Bulliwolle | 29.03.2014 16:46 | Also, die ersten beiden Programme laufen, da hänge ich die Logfiles an. Das JRT läuft nicht. Das Programm zeigt kurz an dass es die Registry sichert, danach verschwindet das Fenster im Nirvana und der PC scheint auch nicht an irgendetwas zu arbeiten.
Lasse jetzt nochmal das FRST laufen und poste das in ein paar Minuten auch noch. Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 29.03.2014
Suchlauf-Zeit: 15:45:16
Logdatei: Anti-Malware.txt
Administrator: Ja
Version: 2.00.0.1000
Malware Datenbank: v2014.03.29.02
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: W
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgebrochen
Durchsuchte Objekte: 0
(No malicious items detected)
Verstrichene Zeit: 1 Min, 48 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 0
(No malicious items detected)
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 0
(No malicious items detected)
Physische Sektoren: 0
(No malicious items detected)
(end) Code:
# AdwCleaner v3.022 - Bericht erstellt am 29/03/2014 um 16:14:22
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : W - W-PC
# Gestartet von : C:\Users\W\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : Wpm
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\openit
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Users\W\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\W\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\W\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\Conduit
Ordner Gelöscht : C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\ConduitEngine
Ordner Gelöscht : C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\Extensions\firefoxdav@icloud.com
Ordner Gelöscht : C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\Extensions\quick_start@gmail.com
Datei Gelöscht : C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\digitalsite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_2_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_2_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_atube-catcher_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_atube-catcher_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_movier_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_movier_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\aartemisSoftware
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v19.0 (de)
[ Datei : C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\prefs.js ]
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1280150108\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "SuMy8xgBA7+FodOxmk9aiQ==");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634333631231730000\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634335443890000000");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1297857854\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634322696881670000\"");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwner", "");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Zeile gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "dvdvideosofttb");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Feb 21 2011 11:49:51 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Feb 21 2011 11:41:49 GMT+0100");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "ce718de7-519b-441c-99c1-3e61371e43a2");
Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Zeile gelöscht : user_pref("ConduitEngine.FirstTime", true);
Zeile gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Zeile gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("ConduitEngine.Initialize", true);
Zeile gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("ConduitEngine.InstalledDate", "Mon Feb 21 2011 11:41:50 GMT+0100");
Zeile gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Feb 21 2011 11:41:50 GMT+0100");
Zeile gelöscht : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Zeile gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Feb 21 2011 11:41:50 GMT+0100");
Zeile gelöscht : user_pref("ConduitEngine.UserID", "UN30997283497171676");
Zeile gelöscht : user_pref("ConduitEngine.engineLocale", "de");
Zeile gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Feb 21 2011 11:41:50 GMT+0100");
Zeile gelöscht : user_pref("ConduitEngine.initDone", true);
Zeile gelöscht : user_pref("extensions.engine@conduit.com.install-event-fired", true);
[ Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2aot5q68.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU3&o=15380&locale=de_DE&apn_uid=8331d5df-26ce-4f78-9e53-6174f65dd30c&apn_ptnrs=UJ&apn_sauid=0ED6AB46-0302-42C7-B7A5-85[...]
*************************
AdwCleaner[R0].txt - [13614 octets] - [29/03/2014 16:13:10]
AdwCleaner[S0].txt - [12237 octets] - [29/03/2014 16:14:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12298 octets] ########## Hier noch das aktuelle FRST-log.
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by W (administrator) on W-PC on 29-03-2014 16:45:33
Running from W:\Downloads\Malware Removal Software
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
() E:\Program Files (x86)\R-Wipe&Clean\RwcTaskService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) E:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Nokia) E:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(Dropbox, Inc.) C:\Users\W\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Elaborate Bytes AG) E:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) E:\Program Files (x86)\PDF24\pdf24.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\ipmGui.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Mozilla Corporation) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) E:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Incorporated) E:\Program Files\Adobe\Adobe Photoshop CS6\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] - e:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] - E:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKU\S-1-5-21-959282016-3320411742-1947258435-1001\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759496 2014-01-17] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-959282016-3320411742-1947258435-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-959282016-3320411742-1947258435-1001\...\Run: [PC Suite Tray] - E:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-959282016-3320411742-1947258435-1001\...\Run: [RWCSwpRem] - E:\Program Files (x86)\R-Wipe&Clean\RwcRun.exe [75264 2013-12-24] (R-tools Technology Inc.)
Startup: C:\Users\W\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\W\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A03B3EDC536CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {AA5B6509-99F7-4D56-AB35-127F1ADC0609} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU3&o=15380&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=UJ&apn_dtid=YYYYYYYYDE&apn_uid=8331d5df-26ce-4f78-9e53-6174f65dd30c&apn_sauid=0ED6AB46-0302-42C7-B7A5-85E75382DC6B
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - e:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Software Products Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - e:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Software Products Ltd.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Ask.com
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", "179.186.102.254"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "179.186.102.254"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "179.186.102.254"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "179.186.102.254"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - e:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - e:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - e:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - e:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\Extensions\2020Player_IKEA@2020Technologies.com [2013-10-08]
FF Extension: ProxTube - Unblock YouTube - C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\Extensions\ich@maltegoetz.de [2013-12-11]
FF Extension: Move Media Player - C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\Extensions\moveplayer@movenetworks.com [2012-03-07]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-03-07]
FF Extension: PopupMaster - C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2d} [2012-03-07]
FF Extension: Live HTTP Headers - C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2012-03-07]
FF Extension: DownloadHelper - C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-24]
FF Extension: Flash and Video Download - C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-03-26]
FF Extension: BatchDownload - C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\Extensions\batchdownload@panshisoft.cn.xpi [2013-01-17]
FF Extension: FlashGot - C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012-09-27]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Google Global - C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\Extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}.xpi [2014-01-18]
FF Extension: Tab Mix Plus - C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-03-07]
FF Extension: DownThemAll! - C:\Users\W\AppData\Roaming\Mozilla\Firefox\Profiles\v0g430il.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-07-05]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 KinoniSvc; C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [525312 2013-02-26] ()
S4 NeroMediaHomeService.4; E:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2010-03-08] (Nero AG)
R2 R-Wipe and Clean Task Service; E:\Program Files (x86)\R-Wipe&Clean\RwcTaskService.exe [111104 2013-12-23] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)
R2 TomTomHOMEService; E:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92632 2012-06-21] (TomTom)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R3 WinHttpAutoProxySvc; winhttp.dll [X]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [14760 2011-12-06] ()
R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [14760 2011-12-06] ()
R3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2013-02-26] (Windows (R) Win 7 DDK provider)
R3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2013-02-26] (Windows (R) Win 7 DDK provider)
S3 NPF; C:\Windows\System32\drivers\npf.sys [40464 2007-11-06] (CACE Technologies)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2012-04-15] (Duplex Secure Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DRHARD; \??\C:\Windows\system32\DRIVERS\DRHARD.SYS [X]
S3 EverestDriver; \??\W:\Downloads\Everest Ultimate Edition v.5.50.2225 beta (portable)\kerneld.amd64 [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-29 16:38 - 2014-03-29 16:38 - 00000000 ____D () C:\Windows\ERUNT
2014-03-29 16:13 - 2014-03-29 16:14 - 00000000 ____D () C:\AdwCleaner
2014-03-29 16:12 - 2014-03-29 15:40 - 01950720 _____ () C:\Users\W\Desktop\adwcleaner.exe
2014-03-29 15:42 - 2014-03-29 16:11 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-29 15:41 - 2014-03-29 15:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-29 15:41 - 2014-03-29 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 15:41 - 2014-03-29 15:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-29 15:41 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-29 15:41 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-29 15:41 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-28 18:38 - 2014-03-28 18:38 - 00026163 _____ () C:\ComboFix.txt
2014-03-28 18:13 - 2014-03-28 18:38 - 00000000 ____D () C:\Qoobox
2014-03-28 18:13 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-28 18:13 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-28 18:13 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-28 18:13 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-28 18:13 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-28 18:13 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-28 18:13 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-28 18:13 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-28 18:12 - 2014-03-28 18:37 - 00000000 ____D () C:\Windows\erdnt
2014-03-28 18:07 - 2014-03-28 18:07 - 00000000 ____D () C:\Users\W\AppData\Roaming\DropboxMaster
2014-03-28 17:50 - 2014-03-28 17:50 - 00000920 _____ () C:\Users\W\Desktop\Revo Uninstaller.lnk
2014-03-28 17:49 - 2014-03-28 17:49 - 05192353 ____R (Swearware) C:\Users\W\Desktop\ComboFix.exe
2014-03-28 15:13 - 2014-03-28 15:13 - 00000496 _____ () C:\Users\W\Desktop\defogger_disable.log
2014-03-28 15:13 - 2014-03-28 15:13 - 00000020 _____ () C:\Users\W\defogger_reenable
2014-03-28 15:12 - 2014-03-28 15:12 - 00050477 _____ () C:\Users\W\Desktop\Defogger.exe
2014-03-28 14:39 - 2014-03-29 16:45 - 00000000 ____D () C:\FRST
2014-03-14 19:06 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 19:06 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 19:06 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 19:06 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 19:06 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 19:06 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 19:06 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 19:06 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 19:06 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 19:06 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 19:06 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 19:06 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 19:06 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 19:06 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 19:06 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 19:06 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 19:06 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 19:06 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 19:06 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 19:06 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-14 19:06 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 19:06 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 19:06 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 19:06 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 19:06 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-14 19:06 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-14 19:06 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-14 19:06 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 19:06 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 19:06 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 19:06 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 19:06 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 19:06 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 19:06 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-14 19:06 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 19:06 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 19:06 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 19:06 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 19:06 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 19:06 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 19:06 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 19:06 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 19:06 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 19:06 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 19:05 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 19:05 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 19:05 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 19:05 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 14:56 - 2014-03-11 14:56 - 00000945 _____ () C:\Users\Public\Desktop\Wondershare Dr.Fone für iOS.lnk
2014-03-11 14:56 - 2014-03-11 14:56 - 00000000 ____D () C:\Users\W\AppData\Local\Wondershare
2014-03-11 14:55 - 2014-03-11 14:55 - 00000000 ____D () C:\ProgramData\Wondershare
2014-03-11 14:55 - 2014-02-27 17:36 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2014-03-11 14:55 - 2014-02-27 17:36 - 00052832 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\Drivers\libusb0.sys
2014-03-06 14:19 - 2014-03-06 14:19 - 00002764 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-06 14:19 - 2014-03-06 14:19 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-06 14:19 - 2014-03-06 14:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-05 22:43 - 2014-03-05 22:43 - 00000647 _____ () C:\Users\Public\Desktop\R-Wipe&Clean.lnk
2014-03-03 19:11 - 2014-03-03 19:11 - 00001080 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-03-01 19:07 - 2014-03-01 19:07 - 00000847 _____ () C:\Users\W\Desktop\TumblRipper.lnk
2014-03-01 19:07 - 2014-03-01 19:07 - 00000000 ____D () C:\Users\W\AppData\Roaming\TumblRipper2
2014-03-01 19:06 - 2014-03-01 19:06 - 00021113 _____ () C:\Users\W\Desktop\TumblRipper.zip
2014-02-28 19:24 - 2014-02-28 19:24 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-28 19:24 - 2014-02-28 19:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-28 19:24 - 2014-02-28 19:24 - 00000000 ____D () C:\Program Files\iTunes
2014-02-28 19:24 - 2014-02-28 19:24 - 00000000 ____D () C:\Program Files\iPod
2014-02-28 19:24 - 2014-02-28 19:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-28 18:33 - 2014-02-28 18:33 - 00000000 ____D () C:\Program Files (x86)\GUM8D4B.tmp
==================== One Month Modified Files and Folders =======
2014-03-29 16:45 - 2014-03-28 14:39 - 00000000 ____D () C:\FRST
2014-03-29 16:38 - 2014-03-29 16:38 - 00000000 ____D () C:\Windows\ERUNT
2014-03-29 16:26 - 2012-09-01 07:57 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-29 16:24 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-29 16:24 - 2009-07-14 05:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-29 16:18 - 2012-03-08 17:13 - 00000000 ___RD () C:\Users\W\Dropbox
2014-03-29 16:18 - 2012-03-08 17:11 - 00000000 ____D () C:\Users\W\AppData\Roaming\Dropbox
2014-03-29 16:16 - 2012-09-01 07:57 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-29 16:16 - 2010-11-21 04:47 - 00903762 _____ () C:\Windows\PFRO.log
2014-03-29 16:16 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-29 16:16 - 2009-07-14 05:51 - 00069025 _____ () C:\Windows\setupact.log
2014-03-29 16:15 - 2012-03-07 14:36 - 01319678 _____ () C:\Windows\WindowsUpdate.log
2014-03-29 16:14 - 2014-03-29 16:13 - 00000000 ____D () C:\AdwCleaner
2014-03-29 16:11 - 2014-03-29 15:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-29 16:05 - 2013-05-28 20:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-29 15:41 - 2014-03-29 15:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-29 15:41 - 2014-03-29 15:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 15:41 - 2014-03-29 15:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-29 15:40 - 2014-03-29 16:12 - 01950720 _____ () C:\Users\W\Desktop\adwcleaner.exe
2014-03-29 02:00 - 2012-03-08 18:16 - 00000000 ____D () C:\Users\W\AppData\Local\Adobe
2014-03-28 18:38 - 2014-03-28 18:38 - 00026163 _____ () C:\ComboFix.txt
2014-03-28 18:38 - 2014-03-28 18:13 - 00000000 ____D () C:\Qoobox
2014-03-28 18:38 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-28 18:37 - 2014-03-28 18:12 - 00000000 ____D () C:\Windows\erdnt
2014-03-28 18:33 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-28 18:31 - 2009-07-14 03:34 - 79429632 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-03-28 18:31 - 2009-07-14 03:34 - 18087936 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-03-28 18:31 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-03-28 18:31 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-03-28 18:31 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-03-28 18:07 - 2014-03-28 18:07 - 00000000 ____D () C:\Users\W\AppData\Roaming\DropboxMaster
2014-03-28 18:07 - 2012-03-07 14:41 - 00000000 ___RD () C:\Users\W\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-28 18:06 - 2012-03-08 17:13 - 00001001 _____ () C:\Users\W\Desktop\Dropbox.lnk
2014-03-28 18:06 - 2012-03-08 17:11 - 00000000 ____D () C:\Users\W\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-03-28 17:50 - 2014-03-28 17:50 - 00000920 _____ () C:\Users\W\Desktop\Revo Uninstaller.lnk
2014-03-28 17:49 - 2014-03-28 17:49 - 05192353 ____R (Swearware) C:\Users\W\Desktop\ComboFix.exe
2014-03-28 15:13 - 2014-03-28 15:13 - 00000496 _____ () C:\Users\W\Desktop\defogger_disable.log
2014-03-28 15:13 - 2014-03-28 15:13 - 00000020 _____ () C:\Users\W\defogger_reenable
2014-03-28 15:13 - 2012-03-07 14:40 - 00000000 ____D () C:\Users\W
2014-03-28 15:12 - 2014-03-28 15:12 - 00050477 _____ () C:\Users\W\Desktop\Defogger.exe
2014-03-24 22:13 - 2012-11-08 22:11 - 00002592 _____ () C:\Windows\Sandboxie.ini
2014-03-21 16:42 - 2012-03-08 16:08 - 00000000 ____D () C:\Users\W\AppData\Local\CaptureOne
2014-03-19 03:11 - 2013-08-21 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 03:01 - 2012-03-07 16:35 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-15 03:23 - 2009-07-14 05:45 - 05031144 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 03:04 - 2012-03-07 17:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 20:46 - 2013-12-27 16:57 - 00002998 _____ () C:\Windows\System32\Tasks\{5E411295-8AC1-4B20-AB29-91F568B0A738}
2014-03-12 20:46 - 2013-12-27 16:57 - 00002998 _____ () C:\Windows\System32\Tasks\{2D2B1B2C-0BD8-40F0-AF1B-3E72F948A1CC}
2014-03-12 20:46 - 2013-01-17 12:53 - 00003092 _____ () C:\Windows\System32\Tasks\{90A1D15A-503A-44A3-8A5D-D8035699B714}
2014-03-12 20:46 - 2012-07-08 16:54 - 00003202 _____ () C:\Windows\System32\Tasks\{356806BD-924C-4059-9ABB-9E96FA0E0BA3}
2014-03-12 20:46 - 2012-03-07 22:42 - 00003156 _____ () C:\Windows\System32\Tasks\{07941C8F-B8B6-49E4-A9DE-AD5C21EA8EEA}
2014-03-12 15:05 - 2013-05-28 20:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 15:05 - 2012-08-28 13:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 15:05 - 2012-03-07 16:52 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 13:10 - 2014-02-21 17:26 - 00000000 ____D () C:\Users\W\AppData\Roaming\R-Wipe&Clean
2014-03-11 20:08 - 2012-04-02 17:47 - 00000000 ____D () C:\Users\W\Documents\Outlook-Dateien
2014-03-11 19:38 - 2014-01-15 21:32 - 00000000 ____D () C:\Users\W\AppData\Roaming\iFunbox_UserCache
2014-03-11 14:56 - 2014-03-11 14:56 - 00000945 _____ () C:\Users\Public\Desktop\Wondershare Dr.Fone für iOS.lnk
2014-03-11 14:56 - 2014-03-11 14:56 - 00000000 ____D () C:\Users\W\AppData\Local\Wondershare
2014-03-11 14:55 - 2014-03-11 14:55 - 00000000 ____D () C:\ProgramData\Wondershare
2014-03-10 23:55 - 2011-04-12 08:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-03-10 23:55 - 2011-04-12 08:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-03-10 23:55 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-06 22:48 - 2012-05-20 12:23 - 00017920 _____ () C:\Users\W\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-06 18:56 - 2013-04-06 21:41 - 00000000 ____D () C:\Users\W\AppData\Roaming\vlc
2014-03-06 14:19 - 2014-03-06 14:19 - 00002764 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-06 14:19 - 2014-03-06 14:19 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-06 14:19 - 2014-03-06 14:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-05 22:43 - 2014-03-05 22:43 - 00000647 _____ () C:\Users\Public\Desktop\R-Wipe&Clean.lnk
2014-03-05 19:47 - 2014-02-21 18:14 - 00000000 ____D () C:\ProgramData\R-Wipe&Clean
2014-03-05 09:26 - 2014-03-29 15:41 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-29 15:41 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-29 15:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-03 22:43 - 2013-08-03 13:06 - 00000000 ____D () C:\Users\W\Desktop\Crysis3
2014-03-03 19:11 - 2014-03-03 19:11 - 00001080 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-03-03 19:11 - 2012-03-12 18:52 - 00000000 ____D () C:\Users\W\AppData\Roaming\DVDVideoSoft
2014-03-03 13:04 - 2013-01-06 15:21 - 00001728 _____ () C:\Users\Public\Desktop\Joe.lnk
2014-03-03 13:02 - 2013-01-06 15:20 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-03-01 19:07 - 2014-03-01 19:07 - 00000847 _____ () C:\Users\W\Desktop\TumblRipper.lnk
2014-03-01 19:07 - 2014-03-01 19:07 - 00000000 ____D () C:\Users\W\AppData\Roaming\TumblRipper2
2014-03-01 19:06 - 2014-03-01 19:06 - 00021113 _____ () C:\Users\W\Desktop\TumblRipper.zip
2014-03-01 07:05 - 2014-03-14 19:06 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-14 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-14 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-14 19:06 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-14 19:06 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-14 19:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-14 19:06 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-14 19:06 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-14 19:06 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-14 19:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-14 19:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-14 19:06 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-14 19:06 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-14 19:06 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-14 19:06 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-14 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-14 19:06 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-14 19:06 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-14 19:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-14 19:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-14 19:06 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-14 19:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-14 19:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-14 19:06 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-14 19:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-14 19:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-14 19:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-14 19:06 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-14 19:06 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-14 19:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-14 19:06 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-14 19:06 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-14 19:06 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-14 19:06 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-14 19:06 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-14 19:06 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-14 19:06 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-14 19:06 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-14 19:06 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-14 19:06 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 19:24 - 2014-02-28 19:24 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-28 19:24 - 2014-02-28 19:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-28 19:24 - 2014-02-28 19:24 - 00000000 ____D () C:\Program Files\iTunes
2014-02-28 19:24 - 2014-02-28 19:24 - 00000000 ____D () C:\Program Files\iPod
2014-02-28 19:24 - 2014-02-28 19:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-28 18:33 - 2014-02-28 18:33 - 00000000 ____D () C:\Program Files (x86)\GUM8D4B.tmp
2014-02-27 17:36 - 2014-03-11 14:55 - 00076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2014-02-27 17:36 - 2014-03-11 14:55 - 00052832 _____ (hxxp://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\Drivers\libusb0.sys
Some content of TEMP:
====================
C:\Users\W\AppData\Local\Temp\avgnt.exe
C:\Users\W\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeub8br.dll
C:\Users\W\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-22 15:43
==================== End Of Log ============================ --- --- ---
--- --- --- |