4926");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
[ Datei : C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\vgftyq55.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
*************************
AdwCleaner[R1].txt - [16031 octets] - [19/09/2013 21:47:14]
AdwCleaner[S0].txt - [15732 octets] - [19/09/2013 21:48:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15793 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Professional x64
Ran by TEC on 19.09.2013 at 21:54:23,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\TEC\AppData\Roaming\mozilla\firefox\profiles\vgftyq55.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.09.2013 at 22:01:13,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-09-2013 01
Ran by TEC (administrator) on TEC-PC on 19-09-2013 22:04:35
Running from C:\Users\TEC\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
(ArcSoft, Inc.) C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Infineon Technologies AG) C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\wmi64.exe
(Farbar) C:\Users\TEC\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-26] (Hewlett-Packard Company)
HKLM\...\Run: [MfeEpePcMonitor] - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-02-09] ()
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3011824 2013-01-29] (Synaptics Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [HP HD Webcam [Fixed]_Monitor] - C:\Program Files (x86)\HP HD Webcam [Fixed]\monitor.exe [267128 2010-11-26] ()
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [514544 2011-01-12] ()
HKLM-x32\...\Run: [IFXSPMGT] - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12274688 2011-02-07] (Hewlett-Packard)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-16] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [] - [x]
Lsa: [Notification Packages] DPPassFilter scecli
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC5973CF26287CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 193.189.244.202 193.189.244.194
FireFox:
========
FF ProfilePath: C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\vgftyq55.default
FF NewTab: hxxp://www.google.com/firefox
FF Homepage: hxxp://www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\vgftyq55.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\vgftyq55.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\vgftyq55.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\vgftyq55.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\vgftyq55.default\Extensions\ich@maltegoetz.de
FF Extension: No Name - C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\vgftyq55.default\Extensions\WTB_GLOBAL.sqlite
FF Extension: No Name - C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\vgftyq55.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\TEC\AppData\Roaming\Mozilla\Firefox\Profiles\vgftyq55.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2012-11-16] (Kaspersky Lab ZAO)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [481104 2011-02-11] (DigitalPersona, Inc.)
S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-03] (Hewlett-Packard Company)
R3 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [36864 2011-01-12] (Hewlett-Packard Development Company, L.P)
R2 HPDayStarterService; C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company)
R2 IFXSpMgtSrv; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)
R2 IFXTCS; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980320 2011-01-20] (Infineon Technologies AG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-02-09] ()
R2 PersonalSecureDriveService; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203104 2011-01-20] (Infineon Technologies AG)
R2 uArcCapture; C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
==================== Drivers (Whitelisted) ====================
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)
R0 johci; C:\Windows\System32\DRIVERS\johci.sys [26712 2011-01-18] (JMicron Technology Corp.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-09-19] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-09-19] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [168008 2011-02-09] (McAfee, Inc.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2612728 2011-02-12] (Sunplus Technology)
S3 zntport; C:\Windows\SysWow64\Drivers\zntport.sys [6144 2012-03-21] (Zeal SoftStudio)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz135; \??\C:\Users\TEC\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO)
S3 zntport; System32\Drivers\zntport.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-19 22:04 - 2013-09-19 22:04 - 01950622 _____ (Farbar) C:\Users\TEC\Downloads\FRST64(1).exe
2013-09-19 22:01 - 2013-09-19 22:01 - 00000752 _____ C:\Users\TEC\Desktop\JRT.txt
2013-09-19 21:53 - 2013-09-19 21:53 - 01029675 _____ (Thisisu) C:\Users\TEC\Downloads\JRT(1).exe
2013-09-19 21:47 - 2013-09-19 21:48 - 00000000 ____D C:\AdwCleaner
2013-09-19 21:45 - 2013-09-19 21:45 - 01039554 _____ C:\Users\TEC\Downloads\adwcleaner(1).exe
2013-09-19 08:07 - 2013-09-19 08:07 - 00023982 _____ C:\ComboFix.txt
2013-09-19 07:51 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-19 07:51 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-19 07:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-19 07:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-19 07:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-19 07:51 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-19 07:51 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-19 07:51 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-19 07:50 - 2013-09-19 08:07 - 00000000 ____D C:\Qoobox
2013-09-19 07:50 - 2013-09-19 08:06 - 00000000 ____D C:\Windows\erdnt
2013-09-19 07:49 - 2013-09-19 07:50 - 05128653 ____R (Swearware) C:\Users\TEC\Downloads\ComboFix.exe
2013-09-18 19:08 - 2013-09-18 19:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-18 18:32 - 2013-09-18 18:33 - 00031206 _____ C:\Users\TEC\Downloads\Addition.txt
2013-09-18 18:31 - 2013-09-18 18:31 - 00000000 ____D C:\FRST
2013-09-18 18:30 - 2013-09-18 18:31 - 01950524 _____ (Farbar) C:\Users\TEC\Downloads\FRST64.exe
2013-09-18 04:38 - 2013-09-18 04:38 - 00000000 ____D C:\Windows\ERUNT
2013-09-18 04:28 - 2013-09-18 04:28 - 01029675 _____ (Thisisu) C:\Users\TEC\Downloads\JRT.exe
2013-09-18 04:25 - 2013-09-18 04:27 - 01039554 _____ C:\Users\TEC\Downloads\adwcleaner.exe
2013-09-16 20:33 - 2013-09-16 20:34 - 00998736 _____ C:\Windows\Minidump\091613-51636-01.dmp
2013-09-15 21:26 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-09-15 21:26 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-09-15 21:26 - 2012-08-23 16:07 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-09-15 21:26 - 2012-08-23 15:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-09-15 21:26 - 2012-08-23 15:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-09-15 21:26 - 2012-08-23 15:41 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-09-15 21:26 - 2012-08-23 15:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-09-15 21:26 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-09-15 21:26 - 2012-08-23 15:20 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-09-15 21:26 - 2012-08-23 15:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-09-15 21:26 - 2012-08-23 15:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-09-15 21:26 - 2012-08-23 15:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-09-15 21:26 - 2012-08-23 14:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-09-15 21:26 - 2012-08-23 13:20 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-09-15 21:26 - 2012-08-23 13:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-09-15 21:26 - 2012-08-23 13:14 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-09-15 21:26 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-09-15 21:26 - 2012-08-23 12:54 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-09-15 21:26 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-09-15 21:26 - 2012-08-23 12:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-09-15 21:26 - 2012-08-23 12:22 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-09-15 21:26 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-09-15 21:26 - 2012-08-23 10:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-09-15 21:26 - 2012-08-23 10:13 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-09-15 21:25 - 2012-08-24 20:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-09-15 21:25 - 2012-08-24 20:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-09-15 21:25 - 2012-08-24 20:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-09-15 21:25 - 2012-08-24 20:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-09-15 21:25 - 2012-08-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-09-15 21:25 - 2012-08-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-09-15 21:25 - 2012-08-24 18:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-09-15 21:25 - 2012-05-04 13:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-09-15 21:25 - 2012-05-04 11:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-09-15 20:57 - 2013-09-18 04:49 - 00000380 _____ C:\Users\TEC\Desktop\ab.txt
2013-09-15 20:43 - 2013-09-15 20:43 - 00987648 _____ C:\Windows\Minidump\091513-20982-01.dmp
2013-09-14 10:17 - 2013-09-14 10:18 - 00614816 _____ C:\Users\TEC\Downloads\Multi-Toolbar_Remover(1).exe
2013-09-14 10:17 - 2013-09-14 10:17 - 00614816 _____ C:\Users\TEC\Downloads\Multi-Toolbar_Remover.exe
2013-09-14 09:51 - 2013-09-14 09:52 - 21110400 _____ (Innovative Solutions ) C:\Users\TEC\Downloads\Advanced_Uninstaller11.exe
2013-09-14 09:49 - 2013-09-14 09:49 - 00000000 ____D C:\Users\TEC\AppData\Local\Innovative Solutions
2013-09-14 09:49 - 2013-09-14 09:49 - 00000000 ____D C:\ProgramData\Innovative Solutions
2013-09-14 09:45 - 2013-09-14 09:48 - 21110400 _____ (Innovative Solutions ) C:\Users\TEC\Downloads\Advanced_Uninstaller112.exe
2013-09-14 09:22 - 2013-09-14 09:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-14 09:22 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-14 09:20 - 2013-09-14 09:21 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\TEC\Downloads\mbam-setup-1.75.0.1300(2).exe
2013-09-14 09:14 - 2013-09-14 09:14 - 02828552 _____ (AVAST Software) C:\Users\TEC\Downloads\avast-browser-cleanup_8.0.1484.29(1).exe
2013-09-14 09:11 - 2013-09-14 09:11 - 00003158 _____ C:\Windows\System32\Tasks\{4FE5EEC6-553B-4DA9-969E-64C0B1E341C3}
2013-09-14 09:10 - 2013-09-14 09:11 - 22240760 _____ (Mozilla) C:\Users\TEC\Downloads\Firefox Setup 23.0.1.exe
2013-09-14 09:06 - 2013-09-14 09:06 - 02828552 _____ (AVAST Software) C:\Users\TEC\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-09-14 08:48 - 2013-09-14 08:53 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-09-14 08:48 - 2013-09-14 08:48 - 05049344 _____ (Crawler.com ) C:\Users\TEC\Downloads\SpywareTerminatorSetup_3.0.0.82(1).exe
2013-09-14 08:48 - 2013-09-14 08:48 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-09-14 08:46 - 2013-09-14 08:46 - 05049344 _____ (Crawler.com ) C:\Users\TEC\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2013-09-14 08:12 - 2013-09-14 08:26 - 00020162 _____ C:\Windows\system32\msrgman.dav
2013-09-14 08:08 - 2013-09-14 08:08 - 00478544 _____ C:\Users\TEC\Downloads\RCSetup5-Downloader.exe
2013-09-14 07:53 - 2013-09-14 07:53 - 00369926 _____ (Freeware-Download) C:\Users\TEC\Downloads\get_Reg_Cleaner_3_8.exe
2013-09-14 07:35 - 2013-09-14 07:55 - 00000000 ____D C:\Users\TEC\AppData\Roaming\GetRightToGo
2013-09-14 07:02 - 2013-09-14 07:02 - 00981567 _____ C:\Users\TEC\Downloads\EFRC32Setup.exe
2013-09-13 23:46 - 2013-09-13 23:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\TEC\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-13 21:32 - 2013-09-13 21:32 - 00000000 ____D C:\Users\TEC\AppData\Roaming\Malwarebytes
2013-09-13 21:32 - 2013-09-13 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-13 21:30 - 2013-09-13 21:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\TEC\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-13 06:19 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-13 06:19 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-13 06:19 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-13 06:19 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-13 06:19 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-13 06:19 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-13 06:19 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-13 06:19 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-13 06:19 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-13 06:19 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-13 06:19 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-13 06:19 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-13 06:19 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-13 06:19 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-13 06:19 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-13 06:19 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-13 06:19 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-13 06:19 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-13 06:19 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-13 06:19 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 06:19 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-13 06:19 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-13 06:19 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-13 06:19 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-13 06:19 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-12 06:30 - 2013-09-12 06:30 - 00964856 _____ C:\Windows\Minidump\091213-16738-01.dmp
2013-09-11 20:42 - 2013-09-11 20:42 - 00979008 _____ C:\Windows\Minidump\091113-17908-01.dmp
2013-09-11 16:39 - 2013-09-11 16:39 - 01012272 _____ C:\Windows\Minidump\091113-68921-01.dmp
2013-09-11 13:59 - 2013-09-11 13:59 - 00000000 ____D C:\SoloApp
2013-09-11 13:58 - 2013-09-14 00:07 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-09-11 13:58 - 2013-09-11 13:58 - 00000000 ____D C:\Windows\System32\Tasks\ProtectedSearch
2013-09-11 13:58 - 2013-08-13 08:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-09-11 13:57 - 2013-09-11 13:57 - 00478544 _____ C:\Users\TEC\Downloads\schul_demo-Downloader.exe
2013-09-11 13:35 - 2013-09-11 13:36 - 01329829 _____ (Will Software ) C:\Users\TEC\Downloads\LA.exe
2013-09-11 11:41 - 2013-09-11 11:42 - 00964856 _____ C:\Windows\Minidump\091113-19531-01.dmp
2013-09-11 08:54 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 08:54 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 08:54 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 08:54 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 08:54 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 08:54 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 08:54 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 08:54 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 08:54 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 08:54 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 08:54 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 08:54 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 08:54 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 08:54 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 08:54 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 08:54 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 08:54 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 08:54 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 08:54 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 08:54 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 08:54 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 08:54 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 08:54 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 08:54 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 08:54 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 08:54 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 08:54 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 08:54 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 08:54 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 08:54 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 08:54 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 07:28 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 07:28 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-07 21:45 - 2013-09-07 21:45 - 00965648 _____ C:\Windows\Minidump\090713-21590-01.dmp
2013-09-07 19:54 - 2013-09-07 19:54 - 00987712 _____ C:\Windows\Minidump\090713-52275-01.dmp
2013-09-07 16:14 - 2013-09-07 16:14 - 00262144 _____ C:\Windows\system32\config\elam
2013-09-07 15:37 - 2013-09-07 15:38 - 00969848 _____ C:\Windows\Minidump\090713-23368-01.dmp
2013-08-28 21:16 - 2013-08-28 21:16 - 00000000 ____D C:\Users\TEC\AppData\Local\Downloaded Installations
2013-08-28 21:15 - 2013-08-28 21:15 - 04287141 _____ C:\Users\TEC\Downloads\Geokiste_3.0_D.exe
2013-08-28 20:51 - 2013-08-28 20:51 - 06315467 _____ C:\Users\TEC\Downloads\Stufe_4.zip
2013-08-28 12:58 - 2013-08-28 12:58 - 00988216 _____ C:\Windows\Minidump\082813-18080-01.dmp
2013-08-27 15:26 - 2013-08-27 15:26 - 00956808 _____ C:\Windows\Minidump\082713-18626-01.dmp
2013-08-26 15:48 - 2013-08-26 15:48 - 00047373 _____ C:\Users\TEC\Downloads\Brueckenarten _ Zuordnung von Informationen und Spiel.zip
2013-08-26 11:41 - 2013-08-26 11:41 - 00979152 _____ C:\Windows\Minidump\082613-16473-01.dmp
2013-08-24 14:20 - 2013-08-24 14:20 - 00970632 _____ C:\Windows\Minidump\082413-54990-01.dmp
2013-08-24 12:04 - 2013-08-24 12:04 - 00069183 _____ C:\Users\TEC\Downloads\langpack-de-1.0.1-for-truecrypt-7.1a(2).zip
2013-08-24 12:03 - 2013-08-24 12:03 - 03466248 _____ (TrueCrypt Foundation) C:\Users\TEC\Downloads\TrueCrypt_Setup_7.1a(3).exe
2013-08-24 11:22 - 2013-08-24 11:22 - 00069183 _____ C:\Users\TEC\Downloads\langpack-de-1.0.1-for-truecrypt-7.1a(1).zip
2013-08-24 11:21 - 2013-08-24 11:22 - 03466248 _____ (TrueCrypt Foundation) C:\Users\TEC\Downloads\TrueCrypt_Setup_7.1a(2).exe
2013-08-23 11:05 - 2013-08-23 11:05 - 00069183 _____ C:\Users\TEC\Downloads\langpack-de-1.0.1-for-truecrypt-7.1a.zip
2013-08-23 11:04 - 2013-08-23 11:04 - 03466248 _____ (TrueCrypt Foundation) C:\Users\TEC\Downloads\TrueCrypt_Setup_7.1a(1).exe
2013-08-23 10:01 - 2013-08-23 10:01 - 03466248 _____ (TrueCrypt Foundation) C:\Users\TEC\Downloads\TrueCryptSetup7.1a(1).exe
2013-08-23 09:02 - 2013-08-23 09:02 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2013-08-23 09:02 - 2013-08-23 09:02 - 00000000 ____D C:\Users\TEC\AppData\Roaming\TrueCrypt
2013-08-23 09:01 - 2013-08-23 09:10 - 00000000 ____D C:\Program Files\TrueCrypt
2013-08-23 09:01 - 2013-08-23 09:01 - 03466248 _____ (TrueCrypt Foundation) C:\Users\TEC\Downloads\TrueCrypt_Setup_7.1a.exe
2013-08-23 08:10 - 2013-08-23 08:11 - 03466248 _____ (TrueCrypt Foundation) C:\Users\TEC\Downloads\TrueCrypt Setup 7.1a.exe
2013-08-22 19:37 - 2013-08-22 19:38 - 03466248 _____ (TrueCrypt Foundation) C:\Users\TEC\Downloads\TrueCryptSetup7.1a.exe
==================== One Month Modified Files and Folders =======
2013-09-19 22:04 - 2013-09-19 22:04 - 01950622 _____ (Farbar) C:\Users\TEC\Downloads\FRST64(1).exe
2013-09-19 22:01 - 2013-09-19 22:01 - 00000752 _____ C:\Users\TEC\Desktop\JRT.txt
2013-09-19 21:57 - 2009-07-14 06:45 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-19 21:57 - 2009-07-14 06:45 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-19 21:53 - 2013-09-19 21:53 - 01029675 _____ (Thisisu) C:\Users\TEC\Downloads\JRT(1).exe
2013-09-19 21:51 - 2012-08-31 16:51 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-19 21:49 - 2012-03-21 01:59 - 00000000 ____D C:\ProgramData\HPQLOG
2013-09-19 21:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-19 21:49 - 2009-07-14 06:51 - 00076902 _____ C:\Windows\setupact.log
2013-09-19 21:48 - 2013-09-19 21:47 - 00000000 ____D C:\AdwCleaner
2013-09-19 21:48 - 2012-03-20 23:32 - 02086382 _____ C:\Windows\WindowsUpdate.log
2013-09-19 21:45 - 2013-09-19 21:45 - 01039554 _____ C:\Users\TEC\Downloads\adwcleaner(1).exe
2013-09-19 21:17 - 2012-10-21 22:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-19 20:36 - 2009-08-30 07:25 - 00696870 _____ C:\Windows\system32\perfh007.dat
2013-09-19 20:36 - 2009-08-30 07:25 - 00148134 _____ C:\Windows\system32\perfc007.dat
2013-09-19 20:36 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-19 08:07 - 2013-09-19 08:07 - 00023982 _____ C:\ComboFix.txt
2013-09-19 08:07 - 2013-09-19 07:50 - 00000000 ____D C:\Qoobox
2013-09-19 08:07 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-19 08:06 - 2013-09-19 07:50 - 00000000 ____D C:\Windows\erdnt
2013-09-19 08:03 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-19 08:02 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-19 08:01 - 2012-03-21 00:05 - 00455440 _____ C:\Windows\PFRO.log
2013-09-19 08:01 - 2009-07-14 04:34 - 63438848 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-09-19 08:01 - 2009-07-14 04:34 - 19922944 _____ C:\Windows\system32\config\SYSTEM.bak
2013-09-19 08:01 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-09-19 08:01 - 2009-07-14 04:34 - 00061440 _____ C:\Windows\system32\config\SAM.bak
2013-09-19 08:01 - 2009-07-14 04:34 - 00024576 _____ C:\Windows\system32\config\SECURITY.bak
2013-09-19 07:50 - 2013-09-19 07:49 - 05128653 ____R (Swearware) C:\Users\TEC\Downloads\ComboFix.exe
2013-09-19 07:25 - 2012-08-31 13:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-18 19:09 - 2013-09-18 19:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-18 19:09 - 2012-08-31 13:13 - 00000000 ____D C:\Users\TEC\AppData\Local\Mozilla
2013-09-18 18:33 - 2013-09-18 18:32 - 00031206 _____ C:\Users\TEC\Downloads\Addition.txt
2013-09-18 18:31 - 2013-09-18 18:31 - 00000000 ____D C:\FRST
2013-09-18 18:31 - 2013-09-18 18:30 - 01950524 _____ (Farbar) C:\Users\TEC\Downloads\FRST64.exe
2013-09-18 04:49 - 2013-09-15 20:57 - 00000380 _____ C:\Users\TEC\Desktop\ab.txt
2013-09-18 04:38 - 2013-09-18 04:38 - 00000000 ____D C:\Windows\ERUNT
2013-09-18 04:28 - 2013-09-18 04:28 - 01029675 _____ (Thisisu) C:\Users\TEC\Downloads\JRT.exe
2013-09-18 04:27 - 2013-09-18 04:25 - 01039554 _____ C:\Users\TEC\Downloads\adwcleaner.exe
2013-09-17 18:19 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-17 11:14 - 2009-07-14 06:45 - 00361024 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-17 06:24 - 2012-08-17 14:03 - 00083664 _____ C:\Users\TEC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-16 21:50 - 2012-12-21 23:30 - 00000000 ____D C:\Users\TEC\AppData\Roaming\vlc
2013-09-16 20:34 - 2013-09-16 20:33 - 00998736 _____ C:\Windows\Minidump\091613-51636-01.dmp
2013-09-16 20:33 - 2013-04-10 21:35 - 00000000 ____D C:\Windows\Minidump
2013-09-16 19:57 - 2012-08-31 14:11 - 00000000 ____D C:\Users\TEC\AppData\Roaming\Skype
2013-09-15 21:27 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-15 20:43 - 2013-09-15 20:43 - 00987648 _____ C:\Windows\Minidump\091513-20982-01.dmp
2013-09-14 13:05 - 2013-04-13 13:31 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-09-14 13:05 - 2012-09-01 18:34 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-14 12:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-14 10:18 - 2013-09-14 10:17 - 00614816 _____ C:\Users\TEC\Downloads\Multi-Toolbar_Remover(1).exe
2013-09-14 10:17 - 2013-09-14 10:17 - 00614816 _____ C:\Users\TEC\Downloads\Multi-Toolbar_Remover.exe
2013-09-14 09:52 - 2013-09-14 09:51 - 21110400 _____ (Innovative Solutions ) C:\Users\TEC\Downloads\Advanced_Uninstaller11.exe
2013-09-14 09:49 - 2013-09-14 09:49 - 00000000 ____D C:\Users\TEC\AppData\Local\Innovative Solutions
2013-09-14 09:49 - 2013-09-14 09:49 - 00000000 ____D C:\ProgramData\Innovative Solutions
2013-09-14 09:48 - 2013-09-14 09:45 - 21110400 _____ (Innovative Solutions ) C:\Users\TEC\Downloads\Advanced_Uninstaller112.exe
2013-09-14 09:22 - 2013-09-14 09:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-14 09:21 - 2013-09-14 09:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\TEC\Downloads\mbam-setup-1.75.0.1300(2).exe
2013-09-14 09:14 - 2013-09-14 09:14 - 02828552 _____ (AVAST Software) C:\Users\TEC\Downloads\avast-browser-cleanup_8.0.1484.29(1).exe
2013-09-14 09:11 - 2013-09-14 09:11 - 00003158 _____ C:\Windows\System32\Tasks\{4FE5EEC6-553B-4DA9-969E-64C0B1E341C3}
2013-09-14 09:11 - 2013-09-14 09:10 - 22240760 _____ (Mozilla) C:\Users\TEC\Downloads\Firefox Setup 23.0.1.exe
2013-09-14 09:06 - 2013-09-14 09:06 - 02828552 _____ (AVAST Software) C:\Users\TEC\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-09-14 08:53 - 2013-09-14 08:48 - 00000000 ____D C:\Program Files (x86)\Spyware Terminator
2013-09-14 08:48 - 2013-09-14 08:48 - 05049344 _____ (Crawler.com ) C:\Users\TEC\Downloads\SpywareTerminatorSetup_3.0.0.82(1).exe
2013-09-14 08:48 - 2013-09-14 08:48 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2013-09-14 08:46 - 2013-09-14 08:46 - 05049344 _____ (Crawler.com ) C:\Users\TEC\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2013-09-14 08:35 - 2009-07-14 04:34 - 78643200 _____ C:\Windows\system32\config\SOFTWARE.rcbak
2013-09-14 08:35 - 2009-07-14 04:34 - 19398656 _____ C:\Windows\system32\config\SYSTEM.rcbak
2013-09-14 08:35 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.rcbak
2013-09-14 08:35 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.rcbak
2013-09-14 08:35 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.rcbak
2013-09-14 08:26 - 2013-09-14 08:12 - 00020162 _____ C:\Windows\system32\msrgman.dav
2013-09-14 08:08 - 2013-09-14 08:08 - 00478544 _____ C:\Users\TEC\Downloads\RCSetup5-Downloader.exe
2013-09-14 07:55 - 2013-09-14 07:35 - 00000000 ____D C:\Users\TEC\AppData\Roaming\GetRightToGo
2013-09-14 07:53 - 2013-09-14 07:53 - 00369926 _____ (Freeware-Download) C:\Users\TEC\Downloads\get_Reg_Cleaner_3_8.exe
2013-09-14 07:02 - 2013-09-14 07:02 - 00981567 _____ C:\Users\TEC\Downloads\EFRC32Setup.exe
2013-09-14 00:37 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-09-14 00:07 - 2013-09-11 13:58 - 00000000 ____D C:\Windows\System32\Tasks\Browser Updater
2013-09-13 23:46 - 2013-09-13 23:46 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\TEC\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-09-13 21:32 - 2013-09-13 21:32 - 00000000 ____D C:\Users\TEC\AppData\Roaming\Malwarebytes
2013-09-13 21:32 - 2013-09-13 21:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-13 21:32 - 2013-09-13 21:30 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\TEC\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-13 19:17 - 2012-10-21 22:12 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 19:17 - 2012-09-01 11:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 19:17 - 2012-09-01 11:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 14:30 - 2012-08-17 14:02 - 00000000 ___RD C:\Users\TEC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 14:30 - 2012-08-17 14:02 - 00000000 ___RD C:\Users\TEC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 06:30 - 2013-09-12 06:30 - 00964856 _____ C:\Windows\Minidump\091213-16738-01.dmp
2013-09-11 20:42 - 2013-09-11 20:42 - 00979008 _____ C:\Windows\Minidump\091113-17908-01.dmp
2013-09-11 16:39 - 2013-09-11 16:39 - 01012272 _____ C:\Windows\Minidump\091113-68921-01.dmp
2013-09-11 13:59 - 2013-09-11 13:59 - 00000000 ____D C:\SoloApp
2013-09-11 13:58 - 2013-09-11 13:58 - 00000000 ____D C:\Windows\System32\Tasks\ProtectedSearch
2013-09-11 13:57 - 2013-09-11 13:57 - 00478544 _____ C:\Users\TEC\Downloads\schul_demo-Downloader.exe
2013-09-11 13:36 - 2013-09-11 13:35 - 01329829 _____ (Will Software ) C:\Users\TEC\Downloads\LA.exe
2013-09-11 11:42 - 2013-09-11 11:41 - 00964856 _____ C:\Windows\Minidump\091113-19531-01.dmp
2013-09-11 08:54 - 2013-08-14 17:24 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 08:52 - 2012-09-04 18:47 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-07 21:45 - 2013-09-07 21:45 - 00965648 _____ C:\Windows\Minidump\090713-21590-01.dmp
2013-09-07 19:54 - 2013-09-07 19:54 - 00987712 _____ C:\Windows\Minidump\090713-52275-01.dmp
2013-09-07 16:14 - 2013-09-07 16:14 - 00262144 _____ C:\Windows\system32\config\elam
2013-09-07 15:38 - 2013-09-07 15:37 - 00969848 _____ C:\Windows\Minidump\090713-23368-01.dmp
2013-09-04 21:44 - 2012-03-21 00:44 - 00000000 ____D C:\ProgramData\Sonic
2013-08-28 21:16 - 2013-08-28 21:16 - 00000000 ____D C:\Users\TEC\AppData\Local\Downloaded Installations
2013-08-28 21:15 - 2013-08-28 21:15 - 04287141 _____ C:\Users\TEC\Downloads\Geokiste_3.0_D.exe
2013-08-28 20:51 - 2013-08-28 20:51 - 06315467 _____ C:\Users\TEC\Downloads\Stufe_4.zip
2013-08-28 12:58 - 2013-08-28 12:58 - 00988216 _____ C:\Windows\Minidump\082813-18080-01.dmp
2013-08-27 15:26 - 2013-08-27 15:26 - 00956808 _____ C:\Windows\Minidump\082713-18626-01.dmp
2013-08-26 15:48 - 2013-08-26 15:48 - 00047373 _____ C:\Users\TEC\Downloads\Brueckenarten _ Zuordnung von Informationen und Spiel.zip
2013-08-26 11:41 - 2013-08-26 11:41 - 00979152 _____ C:\Windows\Minidump\082613-16473-01.dmp
2013-08-24 14:20 - 2013-08-24 14:20 - 00970632 _____ C:\Windows\Minidump\082413-54990-01.dmp
2013-08-24 12:04 - 2013-08-24 12:04 - 00069183 _____ C:\Users\TEC\Downloads\langpack-de-1.0.1-for-truecrypt-7.1a(2).zip
2013-08-24 12:03 - 2013-08-24 12:03 - 03466248 _____ (TrueCrypt Foundation) C:\Users\TEC\Downloads\TrueCrypt_Setup_7.1a(3).exe
2013-08-24 11:57 - 2012-08-31 13:09 - 00000000 ____D C:\Users\TEC\AppData\Local\CrashDumps
2013-08-24 11:22 - 2013-08-24 11:22 - 00069183 _____ C:\Users\TEC\Downloads\langpack-de-1.0.1-for-truecrypt-7.1a(1).zip
2013-08-24 11:22 - 2013-08-24 11:21 - 03466248 _____ (TrueCrypt Foundation) C:\Users\TEC\Downloads\TrueCrypt_Setup_7.1a(2).exe
2013-08-23 11:05 - 2013-08-23 11:05 - 00069183 _____ C:\Users\TEC\Downloads\langpack-de-1.0.1-for-truecrypt-7.1a.zip
2013-08-23 11:04 - 2013-08-23 11:04 - 03466248 _____ (TrueCrypt Foundation) C:\Users\TEC\Downloads\TrueCrypt_Setup_7.1a(1).exe
2013-08-23 10:01 - 2013-08-23 10:01 - 03466248 _____ (TrueCrypt Foundation) C:\Users\TEC\Downloads\TrueCryptSetup7.1a(1).exe
2013-08-23 09:10 - 2013-08-23 09:01 - 00000000 ____D C:\Program Files\TrueCrypt
2013-08-23 09:02 - 2013-08-23 09:02 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2013-08-23 09:02 - 2013-08-23 09:02 - 00000000 ____D C:\Users\TEC\AppData\Roaming\TrueCrypt
2013-08-23 09:01 - 2013-08-23 09:01 - 03466248 _____ (TrueCrypt Foundation) C:\Users\TEC\Downloads\TrueCrypt_Setup_7.1a.exe
2013-08-23 08:11 - 2013-08-23 08:10 - 03466248 _____ (TrueCrypt Foundation) C:\Users\TEC\Downloads\TrueCrypt Setup 7.1a.exe
2013-08-22 19:38 - 2013-08-22 19:37 - 03466248 _____ (TrueCrypt Foundation) C:\Users\TEC\Downloads\TrueCryptSetup7.1a.exe
Some content of TEMP:
====================
C:\Users\TEC\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-14 12:46
==================== End Of Log ============================ --- --- ---
--- --- --- |