Trojaner-Board - PUP.Optional.Multiplug und andere Infektionen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - PUP.Optional.Multiplug und andere Infektionen (https://www.trojaner-board.de/158370-pup-optional-multiplug-andere-infektionen.html)

Don_Jascha

07.09.2014 01:05

PUP.Optional.Multiplug und andere Infektionen

Hallo,

ich hoffe es kann jemand helfen. ich habe hier einen Rechner bei dem durch einen Download mehrere Schadprogramme installiert wurden. Bitdefender (installierter Antivirus) hat verschiedene Dateien gefunden und Zugriffe auf infizierte Webressourcen geblockt und die entsprechenden Daten bzw. Programme wurden entfernt bzw. deinstalliert. Leider habe ich keine separaten Log-Dateien in Bitdefender gefunden, deshalb nur eine Auflistung der gefundenen Malware:
Gen:Variant.Adware.Plush.1
Gen:Variant.Adware.Zusy.104466
Application ild_webssearches.exe
Adware.Eorezo.BJ
Application.Generic.708030

Anschließend wurde ein Scan mit Malwarebytes durchgeführt, bei dem weitere Malware gefunden wurde:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 05.09.2014
Suchlauf-Zeit: 17:21:51
Logdatei: MB_05.09.14.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.05.05
Rootkit Datenbank: v2014.08.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Ich

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 335775
Verstrichene Zeit: 10 Min, 11 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 12
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, In Quarantäne, [396084457efdae88cd01e595c53d659b],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, In Quarantäne, [396084457efdae88cd01e595c53d659b],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, In Quarantäne, [396084457efdae88cd01e595c53d659b],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, In Quarantäne, [396084457efdae88cd01e595c53d659b],
PUP.Optional.FastSearchings, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [2d6c71585b207abc5f51d08d9074758b],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TheTorntv V10, In Quarantäne, [1f7ae1e8ff7c3402729bfb627f8551af],
PUP.Optional.HQPro.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Total-1.8, In Quarantäne, [23764d7c0f6c9d99448933d0788b4db3],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1268206590-3093409484-1136636918-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [afea27a255261d19e84da598c24233cd],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1268206590-3093409484-1136636918-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [94057c4dd8a3261087aa0e4228dc35cb],
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-1268206590-3093409484-1136636918-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [cccd09c0314a40f6070c3f0b1de730d0],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b],

Registrierungswerte: 3
PUP.Optional.VOPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|VOPackage, C:\Users\Ich\AppData\Roaming\VOPackage\VOPackage.exe /runonce, In Quarantäne, [7623e2e744370d291c89ea2426ddfb05]
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [70293b8e1f5c1f176195dd82be4641bf]
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-1268206590-3093409484-1136636918-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, In Quarantäne, [c9d0d5f49cdfbf77c2522129669eb050]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 6
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15],
PUP.Optional.MultiPlug.A, C:\ProgramData\pricechop, In Quarantäne, [ecad27a26a1100368a60548ece341ae6],
PUP.Optional.CrossRider.A, C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkjbflodeemohgdgjgkabkpgeddeoiid, In Quarantäne, [4851c900ff7cd660f63b2dc05da5ff01],
PUP.Optional.CrossRider.A, C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkjbflodeemohgdgjgkabkpgeddeoiid\1.26.25_0, In Quarantäne, [4851c900ff7cd660f63b2dc05da5ff01],
PUP.Optional.MultiPlug, C:\ProgramData\Adblocker, In Quarantäne, [623773568af1979ffe85648b788af709],

Dateien: 44
PUP.Optional.TornTV.A, C:\Users\Ich\AppData\Roaming\MQDC.exe, In Quarantäne, [e5b491388eed67cf909cdfc347ba38c8],
PUP.Optional.CrossRider.A, C:\Users\Ich\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [2a6f6663cdae93a3e08bb68e31cf5ea2],
PUP.Optional.OneClickDownloader.A, C:\Users\Ich\Downloads\XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.exe, In Quarantäne, [8910f4d5265584b2014e69b75da4847c],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-1, In Quarantäne, [8e0b7257700bf5417086ab52de248878],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-11, In Quarantäne, [3c5dad1c4f2c6acc1fd77b823cc6d62a],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-3, In Quarantäne, [b0e9e1e8ec8f96a06c8a9e5fe81ac33d],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-4, In Quarantäne, [73265c6dd6a5c86ec036c93422e019e7],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-5, In Quarantäne, [4d4c5d6cd4a786b054a2a05d9e6406fa],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-5_user, In Quarantäne, [bbde8742bfbcea4c55a148b5b84acd33],
PUP.Optional.VOPackage.A, C:\Users\Ich\AppData\Roaming\VOPackage\VOPackage.exe, In Quarantäne, [7623e2e744370d291c89ea2426ddfb05],
PUP.Optional.WebSearch.A, C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\searchplugins\WebSearch.xml, In Quarantäne, [653497327b000c2afda7cf4cb44f05fb],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-1.job, Löschen bei Neustart, [4b4e3891c5b6f4429607f5677f85718f],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-11.job, Löschen bei Neustart, [6e2b81485625b87ee2bb520a4fb59c64],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-3.job, Löschen bei Neustart, [d6c3d5f43645033376275dff7490f010],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-4.job, Löschen bei Neustart, [4e4ba920651683b3fca13c2062a2619f],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-5.job, Löschen bei Neustart, [c0d940891368c76f5a43b2aad232a858],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\f602e71e-ead0-4e29-8b65-871d6c2a73b5-5_user.job, Löschen bei Neustart, [9cfd4f7a1c5f0b2bcad316460df731cf],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, Löschen bei Neustart, [0a8f8742a3d866d03380d58791733fc1],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, In Quarantäne, [7821b118b0cb69cd09ab0755e61e17e9],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, Löschen bei Neustart, [41585b6e6d0e71c58530d983c143f50b],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, In Quarantäne, [30691cad5d1eea4c288e5b010afa0ef2],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\GoogleCrashHandler.exe, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\GoogleUpdate.exe, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\GoogleUpdateBroker.exe, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\GoogleUpdateHelper.msi, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\GoogleUpdateOnDemand.exe, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\goopdate.dll, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\goopdateres_en.dll, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\npGoogleUpdate4.dll, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\psmachine.dll, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.363178\psuser.dll, In Quarantäne, [801921a8d4a7c86e0dd8647ea959b54b],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\GoogleCrashHandler.exe, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\GoogleUpdate.exe, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\GoogleUpdateBroker.exe, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\GoogleUpdateHelper.msi, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\GoogleUpdateOnDemand.exe, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\goopdate.dll, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\goopdateres_en.dll, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\npGoogleUpdate4.dll, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\psmachine.dll, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15],
PUP.Optional.GlobalUpdate.A, C:\Users\Ich\AppData\Local\Temp\comh.56723\psuser.dll, In Quarantäne, [e8b17a4fdaa16fc7d51036ac5da5eb15],
PUP.Optional.MultiPlug, C:\ProgramData\Adblocker\Osf.dat, In Quarantäne, [623773568af1979ffe85648b788af709],
PUP.Optional.WebSearch.A, C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://websearch.flyandsearch.info/?unqvl=59&idate=2014/08/21&l=1&q=");), Ersetzt,[3f5a22a7403b01359869ad74dd2839c7]
PUP.Optional.FlyAndSearch, C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://websearch.flyandsearch.info/?unqvl=59&idate=2014/08/21&l=1&q=");), Ersetzt,[82179c2d0d6e90a63e4af82b4cb9966a]

Physische Sektoren: 0
(No malicious items detected)

(end)

Dann wurde der Computer mit Spybot, Kaspersky und Housecall gescannt, wobei jeweils keine weiteren Schadprogramme gefunden wurden.
Durch DDS und OTL erstellte Log-Files wurden auf Unstimmigkeiten überprüft und grobe Auffälligkeiten beseitigt. Die aktuellem Log-Dateien von DDs, OTL, FRST und Gmer sind leider zu lang für diesen Post deswegen habe ich sie als zip Dateien angehängt.

Schon mal vielen Dank fürs durchsehen.

Viele Grüße,

Jascha

schrauber

07.09.2014 06:25

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Bitte nur die FRST logs posten.

Don_Jascha

07.09.2014 10:55

Ok, hier der FRST Log:
FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014

Ran by Ich (administrator) on MINE on 06-09-2014 22:57:16

Running from C:\Users\Ich\Downloads

Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA)

Internet Explorer Version 11

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 

Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-13] (Bitdefender)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-24] (Microsoft Corporation)

HKU\S-1-5-21-1268206590-3093409484-1136636918-1001\...\Run: [AdobeBridge] => [X]

BootExecute: autocheck autochk * sdnclean64.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)

BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)

BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default

FF Homepage: about:home

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()

FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: YouTube Unblocker - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-01]

FF Extension: Deutsch (DE) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: English (GB) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: Adblock Plus - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]

FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext

FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-24]

FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman

FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-01-24]

FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-05-02]

FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
 

Chrome: 

=======

CHR Profile: C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (HTML Saver) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-08-21]

CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-10]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)

R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-13] (Bitdefender)

S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender)

R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)

R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-22] (BitDefender LLC)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)

S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)

S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)

R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)

R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-06] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.)

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-06 22:57 - 2014-09-06 22:57 - 00013411 _____ () C:\Users\Ich\Downloads\FRST.txt

2014-09-06 22:56 - 2014-09-06 22:57 - 00000000 ____D () C:\FRST

2014-09-06 22:47 - 2014-09-06 22:48 - 02104832 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe

2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe

2014-09-06 22:33 - 2014-09-06 22:33 - 00083820 _____ () C:\Users\Ich\Desktop\OTL.Txt

2014-09-06 22:05 - 2014-09-06 22:07 - 00018261 _____ () C:\Users\Ich\Desktop\dds.txt

2014-09-06 22:05 - 2014-09-06 22:07 - 00005878 _____ () C:\Users\Ich\Desktop\attach.txt

2014-09-06 22:01 - 2014-09-06 22:01 - 00000168 _____ () C:\Windows\setupact.log

2014-09-06 22:01 - 2014-09-06 22:01 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-06 21:22 - 2014-09-04 13:06 - 00033435 _____ () C:\Users\Ich\bookmarks-2014-09-04_201_R0v3OVKTeXmw+-jqzFT1Sg==.jsonlz4

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe

2014-09-06 11:58 - 2014-09-06 12:00 - 00000000 ____D () C:\AdwCleaner

2014-09-06 11:56 - 2014-09-06 11:56 - 01370467 _____ () C:\Users\Ich\Downloads\adwcleaner_3.309.exe

2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr

2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe

2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-09-05 17:56 - 2014-09-05 18:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-05 17:56 - 2014-09-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-09-05 17:56 - 2014-09-05 17:56 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-09-05 17:56 - 2014-09-05 17:56 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-09-05 17:56 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2014-09-05 17:54 - 2014-09-05 17:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe

2014-09-05 17:18 - 2014-09-06 22:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-05 17:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-05 17:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-05 17:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-05 17:16 - 2014-09-05 17:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-05 13:43 - 2014-09-06 10:14 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-05 13:43 - 2014-09-05 23:33 - 00004352 _____ () C:\Windows\System32\Tasks\MQDC

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-02 21:22 - 2014-09-06 14:54 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-02 21:22 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-02 21:22 - 2014-09-02 23:55 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-09-02 21:21 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Skype

2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe

2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Ich\AppData\Roaming\MQDC

2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-30 10:58 - 2014-08-30 11:00 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-30 00:37 - 2014-08-30 00:38 - 04901352 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup417.exe

2014-08-29 15:40 - 2014-08-29 15:41 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-29 12:49 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-29 12:49 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-29 12:49 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-23 14:23 - 2014-08-23 14:23 - 04813544 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup416.exe

2014-08-21 11:19 - 2014-08-21 11:19 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Program Files\Java

2014-08-21 10:54 - 2014-08-21 11:09 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Ich\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Ich\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-18 17:52 - 2014-09-06 10:24 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe

2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2014-08-12 20:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-12 20:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-12 20:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-12 20:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-12 20:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-12 20:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-12 20:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-12 20:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-12 20:00 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-12 20:00 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-12 20:00 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-12 20:00 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-12 20:00 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-12 20:00 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-12 20:00 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-12 20:00 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-12 20:00 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-12 20:00 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-12 20:00 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-12 20:00 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-12 20:00 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-12 20:00 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-12 20:00 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-12 20:00 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-12 20:00 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-12 20:00 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-12 20:00 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-12 20:00 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-12 20:00 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-12 20:00 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-12 20:00 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-12 20:00 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-12 20:00 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-12 20:00 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-12 20:00 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-12 20:00 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-12 20:00 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-12 20:00 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-12 20:00 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-12 20:00 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-12 20:00 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-12 20:00 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-12 20:00 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-12 20:00 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-12 20:00 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-12 20:00 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-12 20:00 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-12 20:00 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-12 20:00 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-12 20:00 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-12 20:00 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-12 20:00 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-12 20:00 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-12 20:00 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-12 20:00 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-12 20:00 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-12 20:00 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-12 20:00 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-12 20:00 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-12 20:00 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-12 20:00 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-12 20:00 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-12 20:00 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-12 20:00 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-12 20:00 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-12 20:00 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-08-12 20:00 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-08-12 20:00 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-08-12 20:00 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-12 20:00 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-12 20:00 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-12 20:00 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-12 20:00 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-12 20:00 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-12 20:00 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-12 19:59 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-12 19:59 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-12 19:52 - 2014-08-18 17:46 - 00000000 ____D () C:\Users\Ich\encyclios

2014-08-12 19:52 - 2014-08-12 20:13 - 00000000 ____D () C:\Users\Ich\fungi2014

2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk

2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi

2014-08-12 19:50 - 2014-08-12 19:51 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi

2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx

2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx

2014-08-12 00:05 - 2014-08-12 00:12 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige

2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc

2014-08-09 16:10 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-06 22:57 - 2014-09-06 22:57 - 00013411 _____ () C:\Users\Ich\Downloads\FRST.txt

2014-09-06 22:57 - 2014-09-06 22:56 - 00000000 ____D () C:\FRST

2014-09-06 22:48 - 2014-09-06 22:47 - 02104832 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe

2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe

2014-09-06 22:34 - 2014-09-05 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-06 22:33 - 2014-09-06 22:33 - 00083820 _____ () C:\Users\Ich\Desktop\OTL.Txt

2014-09-06 22:09 - 2014-01-23 23:27 - 01845545 _____ () C:\Windows\WindowsUpdate.log

2014-09-06 22:07 - 2014-09-06 22:05 - 00018261 _____ () C:\Users\Ich\Desktop\dds.txt

2014-09-06 22:07 - 2014-09-06 22:05 - 00005878 _____ () C:\Users\Ich\Desktop\attach.txt

2014-09-06 22:07 - 2014-01-24 14:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-06 22:06 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-06 22:06 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-06 22:01 - 2014-09-06 22:01 - 00000168 _____ () C:\Windows\setupact.log

2014-09-06 22:01 - 2014-09-06 22:01 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-06 22:01 - 2014-01-24 01:28 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-06 22:01 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-06 21:22 - 2014-01-23 23:35 - 00000000 ____D () C:\Users\Ich

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:54 - 2014-09-02 21:22 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-06 14:54 - 2014-09-02 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-06 14:54 - 2014-09-02 21:21 - 00000000 ____D () C:\ProgramData\Skype

2014-09-06 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe

2014-09-06 12:00 - 2014-09-06 11:58 - 00000000 ____D () C:\AdwCleaner

2014-09-06 11:56 - 2014-09-06 11:56 - 01370467 _____ () C:\Users\Ich\Downloads\adwcleaner_3.309.exe

2014-09-06 11:44 - 2014-01-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr

2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe

2014-09-06 10:24 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe

2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe

2014-09-06 10:14 - 2014-09-05 13:43 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-05 23:33 - 2014-09-05 13:43 - 00004352 _____ () C:\Windows\System32\Tasks\MQDC

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 18:29 - 2014-09-05 17:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-05 18:00 - 2014-09-05 17:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-09-05 17:56 - 2014-09-05 17:56 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-09-05 17:56 - 2014-09-05 17:56 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-09-05 17:55 - 2014-09-05 17:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe

2014-09-05 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-05 17:17 - 2014-09-05 17:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-05 00:00 - 2014-05-25 18:14 - 00000000 ____D () C:\Users\Ich\AppData\Local\PokerStars.EU

2014-09-04 17:28 - 2014-01-24 13:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe

2014-09-04 16:36 - 2014-05-24 10:53 - 00000000 ____D () C:\Users\Ich\Documents\mega_cache_6140226

2014-09-04 16:07 - 2014-01-24 02:00 - 00696528 _____ () C:\Windows\system32\perfh007.dat

2014-09-04 16:07 - 2014-01-24 02:00 - 00148496 _____ () C:\Windows\system32\perfc007.dat

2014-09-04 16:07 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-04 16:02 - 2014-05-02 12:11 - 00000000 ____D () C:\Users\Ich\Documents\Citavi 4

2014-09-04 13:06 - 2014-09-06 21:22 - 00033435 _____ () C:\Users\Ich\bookmarks-2014-09-04_201_R0v3OVKTeXmw+-jqzFT1Sg==.jsonlz4

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-03 08:32 - 2014-01-24 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-03 00:08 - 2014-07-06 17:25 - 00000000 ____D () C:\Users\Ich\Documents\psynetic-gifx

2014-09-02 23:55 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe

2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-01 10:18 - 2014-09-01 10:18 - 00002086 _____ () C:\Users\Ich\AppData\Roaming\MQDC

2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-30 11:00 - 2014-08-30 10:58 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-30 00:38 - 2014-08-30 00:37 - 04901352 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup417.exe

2014-08-30 00:38 - 2014-01-24 14:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-08-30 00:38 - 2014-01-24 14:55 - 00000000 ____D () C:\Program Files\CCleaner

2014-08-29 22:21 - 2014-05-25 18:14 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU

2014-08-29 16:13 - 2014-05-23 20:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA_Global

2014-08-29 15:41 - 2014-08-29 15:40 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-23 14:23 - 2014-08-23 14:23 - 04813544 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup416.exe

2014-08-23 04:07 - 2014-08-29 12:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 03:45 - 2014-08-29 12:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-23 02:59 - 2014-08-29 12:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 11:19 - 2014-08-21 11:19 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Program Files\Java

2014-08-21 11:19 - 2014-06-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-21 11:19 - 2014-05-24 15:28 - 00000000 ____D () C:\ProgramData\Oracle

2014-08-21 11:09 - 2014-08-21 10:54 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Ich\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Ich\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-08-18 20:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-08-18 17:46 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\encyclios

2014-08-18 17:45 - 2014-01-24 14:57 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-08-18 17:45 - 2014-01-24 14:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-08-18 17:45 - 2014-01-24 14:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-08-15 19:34 - 2009-07-14 09:13 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-08-14 00:05 - 2014-03-11 13:02 - 00000407 _____ () C:\Windows\system32\checkdnsid.xml

2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2014-08-13 21:37 - 2014-01-24 02:11 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll

2014-08-13 21:36 - 2014-01-24 02:52 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll

2014-08-13 21:36 - 2014-01-24 02:21 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys

2014-08-13 21:36 - 2014-01-24 02:11 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys

2014-08-13 21:36 - 2014-01-24 02:11 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll

2014-08-12 20:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-12 20:20 - 2014-01-24 00:31 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-12 20:19 - 2014-01-24 00:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-12 20:18 - 2014-01-24 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-12 20:13 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\fungi2014

2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk

2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi

2014-08-12 19:51 - 2014-08-12 19:50 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi

2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx

2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx

2014-08-12 00:12 - 2014-08-12 00:05 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige

2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc

2014-08-09 16:10 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg

2014-08-07 12:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\LiveKernelReports
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-09-06 18:40
 

==================== End Of Log ============================

--- --- ---

Don_Jascha

07.09.2014 12:14

Hier nochmal die Logs von FRSt und vielen Dank nochmal.

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014

Ran by Ich (administrator) on MINE on 07-09-2014 13:06:46

Running from C:\Users\Ich\Downloads

Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA)

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-13] (Bitdefender)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-24] (Microsoft Corporation)

HKU\S-1-5-21-1268206590-3093409484-1136636918-1001\...\Run: [AdobeBridge] => [X]

BootExecute: autocheck autochk * sdnclean64.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)

BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)

BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default

FF Homepage: about:home

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()

FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: YouTube Unblocker - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-01]

FF Extension: Deutsch (DE) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: English (GB) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: Adblock Plus - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]

FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext

FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-24]

FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman

FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-01-24]

FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-05-02]

FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
 

Chrome: 

=======

CHR Profile: C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (HTML Saver) - C:\Users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2014-08-21]

CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-10]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)

R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-13] (Bitdefender)

S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender)

R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)

R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-22] (BitDefender LLC)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)

S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)

S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)

R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)

R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.)

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-07 12:48 - 2014-09-07 13:06 - 00013025 _____ () C:\Users\Ich\Downloads\FRST.txt

2014-09-07 01:00 - 2014-09-07 11:49 - 00000168 _____ () C:\Windows\setupact.log

2014-09-07 01:00 - 2014-09-07 01:00 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-06 23:26 - 2014-09-06 23:35 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 22:56 - 2014-09-07 13:06 - 00000000 ____D () C:\FRST

2014-09-06 22:47 - 2014-09-06 22:48 - 02104832 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe

2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe

2014-09-06 21:22 - 2014-09-04 13:06 - 00033435 _____ () C:\Users\Ich\bookmarks-2014-09-04_201_R0v3OVKTeXmw+-jqzFT1Sg==.jsonlz4

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe

2014-09-06 11:58 - 2014-09-06 12:00 - 00000000 ____D () C:\AdwCleaner

2014-09-06 11:56 - 2014-09-06 11:56 - 01370467 _____ () C:\Users\Ich\Downloads\adwcleaner_3.309.exe

2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr

2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe

2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-09-05 17:56 - 2014-09-05 18:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-05 17:56 - 2014-09-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-09-05 17:56 - 2014-09-05 17:56 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-09-05 17:56 - 2014-09-05 17:56 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-09-05 17:56 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2014-09-05 17:54 - 2014-09-05 17:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe

2014-09-05 17:18 - 2014-09-07 12:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-05 17:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-05 17:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-05 17:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-05 17:16 - 2014-09-05 17:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-05 13:43 - 2014-09-06 10:14 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-02 21:22 - 2014-09-06 14:54 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-02 21:22 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-02 21:22 - 2014-09-02 23:55 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-09-02 21:21 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Skype

2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe

2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-30 10:58 - 2014-08-30 11:00 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-30 00:37 - 2014-08-30 00:38 - 04901352 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup417.exe

2014-08-29 15:40 - 2014-08-29 15:41 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-29 12:49 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-29 12:49 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-29 12:49 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-23 14:23 - 2014-08-23 14:23 - 04813544 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup416.exe

2014-08-21 11:19 - 2014-08-21 11:19 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Program Files\Java

2014-08-21 10:54 - 2014-08-21 11:09 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Ich\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Ich\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-18 17:52 - 2014-09-07 02:00 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe

2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2014-08-12 20:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-12 20:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-12 20:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-12 20:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-12 20:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-12 20:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-12 20:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-12 20:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-12 20:00 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-12 20:00 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-12 20:00 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-12 20:00 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-12 20:00 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-12 20:00 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-12 20:00 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-12 20:00 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-12 20:00 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-12 20:00 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-12 20:00 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-12 20:00 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-12 20:00 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-12 20:00 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-12 20:00 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-12 20:00 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-12 20:00 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-12 20:00 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-12 20:00 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-12 20:00 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-12 20:00 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-12 20:00 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-12 20:00 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-12 20:00 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-12 20:00 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-12 20:00 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-12 20:00 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-12 20:00 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-12 20:00 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-12 20:00 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-12 20:00 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-12 20:00 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-12 20:00 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-12 20:00 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-12 20:00 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-12 20:00 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-12 20:00 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-12 20:00 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-12 20:00 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-12 20:00 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-12 20:00 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-12 20:00 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-12 20:00 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-12 20:00 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-12 20:00 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-12 20:00 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-12 20:00 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-12 20:00 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-12 20:00 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-12 20:00 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-12 20:00 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-12 20:00 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-12 20:00 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-12 20:00 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-12 20:00 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-12 20:00 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-12 20:00 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-12 20:00 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-08-12 20:00 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-08-12 20:00 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-08-12 20:00 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-12 20:00 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-12 20:00 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-12 20:00 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-12 20:00 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-12 20:00 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-12 20:00 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-12 19:59 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-12 19:59 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-12 19:52 - 2014-08-18 17:46 - 00000000 ____D () C:\Users\Ich\encyclios

2014-08-12 19:52 - 2014-08-12 20:13 - 00000000 ____D () C:\Users\Ich\fungi2014

2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk

2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi

2014-08-12 19:50 - 2014-08-12 19:51 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi

2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx

2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx

2014-08-12 00:05 - 2014-08-12 00:12 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige

2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc

2014-08-09 16:10 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-07 13:07 - 2014-01-24 14:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-07 13:06 - 2014-09-07 12:48 - 00013025 _____ () C:\Users\Ich\Downloads\FRST.txt

2014-09-07 13:06 - 2014-09-06 22:56 - 00000000 ____D () C:\FRST

2014-09-07 12:27 - 2014-09-05 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-07 11:56 - 2014-01-23 23:27 - 01912340 _____ () C:\Windows\WindowsUpdate.log

2014-09-07 11:54 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-07 11:54 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-07 11:49 - 2014-09-07 01:00 - 00000168 _____ () C:\Windows\setupact.log

2014-09-07 11:48 - 2014-01-24 01:28 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-07 11:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-07 02:00 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe

2014-09-07 01:00 - 2014-09-07 01:00 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-06 23:35 - 2014-09-06 23:26 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 22:48 - 2014-09-06 22:47 - 02104832 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe

2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe

2014-09-06 21:22 - 2014-01-23 23:35 - 00000000 ____D () C:\Users\Ich

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:54 - 2014-09-02 21:22 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-06 14:54 - 2014-09-02 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-06 14:54 - 2014-09-02 21:21 - 00000000 ____D () C:\ProgramData\Skype

2014-09-06 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe

2014-09-06 12:00 - 2014-09-06 11:58 - 00000000 ____D () C:\AdwCleaner

2014-09-06 11:56 - 2014-09-06 11:56 - 01370467 _____ () C:\Users\Ich\Downloads\adwcleaner_3.309.exe

2014-09-06 11:44 - 2014-01-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr

2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe

2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe

2014-09-06 10:14 - 2014-09-05 13:43 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 18:29 - 2014-09-05 17:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-05 18:00 - 2014-09-05 17:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-09-05 17:56 - 2014-09-05 17:56 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-09-05 17:56 - 2014-09-05 17:56 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-09-05 17:55 - 2014-09-05 17:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe

2014-09-05 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-05 17:17 - 2014-09-05 17:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-05 00:00 - 2014-05-25 18:14 - 00000000 ____D () C:\Users\Ich\AppData\Local\PokerStars.EU

2014-09-04 17:28 - 2014-01-24 13:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe

2014-09-04 16:36 - 2014-05-24 10:53 - 00000000 ____D () C:\Users\Ich\Documents\mega_cache_6140226

2014-09-04 16:07 - 2014-01-24 02:00 - 00696528 _____ () C:\Windows\system32\perfh007.dat

2014-09-04 16:07 - 2014-01-24 02:00 - 00148496 _____ () C:\Windows\system32\perfc007.dat

2014-09-04 16:07 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-04 16:02 - 2014-05-02 12:11 - 00000000 ____D () C:\Users\Ich\Documents\Citavi 4

2014-09-04 13:06 - 2014-09-06 21:22 - 00033435 _____ () C:\Users\Ich\bookmarks-2014-09-04_201_R0v3OVKTeXmw+-jqzFT1Sg==.jsonlz4

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-03 08:32 - 2014-01-24 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-03 00:08 - 2014-07-06 17:25 - 00000000 ____D () C:\Users\Ich\Documents\psynetic-gifx

2014-09-02 23:55 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe

2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-30 11:00 - 2014-08-30 10:58 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-30 00:38 - 2014-08-30 00:37 - 04901352 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup417.exe

2014-08-30 00:38 - 2014-01-24 14:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-08-30 00:38 - 2014-01-24 14:55 - 00000000 ____D () C:\Program Files\CCleaner

2014-08-29 22:21 - 2014-05-25 18:14 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU

2014-08-29 16:13 - 2014-05-23 20:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA_Global

2014-08-29 15:41 - 2014-08-29 15:40 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-23 14:23 - 2014-08-23 14:23 - 04813544 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup416.exe

2014-08-23 04:07 - 2014-08-29 12:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 03:45 - 2014-08-29 12:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-23 02:59 - 2014-08-29 12:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 11:19 - 2014-08-21 11:19 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Program Files\Java

2014-08-21 11:19 - 2014-06-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-21 11:19 - 2014-05-24 15:28 - 00000000 ____D () C:\ProgramData\Oracle

2014-08-21 11:09 - 2014-08-21 10:54 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Ich\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Ich\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-08-18 20:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-08-18 17:46 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\encyclios

2014-08-18 17:45 - 2014-01-24 14:57 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-08-18 17:45 - 2014-01-24 14:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-08-18 17:45 - 2014-01-24 14:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-08-15 19:34 - 2009-07-14 09:13 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-08-14 00:05 - 2014-03-11 13:02 - 00000407 _____ () C:\Windows\system32\checkdnsid.xml

2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2014-08-13 21:37 - 2014-01-24 02:11 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll

2014-08-13 21:36 - 2014-01-24 02:52 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll

2014-08-13 21:36 - 2014-01-24 02:21 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys

2014-08-13 21:36 - 2014-01-24 02:11 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys

2014-08-13 21:36 - 2014-01-24 02:11 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll

2014-08-12 20:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-12 20:20 - 2014-01-24 00:31 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-12 20:19 - 2014-01-24 00:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-12 20:18 - 2014-01-24 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-12 20:13 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\fungi2014

2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk

2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi

2014-08-12 19:51 - 2014-08-12 19:50 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi

2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx

2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx

2014-08-12 00:12 - 2014-08-12 00:05 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige

2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc

2014-08-09 16:10 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-09-06 18:40
 

==================== End Of Log ============================

--- --- ---

Code:

 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2014

Ran by Ich at 2014-09-07 13:07:11

Running from C:\Users\Ich\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}

AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Ableton Live 8 (HKLM\...\{9960E64F-4FFD-429C-9739-03CAEA8C30E3}) (Version: 8.0.0.0 - Ableton)

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)

Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)

Atlas of Clinical Fungi 4.0 (HKLM-x32\...\Atlas of Clinical Fungi_is1) (Version:  - CBS)

BioEdit (HKLM-x32\...\{AF6D9313-E338-48F0-9B0C-7DE20EDB99CF}) (Version: 7.2.5.0 - Tom Hall)

Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 17.23.0.996 - Bitdefender)

CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)

Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)

Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden

Company of Heroes (HKLM-x32\...\Company of Heroes) (Version: 2.0.0.1 - THQ Inc.)

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{2A07A3D4-F6CA-4EEB-9576-3A6AC8A736CE}) (Version:  - Microsoft)

ImageMagick 6.7.5-7 Q16 (2012-03-01) (HKLM-x32\...\ImageMagick 6.7.5 Q16_is1) (Version: 6.7.5 - ImageMagick Studio LLC)

Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)

Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden

Live 8.2.4 (HKLM-x32\...\Live 8.2.4) (Version:  - )

Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MEGA6 .06 (HKLM-x32\...\{EE7E4984-0208-48E7-959C-A5F5F06F0DE0}_is1) (Version: .06 - Center for Evolutionary Medicine and Informatics)

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Standard 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden

Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Mozilla Firefox 32.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)

NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden

NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden

NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden

NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden

NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden

PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)

PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)

psynetic® Gif-X 3.00 (HKLM-x32\...\psynetic® Gif-X) (Version: 3.00 - Robert Mundt)

Scarlett Plug-in Suite 1.4 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.4 - Focusrite)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden

SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden

Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.STANDARD_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0410-1000-0000000FF1CE}_Office14.STANDARD_{B2508D75-61CF-4CC0-84C0-CF257219201D}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.STANDARD_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.STANDARD_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.STANDARD_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.STANDARD_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)

Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)

WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

12-08-2014 18:14:30 Windows Update

21-08-2014 09:20:21 Removed Java 7 Update 67

29-08-2014 11:19:25 Scheduled Checkpoint

29-08-2014 11:56:09 Windows Update

05-09-2014 14:36:03 Scheduled Checkpoint
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {01217464-065F-405E-B46D-84B678EBC318} - System32\Tasks\AdobeAAMUpdater-1.0-Mine-Ich => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)

Task: {3B7DF81D-35CD-4D69-9A33-9FC4F2CA8FC6} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-1 No Task File <==== ATTENTION

Task: {675A8C1E-2A03-41D7-A9EA-BA77ED8BB226} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe

Task: {8FC71452-62FA-494C-AF19-6467FB56A0F3} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-5 No Task File <==== ATTENTION

Task: {BEE6AFB1-F683-4E05-9143-F6AC0F045596} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-18] (Adobe Systems Incorporated)

Task: {C21E3F04-7285-4A94-8783-568F44EFB711} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-5_user No Task File <==== ATTENTION

Task: {CC100D4E-8A8E-4B42-AE0F-B0FB7244D52F} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-3 No Task File <==== ATTENTION

Task: {CD88624A-8B2A-45A4-A163-5A7F33C57192} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)

Task: {D6AA83B0-E998-4A7B-8953-25864BADA85A} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-11 No Task File <==== ATTENTION

Task: {E4B0D283-6B15-440D-9566-4FEDEA89D6A9} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-4 No Task File <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2014-01-24 02:21 - 2014-08-13 21:35 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll

2014-08-13 21:37 - 2014-08-13 21:37 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui

2014-01-24 02:21 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll

2014-01-24 02:21 - 2014-08-13 21:36 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui

2014-07-24 23:00 - 2014-07-24 23:00 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_012\ashttpbr.mdl

2014-07-24 23:00 - 2014-07-24 23:00 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_012\ashttpdsp.mdl

2014-07-24 23:00 - 2014-07-24 23:00 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_012\ashttpph.mdl

2014-07-24 23:00 - 2014-07-24 23:00 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_012\ashttprbl.mdl

2014-01-24 01:28 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-09-05 17:56 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2014-09-05 17:56 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2014-09-05 17:56 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\Users\Ich\Desktop\OTL.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\332.21-desktop-win8-win7-winvista-64bit-international-whql.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\4mr1c7mt.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\adwcleaner_3.309.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\ccsetup416.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\ccsetup417.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\Citavi4Setup.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\dds.scr:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\de-de.setup.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\focusrite-usb-2-driver-2.5.1.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\FRST64.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\gif-x_setup.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\HousecallLauncher64.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\MEGA6.06_setup.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\pdf2wordsetup11.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\PDFCreator-1_7_3_setup.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\PokerStarsInstallEU.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\scarlett-plug-in-suite-1.4.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\SkypeSetup.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\spybot-2.4.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\SvchostAnalyzer.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\winrar-x64-501d.exe:BDU
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupreg: Bitdefender Wallet => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard

MSCONFIG\startupreg: Bitdefender Wallet Agent => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"

MSCONFIG\startupreg: Bitdefender Wallet Application Agent => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description: Der Index kann nicht initialisiert werden.
 
 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: Die Anwendung kann nicht initialisiert werden.
 

Context: Windows Application
 
 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: Das Gatherer-Objekt kann nicht initialisiert werden.
 

Context: Windows Application, SystemIndex Catalog
 
 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
 

Context: Windows Application, SystemIndex Catalog
 
 

Details:

        Element not found.  (HRESULT : 0x80070490) (0x80070490)
 

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
 

Context: Windows Application, SystemIndex Catalog
 
 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )

Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
 

Context: Windows Application, SystemIndex Catalog
 
 

Details:

        The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 7042) (User: )

Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
 
 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 7040) (User: )

Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
 
 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 9000) (User: )

Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
 
 

Details:

        0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 

Error: (09/06/2014 10:01:54 PM) (Source: ESENT) (EventID: 455) (User: )

Description: Windows (3736) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00011.log.
 
 

System errors:

=============

Error: (09/06/2014 11:27:49 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: Das System wurde zuvor am ‎06.‎09.‎2014 um 23:24:56 unerwartet heruntergefahren.
 

Error: (09/06/2014 10:01:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Restart the service.
 

Error: (09/06/2014 10:01:55 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
 

Error: (09/06/2014 06:15:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Kaspersky Security Scan Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (09/06/2014 00:43:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Der Dienst "Bitdefender Virus Shield" wurde nicht richtig gestartet.
 

Error: (09/06/2014 00:03:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Restart the service.
 

Error: (09/06/2014 00:03:58 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
 

Error: (09/05/2014 01:34:35 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 

Error: (09/05/2014 01:34:34 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 

Error: (09/05/2014 01:34:33 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 

Microsoft Office Sessions:

=========================

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description: 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: Context: Windows Application
 
 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: Context: Windows Application, SystemIndex Catalog
 
 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: Context: Windows Application, SystemIndex Catalog
 
 

Details:

        Element not found.  (HRESULT : 0x80070490) (0x80070490)

Search.TripoliIndexer
 

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: Context: Windows Application, SystemIndex Catalog
 
 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Search.JetPropStore
 

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 9002) (User: )

Description: Context: Windows Application, SystemIndex Catalog
 
 

Details:

        The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 7042) (User: )

Description: 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

The catalog is corrupt
 

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 7040) (User: )

Description: 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

4700
 

Error: (09/06/2014 10:01:54 PM) (Source: Windows Search Service) (EventID: 9000) (User: )

Description: 

Details:

        0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 

Error: (09/06/2014 10:01:54 PM) (Source: ESENT) (EventID: 455) (User: )

Description: Windows3736Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00011.log-1811
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz

Percentage of memory in use: 20%

Total physical RAM: 8191.27 MB

Available physical RAM: 6507.8 MB

Total Pagefile: 16380.73 MB

Available Pagefile: 14595.74 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:390.53 GB) (Free:313.59 GB) NTFS

Drive d: () (Fixed) (Total:540.89 GB) (Free:269.94 GB) NTFS

Drive e: (Disk1) (CDROM) (Total:6.82 GB) (Free:0 GB) UDF
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 24C924C8)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=390.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=540.9 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

schrauber

07.09.2014 17:51

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Don_Jascha

07.09.2014 19:40

Hallo,

Combofix hat gemeldet Bitdefender wäre nicht ausgeschaltet, lief aber alles reibungslos. Hier der Scan von Combofix:

Combofix Logfile:

Code:

ComboFix 14-09-05.01 - Ich 07.09.2014  20:14:47.1.2 - x64

Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1033.18.8191.6460 [GMT 2:00]

ausgeführt von:: c:\users\Ich\Desktop\ComboFix.exe

AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}

FW: Bitdefender Firewall *Disabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}

SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\1390522237.bdinstall.bin

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\background.html

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\content.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\G7ELsO.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\lsdb.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\manifest.json

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\rhy.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\X2I3zl1Dgb.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\background.html

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\content.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\G7ELsO.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\rhy.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\X2I3zl1Dgb.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\background.html

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\content.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\G7ELsO.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\lsdb.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\manifest.json

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\rhy.js

c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\X2I3zl1Dgb.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\background.html

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\content.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\G7ELsO.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\lsdb.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\manifest.json

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\rhy.js

c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\X2I3zl1Dgb.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json

c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\background.html

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\content.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\G7ELsO.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\rhy.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\X2I3zl1Dgb.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\background.html

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\content.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\G7ELsO.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\rhy.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\X2I3zl1Dgb.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js

c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb

c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html

c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js

c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js

c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js

c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js

c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json

c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js

c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi

c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\background.html

c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\content.js

c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\G7ELsO.js

c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\lsdb.js

c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\manifest.json

c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\rhy.js

c:\users\Ich\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\X2I3zl1Dgb.js

c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb

c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html

c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js

c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js

c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js

c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js

c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json

c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js

c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi

c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\background.html

c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\content.js

c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\G7ELsO.js

c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\lsdb.js

c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\manifest.json

c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\rhy.js

c:\users\Ich\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\adamnmgbmigalcmgpghjdgbfbjahiagi\3.9\X2I3zl1Dgb.js

c:\users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb

c:\users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\background.html

c:\users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\content.js

c:\users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\irV0cX.js

c:\users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\LLL6.js

c:\users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\lsdb.js

c:\users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\manifest.json

c:\users\Ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\137\SGJ.js

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-08-07 bis 2014-09-07  ))))))))))))))))))))))))))))))

.

.

2014-09-07 18:21 . 2014-09-07 18:21        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-09-07 00:34 . 2014-09-07 00:34        --------        d-----w-        c:\users\Ich\AppData\Local\ElevatedDiagnostics

2014-09-06 20:56 . 2014-09-07 11:07        --------        d-----w-        C:\FRST

2014-09-06 09:58 . 2014-09-06 10:00        --------        d-----w-        C:\AdwCleaner

2014-09-05 15:56 . 2013-09-20 08:49        21040        ----a-w-        c:\windows\system32\sdnclean64.exe

2014-09-05 15:56 . 2014-09-05 16:29        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2014-09-05 15:56 . 2014-09-05 16:00        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy 2

2014-09-05 15:18 . 2014-09-07 10:27        122584        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-09-05 15:17 . 2014-09-05 15:17        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware

2014-09-05 15:17 . 2014-09-05 15:17        --------        d-----w-        c:\programdata\Malwarebytes

2014-09-05 15:17 . 2014-05-12 05:26        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys

2014-09-05 15:17 . 2014-05-12 05:26        91352        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2014-09-05 15:17 . 2014-05-12 05:25        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys

2014-09-02 19:22 . 2014-09-02 19:22        --------        d-----w-        c:\users\Ich\AppData\Local\Skype

2014-09-02 19:22 . 2014-09-02 21:55        --------        d-----w-        c:\users\Ich\AppData\Roaming\Skype

2014-09-02 19:22 . 2014-09-02 19:22        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2014-09-02 19:22 . 2014-09-02 19:22        --------        d-----r-        c:\program files (x86)\Skype

2014-09-02 19:21 . 2014-09-06 12:54        --------        d-----w-        c:\programdata\Skype

2014-08-29 10:49 . 2014-08-23 02:07        404480        ----a-w-        c:\windows\system32\gdi32.dll

2014-08-29 10:49 . 2014-08-23 01:45        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll

2014-08-29 10:49 . 2014-08-23 00:59        3163648        ----a-w-        c:\windows\system32\win32k.sys

2014-08-24 19:51 . 2014-08-24 19:51        --------        d-----w-        c:\users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 19:51 . 2014-08-24 19:51        --------        d-----w-        c:\program files (x86)\MEGA6

2014-08-21 09:20 . 2014-08-21 09:20        --------        d-----w-        c:\program files (x86)\Common Files\Java

2014-08-21 09:19 . 2014-08-21 09:19        111016        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll

2014-08-21 09:19 . 2014-08-21 09:19        --------        d-----w-        c:\program files\Java

2014-08-21 08:54 . 2014-08-21 09:09        --------        d-----w-        c:\programdata\89862a08bda44ad

2014-08-21 08:54 . 2014-08-21 08:54        --------        d-----w-        c:\users\Ich\AppData\Local\Google

2014-08-21 08:54 . 2014-08-21 08:54        --------        d-----w-        c:\users\Ich\AppData\Local\Comodo

2014-08-21 08:54 . 2014-08-21 08:54        --------        d-----w-        c:\users\HomeGroupUser$

2014-08-21 08:54 . 2014-08-21 08:54        --------        d-----w-        c:\users\Guest

2014-08-21 08:54 . 2014-08-21 08:54        --------        d-----w-        c:\users\Administrator

2014-08-18 15:52 . 2014-09-07 16:43        --------        d-----w-        c:\users\Ich\AppData\Local\Adobe

2014-08-13 19:37 . 2014-08-13 19:37        1260120        ----a-w-        c:\windows\system32\drivers\avc3.sys

2014-08-12 18:15 . 2014-03-09 21:48        171160        ----a-w-        c:\windows\system32\infocardapi.dll

2014-08-12 18:15 . 2014-03-09 21:48        1389208        ----a-w-        c:\windows\system32\icardagt.exe

2014-08-12 18:15 . 2014-03-09 21:47        99480        ----a-w-        c:\windows\SysWow64\infocardapi.dll

2014-08-12 18:15 . 2014-03-09 21:47        619672        ----a-w-        c:\windows\SysWow64\icardagt.exe

2014-08-12 18:15 . 2014-06-30 22:24        8856        ----a-w-        c:\windows\system32\icardres.dll

2014-08-12 18:15 . 2014-06-30 22:14        8856        ----a-w-        c:\windows\SysWow64\icardres.dll

2014-08-12 18:15 . 2014-06-06 06:16        35480        ----a-w-        c:\windows\SysWow64\TsWpfWrp.exe

2014-08-12 18:15 . 2014-06-06 06:12        35480        ----a-w-        c:\windows\system32\TsWpfWrp.exe

2014-08-12 17:59 . 2014-07-14 02:02        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll

2014-08-12 17:59 . 2014-07-14 01:40        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll

2014-08-12 17:52 . 2014-08-18 15:46        --------        d-----w-        c:\users\Ich\encyclios

2014-08-12 17:52 . 2014-08-12 18:13        --------        d-----w-        c:\users\Ich\fungi2014

2014-08-12 17:50 . 2014-08-12 17:51        --------        d-----w-        c:\program files (x86)\Atlas of Clinical Fungi

2014-08-09 19:30 . 2014-08-09 19:30        --------        d-----w-        c:\users\Ich\AppData\Roaming\chc

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-08-18 15:45 . 2014-01-24 12:57        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-08-18 15:45 . 2014-01-24 12:57        699568        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2014-08-13 19:37 . 2014-01-24 00:11        84848        ----a-w-        c:\windows\system32\bdsandboxuiskin.dll

2014-08-13 19:36 . 2014-01-24 00:21        647752        ----a-w-        c:\windows\system32\drivers\avckf.sys

2014-08-13 19:36 . 2014-01-24 00:11        34384        ----a-w-        c:\windows\system32\bdsandboxuh.dll

2014-08-13 19:36 . 2014-01-24 00:11        419616        ----a-w-        c:\windows\system32\drivers\trufos.sys

2014-08-13 19:36 . 2014-01-24 00:52        74512        ----a-w-        c:\windows\system32\bdsandboxuiskin32.dll

2014-08-12 18:19 . 2014-01-23 22:31        99218768        ----a-w-        c:\windows\system32\MRT.exe

2014-07-25 13:50 . 2014-07-29 21:25        1291280        ----a-w-        c:\windows\SysWow64\nvspbridge.dll

2014-07-25 13:50 . 2014-01-24 13:28        1126480        ----a-w-        c:\windows\SysWow64\nvspcap.dll

2014-07-25 13:50 . 2014-07-29 21:25        1715224        ----a-w-        c:\windows\system32\nvspbridge64.dll

2014-07-25 13:50 . 2014-01-24 13:28        1283136        ----a-w-        c:\windows\system32\nvspcap64.dll

2014-07-02 20:48 . 2014-07-29 21:51        944928        ----a-w-        c:\windows\system32\NvIFR64.dll

2014-07-02 20:48 . 2014-07-29 21:51        907096        ----a-w-        c:\windows\SysWow64\NvIFR.dll

2014-07-02 20:48 . 2014-07-29 21:51        31512520        ----a-w-        c:\windows\system32\nvoglv64.dll

2014-07-02 20:48 . 2014-07-29 21:51        24196896        ----a-w-        c:\windows\SysWow64\nvoglv32.dll

2014-07-02 20:48 . 2014-07-29 21:51        16122344        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll

2014-07-02 20:48 . 2014-07-29 21:51        13922752        ----a-w-        c:\windows\system32\nvopencl.dll

2014-07-02 20:48 . 2014-07-29 21:51        12866008        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2014-07-02 20:48 . 2014-07-29 21:51        11283344        ----a-w-        c:\windows\SysWow64\nvopencl.dll

2014-07-02 20:48 . 2014-07-29 21:51        903624        ----a-w-        c:\windows\system32\NvFBC64.dll

2014-07-02 20:48 . 2014-07-29 21:51        869152        ----a-w-        c:\windows\SysWow64\NvFBC.dll

2014-07-02 20:48 . 2014-07-29 21:51        4247000        ----a-w-        c:\windows\system32\nvcuvid.dll

2014-07-02 20:48 . 2014-07-29 21:51        3989960        ----a-w-        c:\windows\SysWow64\nvcuvid.dll

2014-07-02 20:48 . 2014-07-29 21:51        22994208        ----a-w-        c:\windows\system32\nvcompiler.dll

2014-07-02 20:48 . 2014-07-29 21:51        1890080        ----a-w-        c:\windows\system32\nvdispco6434052.dll

2014-07-02 20:48 . 2014-07-29 21:51        17555104        ----a-w-        c:\windows\system32\nvd3dumx.dll

2014-07-02 20:48 . 2014-07-29 21:51        1539928        ----a-w-        c:\windows\system32\nvdispgenco6434052.dll

2014-07-02 20:48 . 2014-07-29 21:51        15294296        ----a-w-        c:\windows\SysWow64\nvcompiler.dll

2014-07-02 20:48 . 2014-07-29 21:51        13835208        ----a-w-        c:\windows\system32\nvcuda.dll

2014-07-02 20:48 . 2014-07-29 21:51        11222048        ----a-w-        c:\windows\SysWow64\nvcuda.dll

2014-07-02 20:48 . 2014-01-24 13:24        18626304        ----a-w-        c:\windows\system32\nvwgf2umx.dll

2014-07-02 20:48 . 2014-01-24 13:24        2814656        ----a-w-        c:\windows\SysWow64\nvapi.dll

2014-07-02 20:48 . 2014-01-23 23:28        75040        ----a-w-        c:\windows\system32\OpenCL.dll

2014-07-02 20:48 . 2014-01-23 23:28        61912        ----a-w-        c:\windows\SysWow64\OpenCL.dll

2014-07-02 20:48 . 2013-10-27 08:12        14498552        ----a-w-        c:\windows\SysWow64\nvd3dum.dll

2014-07-02 20:48 . 2013-10-27 08:12        3196816        ----a-w-        c:\windows\system32\nvapi64.dll

2014-07-02 18:55 . 2014-01-23 23:28        6783776        ----a-w-        c:\windows\system32\nvcpl.dll

2014-07-02 18:55 . 2014-01-23 23:28        3522392        ----a-w-        c:\windows\system32\nvsvc64.dll

2014-07-02 18:55 . 2014-01-23 23:28        935368        ----a-w-        c:\windows\system32\nvvsvc.exe

2014-07-02 18:55 . 2014-01-23 23:28        62808        ----a-w-        c:\windows\system32\nvshext.dll

2014-07-02 18:55 . 2014-01-23 23:28        386520        ----a-w-        c:\windows\system32\nvmctray.dll

2014-07-02 18:55 . 2014-01-23 23:28        2559960        ----a-w-        c:\windows\system32\nvsvcr.dll

2014-07-02 17:44 . 2014-07-29 21:54        609240        ----a-w-        c:\windows\SysWow64\nvStreaming.exe

2014-07-02 10:14 . 2014-05-27 17:00        3826628        ----a-w-        c:\windows\system32\nvcoproc.bin

2014-06-18 02:18 . 2014-07-09 20:42        692736        ----a-w-        c:\windows\system32\osk.exe

2014-06-18 01:51 . 2014-07-09 20:42        646144        ----a-w-        c:\windows\SysWow64\osk.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-08-13 568400]

"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2014-08-13 1002048]

"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2014-08-13 615256]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0\0sdnclean64.exe

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [x]

R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;tsusbhub [x]

R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe [x]

S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]

S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]

S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]

S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]

S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]

S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]

S3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys;c:\windows\SYSNATIVE\DRIVERS\ffusb2audio.sys [x]

S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]

S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2014-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-24 15:45]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2014-08-13 1743088]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-12-10 472984]

"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Citavi Picker... - file://c:\program files (x86)\Internet Explorer\Citavi Picker\ShowContextMenu.html

IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe

Notify-SDWinLogon - SDWinLogon.dll

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.14"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2014-09-07  20:24:29

ComboFix-quarantined-files.txt  2014-09-07 18:24

.

Vor Suchlauf: 10 Verzeichnis(se), 340.372.934.656 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 340.183.261.184 Bytes frei

.

- - End Of File - - 5AC64B2BE9137EC841235ECC69702872

--- --- ---

A36C5E4F47E84449FF07ED3517B43A31

Grüße,

Jascha

schrauber

08.09.2014 13:40

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Don_Jascha

08.09.2014 21:05

Servus,

hier die gewünschten Logs:

Malwarebytes:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 08.09.2014

Suchlauf-Zeit: 21:11:06

Logdatei: MB_log.txt

Administrator: Ja
 

Version: 2.00.2.1012

Malware Datenbank: v2014.09.08.06

Rootkit Datenbank: v2014.08.21.01

Lizenz: Testversion

Malware Schutz: Aktiviert

Bösartiger Webseiten Schutz: Aktiviert

Self-protection: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: Ich
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 368771

Verstrichene Zeit: 9 Min, 23 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Aktiviert

Heuristics: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 0

(No malicious items detected)
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 0

(No malicious items detected)
 

Ordner: 0

(No malicious items detected)
 

Dateien: 0

(No malicious items detected)
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

Adwcleaner:

Code:

# AdwCleaner v3.309 - Report created 08/09/2014 at 21:32:21

# Updated 02/09/2014 by Xplode

# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)

# Username : Ich - MINE

# Running from : C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe

# Option : Clean
 

***** [ Services ] *****
 
 

***** [ Files / Folders ] *****
 
 

***** [ Scheduled Tasks ] *****
 
 

***** [ Shortcuts ] *****
 
 

***** [ Registry ] *****
 

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
 

***** [ Browsers ] *****
 

-\\ Internet Explorer v11.0.9600.17239
 
 

-\\ Mozilla Firefox v32.0 (x86 de)
 

[ File : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\904y1060.default\prefs.js ]
 
 

[ File : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\prefs.js ]
 
 

*************************
 

AdwCleaner[R0].txt - [5693 octets] - [06/09/2014 11:58:05]

AdwCleaner[R1].txt - [1135 octets] - [08/09/2014 21:30:50]

AdwCleaner[S0].txt - [5800 octets] - [06/09/2014 12:00:39]

AdwCleaner[S1].txt - [1059 octets] - [08/09/2014 21:32:21]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1119 octets] ##########

JRT:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Enterprise x64

Ran by Ich on 08.09.2014 at 21:37:48,18

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Successfully deleted the following from C:\Users\Ich\AppData\Roaming\mozilla\firefox\profiles\quh1ckxf.default\prefs.js
 

user_pref("extensions.aDcG.url", "hxxp://webdriiver.in/sync2/?q=hfZ9ofV9CShEAen0rTr8qShTB6lKDzt4okmxtNtVh7n0rjnEpdsFrdY8qdk4tMFHhd9Fqda4rdkEpjk7rTCMDMlGojUMAe4Uojs4qTC6pdU9rTr

Emptied folder: C:\Users\Ich\AppData\Roaming\mozilla\firefox\profiles\quh1ckxf.default\minidumps [17 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 08.09.2014 at 21:42:52,69

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014

Ran by Ich (administrator) on MINE on 08-09-2014 21:53:55

Running from C:\Users\Ich\Downloads

Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA)

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-13] (Bitdefender)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)

BootExecute: autocheck autochk * sdnclean64.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)

BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)

BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default

FF Homepage: about:home

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()

FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: YouTube Unblocker - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-01]

FF Extension: Deutsch (DE) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: English (GB) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: Adblock Plus - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]

FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext

FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-24]

FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman

FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-01-24]

FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-05-02]

FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-10]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)

R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-13] (Bitdefender)

S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender)

R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)

S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)

R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-22] (BitDefender LLC)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)

S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)

S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)

R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)

R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-08 21:42 - 2014-09-08 21:42 - 00001185 _____ () C:\Users\Ich\Desktop\JRT.txt

2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT

2014-09-08 21:36 - 2014-09-08 21:36 - 00001199 _____ () C:\Users\Ich\Desktop\AdwCleaner[S1].txt

2014-09-08 21:33 - 2014-09-08 21:33 - 00000310 _____ () C:\Windows\PFRO.log

2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe

2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe

2014-09-08 00:51 - 2014-09-08 21:46 - 00000672 _____ () C:\Windows\setupact.log

2014-09-08 00:51 - 2014-09-08 00:51 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-07 20:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-09-07 20:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-09-07 20:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-09-07 20:10 - 2014-09-07 20:24 - 00000000 ____D () C:\Qoobox

2014-09-07 20:09 - 2014-09-07 20:22 - 00000000 ____D () C:\Windows\erdnt

2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe

2014-09-07 13:07 - 2014-09-07 13:07 - 00031771 _____ () C:\Users\Ich\Downloads\Addition.txt

2014-09-07 12:48 - 2014-09-08 21:53 - 00013061 _____ () C:\Users\Ich\Downloads\FRST.txt

2014-09-06 23:26 - 2014-09-06 23:35 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 22:56 - 2014-09-08 21:53 - 00000000 ____D () C:\FRST

2014-09-06 22:47 - 2014-09-06 22:48 - 02104832 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe

2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe

2014-09-06 11:58 - 2014-09-08 21:32 - 00000000 ____D () C:\AdwCleaner

2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr

2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe

2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-09-05 17:56 - 2014-09-05 18:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-05 17:56 - 2014-09-05 18:00 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-09-05 17:56 - 2014-09-05 17:56 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-09-05 17:56 - 2014-09-05 17:56 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-09-05 17:56 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2014-09-05 17:54 - 2014-09-05 17:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe

2014-09-05 17:18 - 2014-09-08 21:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-05 17:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-05 17:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-05 17:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-05 17:16 - 2014-09-05 17:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-05 13:43 - 2014-09-06 10:14 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-02 21:22 - 2014-09-06 14:54 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-02 21:22 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-02 21:22 - 2014-09-02 23:55 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-09-02 21:21 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Skype

2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe

2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-30 10:58 - 2014-08-30 11:00 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-30 00:37 - 2014-08-30 00:38 - 04901352 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup417.exe

2014-08-29 15:40 - 2014-08-29 15:41 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-29 12:49 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-29 12:49 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-29 12:49 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-23 14:23 - 2014-08-23 14:23 - 04813544 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup416.exe

2014-08-21 11:19 - 2014-08-21 11:19 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Program Files\Java

2014-08-21 10:54 - 2014-08-21 11:09 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-18 17:52 - 2014-09-08 20:39 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe

2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2014-08-12 20:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-12 20:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-12 20:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-12 20:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-12 20:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-12 20:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-12 20:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-12 20:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-12 20:00 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-12 20:00 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-12 20:00 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-12 20:00 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-12 20:00 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-12 20:00 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-12 20:00 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-12 20:00 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-12 20:00 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-12 20:00 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-12 20:00 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-12 20:00 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-12 20:00 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-12 20:00 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-12 20:00 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-12 20:00 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-12 20:00 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-12 20:00 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-12 20:00 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-12 20:00 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-12 20:00 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-12 20:00 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-12 20:00 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-12 20:00 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-12 20:00 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-12 20:00 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-12 20:00 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-12 20:00 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-12 20:00 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-12 20:00 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-12 20:00 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-12 20:00 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-12 20:00 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-12 20:00 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-12 20:00 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-12 20:00 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-12 20:00 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-12 20:00 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-12 20:00 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-12 20:00 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-12 20:00 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-12 20:00 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-12 20:00 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-12 20:00 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-12 20:00 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-12 20:00 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-12 20:00 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-12 20:00 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-12 20:00 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-12 20:00 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-12 20:00 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-12 20:00 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-12 20:00 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-12 20:00 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-12 20:00 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-12 20:00 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-12 20:00 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-12 20:00 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-08-12 20:00 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-08-12 20:00 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-08-12 20:00 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-12 20:00 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-12 20:00 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-12 20:00 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-12 20:00 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-12 20:00 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-12 20:00 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-12 19:59 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-12 19:59 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-12 19:52 - 2014-08-18 17:46 - 00000000 ____D () C:\Users\Ich\encyclios

2014-08-12 19:52 - 2014-08-12 20:13 - 00000000 ____D () C:\Users\Ich\fungi2014

2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk

2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi

2014-08-12 19:50 - 2014-08-12 19:51 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi

2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx

2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx

2014-08-12 00:05 - 2014-08-12 00:12 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige

2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc

2014-08-09 16:10 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-08 21:54 - 2014-09-07 12:48 - 00013061 _____ () C:\Users\Ich\Downloads\FRST.txt

2014-09-08 21:53 - 2014-09-06 22:56 - 00000000 ____D () C:\FRST

2014-09-08 21:51 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-08 21:51 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-08 21:49 - 2014-01-23 23:27 - 02053345 _____ () C:\Windows\WindowsUpdate.log

2014-09-08 21:46 - 2014-09-08 00:51 - 00000672 _____ () C:\Windows\setupact.log

2014-09-08 21:46 - 2014-01-24 01:28 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-08 21:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-08 21:42 - 2014-09-08 21:42 - 00001185 _____ () C:\Users\Ich\Desktop\JRT.txt

2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT

2014-09-08 21:36 - 2014-09-08 21:36 - 00001199 _____ () C:\Users\Ich\Desktop\AdwCleaner[S1].txt

2014-09-08 21:33 - 2014-09-08 21:33 - 00000310 _____ () C:\Windows\PFRO.log

2014-09-08 21:32 - 2014-09-06 11:58 - 00000000 ____D () C:\AdwCleaner

2014-09-08 21:10 - 2014-09-05 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe

2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe

2014-09-08 21:07 - 2014-01-24 14:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-08 20:39 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe

2014-09-08 00:51 - 2014-09-08 00:51 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-08 00:51 - 2009-07-14 07:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-09-08 00:00 - 2014-05-25 18:14 - 00000000 ____D () C:\Users\Ich\AppData\Local\PokerStars.EU

2014-09-07 21:44 - 2014-01-23 23:35 - 00000000 ____D () C:\Users\Ich

2014-09-07 20:57 - 2014-05-02 12:11 - 00000000 ____D () C:\Users\Ich\Documents\Citavi 4

2014-09-07 20:24 - 2014-09-07 20:10 - 00000000 ____D () C:\Qoobox

2014-09-07 20:22 - 2014-09-07 20:09 - 00000000 ____D () C:\Windows\erdnt

2014-09-07 20:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe

2014-09-07 13:07 - 2014-09-07 13:07 - 00031771 _____ () C:\Users\Ich\Downloads\Addition.txt

2014-09-06 23:35 - 2014-09-06 23:26 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 22:48 - 2014-09-06 22:47 - 02104832 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe

2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:54 - 2014-09-02 21:22 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-06 14:54 - 2014-09-02 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-06 14:54 - 2014-09-02 21:21 - 00000000 ____D () C:\ProgramData\Skype

2014-09-06 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe

2014-09-06 11:44 - 2014-01-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr

2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe

2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe

2014-09-06 10:14 - 2014-09-05 13:43 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 18:29 - 2014-09-05 17:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-05 18:00 - 2014-09-05 17:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-09-05 17:56 - 2014-09-05 17:56 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-09-05 17:56 - 2014-09-05 17:56 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-09-05 17:55 - 2014-09-05 17:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe

2014-09-05 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-05 17:17 - 2014-09-05 17:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-04 17:28 - 2014-01-24 13:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe

2014-09-04 16:36 - 2014-05-24 10:53 - 00000000 ____D () C:\Users\Ich\Documents\mega_cache_6140226

2014-09-04 16:07 - 2014-01-24 02:00 - 00696528 _____ () C:\Windows\system32\perfh007.dat

2014-09-04 16:07 - 2014-01-24 02:00 - 00148496 _____ () C:\Windows\system32\perfc007.dat

2014-09-04 16:07 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-03 08:32 - 2014-01-24 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-03 00:08 - 2014-07-06 17:25 - 00000000 ____D () C:\Users\Ich\Documents\psynetic-gifx

2014-09-02 23:55 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe

2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-30 11:00 - 2014-08-30 10:58 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-30 00:38 - 2014-08-30 00:37 - 04901352 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup417.exe

2014-08-30 00:38 - 2014-01-24 14:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-08-30 00:38 - 2014-01-24 14:55 - 00000000 ____D () C:\Program Files\CCleaner

2014-08-29 22:21 - 2014-05-25 18:14 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU

2014-08-29 16:13 - 2014-05-23 20:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA_Global

2014-08-29 15:41 - 2014-08-29 15:40 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-23 14:23 - 2014-08-23 14:23 - 04813544 _____ (Piriform Ltd) C:\Users\Ich\Downloads\ccsetup416.exe

2014-08-23 04:07 - 2014-08-29 12:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 03:45 - 2014-08-29 12:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-23 02:59 - 2014-08-29 12:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 11:19 - 2014-08-21 11:19 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Program Files\Java

2014-08-21 11:19 - 2014-06-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-21 11:19 - 2014-05-24 15:28 - 00000000 ____D () C:\ProgramData\Oracle

2014-08-21 11:09 - 2014-08-21 10:54 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Guest

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-08-18 20:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-08-18 17:46 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\encyclios

2014-08-18 17:45 - 2014-01-24 14:57 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-08-18 17:45 - 2014-01-24 14:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-08-18 17:45 - 2014-01-24 14:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-08-15 19:34 - 2009-07-14 09:13 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-08-14 00:05 - 2014-03-11 13:02 - 00000407 _____ () C:\Windows\system32\checkdnsid.xml

2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2014-08-13 21:37 - 2014-01-24 02:11 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll

2014-08-13 21:36 - 2014-01-24 02:52 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll

2014-08-13 21:36 - 2014-01-24 02:21 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys

2014-08-13 21:36 - 2014-01-24 02:11 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys

2014-08-13 21:36 - 2014-01-24 02:11 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll

2014-08-12 20:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-12 20:20 - 2014-01-24 00:31 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-12 20:19 - 2014-01-24 00:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-12 20:18 - 2014-01-24 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-12 20:13 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\fungi2014

2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk

2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi

2014-08-12 19:51 - 2014-08-12 19:50 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi

2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx

2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx

2014-08-12 00:12 - 2014-08-12 00:05 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige

2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2014-08-09 21:30 - 2014-08-09 21:30 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\chc

2014-08-09 16:10 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg
 

Some content of TEMP:

====================

C:\Users\Ich\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-09-06 18:40
 

==================== End Of Log ============================

--- --- ---

Grüße,

Jascha

schrauber

09.09.2014 20:35

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Don_Jascha

10.09.2014 07:50

Hallo,

irgendwie hat ESET kein Log-File generiert, allerdings hat der Scanner nur die Google-Toolbar, integriert in ein cCleaner-Update und ein Downloader für Paup, der noch auf der externen Platte war (aber nie gestartet wurde), gefunden, ansonsten wurde nix angezeigt.
Dann hier der Log von SecurityCheck:

Code:

 Results of screen317's Security Check version 0.99.87  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Bitdefender Antivirus   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 Java version out of Date! 

 Adobe Flash Player 15.0.0.152  

 Adobe Reader XI  

 Mozilla Firefox (32.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 Bitdefender Bitdefender vsserv.exe  

 Bitdefender Bitdefender updatesrv.exe  

 Bitdefender Bitdefender bdagent.exe  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

und der von FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01

Ran by Ich (administrator) on MINE on 10-09-2014 08:37:42

Running from C:\Users\Ich\Downloads

Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA)

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-13] (Bitdefender)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)

BootExecute: autocheck autochk * sdnclean64.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

ProxyServer: localhost:8080

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)

BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)

BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default

FF Homepage: about:home

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: YouTube Unblocker - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-01]

FF Extension: Deutsch (DE) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: English (GB) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: Adblock Plus - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]

FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext

FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-24]

FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman

FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-01-24]

FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-05-02]

FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-10]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)

R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-13] (Bitdefender)

S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender)

R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)

R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-22] (BitDefender LLC)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)

S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)

S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)

R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)

R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-10 08:36 - 2014-09-10 08:36 - 00000828 _____ () C:\Users\Ich\Desktop\checkup.txt

2014-09-09 22:15 - 2014-09-09 22:15 - 02347384 _____ (ESET) C:\Users\Ich\Downloads\esetsmartinstaller_deu.exe

2014-09-09 22:15 - 2014-09-09 22:15 - 00854417 _____ () C:\Users\Ich\Desktop\SecurityCheck.exe

2014-09-09 20:38 - 2014-09-10 08:37 - 00012483 _____ () C:\Users\Ich\Downloads\FRST.txt

2014-09-09 20:38 - 2014-09-09 20:38 - 00000000 ____D () C:\Users\Ich\Downloads\FRST-OlderVersion

2014-09-09 17:52 - 2014-09-09 21:46 - 00000504 _____ () C:\Windows\setupact.log

2014-09-09 17:52 - 2014-09-09 17:52 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan

2014-09-08 22:26 - 2014-09-08 22:27 - 00000085 _____ () C:\Windows\wininit.ini

2014-09-08 22:16 - 2014-09-08 22:17 - 00000000 ____D () C:\Users\Ich\Desktop\Log2

2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT

2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe

2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe

2014-09-07 20:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-09-07 20:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-09-07 20:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-09-07 20:10 - 2014-09-07 20:24 - 00000000 ____D () C:\Qoobox

2014-09-07 20:09 - 2014-09-07 20:22 - 00000000 ____D () C:\Windows\erdnt

2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe

2014-09-07 13:07 - 2014-09-07 13:07 - 00031771 _____ () C:\Users\Ich\Downloads\Addition.txt

2014-09-06 23:26 - 2014-09-06 23:35 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 22:56 - 2014-09-10 08:37 - 00000000 ____D () C:\FRST

2014-09-06 22:47 - 2014-09-09 20:38 - 02105344 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe

2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe

2014-09-06 11:58 - 2014-09-08 21:32 - 00000000 ____D () C:\AdwCleaner

2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr

2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe

2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-09-05 17:56 - 2014-09-08 22:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-05 17:56 - 2014-09-08 22:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-09-05 17:54 - 2014-09-05 17:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe

2014-09-05 17:18 - 2014-09-09 22:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-05 17:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-05 17:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-05 17:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-05 17:16 - 2014-09-05 17:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-05 13:43 - 2014-09-06 10:14 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-02 21:22 - 2014-09-06 14:54 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-02 21:22 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-02 21:22 - 2014-09-02 23:55 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-09-02 21:21 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Skype

2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe

2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-30 10:58 - 2014-08-30 11:00 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-29 15:40 - 2014-08-29 15:41 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-29 12:49 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-29 12:49 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-29 12:49 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-21 11:19 - 2014-08-21 11:19 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Program Files\Java

2014-08-21 10:54 - 2014-08-21 11:09 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-18 17:52 - 2014-09-10 02:00 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe

2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2014-08-12 20:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-12 20:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-12 20:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-12 20:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-12 20:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-12 20:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-12 20:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-12 20:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-12 20:00 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-12 20:00 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-12 20:00 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-12 20:00 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-12 20:00 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-12 20:00 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-12 20:00 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-12 20:00 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-12 20:00 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-12 20:00 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-12 20:00 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-12 20:00 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-12 20:00 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-12 20:00 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-12 20:00 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-12 20:00 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-12 20:00 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-12 20:00 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-12 20:00 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-12 20:00 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-12 20:00 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-12 20:00 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-12 20:00 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-12 20:00 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-12 20:00 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-12 20:00 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-12 20:00 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-12 20:00 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-12 20:00 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-12 20:00 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-12 20:00 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-12 20:00 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-12 20:00 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-12 20:00 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-12 20:00 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-12 20:00 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-12 20:00 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-12 20:00 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-12 20:00 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-12 20:00 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-12 20:00 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-12 20:00 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-12 20:00 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-12 20:00 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-12 20:00 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-12 20:00 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-12 20:00 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-12 20:00 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-12 20:00 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-12 20:00 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-12 20:00 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-12 20:00 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-12 20:00 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-12 20:00 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-12 20:00 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-12 20:00 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-12 20:00 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-12 20:00 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-08-12 20:00 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-08-12 20:00 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-08-12 20:00 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-12 20:00 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-12 20:00 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-12 20:00 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-12 20:00 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-12 20:00 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-12 20:00 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-12 19:59 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-12 19:59 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-12 19:52 - 2014-08-18 17:46 - 00000000 ____D () C:\Users\Ich\encyclios

2014-08-12 19:52 - 2014-08-12 20:13 - 00000000 ____D () C:\Users\Ich\fungi2014

2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk

2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi

2014-08-12 19:50 - 2014-08-12 19:51 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi

2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx

2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx

2014-08-12 00:05 - 2014-08-12 00:12 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-10 08:38 - 2014-09-09 20:38 - 00012483 _____ () C:\Users\Ich\Downloads\FRST.txt

2014-09-10 08:37 - 2014-09-06 22:56 - 00000000 ____D () C:\FRST

2014-09-10 08:36 - 2014-09-10 08:36 - 00000828 _____ () C:\Users\Ich\Desktop\checkup.txt

2014-09-10 08:34 - 2014-01-23 23:27 - 01156807 _____ () C:\Windows\WindowsUpdate.log

2014-09-10 08:07 - 2014-01-24 14:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-10 02:00 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe

2014-09-09 22:27 - 2014-09-05 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-09 22:20 - 2014-01-24 02:00 - 00696528 _____ () C:\Windows\system32\perfh007.dat

2014-09-09 22:20 - 2014-01-24 02:00 - 00148496 _____ () C:\Windows\system32\perfc007.dat

2014-09-09 22:20 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-09 22:15 - 2014-09-09 22:15 - 02347384 _____ (ESET) C:\Users\Ich\Downloads\esetsmartinstaller_deu.exe

2014-09-09 22:15 - 2014-09-09 22:15 - 00854417 _____ () C:\Users\Ich\Desktop\SecurityCheck.exe

2014-09-09 22:07 - 2014-01-24 14:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-09 22:07 - 2014-01-24 14:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-09 22:07 - 2014-01-24 14:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-09 21:51 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-09 21:51 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-09 21:46 - 2014-09-09 17:52 - 00000504 _____ () C:\Windows\setupact.log

2014-09-09 21:45 - 2014-01-24 01:28 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-09 21:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-09 20:38 - 2014-09-09 20:38 - 00000000 ____D () C:\Users\Ich\Downloads\FRST-OlderVersion

2014-09-09 20:38 - 2014-09-06 22:47 - 02105344 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe

2014-09-09 17:52 - 2014-09-09 17:52 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan

2014-09-08 23:46 - 2014-05-25 18:14 - 00000000 ____D () C:\Users\Ich\AppData\Local\PokerStars.EU

2014-09-08 22:27 - 2014-09-08 22:26 - 00000085 _____ () C:\Windows\wininit.ini

2014-09-08 22:27 - 2014-09-05 17:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-08 22:27 - 2014-09-05 17:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-09-08 22:23 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg

2014-09-08 22:17 - 2014-09-08 22:16 - 00000000 ____D () C:\Users\Ich\Desktop\Log2

2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT

2014-09-08 21:32 - 2014-09-06 11:58 - 00000000 ____D () C:\AdwCleaner

2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe

2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe

2014-09-08 00:51 - 2009-07-14 07:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-09-07 21:44 - 2014-01-23 23:35 - 00000000 ____D () C:\Users\Ich

2014-09-07 20:57 - 2014-05-02 12:11 - 00000000 ____D () C:\Users\Ich\Documents\Citavi 4

2014-09-07 20:24 - 2014-09-07 20:10 - 00000000 ____D () C:\Qoobox

2014-09-07 20:22 - 2014-09-07 20:09 - 00000000 ____D () C:\Windows\erdnt

2014-09-07 20:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe

2014-09-07 13:07 - 2014-09-07 13:07 - 00031771 _____ () C:\Users\Ich\Downloads\Addition.txt

2014-09-06 23:35 - 2014-09-06 23:26 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:54 - 2014-09-02 21:22 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-06 14:54 - 2014-09-02 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-06 14:54 - 2014-09-02 21:21 - 00000000 ____D () C:\ProgramData\Skype

2014-09-06 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe

2014-09-06 11:44 - 2014-01-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr

2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe

2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe

2014-09-06 10:14 - 2014-09-05 13:43 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-09-05 17:55 - 2014-09-05 17:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe

2014-09-05 17:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-05 17:17 - 2014-09-05 17:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-04 17:28 - 2014-01-24 13:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe

2014-09-04 16:36 - 2014-05-24 10:53 - 00000000 ____D () C:\Users\Ich\Documents\mega_cache_6140226

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-03 08:32 - 2014-01-24 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-03 00:08 - 2014-07-06 17:25 - 00000000 ____D () C:\Users\Ich\Documents\psynetic-gifx

2014-09-02 23:55 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe

2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-30 11:00 - 2014-08-30 10:58 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-30 00:38 - 2014-01-24 14:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-08-30 00:38 - 2014-01-24 14:55 - 00000000 ____D () C:\Program Files\CCleaner

2014-08-29 22:21 - 2014-05-25 18:14 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU

2014-08-29 16:13 - 2014-05-23 20:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA_Global

2014-08-29 15:41 - 2014-08-29 15:40 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-23 04:07 - 2014-08-29 12:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 03:45 - 2014-08-29 12:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-23 02:59 - 2014-08-29 12:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 11:19 - 2014-08-21 11:19 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-08-21 11:19 - 2014-08-21 11:19 - 00000000 ____D () C:\Program Files\Java

2014-08-21 11:19 - 2014-06-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-21 11:19 - 2014-05-24 15:28 - 00000000 ____D () C:\ProgramData\Oracle

2014-08-21 11:09 - 2014-08-21 10:54 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-08-18 20:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-08-18 17:46 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\encyclios

2014-08-15 19:34 - 2009-07-14 09:13 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-08-14 00:05 - 2014-03-11 13:02 - 00000407 _____ () C:\Windows\system32\checkdnsid.xml

2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2014-08-13 21:37 - 2014-01-24 02:11 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll

2014-08-13 21:36 - 2014-01-24 02:52 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll

2014-08-13 21:36 - 2014-01-24 02:21 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys

2014-08-13 21:36 - 2014-01-24 02:11 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys

2014-08-13 21:36 - 2014-01-24 02:11 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll

2014-08-12 20:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-12 20:20 - 2014-01-24 00:31 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-12 20:19 - 2014-01-24 00:31 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-12 20:18 - 2014-01-24 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-12 20:13 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\fungi2014

2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk

2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi

2014-08-12 19:51 - 2014-08-12 19:50 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi

2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx

2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx

2014-08-12 00:12 - 2014-08-12 00:05 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
 

Some content of TEMP:

====================

C:\Users\Ich\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-09-06 18:40
 

==================== End Of Log ============================

--- --- ---

Ansonsten ist mir aufgefallen, dass sich gpresult /r nicht starten lässt.

Viele Grüße und einen angenehmen Tag,

Jascha

schrauber

10.09.2014 20:09

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Zitat:

Ansonsten ist mir aufgefallen, dass sich gpresult /r nicht starten lässt.

Kommt ne Fehlermeldung?Warum willst du das starten?

Don_Jascha

10.09.2014 22:37

Hey,

hab noch mal ESET laufen lassen, um zu sehen was evtl. der Grund für das fehlen des Logs war und ich war letztlich einfach zu voreilig mit der Deinstallation von dem Scanner und hatte den Hacken bei Instalation nach Scan entfernen gesetzt..;).
Naja, jedenfalls hier nochmal die Logs:
ESET:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=ed5226eb6d97eb45a9ef9ff1e4ce944c

# engine=20091

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-09-10 06:38:23

# local_time=2014-09-10 08:38:23 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Bitdefender Antivirus'

# compatibility_mode=2063 16777213 66 100 5477 89083263 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 19847978 162004153 0 0

# scanned=256097

# found=3

# cleaned=0

# scan_time=5246

sh=E2C028A886AA7352539DEE32CBB38770C529A76E ft=1 fh=d2aeb2930bcba9f7 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1268206590-3093409484-1136636918-1001\$R1WGMA1.exe"

sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1268206590-3093409484-1136636918-1001\$RKD4IWR.exe"

sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1268206590-3093409484-1136636918-1001\$RR18TY2.exe"

Security Check:

Code:

 Results of screen317's Security Check version 0.99.87  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Bitdefender Antivirus   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 67  

 Adobe Flash Player 15.0.0.152  

 Adobe Reader XI  

 Mozilla Firefox (32.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamscheduler.exe   

 Bitdefender Bitdefender vsserv.exe  

 Bitdefender Bitdefender updatesrv.exe  

 Bitdefender Bitdefender bdagent.exe  
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014

Ran by Ich (administrator) on MINE on 10-09-2014 21:00:09

Running from C:\Users\Ich\Downloads

Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA)

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-13] (Bitdefender)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)

BootExecute: autocheck autochk * sdnclean64.exe

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

ProxyServer: localhost:8080

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)

BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)

BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default

FF Homepage: about:home

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: YouTube Unblocker - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-01]

FF Extension: Deutsch (DE) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: English (GB) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: Adblock Plus - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]

FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext

FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-24]

FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman

FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-01-24]

FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-05-02]

FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-10]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)

R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-13] (Bitdefender)

S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender)

R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)

R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-22] (BitDefender LLC)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)

S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)

S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)

R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)

R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-10 21:00 - 2014-09-10 21:00 - 00012758 _____ () C:\Users\Ich\Downloads\FRST.txt

2014-09-10 19:07 - 2014-09-10 19:07 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-09-10 18:27 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-10 18:27 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-10 18:27 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-10 18:27 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-10 18:27 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-10 18:27 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-10 18:27 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-10 18:27 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-10 18:27 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-10 18:27 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-10 18:27 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-10 18:27 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-10 18:27 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-10 18:27 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-10 18:27 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-10 18:27 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-10 18:27 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-10 18:27 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-10 18:27 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-10 18:27 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-10 18:27 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-10 18:27 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-10 18:27 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-10 18:27 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-10 18:27 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-10 18:27 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-10 18:27 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-10 18:27 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-10 18:27 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-10 18:27 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-10 18:27 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-10 18:27 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-10 18:27 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-10 18:27 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-10 18:27 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-10 18:27 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-10 18:27 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-10 18:27 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-10 18:27 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-10 18:27 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-10 18:27 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-10 18:27 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-10 18:27 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-10 18:27 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-10 18:27 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-10 18:27 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-10 18:27 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-10 18:27 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-10 18:27 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-10 18:27 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-10 18:21 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-10 18:21 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-10 18:20 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-10 18:20 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-10 18:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-10 18:20 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-10 18:20 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-10 18:20 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-10 18:20 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-10 18:20 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-10 18:20 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00000000 ____D () C:\Program Files (x86)\Java

2014-09-10 18:10 - 2014-09-10 18:10 - 00918952 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jxpiinstall.exe

2014-09-10 18:05 - 2014-09-10 18:05 - 00002094 _____ () C:\Windows\PFRO.log

2014-09-10 08:36 - 2014-09-10 20:59 - 00000843 _____ () C:\Users\Ich\Desktop\checkup.txt

2014-09-09 22:15 - 2014-09-09 22:15 - 02347384 _____ (ESET) C:\Users\Ich\Downloads\esetsmartinstaller_deu.exe

2014-09-09 22:15 - 2014-09-09 22:15 - 00854417 _____ () C:\Users\Ich\Desktop\SecurityCheck.exe

2014-09-09 20:38 - 2014-09-10 21:00 - 00000000 ____D () C:\Users\Ich\Downloads\FRST-OlderVersion

2014-09-09 20:38 - 2014-09-10 08:44 - 00044282 _____ () C:\Users\Ich\Desktop\FRST.txt

2014-09-09 17:52 - 2014-09-10 20:53 - 00001176 _____ () C:\Windows\setupact.log

2014-09-09 17:52 - 2014-09-09 17:52 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan

2014-09-08 22:26 - 2014-09-08 22:27 - 00000085 _____ () C:\Windows\wininit.ini

2014-09-08 22:16 - 2014-09-08 22:17 - 00000000 ____D () C:\Users\Ich\Desktop\Log2

2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT

2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe

2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe

2014-09-07 20:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-09-07 20:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-09-07 20:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-09-07 20:10 - 2014-09-07 20:24 - 00000000 ____D () C:\Qoobox

2014-09-07 20:09 - 2014-09-07 20:22 - 00000000 ____D () C:\Windows\erdnt

2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe

2014-09-07 13:07 - 2014-09-07 13:07 - 00031771 _____ () C:\Users\Ich\Downloads\Addition.txt

2014-09-06 23:26 - 2014-09-06 23:35 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 22:56 - 2014-09-10 21:00 - 00000000 ____D () C:\FRST

2014-09-06 22:47 - 2014-09-10 21:00 - 02105856 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe

2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe

2014-09-06 11:58 - 2014-09-08 21:32 - 00000000 ____D () C:\AdwCleaner

2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr

2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe

2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-09-05 17:56 - 2014-09-08 22:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-05 17:56 - 2014-09-08 22:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-09-05 17:54 - 2014-09-05 17:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe

2014-09-05 17:18 - 2014-09-10 18:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-05 17:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-05 17:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-05 17:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-05 17:16 - 2014-09-05 17:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-05 13:43 - 2014-09-06 10:14 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-02 21:22 - 2014-09-06 14:54 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-02 21:22 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-02 21:22 - 2014-09-02 23:55 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-09-02 21:21 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Skype

2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe

2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-30 10:58 - 2014-08-30 11:00 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-29 15:40 - 2014-08-29 15:41 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-29 12:49 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-29 12:49 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-29 12:49 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-21 10:54 - 2014-08-21 11:09 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-18 17:52 - 2014-09-10 02:00 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe

2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2014-08-12 20:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-12 20:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-12 20:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-12 20:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-12 20:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-12 20:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-12 20:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-12 20:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-12 20:00 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-12 20:00 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-08-12 20:00 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-08-12 20:00 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-08-12 20:00 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-12 20:00 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-12 20:00 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-12 20:00 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-12 20:00 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-12 20:00 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-12 20:00 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-12 19:59 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-12 19:59 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-12 19:52 - 2014-08-18 17:46 - 00000000 ____D () C:\Users\Ich\encyclios

2014-08-12 19:52 - 2014-08-12 20:13 - 00000000 ____D () C:\Users\Ich\fungi2014

2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk

2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi

2014-08-12 19:50 - 2014-08-12 19:51 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi

2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx

2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx

2014-08-12 00:05 - 2014-08-12 00:12 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-10 21:01 - 2014-09-10 21:00 - 00012758 _____ () C:\Users\Ich\Downloads\FRST.txt

2014-09-10 21:00 - 2014-09-09 20:38 - 00000000 ____D () C:\Users\Ich\Downloads\FRST-OlderVersion

2014-09-10 21:00 - 2014-09-06 22:56 - 00000000 ____D () C:\FRST

2014-09-10 21:00 - 2014-09-06 22:47 - 02105856 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe

2014-09-10 20:59 - 2014-09-10 08:36 - 00000843 _____ () C:\Users\Ich\Desktop\checkup.txt

2014-09-10 20:58 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-10 20:58 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-10 20:56 - 2014-01-23 23:27 - 01129847 _____ () C:\Windows\WindowsUpdate.log

2014-09-10 20:53 - 2014-09-09 17:52 - 00001176 _____ () C:\Windows\setupact.log

2014-09-10 20:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-10 20:52 - 2014-01-24 01:28 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-10 20:07 - 2014-01-24 14:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-10 19:07 - 2014-09-10 19:07 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-09-10 18:52 - 2014-09-05 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-10 18:27 - 2014-01-24 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-10 18:26 - 2014-01-24 04:10 - 01589404 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-10 18:26 - 2014-01-24 02:00 - 00696528 _____ () C:\Windows\system32\perfh007.dat

2014-09-10 18:26 - 2014-01-24 02:00 - 00148496 _____ () C:\Windows\system32\perfc007.dat

2014-09-10 18:26 - 2009-07-14 07:13 - 01589404 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-10 18:20 - 2014-01-24 00:31 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-10 18:20 - 2014-01-24 00:31 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-10 18:17 - 2014-05-24 15:28 - 00000000 ____D () C:\ProgramData\Oracle

2014-09-10 18:14 - 2014-09-10 18:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00000000 ____D () C:\Program Files (x86)\Java

2014-09-10 18:10 - 2014-09-10 18:10 - 00918952 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jxpiinstall.exe

2014-09-10 18:05 - 2014-09-10 18:05 - 00002094 _____ () C:\Windows\PFRO.log

2014-09-10 08:44 - 2014-09-09 20:38 - 00044282 _____ () C:\Users\Ich\Desktop\FRST.txt

2014-09-10 02:00 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe

2014-09-09 22:15 - 2014-09-09 22:15 - 02347384 _____ (ESET) C:\Users\Ich\Downloads\esetsmartinstaller_deu.exe

2014-09-09 22:15 - 2014-09-09 22:15 - 00854417 _____ () C:\Users\Ich\Desktop\SecurityCheck.exe

2014-09-09 22:07 - 2014-01-24 14:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-09 22:07 - 2014-01-24 14:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-09 22:07 - 2014-01-24 14:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-09 17:52 - 2014-09-09 17:52 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan

2014-09-08 23:46 - 2014-05-25 18:14 - 00000000 ____D () C:\Users\Ich\AppData\Local\PokerStars.EU

2014-09-08 22:27 - 2014-09-08 22:26 - 00000085 _____ () C:\Windows\wininit.ini

2014-09-08 22:27 - 2014-09-05 17:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-08 22:27 - 2014-09-05 17:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-09-08 22:23 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg

2014-09-08 22:17 - 2014-09-08 22:16 - 00000000 ____D () C:\Users\Ich\Desktop\Log2

2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT

2014-09-08 21:32 - 2014-09-06 11:58 - 00000000 ____D () C:\AdwCleaner

2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe

2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe

2014-09-08 00:51 - 2009-07-14 07:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-09-07 21:44 - 2014-01-23 23:35 - 00000000 ____D () C:\Users\Ich

2014-09-07 20:57 - 2014-05-02 12:11 - 00000000 ____D () C:\Users\Ich\Documents\Citavi 4

2014-09-07 20:24 - 2014-09-07 20:10 - 00000000 ____D () C:\Qoobox

2014-09-07 20:22 - 2014-09-07 20:09 - 00000000 ____D () C:\Windows\erdnt

2014-09-07 20:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe

2014-09-07 13:07 - 2014-09-07 13:07 - 00031771 _____ () C:\Users\Ich\Downloads\Addition.txt

2014-09-06 23:35 - 2014-09-06 23:26 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:54 - 2014-09-02 21:22 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-06 14:54 - 2014-09-02 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-06 14:54 - 2014-09-02 21:21 - 00000000 ____D () C:\ProgramData\Skype

2014-09-06 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe

2014-09-06 11:44 - 2014-01-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr

2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe

2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe

2014-09-06 10:14 - 2014-09-05 13:43 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-09-05 17:55 - 2014-09-05 17:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe

2014-09-05 17:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-05 17:17 - 2014-09-05 17:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-04 17:28 - 2014-01-24 13:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe

2014-09-04 16:36 - 2014-05-24 10:53 - 00000000 ____D () C:\Users\Ich\Documents\mega_cache_6140226

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-03 08:32 - 2014-01-24 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-03 00:08 - 2014-07-06 17:25 - 00000000 ____D () C:\Users\Ich\Documents\psynetic-gifx

2014-09-02 23:55 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe

2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-30 11:00 - 2014-08-30 10:58 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-30 00:38 - 2014-01-24 14:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-08-30 00:38 - 2014-01-24 14:55 - 00000000 ____D () C:\Program Files\CCleaner

2014-08-29 22:21 - 2014-05-25 18:14 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU

2014-08-29 16:13 - 2014-05-23 20:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA_Global

2014-08-29 15:41 - 2014-08-29 15:40 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-23 04:07 - 2014-08-29 12:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 03:45 - 2014-08-29 12:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-23 02:59 - 2014-08-29 12:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 11:19 - 2014-06-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-21 11:09 - 2014-08-21 10:54 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000394 __RSH () C:\ProgramData\ntuser.pol

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-08-19 20:05 - 2014-09-10 18:27 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-19 19:39 - 2014-09-10 18:27 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-19 01:01 - 2014-09-10 18:27 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-19 00:29 - 2014-09-10 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-19 00:29 - 2014-09-10 18:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-19 00:26 - 2014-09-10 18:27 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-19 00:20 - 2014-09-10 18:27 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-19 00:19 - 2014-09-10 18:27 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-19 00:15 - 2014-09-10 18:27 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-19 00:15 - 2014-09-10 18:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-19 00:14 - 2014-09-10 18:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-19 00:14 - 2014-09-10 18:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-19 00:08 - 2014-09-10 18:27 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-19 00:08 - 2014-09-10 18:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-19 00:08 - 2014-09-10 18:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-19 00:05 - 2014-09-10 18:27 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-19 00:03 - 2014-09-10 18:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-19 00:03 - 2014-09-10 18:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-19 00:03 - 2014-09-10 18:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-18 23:57 - 2014-09-10 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-18 23:56 - 2014-09-10 18:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-18 23:51 - 2014-09-10 18:27 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-18 23:46 - 2014-09-10 18:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-18 23:45 - 2014-09-10 18:27 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-18 23:45 - 2014-09-10 18:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-18 23:44 - 2014-09-10 18:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-18 23:44 - 2014-09-10 18:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-18 23:42 - 2014-09-10 18:27 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-18 23:40 - 2014-09-10 18:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-18 23:39 - 2014-09-10 18:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-18 23:39 - 2014-09-10 18:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-18 23:39 - 2014-09-10 18:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-18 23:38 - 2014-09-10 18:27 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-18 23:37 - 2014-09-10 18:27 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-18 23:36 - 2014-09-10 18:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-18 23:35 - 2014-09-10 18:27 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-18 23:27 - 2014-09-10 18:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-18 23:25 - 2014-09-10 18:27 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-18 23:25 - 2014-09-10 18:27 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-18 23:23 - 2014-09-10 18:27 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-18 23:23 - 2014-09-10 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-18 23:22 - 2014-09-10 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-18 23:19 - 2014-09-10 18:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-18 23:17 - 2014-09-10 18:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-18 23:17 - 2014-09-10 18:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-18 23:16 - 2014-09-10 18:27 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-18 23:15 - 2014-09-10 18:27 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-18 23:15 - 2014-09-10 18:27 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-18 23:09 - 2014-09-10 18:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-18 23:08 - 2014-09-10 18:27 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-18 23:07 - 2014-09-10 18:27 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-18 22:55 - 2014-09-10 18:27 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-18 22:46 - 2014-09-10 18:27 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-18 22:38 - 2014-09-10 18:27 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-18 22:38 - 2014-09-10 18:27 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-18 22:36 - 2014-09-10 18:27 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-18 20:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-08-18 17:46 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\encyclios

2014-08-15 19:34 - 2009-07-14 09:13 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-08-14 00:05 - 2014-03-11 13:02 - 00000407 _____ () C:\Windows\system32\checkdnsid.xml

2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2014-08-13 21:37 - 2014-01-24 02:11 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll

2014-08-13 21:36 - 2014-01-24 02:52 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll

2014-08-13 21:36 - 2014-01-24 02:21 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys

2014-08-13 21:36 - 2014-01-24 02:11 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys

2014-08-13 21:36 - 2014-01-24 02:11 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll

2014-08-12 20:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-12 20:13 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\fungi2014

2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk

2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi

2014-08-12 19:51 - 2014-08-12 19:50 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi

2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx

2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx

2014-08-12 00:12 - 2014-08-12 00:05 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
 

Some content of TEMP:

====================

C:\Users\Ich\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-09-06 18:40
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Viele Grüße

Hey,

hier der Log vom FRST Fix:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014

Ran by Ich at 2014-09-10 21:21:16 Run:1

Running from C:\Users\Ich\Desktop

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

*****************
 

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
 
 

The system needed a reboot. 
 

==== End of Fixlog ====

Wegen gpresult/r: ich wollte mir mal die Einträge anschauen, das war der Grund warum ich es starten wollte. Es gibt keine Fehlermeldung, das Fenster erscheint kurz und verschwindet dann direkt wieder, fand ich schon etwas merkwürdig, gerade auch im Hinblick auf die Chrome-Richtlinien, deswegen dachte ich melde das mal mit.

Grüße

schrauber

11.09.2014 19:21

Kommt immer drauf an wie du es gestartet hast.

Don_Jascha

11.09.2014 21:10

Was meinst Du damit? Ob es als Administrator gestartet wird oder nicht? Hatte ich jedenfalls beides ausprobiert und jedesmal ist das gleiche passiert.
Ich hab nochmal ein FRST Scan angefertigt und es gibt immer noch einen Chrome Eintrag in Relation mit Bitdefender. Könnte es sein, dass Bitdefender diesen Eintrag anlegt, auch wenn Chrome nicht installiert ist?
Hier der Log von FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014

Ran by Ich (administrator) on MINE on 11-09-2014 22:04:46

Running from C:\Users\Ich\Desktop

Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA)

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-13] (Bitdefender)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

ProxyServer: localhost:8080

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)

BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)

BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default

FF Homepage: about:home

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: YouTube Unblocker - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-01]

FF Extension: Deutsch (DE) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: English (GB) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: Adblock Plus - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]

FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext

FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-24]

FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman

FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-01-24]

FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-05-02]

FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-10]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)

R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-13] (Bitdefender)

S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender)

R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)

R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-22] (BitDefender LLC)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)

S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)

S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)

R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)

R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-11 22:04 - 2014-09-11 22:04 - 00000386 _____ () C:\Users\Ich\Desktop\txt.txt

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe Mini Bridge CS5.1

2014-09-11 09:59 - 2014-09-11 09:59 - 00000168 _____ () C:\Windows\setupact.log

2014-09-11 09:59 - 2014-09-11 09:59 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-10 21:00 - 2014-09-11 22:04 - 00012638 _____ () C:\Users\Ich\Desktop\FRST.txt

2014-09-10 18:27 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-10 18:27 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-10 18:27 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-10 18:27 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-10 18:27 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-10 18:27 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-10 18:27 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-10 18:27 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-10 18:27 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-10 18:27 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-10 18:27 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-10 18:27 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-10 18:27 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-10 18:27 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-10 18:27 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-10 18:27 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-10 18:27 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-10 18:27 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-10 18:27 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-10 18:27 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-10 18:27 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-10 18:27 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-10 18:27 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-10 18:27 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-10 18:27 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-10 18:27 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-10 18:27 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-10 18:27 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-10 18:27 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-10 18:27 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-10 18:27 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-10 18:27 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-10 18:27 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-10 18:27 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-10 18:27 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-10 18:27 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-10 18:27 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-10 18:27 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-10 18:27 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-10 18:27 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-10 18:27 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-10 18:27 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-10 18:27 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-10 18:27 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-10 18:27 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-10 18:27 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-10 18:27 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-10 18:27 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-10 18:27 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-10 18:27 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-10 18:21 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-10 18:21 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-10 18:20 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-10 18:20 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-10 18:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-10 18:20 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-10 18:20 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-10 18:20 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-10 18:20 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-10 18:20 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-10 18:20 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00000000 ____D () C:\Program Files (x86)\Java

2014-09-10 18:10 - 2014-09-10 18:10 - 00918952 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jxpiinstall.exe

2014-09-09 22:15 - 2014-09-09 22:15 - 02347384 _____ (ESET) C:\Users\Ich\Downloads\esetsmartinstaller_deu.exe

2014-09-09 22:15 - 2014-09-09 22:15 - 00854417 _____ () C:\Users\Ich\Desktop\SecurityCheck.exe

2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan

2014-09-08 22:26 - 2014-09-08 22:27 - 00000085 _____ () C:\Windows\wininit.ini

2014-09-08 22:16 - 2014-09-10 23:13 - 00000000 ____D () C:\Users\Ich\Desktop\Log2

2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT

2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe

2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe

2014-09-07 20:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-09-07 20:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-09-07 20:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-09-07 20:10 - 2014-09-07 20:24 - 00000000 ____D () C:\Qoobox

2014-09-07 20:09 - 2014-09-07 20:22 - 00000000 ____D () C:\Windows\erdnt

2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe

2014-09-07 13:07 - 2014-09-07 13:07 - 00031771 _____ () C:\Users\Ich\Downloads\Addition.txt

2014-09-06 23:26 - 2014-09-06 23:35 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 22:56 - 2014-09-11 22:04 - 00000000 ____D () C:\FRST

2014-09-06 22:47 - 2014-09-10 21:00 - 02105856 _____ (Farbar) C:\Users\Ich\Desktop\FRST64.exe

2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe

2014-09-06 11:58 - 2014-09-08 21:32 - 00000000 ____D () C:\AdwCleaner

2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr

2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe

2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-09-05 17:56 - 2014-09-08 22:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-05 17:56 - 2014-09-08 22:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-09-05 17:54 - 2014-09-05 17:55 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe

2014-09-05 17:18 - 2014-09-11 13:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-05 17:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-05 17:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-05 17:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-05 17:16 - 2014-09-05 17:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-05 13:43 - 2014-09-06 10:14 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-02 21:22 - 2014-09-06 14:54 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-02 21:22 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-02 21:22 - 2014-09-02 23:55 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-09-02 21:21 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Skype

2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe

2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-30 10:58 - 2014-08-30 11:00 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-29 15:40 - 2014-08-29 15:41 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-29 12:49 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-29 12:49 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-29 12:49 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-21 10:54 - 2014-09-10 21:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-08-21 10:54 - 2014-08-21 11:09 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-18 17:52 - 2014-09-11 20:43 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe

2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2014-08-12 20:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-12 20:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-12 20:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-12 20:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-12 20:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-12 20:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-12 20:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-12 20:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-12 20:00 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-12 20:00 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-08-12 20:00 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-08-12 20:00 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-08-12 20:00 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-08-12 20:00 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-08-12 20:00 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-12 20:00 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-12 20:00 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-12 20:00 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-12 20:00 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-12 20:00 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-12 20:00 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-12 20:00 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-12 19:59 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-12 19:59 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-12 19:52 - 2014-08-18 17:46 - 00000000 ____D () C:\Users\Ich\encyclios

2014-08-12 19:52 - 2014-08-12 20:13 - 00000000 ____D () C:\Users\Ich\fungi2014

2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk

2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi

2014-08-12 19:50 - 2014-08-12 19:51 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi

2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx

2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx

2014-08-12 00:05 - 2014-08-12 00:12 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-11 22:05 - 2014-09-10 21:00 - 00012638 _____ () C:\Users\Ich\Desktop\FRST.txt

2014-09-11 22:04 - 2014-09-11 22:04 - 00000386 _____ () C:\Users\Ich\Desktop\txt.txt

2014-09-11 22:04 - 2014-09-06 22:56 - 00000000 ____D () C:\FRST

2014-09-11 21:07 - 2014-01-24 14:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-11 20:43 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe Mini Bridge CS5.1

2014-09-11 15:19 - 2014-01-23 23:27 - 01200098 _____ () C:\Windows\WindowsUpdate.log

2014-09-11 13:02 - 2014-09-05 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-11 11:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-09-11 10:04 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-11 10:04 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-11 09:59 - 2014-09-11 09:59 - 00000168 _____ () C:\Windows\setupact.log

2014-09-11 09:59 - 2014-09-11 09:59 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-11 09:59 - 2014-01-24 01:28 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-11 09:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-11 00:28 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg

2014-09-10 23:13 - 2014-09-08 22:16 - 00000000 ____D () C:\Users\Ich\Desktop\Log2

2014-09-10 21:29 - 2014-05-25 18:14 - 00000000 ____D () C:\Users\Ich\AppData\Local\PokerStars.EU

2014-09-10 21:22 - 2014-08-21 10:54 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-09-10 21:21 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-09-10 21:00 - 2014-09-06 22:47 - 02105856 _____ (Farbar) C:\Users\Ich\Desktop\FRST64.exe

2014-09-10 18:27 - 2014-01-24 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-10 18:26 - 2014-01-24 04:10 - 01589404 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-10 18:26 - 2014-01-24 02:00 - 00696528 _____ () C:\Windows\system32\perfh007.dat

2014-09-10 18:26 - 2014-01-24 02:00 - 00148496 _____ () C:\Windows\system32\perfc007.dat

2014-09-10 18:26 - 2009-07-14 07:13 - 01589404 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-10 18:25 - 2014-01-24 00:31 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-10 18:20 - 2014-01-24 00:31 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-10 18:17 - 2014-05-24 15:28 - 00000000 ____D () C:\ProgramData\Oracle

2014-09-10 18:14 - 2014-09-10 18:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00000000 ____D () C:\Program Files (x86)\Java

2014-09-10 18:10 - 2014-09-10 18:10 - 00918952 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jxpiinstall.exe

2014-09-09 22:15 - 2014-09-09 22:15 - 02347384 _____ (ESET) C:\Users\Ich\Downloads\esetsmartinstaller_deu.exe

2014-09-09 22:15 - 2014-09-09 22:15 - 00854417 _____ () C:\Users\Ich\Desktop\SecurityCheck.exe

2014-09-09 22:07 - 2014-01-24 14:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-09 22:07 - 2014-01-24 14:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-09 22:07 - 2014-01-24 14:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan

2014-09-08 22:27 - 2014-09-08 22:26 - 00000085 _____ () C:\Windows\wininit.ini

2014-09-08 22:27 - 2014-09-05 17:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-08 22:27 - 2014-09-05 17:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT

2014-09-08 21:32 - 2014-09-06 11:58 - 00000000 ____D () C:\AdwCleaner

2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe

2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe

2014-09-08 00:51 - 2009-07-14 07:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-09-07 21:44 - 2014-01-23 23:35 - 00000000 ____D () C:\Users\Ich

2014-09-07 20:57 - 2014-05-02 12:11 - 00000000 ____D () C:\Users\Ich\Documents\Citavi 4

2014-09-07 20:24 - 2014-09-07 20:10 - 00000000 ____D () C:\Qoobox

2014-09-07 20:22 - 2014-09-07 20:09 - 00000000 ____D () C:\Windows\erdnt

2014-09-07 20:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe

2014-09-07 13:07 - 2014-09-07 13:07 - 00031771 _____ () C:\Users\Ich\Downloads\Addition.txt

2014-09-06 23:35 - 2014-09-06 23:26 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:54 - 2014-09-02 21:22 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-06 14:54 - 2014-09-02 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-06 14:54 - 2014-09-02 21:21 - 00000000 ____D () C:\ProgramData\Skype

2014-09-06 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe

2014-09-06 11:44 - 2014-01-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr

2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe

2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe

2014-09-06 10:14 - 2014-09-05 13:43 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 17:57 - 2014-09-05 17:57 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-09-05 17:55 - 2014-09-05 17:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Ich\Downloads\spybot-2.4.exe

2014-09-05 17:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-05 17:17 - 2014-09-05 17:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-04 17:28 - 2014-01-24 13:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe

2014-09-04 16:36 - 2014-05-24 10:53 - 00000000 ____D () C:\Users\Ich\Documents\mega_cache_6140226

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-03 08:32 - 2014-01-24 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-03 00:08 - 2014-07-06 17:25 - 00000000 ____D () C:\Users\Ich\Documents\psynetic-gifx

2014-09-02 23:55 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe

2014-09-02 20:00 - 2014-09-02 20:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-08-30 12:42 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-30 11:00 - 2014-08-30 10:58 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-30 00:38 - 2014-01-24 14:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-08-30 00:38 - 2014-01-24 14:55 - 00000000 ____D () C:\Program Files\CCleaner

2014-08-29 22:21 - 2014-05-25 18:14 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU

2014-08-29 16:13 - 2014-05-23 20:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA_Global

2014-08-29 15:41 - 2014-08-29 15:40 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-23 04:07 - 2014-08-29 12:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 03:45 - 2014-08-29 12:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-23 02:59 - 2014-08-29 12:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 11:19 - 2014-06-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-21 11:09 - 2014-08-21 10:54 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-08-19 20:05 - 2014-09-10 18:27 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-19 19:39 - 2014-09-10 18:27 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-19 01:01 - 2014-09-10 18:27 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-19 00:29 - 2014-09-10 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-19 00:29 - 2014-09-10 18:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-19 00:26 - 2014-09-10 18:27 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-19 00:20 - 2014-09-10 18:27 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-19 00:19 - 2014-09-10 18:27 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-19 00:15 - 2014-09-10 18:27 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-19 00:15 - 2014-09-10 18:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-19 00:14 - 2014-09-10 18:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-19 00:14 - 2014-09-10 18:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-19 00:08 - 2014-09-10 18:27 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-19 00:08 - 2014-09-10 18:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-19 00:08 - 2014-09-10 18:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-19 00:05 - 2014-09-10 18:27 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-19 00:03 - 2014-09-10 18:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-19 00:03 - 2014-09-10 18:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-19 00:03 - 2014-09-10 18:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-18 23:57 - 2014-09-10 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-18 23:56 - 2014-09-10 18:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-18 23:51 - 2014-09-10 18:27 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-18 23:46 - 2014-09-10 18:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-18 23:45 - 2014-09-10 18:27 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-18 23:45 - 2014-09-10 18:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-18 23:44 - 2014-09-10 18:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-18 23:44 - 2014-09-10 18:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-18 23:42 - 2014-09-10 18:27 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-18 23:40 - 2014-09-10 18:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-18 23:39 - 2014-09-10 18:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-18 23:39 - 2014-09-10 18:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-18 23:39 - 2014-09-10 18:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-18 23:38 - 2014-09-10 18:27 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-18 23:37 - 2014-09-10 18:27 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-18 23:36 - 2014-09-10 18:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-18 23:35 - 2014-09-10 18:27 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-18 23:27 - 2014-09-10 18:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-18 23:25 - 2014-09-10 18:27 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-18 23:25 - 2014-09-10 18:27 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-18 23:23 - 2014-09-10 18:27 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-18 23:23 - 2014-09-10 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-18 23:22 - 2014-09-10 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-18 23:19 - 2014-09-10 18:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-18 23:17 - 2014-09-10 18:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-18 23:17 - 2014-09-10 18:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-18 23:16 - 2014-09-10 18:27 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-18 23:15 - 2014-09-10 18:27 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-18 23:15 - 2014-09-10 18:27 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-18 23:09 - 2014-09-10 18:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-18 23:08 - 2014-09-10 18:27 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-18 23:07 - 2014-09-10 18:27 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-18 22:55 - 2014-09-10 18:27 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-18 22:46 - 2014-09-10 18:27 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-18 22:38 - 2014-09-10 18:27 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-18 22:38 - 2014-09-10 18:27 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-18 22:36 - 2014-09-10 18:27 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-18 17:46 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\encyclios

2014-08-15 19:34 - 2009-07-14 09:13 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-08-14 00:05 - 2014-03-11 13:02 - 00000407 _____ () C:\Windows\system32\checkdnsid.xml

2014-08-13 21:37 - 2014-08-13 21:37 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2014-08-13 21:37 - 2014-01-24 02:11 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll

2014-08-13 21:36 - 2014-01-24 02:52 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll

2014-08-13 21:36 - 2014-01-24 02:21 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys

2014-08-13 21:36 - 2014-01-24 02:11 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys

2014-08-13 21:36 - 2014-01-24 02:11 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll

2014-08-12 20:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-12 20:13 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\fungi2014

2014-08-12 19:51 - 2014-08-12 19:51 - 00001207 _____ () C:\Users\Public\Desktop\Atlas of Clinical Fungi.lnk

2014-08-12 19:51 - 2014-08-12 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlas of Clinical Fungi

2014-08-12 19:51 - 2014-08-12 19:50 - 00000000 ____D () C:\Program Files (x86)\Atlas of Clinical Fungi

2014-08-12 01:05 - 2014-08-12 01:05 - 15798272 _____ () C:\Users\Ich\Documents\ereignisdat2.evtx

2014-08-12 01:04 - 2014-08-12 01:04 - 12652544 _____ () C:\Users\Ich\Documents\ereignisdat.evtx

2014-08-12 00:12 - 2014-08-12 00:05 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-09-06 18:40
 

==================== End Of Log ============================

--- --- ---

Grüße

schrauber

12.09.2014 20:03

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ProxyServer: localhost:8080

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Das hat nix mit Bitdefender zu tun.

http://www.deeprybka.trojaner-board....r/wraioneu.PNG

Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.

http://deeprybka.trojaner-board.de/b...srepair271.png

Don_Jascha

12.09.2014 20:44

Hallo,

danke für die Info und hier ist der Fixlog:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014

Ran by Ich at 2014-09-12 21:40:32 Run:3

Running from C:\Users\Ich\Desktop

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

ProxyServer: localhost:8080

*****************
 

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
 

==== End of Fixlog ====

schrauber

13.09.2014 18:33

Noch Probleme?

Don_Jascha

13.09.2014 20:12

Hallo,

danke nochmal,
im FRST Log werden noch Einträge unter Chrome angezeigt und im Addition-Log wird auf sechs Tasks ohne Datei hingewiesen. Ansonsten ist mir soweit erstmal nichts mehr aufgefallen..;).

Hier der FRST-Log:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014

Ran by Ich (administrator) on MINE on 13-09-2014 20:22:13

Running from C:\Users\Ich\Desktop

Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA)

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-13] (Bitdefender)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)

HKU\S-1-5-21-1268206590-3093409484-1136636918-1001\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)

HKU\S-1-5-21-1268206590-3093409484-1136636918-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)

HKU\S-1-5-21-1268206590-3093409484-1136636918-1001\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)

BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)

BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default

FF Homepage: about:home

FF NetworkProxy: "no_proxies_on", ""

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: YouTube Unblocker - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-01]

FF Extension: Deutsch (DE) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: English (GB) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: Adblock Plus - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]

FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext

FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-24]

FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman

FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-01-24]

FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-05-02]

FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-10]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)

R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-13] (Bitdefender)

S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender)

R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)

R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-22] (BitDefender LLC)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)

S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)

S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)

R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)

R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-13 12:01 - 2014-09-13 12:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-12 23:35 - 2014-09-13 15:28 - 00000672 _____ () C:\Windows\setupact.log

2014-09-12 23:35 - 2014-09-12 23:35 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-12 22:36 - 2014-09-12 22:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MINE-Microsoft-Windows-7-Enterprise-(64-bit).dat

2014-09-12 22:36 - 2014-09-12 22:36 - 00000000 ____D () C:\RegBackup

2014-09-12 21:47 - 2014-09-12 21:47 - 00002163 _____ () C:\Users\Ich\Desktop\Tweaking.com - Windows Repair (All in One).lnk

2014-09-12 21:47 - 2014-09-12 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2014-09-12 21:47 - 2014-09-12 21:47 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com

2014-09-12 21:38 - 2014-09-12 21:39 - 09526552 _____ () C:\Users\Ich\Downloads\tweaking.com_windows_repair_aio_setup.exe

2014-09-12 13:20 - 2014-09-12 13:20 - 00000000 ____D () C:\Users\Ich\AppData\Local\Apps\2.0

2014-09-12 12:14 - 2014-09-13 00:49 - 00031274 _____ () C:\Users\Ich\Desktop\Addition.txt

2014-09-12 12:10 - 2014-09-12 12:10 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ich\Downloads\revosetup95.exe

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe Mini Bridge CS5.1

2014-09-10 21:00 - 2014-09-13 20:22 - 00013392 _____ () C:\Users\Ich\Desktop\FRST.txt

2014-09-10 18:27 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-10 18:27 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-10 18:27 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-10 18:27 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-10 18:27 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-10 18:27 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-10 18:27 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-10 18:27 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-10 18:27 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-10 18:27 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-10 18:27 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-10 18:27 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-10 18:27 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-10 18:27 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-10 18:27 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-10 18:27 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-10 18:27 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-10 18:27 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-10 18:27 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-10 18:27 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-10 18:27 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-10 18:27 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-10 18:27 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-10 18:27 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-10 18:27 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-10 18:27 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-10 18:27 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-10 18:27 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-10 18:27 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-10 18:27 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-10 18:27 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-10 18:27 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-10 18:27 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-10 18:27 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-10 18:27 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-10 18:27 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-10 18:27 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-10 18:27 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-10 18:27 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-10 18:27 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-10 18:27 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-10 18:27 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-10 18:27 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-10 18:27 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-10 18:27 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-10 18:27 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-10 18:27 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-10 18:27 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-10 18:27 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-10 18:27 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-10 18:21 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-10 18:21 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-10 18:20 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-10 18:20 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-10 18:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-10 18:20 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-10 18:20 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-10 18:20 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-10 18:20 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-10 18:20 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-10 18:20 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00000000 ____D () C:\Program Files (x86)\Java

2014-09-10 18:10 - 2014-09-10 18:10 - 00918952 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jxpiinstall.exe

2014-09-09 22:15 - 2014-09-09 22:15 - 02347384 _____ (ESET) C:\Users\Ich\Downloads\esetsmartinstaller_deu.exe

2014-09-09 22:15 - 2014-09-09 22:15 - 00854417 _____ () C:\Users\Ich\Desktop\SecurityCheck.exe

2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan

2014-09-08 22:26 - 2014-09-08 22:27 - 00000085 _____ () C:\Windows\wininit.ini

2014-09-08 22:16 - 2014-09-10 23:13 - 00000000 ____D () C:\Users\Ich\Desktop\Log2

2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT

2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe

2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe

2014-09-07 20:12 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-09-07 20:12 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-09-07 20:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2014-09-07 20:12 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2014-09-07 20:10 - 2014-09-07 20:24 - 00000000 ____D () C:\Qoobox

2014-09-07 20:09 - 2014-09-07 20:22 - 00000000 ____D () C:\Windows\erdnt

2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe

2014-09-06 23:26 - 2014-09-06 23:35 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 22:56 - 2014-09-13 20:22 - 00000000 ____D () C:\FRST

2014-09-06 22:47 - 2014-09-10 21:00 - 02105856 _____ (Farbar) C:\Users\Ich\Desktop\FRST64.exe

2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe

2014-09-06 11:58 - 2014-09-08 21:32 - 00000000 ____D () C:\AdwCleaner

2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr

2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe

2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 17:56 - 2014-09-08 22:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-05 17:18 - 2014-09-13 15:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-05 17:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-05 17:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-05 17:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-05 17:16 - 2014-09-05 17:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-05 13:43 - 2014-09-06 10:14 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-02 21:22 - 2014-09-06 14:54 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-02 21:22 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-02 21:22 - 2014-09-02 23:55 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-09-02 21:21 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Skype

2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe

2014-08-30 12:42 - 2014-09-12 23:13 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-30 10:58 - 2014-09-12 23:03 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-29 15:40 - 2014-08-29 15:41 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-29 12:49 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-29 12:49 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-29 12:49 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-21 10:54 - 2014-09-10 21:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-08-21 10:54 - 2014-08-21 11:09 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-18 17:52 - 2014-09-13 11:58 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-13 20:22 - 2014-09-10 21:00 - 00013392 _____ () C:\Users\Ich\Desktop\FRST.txt

2014-09-13 20:22 - 2014-09-06 22:56 - 00000000 ____D () C:\FRST

2014-09-13 20:07 - 2014-01-24 14:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-13 15:53 - 2014-09-05 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-13 15:36 - 2014-01-23 23:27 - 01627748 _____ () C:\Windows\WindowsUpdate.log

2014-09-13 15:33 - 2014-01-24 02:00 - 00684944 _____ () C:\Windows\system32\perfh007.dat

2014-09-13 15:33 - 2014-01-24 02:00 - 00144812 _____ () C:\Windows\system32\perfc007.dat

2014-09-13 15:33 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-13 15:33 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-13 15:33 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-13 15:28 - 2014-09-12 23:35 - 00000672 _____ () C:\Windows\setupact.log

2014-09-13 15:28 - 2014-01-24 01:28 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-13 15:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-13 15:27 - 2014-01-24 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-13 12:01 - 2014-09-13 12:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-13 11:58 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe

2014-09-13 00:49 - 2014-09-12 12:14 - 00031274 _____ () C:\Users\Ich\Desktop\Addition.txt

2014-09-13 00:00 - 2014-05-25 18:14 - 00000000 ____D () C:\Users\Ich\AppData\Local\PokerStars.EU

2014-09-12 23:35 - 2014-09-12 23:35 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-12 23:16 - 2014-01-24 14:55 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-09-12 23:16 - 2014-01-24 01:15 - 00003524 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask

2014-09-12 23:15 - 2014-01-25 00:39 - 00003490 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Mine-Ich

2014-09-12 23:15 - 2014-01-24 14:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-12 23:13 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-09-12 23:03 - 2014-08-30 10:58 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-12 23:03 - 2009-07-14 09:13 - 00000000 ____D () C:\Windows\CSC

2014-09-12 23:00 - 2009-07-14 04:34 - 00000514 _____ () C:\Windows\win.ini

2014-09-12 22:36 - 2014-09-12 22:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MINE-Microsoft-Windows-7-Enterprise-(64-bit).dat

2014-09-12 22:36 - 2014-09-12 22:36 - 00000000 ____D () C:\RegBackup

2014-09-12 21:47 - 2014-09-12 21:47 - 00002163 _____ () C:\Users\Ich\Desktop\Tweaking.com - Windows Repair (All in One).lnk

2014-09-12 21:47 - 2014-09-12 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2014-09-12 21:47 - 2014-09-12 21:47 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com

2014-09-12 21:39 - 2014-09-12 21:38 - 09526552 _____ () C:\Users\Ich\Downloads\tweaking.com_windows_repair_aio_setup.exe

2014-09-12 13:20 - 2014-09-12 13:20 - 00000000 ____D () C:\Users\Ich\AppData\Local\Apps\2.0

2014-09-12 13:06 - 2014-08-12 00:05 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige

2014-09-12 12:10 - 2014-09-12 12:10 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ich\Downloads\revosetup95.exe

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe Mini Bridge CS5.1

2014-09-11 11:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-09-11 00:28 - 2014-08-09 16:10 - 00007602 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg

2014-09-10 23:13 - 2014-09-08 22:16 - 00000000 ____D () C:\Users\Ich\Desktop\Log2

2014-09-10 21:22 - 2014-08-21 10:54 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-09-10 21:21 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-09-10 21:00 - 2014-09-06 22:47 - 02105856 _____ (Farbar) C:\Users\Ich\Desktop\FRST64.exe

2014-09-10 18:27 - 2014-01-24 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-10 18:26 - 2014-01-24 04:10 - 01589404 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-10 18:25 - 2014-01-24 00:31 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-10 18:20 - 2014-01-24 00:31 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-10 18:17 - 2014-05-24 15:28 - 00000000 ____D () C:\ProgramData\Oracle

2014-09-10 18:14 - 2014-09-10 18:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00000000 ____D () C:\Program Files (x86)\Java

2014-09-10 18:10 - 2014-09-10 18:10 - 00918952 _____ (Oracle Corporation) C:\Users\Ich\Downloads\jxpiinstall.exe

2014-09-09 22:15 - 2014-09-09 22:15 - 02347384 _____ (ESET) C:\Users\Ich\Downloads\esetsmartinstaller_deu.exe

2014-09-09 22:15 - 2014-09-09 22:15 - 00854417 _____ () C:\Users\Ich\Desktop\SecurityCheck.exe

2014-09-09 22:07 - 2014-01-24 14:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-09 22:07 - 2014-01-24 14:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan

2014-09-08 22:27 - 2014-09-08 22:26 - 00000085 _____ () C:\Windows\wininit.ini

2014-09-08 22:27 - 2014-09-05 17:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-08 21:37 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT

2014-09-08 21:32 - 2014-09-06 11:58 - 00000000 ____D () C:\AdwCleaner

2014-09-08 21:09 - 2014-09-08 21:09 - 01016261 _____ (Thisisu) C:\Users\Ich\Desktop\JRT.exe

2014-09-08 21:08 - 2014-09-08 21:08 - 01370483 _____ () C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe

2014-09-08 00:51 - 2009-07-14 07:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-09-07 21:44 - 2014-01-23 23:35 - 00000000 ____D () C:\Users\Ich

2014-09-07 20:57 - 2014-05-02 12:11 - 00000000 ____D () C:\Users\Ich\Documents\Citavi 4

2014-09-07 20:24 - 2014-09-07 20:10 - 00000000 ____D () C:\Qoobox

2014-09-07 20:22 - 2014-09-07 20:09 - 00000000 ____D () C:\Windows\erdnt

2014-09-07 20:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-09-07 20:21 - 2009-07-14 04:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_417

2014-09-07 20:07 - 2014-09-07 20:07 - 05576440 ____R (Swearware) C:\Users\Ich\Desktop\ComboFix.exe

2014-09-06 23:35 - 2014-09-06 23:26 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 22:47 - 2014-09-06 22:47 - 00380416 _____ () C:\Users\Ich\Downloads\4mr1c7mt.exe

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:54 - 2014-09-02 21:22 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-06 14:54 - 2014-09-02 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-06 14:54 - 2014-09-02 21:21 - 00000000 ____D () C:\ProgramData\Skype

2014-09-06 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-09-06 14:15 - 2014-09-06 14:15 - 02405664 _____ (Trend Micro Inc.) C:\Users\Ich\Downloads\HousecallLauncher64.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00416576 _____ (Kaspersky Lab) C:\Users\Ich\Downloads\de-de.setup.exe

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-06 14:03 - 2014-09-06 14:03 - 00602112 _____ (OldTimer Tools) C:\Users\Ich\Desktop\OTL.exe

2014-09-06 11:44 - 2014-01-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-09-06 11:22 - 2014-09-06 11:22 - 00688992 ____R (Swearware) C:\Users\Ich\Downloads\dds.scr

2014-09-06 10:28 - 2014-09-06 10:28 - 02365840 _____ () C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe

2014-09-06 10:23 - 2014-09-06 10:23 - 00540072 _____ (Neuber Software) C:\Users\Ich\Downloads\SvchostAnalyzer.exe

2014-09-06 10:14 - 2014-09-05 13:43 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 17:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-05 17:17 - 2014-09-05 17:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-04 17:28 - 2014-01-24 13:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe

2014-09-04 16:36 - 2014-05-24 10:53 - 00000000 ____D () C:\Users\Ich\Documents\mega_cache_6140226

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-03 00:08 - 2014-07-06 17:25 - 00000000 ____D () C:\Users\Ich\Documents\psynetic-gifx

2014-09-02 23:55 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-09-02 21:20 - 2014-09-02 21:20 - 01677928 _____ (Skype Technologies S.A.) C:\Users\Ich\Downloads\SkypeSetup.exe

2014-08-30 00:38 - 2014-01-24 14:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-08-30 00:38 - 2014-01-24 14:55 - 00000000 ____D () C:\Program Files\CCleaner

2014-08-29 22:21 - 2014-05-25 18:14 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU

2014-08-29 16:13 - 2014-05-23 20:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA_Global

2014-08-29 15:41 - 2014-08-29 15:40 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-23 04:07 - 2014-08-29 12:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 03:45 - 2014-08-29 12:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-23 02:59 - 2014-08-29 12:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 11:19 - 2014-06-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-21 11:09 - 2014-08-21 10:54 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-08-19 20:05 - 2014-09-10 18:27 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-19 19:39 - 2014-09-10 18:27 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-19 01:01 - 2014-09-10 18:27 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-19 00:29 - 2014-09-10 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-19 00:29 - 2014-09-10 18:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-19 00:26 - 2014-09-10 18:27 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-19 00:20 - 2014-09-10 18:27 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-19 00:19 - 2014-09-10 18:27 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-19 00:15 - 2014-09-10 18:27 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-19 00:15 - 2014-09-10 18:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-19 00:14 - 2014-09-10 18:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-19 00:14 - 2014-09-10 18:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-19 00:08 - 2014-09-10 18:27 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-19 00:08 - 2014-09-10 18:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-19 00:08 - 2014-09-10 18:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-19 00:05 - 2014-09-10 18:27 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-19 00:03 - 2014-09-10 18:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-19 00:03 - 2014-09-10 18:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-19 00:03 - 2014-09-10 18:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-18 23:57 - 2014-09-10 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-18 23:56 - 2014-09-10 18:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-18 23:51 - 2014-09-10 18:27 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-18 23:46 - 2014-09-10 18:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-18 23:45 - 2014-09-10 18:27 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-18 23:45 - 2014-09-10 18:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-18 23:44 - 2014-09-10 18:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-18 23:44 - 2014-09-10 18:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-18 23:42 - 2014-09-10 18:27 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-18 23:40 - 2014-09-10 18:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-18 23:39 - 2014-09-10 18:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-18 23:39 - 2014-09-10 18:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-18 23:39 - 2014-09-10 18:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-18 23:38 - 2014-09-10 18:27 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-18 23:37 - 2014-09-10 18:27 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-18 23:36 - 2014-09-10 18:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-18 23:35 - 2014-09-10 18:27 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-18 23:27 - 2014-09-10 18:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-18 23:25 - 2014-09-10 18:27 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-18 23:25 - 2014-09-10 18:27 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-18 23:23 - 2014-09-10 18:27 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-18 23:23 - 2014-09-10 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-18 23:22 - 2014-09-10 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-18 23:19 - 2014-09-10 18:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-18 23:17 - 2014-09-10 18:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-18 23:17 - 2014-09-10 18:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-18 23:16 - 2014-09-10 18:27 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-18 23:15 - 2014-09-10 18:27 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-18 23:15 - 2014-09-10 18:27 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-18 23:09 - 2014-09-10 18:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-18 23:08 - 2014-09-10 18:27 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-18 23:07 - 2014-09-10 18:27 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-18 22:55 - 2014-09-10 18:27 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-18 22:46 - 2014-09-10 18:27 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-18 22:38 - 2014-09-10 18:27 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-18 22:38 - 2014-09-10 18:27 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-18 22:36 - 2014-09-10 18:27 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-18 17:46 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\encyclios

2014-08-15 19:34 - 2009-07-14 09:13 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-08-14 00:05 - 2014-03-11 13:02 - 00000407 _____ () C:\Windows\system32\checkdnsid.xml
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-09-06 18:40
 

==================== End Of Log ============================

--- --- ---

und hier der Addition-Log:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014

Ran by Ich at 2014-09-13 20:22:37

Running from C:\Users\Ich\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}

AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Ableton Live 8 (HKLM\...\{9960E64F-4FFD-429C-9739-03CAEA8C30E3}) (Version: 8.0.0.0 - Ableton)

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)

Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)

Atlas of Clinical Fungi 4.0 (HKLM-x32\...\Atlas of Clinical Fungi_is1) (Version:  - CBS)

BioEdit (HKLM-x32\...\{AF6D9313-E338-48F0-9B0C-7DE20EDB99CF}) (Version: 7.2.5.0 - Tom Hall)

Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 17.23.0.996 - Bitdefender)

CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)

Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.4.0.28 - Swiss Academic Software)

Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden

Company of Heroes (HKLM-x32\...\Company of Heroes) (Version: 2.0.0.1 - THQ Inc.)

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{42CBCE27-DE9B-4094-B9EB-D4C4C135FFA8}) (Version:  - Microsoft)

ImageMagick 6.7.5-7 Q16 (2012-03-01) (HKLM-x32\...\ImageMagick 6.7.5 Q16_is1) (Version: 6.7.5 - ImageMagick Studio LLC)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden

Live 8.2.4 (HKLM-x32\...\Live 8.2.4) (Version:  - )

Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MEGA6 .06 (HKLM-x32\...\{EE7E4984-0208-48E7-959C-A5F5F06F0DE0}_is1) (Version: .06 - Center for Evolutionary Medicine and Informatics)

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Standard 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden

Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)

NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)

NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden

NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden

NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden

NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden

NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden

NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden

NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden

PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)

PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)

psynetic® Gif-X 3.00 (HKLM-x32\...\psynetic® Gif-X) (Version: 3.00 - Robert Mundt)

Scarlett Plug-in Suite 1.4 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.4 - Focusrite)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden

SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden

Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)

Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.9 - Tweaking.com)

Update for Microsoft Excel 2010 (KB2889836) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{AC36E3B7-5095-43B9-9A74-928420F88714}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.STANDARD_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0410-1000-0000000FF1CE}_Office14.STANDARD_{B2508D75-61CF-4CC0-84C0-CF257219201D}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.STANDARD_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.STANDARD_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.STANDARD_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.STANDARD_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.STANDARD_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0012-0000-1000-0000000FF1CE}_Office14.STANDARD_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)

Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)

WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 

==================== Restore Points  =========================
 

29-08-2014 11:19:25 Scheduled Checkpoint

29-08-2014 11:56:09 Windows Update

05-09-2014 14:36:03 Scheduled Checkpoint

07-09-2014 18:12:54 ComboFix created restore point

10-09-2014 16:13:23 Installed Java 7 Update 67

10-09-2014 16:17:56 Removed Java 8 Update 20 (64-bit)

10-09-2014 16:19:51 Windows Update

10-09-2014 16:43:02 Windows Update

12-09-2014 20:36:24 Tweaking.com - Windows Repair
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 04:34 - 2014-09-12 23:00 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {01217464-065F-405E-B46D-84B678EBC318} - System32\Tasks\AdobeAAMUpdater-1.0-Mine-Ich => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-12-10] (Adobe Systems Incorporated)

Task: {3B7DF81D-35CD-4D69-9A33-9FC4F2CA8FC6} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-1 No Task File <==== ATTENTION

Task: {8FC71452-62FA-494C-AF19-6467FB56A0F3} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-5 No Task File <==== ATTENTION

Task: {BEE6AFB1-F683-4E05-9143-F6AC0F045596} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)

Task: {C21E3F04-7285-4A94-8783-568F44EFB711} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-5_user No Task File <==== ATTENTION

Task: {CC100D4E-8A8E-4B42-AE0F-B0FB7244D52F} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-3 No Task File <==== ATTENTION

Task: {CD88624A-8B2A-45A4-A163-5A7F33C57192} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)

Task: {D6AA83B0-E998-4A7B-8953-25864BADA85A} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-11 No Task File <==== ATTENTION

Task: {E4B0D283-6B15-440D-9566-4FEDEA89D6A9} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-4 No Task File <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2014-01-24 02:21 - 2014-08-13 21:35 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll

2014-08-13 21:37 - 2014-08-13 21:37 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui

2014-01-24 02:21 - 2011-11-14 20:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll

2014-01-24 02:21 - 2014-08-13 21:36 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui

2014-07-24 23:00 - 2014-07-24 23:00 - 00780592 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_012\ashttpbr.mdl

2014-07-24 23:00 - 2014-07-24 23:00 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_012\ashttpdsp.mdl

2014-07-24 23:00 - 2014-07-24 23:00 - 02602680 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_012\ashttpph.mdl

2014-07-24 23:00 - 2014-07-24 23:00 - 01323408 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00047_012\ashttprbl.mdl

2014-01-24 01:28 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-01-24 02:21 - 2014-08-13 21:37 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\Users\Ich\Desktop\adwcleaner_3.309(1).exe:BDU

AlternateDataStreams: C:\Users\Ich\Desktop\ComboFix.exe:BDU

AlternateDataStreams: C:\Users\Ich\Desktop\JRT.exe:BDU

AlternateDataStreams: C:\Users\Ich\Desktop\OTL.exe:BDU

AlternateDataStreams: C:\Users\Ich\Desktop\SecurityCheck.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\332.21-desktop-win8-win7-winvista-64bit-international-whql.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\4mr1c7mt.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\Citavi4Setup.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\dds.scr:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\de-de.setup.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\esetsmartinstaller_deu.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\focusrite-usb-2-driver-2.5.1.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\gif-x_setup.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\HousecallLauncher64.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\jxpiinstall.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\mbam-setup-2.0.2.1012.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\MEGA6.06_setup.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\pdf2wordsetup11.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\PokerStarsInstallEU.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\revosetup95.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\scarlett-plug-in-suite-1.4.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\SecurityTaskManager_Setup.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\SkypeSetup.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\SvchostAnalyzer.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\tweaking.com_windows_repair_aio_setup.exe:BDU

AlternateDataStreams: C:\Users\Ich\Downloads\winrar-x64-501d.exe:BDU
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (09/12/2014 11:05:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 

Error: (09/12/2014 11:05:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 

Error: (09/12/2014 10:57:21 PM) (Source: WinMgmt) (EventID: 4) (User: )

Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\DE-DE\AACLIENT.MFL
 

Error: (09/12/2014 10:57:03 PM) (Source: WinMgmt) (EventID: 4) (User: )

Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL
 

Error: (09/12/2014 10:56:39 PM) (Source: WinMgmt) (EventID: 4) (User: )

Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF
 

Error: (09/12/2014 11:21:41 AM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description: Der Index kann nicht initialisiert werden.
 
 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/12/2014 11:21:41 AM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: Die Anwendung kann nicht initialisiert werden.
 

Context: Windows Application
 
 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/12/2014 11:21:41 AM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: Das Gatherer-Objekt kann nicht initialisiert werden.
 

Context: Windows Application, SystemIndex Catalog
 
 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/12/2014 11:21:41 AM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
 

Context: Windows Application, SystemIndex Catalog
 
 

Details:

        Element not found.  (HRESULT : 0x80070490) (0x80070490)
 

Error: (09/12/2014 11:21:41 AM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
 

Context: Windows Application, SystemIndex Catalog
 
 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 

System errors:

=============

Error: (09/12/2014 11:02:35 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 

Error: (09/12/2014 11:00:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Restart the service.
 

Error: (09/12/2014 10:54:46 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: Der Aufruf "ScRegSetValueExW" ist für "Security" aufgrund folgenden Fehlers fehlgeschlagen: 

%%5
 

Error: (09/12/2014 10:54:45 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: Der Aufruf "ScRegSetValueExW" ist für "Security" aufgrund folgenden Fehlers fehlgeschlagen: 

%%5
 

Error: (09/12/2014 10:41:47 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 

%%5
 

Error: (09/12/2014 10:41:47 PM) (Source: Service Control Manager) (EventID: 7006) (User: )

Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen: 

%%5
 

Error: (09/12/2014 02:53:00 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 

Error: (09/12/2014 02:52:59 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 

Error: (09/12/2014 02:52:57 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 

Error: (09/12/2014 02:52:56 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 

Microsoft Office Sessions:

=========================

Error: (09/12/2014 11:05:10 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 

Error: (09/12/2014 11:05:09 PM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_64) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
 

Error: (09/12/2014 10:57:21 PM) (Source: WinMgmt) (EventID: 4) (User: )

Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\DE-DE\AACLIENT.MFL
 

Error: (09/12/2014 10:57:03 PM) (Source: WinMgmt) (EventID: 4) (User: )

Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\EN-US\AACLIENT.MFL
 

Error: (09/12/2014 10:56:39 PM) (Source: WinMgmt) (EventID: 4) (User: )

Description: 0x8004401eC:\WINDOWS\SYSTEM32\WBEM\AACLIENT.MOF
 

Error: (09/12/2014 11:21:41 AM) (Source: Windows Search Service) (EventID: 7010) (User: )

Description: 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/12/2014 11:21:41 AM) (Source: Windows Search Service) (EventID: 3058) (User: )

Description: Context: Windows Application
 
 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/12/2014 11:21:41 AM) (Source: Windows Search Service) (EventID: 3028) (User: )

Description: Context: Windows Application, SystemIndex Catalog
 
 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 

Error: (09/12/2014 11:21:41 AM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: Context: Windows Application, SystemIndex Catalog
 
 

Details:

        Element not found.  (HRESULT : 0x80070490) (0x80070490)

Search.TripoliIndexer
 

Error: (09/12/2014 11:21:41 AM) (Source: Windows Search Service) (EventID: 3029) (User: )

Description: Context: Windows Application, SystemIndex Catalog
 
 

Details:

        The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Search.JetPropStore
 
 

CodeIntegrity Errors:

===================================

  Date: 2014-09-07 20:20:27.044

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-09-07 20:20:26.951

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz

Percentage of memory in use: 20%

Total physical RAM: 8191.27 MB

Available physical RAM: 6494.59 MB

Total Pagefile: 16380.73 MB

Available Pagefile: 14472.61 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:390.53 GB) (Free:312.44 GB) NTFS

Drive d: () (Fixed) (Total:540.89 GB) (Free:265.88 GB) NTFS

Drive e: (Disk1) (CDROM) (Total:6.82 GB) (Free:0 GB) UDF
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 24C924C8)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=390.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=540.9 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Viele Grüße

schrauber

14.09.2014 12:34

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Task: {3B7DF81D-35CD-4D69-9A33-9FC4F2CA8FC6} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-1 No Task File <==== ATTENTION

Task: {8FC71452-62FA-494C-AF19-6467FB56A0F3} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-5 No Task File <==== ATTENTION

Task: {C21E3F04-7285-4A94-8783-568F44EFB711} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-5_user No Task File <==== ATTENTION

Task: {CC100D4E-8A8E-4B42-AE0F-B0FB7244D52F} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-3 No Task File <==== ATTENTION

Task: {D6AA83B0-E998-4A7B-8953-25864BADA85A} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-11 No Task File <==== ATTENTION

Task: {E4B0D283-6B15-440D-9566-4FEDEA89D6A9} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-4 No Task File <==== ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Don_Jascha

14.09.2014 14:04

Hallo,

hier schon mal der Fixlog:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014

Ran by Ich at 2014-09-14 15:03:25 Run:4

Running from C:\Users\Ich\Desktop

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Task: {3B7DF81D-35CD-4D69-9A33-9FC4F2CA8FC6} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-1 No Task File <==== ATTENTION

Task: {8FC71452-62FA-494C-AF19-6467FB56A0F3} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-5 No Task File <==== ATTENTION

Task: {C21E3F04-7285-4A94-8783-568F44EFB711} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-5_user No Task File <==== ATTENTION

Task: {CC100D4E-8A8E-4B42-AE0F-B0FB7244D52F} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-3 No Task File <==== ATTENTION

Task: {D6AA83B0-E998-4A7B-8953-25864BADA85A} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-11 No Task File <==== ATTENTION

Task: {E4B0D283-6B15-440D-9566-4FEDEA89D6A9} - \f602e71e-ead0-4e29-8b65-871d6c2a73b5-4 No Task File <==== ATTENTION

*****************
 

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B7DF81D-35CD-4D69-9A33-9FC4F2CA8FC6}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B7DF81D-35CD-4D69-9A33-9FC4F2CA8FC6}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f602e71e-ead0-4e29-8b65-871d6c2a73b5-1" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8FC71452-62FA-494C-AF19-6467FB56A0F3}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FC71452-62FA-494C-AF19-6467FB56A0F3}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f602e71e-ead0-4e29-8b65-871d6c2a73b5-5" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C21E3F04-7285-4A94-8783-568F44EFB711}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C21E3F04-7285-4A94-8783-568F44EFB711}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f602e71e-ead0-4e29-8b65-871d6c2a73b5-5_user" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CC100D4E-8A8E-4B42-AE0F-B0FB7244D52F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC100D4E-8A8E-4B42-AE0F-B0FB7244D52F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f602e71e-ead0-4e29-8b65-871d6c2a73b5-3" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6AA83B0-E998-4A7B-8953-25864BADA85A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6AA83B0-E998-4A7B-8953-25864BADA85A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f602e71e-ead0-4e29-8b65-871d6c2a73b5-11" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4B0D283-6B15-440D-9566-4FEDEA89D6A9}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4B0D283-6B15-440D-9566-4FEDEA89D6A9}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f602e71e-ead0-4e29-8b65-871d6c2a73b5-4" => Key deleted successfully.
 

==== End of Fixlog ====

Grüße

schrauber

14.09.2014 18:29

ok.

Don_Jascha

15.09.2014 17:00

Hallo,

irgendwie scheinen sich Bitdefender und "Chrome" nicht trennen zu wollen..
Ansonsten ist mir nichts weiter aufgefallen.

Hier der FRST-Log:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014

Ran by Ich (administrator) on MINE on 15-09-2014 17:36:49

Running from C:\Users\Ich\Downloads

Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1743088 2014-08-13] (Bitdefender)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)

HKU\S-1-5-21-1268206590-3093409484-1136636918-1001\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)

HKU\S-1-5-21-1268206590-3093409484-1136636918-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-08-13] (Bitdefender)

HKU\S-1-5-21-1268206590-3093409484-1136636918-1001\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)

HKU\S-1-5-21-1268206590-3093409484-1136636918-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)

BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)

BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default

FF Homepage: about:home

FF NetworkProxy: "no_proxies_on", ""

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: YouTube Unblocker - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-01]

FF Extension: WOT - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-14]

FF Extension: Deutsch (DE) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: English (GB) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: Adblock Plus - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]

FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext

FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-01-24]

FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman

FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2014-01-24]

FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-05-02]

FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-10]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2014-08-13] (Bitdefender)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)

R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1528896 2014-08-13] (Bitdefender)

S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-08-13] (BitDefender)

R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)

R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2014-05-22] (BitDefender LLC)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)

S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)

S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)

R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)

R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-08-13] (BitDefender S.R.L.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-14 16:59 - 2014-09-14 16:59 - 00000342 _____ () C:\Windows\PFRO.log

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\WinPatrol

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\ProgramData\InstallMate

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\Program Files (x86)\Ruiware

2014-09-14 16:51 - 2014-09-14 16:51 - 00000000 ____D () C:\Users\Ich\Downloads\Neuer Ordner

2014-09-14 16:39 - 2014-09-14 16:46 - 00000000 ____D () C:\ProgramData\TEMP

2014-09-14 16:39 - 2014-09-14 16:45 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster

2014-09-14 16:39 - 2014-09-14 16:39 - 00001083 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk

2014-09-14 16:39 - 2014-09-14 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

2014-09-14 16:39 - 2014-09-14 16:39 - 00000000 ____D () C:\ProgramData\Licenses

2014-09-14 16:39 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL

2014-09-14 16:30 - 2014-09-14 16:30 - 00000614 _____ () C:\Users\Ich\Desktop\Fehler.txt

2014-09-14 16:06 - 2014-09-15 17:14 - 00031159 _____ () C:\Users\Ich\Downloads\Addition.txt

2014-09-14 16:05 - 2014-09-15 17:37 - 00013774 _____ () C:\Users\Ich\Downloads\FRST.txt

2014-09-14 16:05 - 2014-09-15 17:36 - 00000000 ____D () C:\FRST

2014-09-14 16:04 - 2014-09-14 16:05 - 02105856 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe

2014-09-14 15:28 - 2014-09-14 15:28 - 00448512 _____ (OldTimer Tools) C:\Users\Ich\Downloads\TFC.exe

2014-09-14 15:19 - 2014-09-14 15:19 - 04095448 _____ (BrightFort LLC ) C:\Users\Ich\Downloads\spywareblastersetup50.exe

2014-09-14 15:18 - 2014-09-14 15:18 - 01156136 _____ (Ruiware) C:\Users\Ich\Downloads\wpsetup.exe

2014-09-14 15:09 - 2014-09-14 15:09 - 00001578 _____ () C:\Users\Ich\Desktop\DelFix.txt

2014-09-14 12:00 - 2014-09-15 17:35 - 00001008 _____ () C:\Windows\setupact.log

2014-09-14 12:00 - 2014-09-14 12:00 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-13 12:01 - 2014-09-13 12:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-12 22:36 - 2014-09-12 22:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MINE-Microsoft-Windows-7-Enterprise-(64-bit).dat

2014-09-12 22:36 - 2014-09-12 22:36 - 00000000 ____D () C:\RegBackup

2014-09-12 21:47 - 2014-09-12 21:47 - 00002163 _____ () C:\Users\Ich\Desktop\Tweaking.com - Windows Repair (All in One).lnk

2014-09-12 21:47 - 2014-09-12 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2014-09-12 21:47 - 2014-09-12 21:47 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com

2014-09-12 21:38 - 2014-09-12 21:39 - 09526552 _____ () C:\Users\Ich\Downloads\tweaking.com_windows_repair_aio_setup.exe

2014-09-12 13:20 - 2014-09-12 13:20 - 00000000 ____D () C:\Users\Ich\AppData\Local\Apps\2.0

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe Mini Bridge CS5.1

2014-09-10 18:27 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-10 18:27 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-10 18:27 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-10 18:27 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-10 18:27 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-10 18:27 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-10 18:27 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-10 18:27 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-10 18:27 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-10 18:27 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-10 18:27 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-10 18:27 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-10 18:27 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-10 18:27 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-10 18:27 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-10 18:27 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-10 18:27 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-10 18:27 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-10 18:27 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-10 18:27 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-10 18:27 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-10 18:27 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-10 18:27 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-10 18:27 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-10 18:27 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-10 18:27 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-10 18:27 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-10 18:27 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-10 18:27 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-10 18:27 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-10 18:27 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-10 18:27 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-10 18:27 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-10 18:27 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-10 18:27 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-10 18:27 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-10 18:27 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-10 18:27 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-10 18:27 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-10 18:27 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-10 18:27 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-10 18:27 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-10 18:27 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-10 18:27 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-10 18:27 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-10 18:27 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-10 18:27 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-10 18:27 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-10 18:27 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-10 18:27 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-10 18:21 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-10 18:21 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-10 18:20 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-10 18:20 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-10 18:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-10 18:20 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-10 18:20 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-10 18:20 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-10 18:20 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-10 18:20 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-10 18:20 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00000000 ____D () C:\Program Files (x86)\Java

2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan

2014-09-08 22:26 - 2014-09-08 22:27 - 00000085 _____ () C:\Windows\wininit.ini

2014-09-08 22:16 - 2014-09-10 23:13 - 00000000 ____D () C:\Users\Ich\Desktop\Log2

2014-09-08 21:37 - 2014-09-14 15:08 - 00000000 ____D () C:\Windows\ERUNT

2014-09-07 20:09 - 2014-09-07 20:22 - 00000000 ____D () C:\Windows\erdnt

2014-09-06 23:26 - 2014-09-06 23:35 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 17:56 - 2014-09-08 22:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-05 17:18 - 2014-09-15 17:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-05 17:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-05 17:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-05 17:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-05 13:43 - 2014-09-06 10:14 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-02 21:22 - 2014-09-06 14:54 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-02 21:22 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-02 21:22 - 2014-09-02 23:55 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-09-02 21:21 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Skype

2014-08-30 12:42 - 2014-09-12 23:13 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-30 10:58 - 2014-09-12 23:03 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-29 15:40 - 2014-08-29 15:41 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-29 12:49 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-29 12:49 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-29 12:49 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-21 10:54 - 2014-09-10 21:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-08-21 10:54 - 2014-08-21 11:09 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-18 17:52 - 2014-09-15 17:16 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-15 17:37 - 2014-09-14 16:05 - 00013774 _____ () C:\Users\Ich\Downloads\FRST.txt

2014-09-15 17:36 - 2014-09-14 16:05 - 00000000 ____D () C:\FRST

2014-09-15 17:35 - 2014-09-14 12:00 - 00001008 _____ () C:\Windows\setupact.log

2014-09-15 17:35 - 2014-01-24 01:28 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-15 17:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-15 17:33 - 2014-01-23 23:27 - 01779218 _____ () C:\Windows\WindowsUpdate.log

2014-09-15 17:24 - 2014-09-05 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-15 17:16 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe

2014-09-15 17:14 - 2014-09-14 16:06 - 00031159 _____ () C:\Users\Ich\Downloads\Addition.txt

2014-09-15 17:11 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-15 17:11 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-15 17:10 - 2014-01-24 02:00 - 00684944 _____ () C:\Windows\system32\perfh007.dat

2014-09-15 17:10 - 2014-01-24 02:00 - 00144812 _____ () C:\Windows\system32\perfc007.dat

2014-09-15 17:10 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-15 17:07 - 2014-01-24 14:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-14 16:59 - 2014-09-14 16:59 - 00000342 _____ () C:\Windows\PFRO.log

2014-09-14 16:57 - 2014-04-15 22:49 - 00000000 ____D () C:\Users\Ich\AppData\Temp

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\WinPatrol

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\ProgramData\InstallMate

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\Program Files (x86)\Ruiware

2014-09-14 16:51 - 2014-09-14 16:51 - 00000000 ____D () C:\Users\Ich\Downloads\Neuer Ordner

2014-09-14 16:46 - 2014-09-14 16:39 - 00000000 ____D () C:\ProgramData\TEMP

2014-09-14 16:45 - 2014-09-14 16:39 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster

2014-09-14 16:39 - 2014-09-14 16:39 - 00001083 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk

2014-09-14 16:39 - 2014-09-14 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

2014-09-14 16:39 - 2014-09-14 16:39 - 00000000 ____D () C:\ProgramData\Licenses

2014-09-14 16:30 - 2014-09-14 16:30 - 00000614 _____ () C:\Users\Ich\Desktop\Fehler.txt

2014-09-14 16:05 - 2014-09-14 16:04 - 02105856 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe

2014-09-14 15:28 - 2014-09-14 15:28 - 00448512 _____ (OldTimer Tools) C:\Users\Ich\Downloads\TFC.exe

2014-09-14 15:19 - 2014-09-14 15:19 - 04095448 _____ (BrightFort LLC ) C:\Users\Ich\Downloads\spywareblastersetup50.exe

2014-09-14 15:18 - 2014-09-14 15:18 - 01156136 _____ (Ruiware) C:\Users\Ich\Downloads\wpsetup.exe

2014-09-14 15:09 - 2014-09-14 15:09 - 00001578 _____ () C:\Users\Ich\Desktop\DelFix.txt

2014-09-14 15:08 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT

2014-09-14 12:00 - 2014-09-14 12:00 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-14 00:35 - 2014-05-25 18:14 - 00000000 ____D () C:\Users\Ich\AppData\Local\PokerStars.EU

2014-09-13 21:46 - 2014-08-12 00:05 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige

2014-09-13 21:41 - 2014-08-09 16:10 - 00007606 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg

2014-09-13 15:27 - 2014-01-24 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-13 12:01 - 2014-09-13 12:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-12 23:16 - 2014-01-24 14:55 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-09-12 23:16 - 2014-01-24 01:15 - 00003524 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask

2014-09-12 23:15 - 2014-01-25 00:39 - 00003490 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Mine-Ich

2014-09-12 23:15 - 2014-01-24 14:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-12 23:13 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-09-12 23:03 - 2014-08-30 10:58 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-12 23:03 - 2009-07-14 09:13 - 00000000 ____D () C:\Windows\CSC

2014-09-12 23:00 - 2009-07-14 04:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\HOSTS.MVP

2014-09-12 23:00 - 2009-07-14 04:34 - 00000514 _____ () C:\Windows\win.ini

2014-09-12 22:36 - 2014-09-12 22:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MINE-Microsoft-Windows-7-Enterprise-(64-bit).dat

2014-09-12 22:36 - 2014-09-12 22:36 - 00000000 ____D () C:\RegBackup

2014-09-12 21:47 - 2014-09-12 21:47 - 00002163 _____ () C:\Users\Ich\Desktop\Tweaking.com - Windows Repair (All in One).lnk

2014-09-12 21:47 - 2014-09-12 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2014-09-12 21:47 - 2014-09-12 21:47 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com

2014-09-12 21:39 - 2014-09-12 21:38 - 09526552 _____ () C:\Users\Ich\Downloads\tweaking.com_windows_repair_aio_setup.exe

2014-09-12 13:20 - 2014-09-12 13:20 - 00000000 ____D () C:\Users\Ich\AppData\Local\Apps\2.0

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe Mini Bridge CS5.1

2014-09-11 11:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-09-10 23:13 - 2014-09-08 22:16 - 00000000 ____D () C:\Users\Ich\Desktop\Log2

2014-09-10 21:22 - 2014-08-21 10:54 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-09-10 21:21 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-09-10 18:27 - 2014-01-24 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-10 18:26 - 2014-01-24 04:10 - 01589404 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-10 18:25 - 2014-01-24 00:31 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-10 18:20 - 2014-01-24 00:31 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-10 18:17 - 2014-05-24 15:28 - 00000000 ____D () C:\ProgramData\Oracle

2014-09-10 18:14 - 2014-09-10 18:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00000000 ____D () C:\Program Files (x86)\Java

2014-09-09 22:07 - 2014-01-24 14:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-09 22:07 - 2014-01-24 14:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan

2014-09-08 22:27 - 2014-09-08 22:26 - 00000085 _____ () C:\Windows\wininit.ini

2014-09-08 22:27 - 2014-09-05 17:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-08 00:51 - 2009-07-14 07:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-09-07 21:44 - 2014-01-23 23:35 - 00000000 ____D () C:\Users\Ich

2014-09-07 20:57 - 2014-05-02 12:11 - 00000000 ____D () C:\Users\Ich\Documents\Citavi 4

2014-09-07 20:22 - 2014-09-07 20:09 - 00000000 ____D () C:\Windows\erdnt

2014-09-07 20:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-09-07 20:21 - 2009-07-14 04:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_417

2014-09-06 23:35 - 2014-09-06 23:26 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:54 - 2014-09-02 21:22 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-06 14:54 - 2014-09-02 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-06 14:54 - 2014-09-02 21:21 - 00000000 ____D () C:\ProgramData\Skype

2014-09-06 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-06 11:44 - 2014-01-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-09-06 10:14 - 2014-09-05 13:43 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 17:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-04 17:28 - 2014-01-24 13:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe

2014-09-04 16:36 - 2014-05-24 10:53 - 00000000 ____D () C:\Users\Ich\Documents\mega_cache_6140226

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-03 00:08 - 2014-07-06 17:25 - 00000000 ____D () C:\Users\Ich\Documents\psynetic-gifx

2014-09-02 23:55 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-08-30 00:38 - 2014-01-24 14:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-08-30 00:38 - 2014-01-24 14:55 - 00000000 ____D () C:\Program Files\CCleaner

2014-08-29 22:21 - 2014-05-25 18:14 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU

2014-08-29 16:13 - 2014-05-23 20:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA_Global

2014-08-29 15:41 - 2014-08-29 15:40 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-23 04:07 - 2014-08-29 12:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 03:45 - 2014-08-29 12:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-23 02:59 - 2014-08-29 12:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 11:19 - 2014-06-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-21 11:09 - 2014-08-21 10:54 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-08-19 20:05 - 2014-09-10 18:27 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-19 19:39 - 2014-09-10 18:27 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-19 01:01 - 2014-09-10 18:27 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-19 00:29 - 2014-09-10 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-19 00:29 - 2014-09-10 18:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-19 00:26 - 2014-09-10 18:27 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-19 00:20 - 2014-09-10 18:27 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-19 00:19 - 2014-09-10 18:27 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-19 00:15 - 2014-09-10 18:27 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-19 00:15 - 2014-09-10 18:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-19 00:14 - 2014-09-10 18:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-19 00:14 - 2014-09-10 18:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-19 00:08 - 2014-09-10 18:27 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-19 00:08 - 2014-09-10 18:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-19 00:08 - 2014-09-10 18:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-19 00:05 - 2014-09-10 18:27 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-19 00:03 - 2014-09-10 18:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-19 00:03 - 2014-09-10 18:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-19 00:03 - 2014-09-10 18:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-18 23:57 - 2014-09-10 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-18 23:56 - 2014-09-10 18:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-18 23:51 - 2014-09-10 18:27 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-18 23:46 - 2014-09-10 18:27 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-18 23:45 - 2014-09-10 18:27 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-18 23:45 - 2014-09-10 18:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-18 23:44 - 2014-09-10 18:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-18 23:44 - 2014-09-10 18:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-18 23:42 - 2014-09-10 18:27 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-18 23:40 - 2014-09-10 18:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-18 23:39 - 2014-09-10 18:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-18 23:39 - 2014-09-10 18:27 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-18 23:39 - 2014-09-10 18:27 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-18 23:38 - 2014-09-10 18:27 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-18 23:37 - 2014-09-10 18:27 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-18 23:36 - 2014-09-10 18:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-18 23:35 - 2014-09-10 18:27 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-18 23:27 - 2014-09-10 18:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-18 23:25 - 2014-09-10 18:27 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-18 23:25 - 2014-09-10 18:27 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-18 23:23 - 2014-09-10 18:27 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-18 23:23 - 2014-09-10 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-18 23:22 - 2014-09-10 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-18 23:19 - 2014-09-10 18:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-18 23:17 - 2014-09-10 18:27 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-18 23:17 - 2014-09-10 18:27 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-18 23:16 - 2014-09-10 18:27 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-18 23:15 - 2014-09-10 18:27 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-18 23:15 - 2014-09-10 18:27 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-18 23:09 - 2014-09-10 18:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-18 23:08 - 2014-09-10 18:27 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-18 23:07 - 2014-09-10 18:27 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-18 22:55 - 2014-09-10 18:27 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-18 22:46 - 2014-09-10 18:27 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-18 22:38 - 2014-09-10 18:27 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-18 22:38 - 2014-09-10 18:27 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-18 22:36 - 2014-09-10 18:27 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-18 17:46 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\encyclios
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-09-06 18:40
 

==================== End Of Log ============================

--- --- ---

Viele Grüße und Danke nochmal!

schrauber

16.09.2014 11:04

warum sollten sie das auch, du hast ja Bitdefender in Benutzung.

Don_Jascha

16.09.2014 19:04

Aber Chrome nicht..
Ansonsten, wie gesagt, wird nichts mehr gefunden.

Grüße

schrauber

17.09.2014 18:45

Achsoo :D

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-10]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Don_Jascha

18.09.2014 15:51

Hallo,
hmm, ich hoffe ich war jetzt nicht etwas zu vorschnell, denn ich habe jetzt schon einige der von Dir empfohlenen Programme und das Hostscript installiert und von Bitdefender 2014 zu 2015 gewechselt. Zwischen den Installationen habe ich dann den Fix durchgeführt, weswegen nur der Registrierungseintrag von Chrome entfernt wurde (die andere Datei war ja schon weg..;)).

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014

Ran by Ich at 2014-09-17 20:58:49 Run:1

Running from C:\Users\Ich\Downloads

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-03-10]

*****************
 

"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl" => Key deleted successfully.

"C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx" => File/Directory not found.
 

==== End of Fixlog ====

Naja, jedenfalls findet sich jetzt im Log von FRST unter Treiber noch ein Eintrag zu Combofix (wurde wie empfohlen in uninstall.exe umbenannt und ausgeführt)
FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014

Ran by Ich (administrator) on MINE on 18-09-2014 00:41:32

Running from C:\Users\Ich\Downloads

Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe

(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1580360 2014-08-20] (Bitdefender)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"

HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

HKU\S-1-5-21-1268206590-3093409484-1136636918-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)

HKU\S-1-5-21-1268206590-3093409484-1136636918-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [815088 2014-08-14] (Bitdefender)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)

Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default

FF Homepage: about:home

FF NetworkProxy: "no_proxies_on", ""

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: YouTube Unblocker - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-01]

FF Extension: WOT - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-14]

FF Extension: Deutsch (DE) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: English (GB) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: Adblock Plus - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]

FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-09-17]

FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman

FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-05-02]

FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff

FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-09-17]

FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
 

Chrome: 

=======
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [77632 2014-08-08] (Bitdefender)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-08-08] (Bitdefender)

R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1513952 2014-08-11] (Bitdefender)

S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-05-16] (BitDefender)

R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-05-16] (BitDefender)

R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)

S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)

S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)

R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)

R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-17] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-07-02] (BitDefender S.R.L.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-18 00:41 - 2014-09-18 00:42 - 00013338 _____ () C:\Users\Ich\Downloads\FRST.txt

2014-09-18 00:18 - 2014-09-18 00:18 - 00001083 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk

2014-09-18 00:18 - 2014-09-18 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

2014-09-17 23:23 - 2014-09-17 23:24 - 04095448 _____ (BrightFort LLC ) C:\Users\Ich\Downloads\spywareblastersetup50(1).exe

2014-09-17 23:10 - 2014-09-17 23:10 - 00929768 _____ (Focusrite Audio Engineering Limited. ) C:\Users\Ich\Downloads\focusrite-usb-2-driver-2.5.1(1).exe

2014-09-17 22:24 - 2014-09-17 22:24 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys

2014-09-17 21:49 - 2014-09-17 21:49 - 00621747 _____ () C:\ProgramData\1410982583.bdinstall.bin

2014-09-17 21:45 - 2014-09-17 21:45 - 00002126 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security 2015.lnk

2014-09-17 21:45 - 2014-09-17 21:45 - 00000684 ____H () C:\bdr-cf01

2014-09-17 21:45 - 2014-09-17 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015

2014-09-17 21:45 - 2014-05-16 13:04 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys

2014-09-17 21:45 - 2014-05-16 13:01 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2014-09-17 21:45 - 2013-11-13 15:41 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys

2014-09-17 21:45 - 2013-11-04 15:47 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys

2014-09-17 21:43 - 2014-09-17 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Bitdefender

2014-09-17 21:43 - 2014-09-17 21:45 - 00253404 ____H () C:\bdr-ld01

2014-09-17 21:43 - 2014-09-17 21:45 - 00009216 ____H () C:\bdr-ld01.mbr

2014-09-17 21:43 - 2014-07-04 17:49 - 49563064 ____H () C:\bdr-im01.gz

2014-09-17 21:43 - 2013-08-13 13:38 - 03271472 ____H () C:\bdr-bz01

2014-09-17 21:36 - 2014-09-17 21:36 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender

2014-09-17 21:36 - 2014-07-02 17:47 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys

2014-09-17 21:36 - 2013-08-23 13:48 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys

2014-09-17 21:25 - 2014-09-18 00:23 - 00003436 _____ () C:\Windows\PFRO.log

2014-09-17 20:40 - 2014-09-17 20:40 - 00854417 _____ () C:\Users\Ich\Downloads\SecurityCheck.exe

2014-09-17 20:15 - 2014-09-18 00:40 - 00001475 _____ () C:\Windows\setupact.log

2014-09-17 20:15 - 2014-09-17 20:15 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-17 19:43 - 2014-09-17 19:43 - 00000000 ____D () C:\Users\Ich\AppData\Local\Secunia PSI

2014-09-17 19:23 - 2014-09-17 19:23 - 00000000 ____D () C:\Program Files (x86)\Secunia

2014-09-17 19:18 - 2014-09-17 19:19 - 05329480 _____ (Secunia) C:\Users\Ich\Downloads\PSISetup_3.0.0.9016.exe

2014-09-17 18:47 - 2014-09-17 18:47 - 00000000 ____D () C:\Users\Ich\Documents\Ccleaner-Änderungen

2014-09-16 21:15 - 2014-09-16 21:15 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll

2014-09-16 00:10 - 2014-09-16 00:10 - 02849160 _____ () C:\Users\Ich\Downloads\bitdefender_isecurity.exe

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\WinPatrol

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\ProgramData\InstallMate

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\Program Files (x86)\Ruiware

2014-09-14 16:51 - 2014-09-14 16:51 - 00000000 ____D () C:\Users\Ich\Downloads\Neuer Ordner

2014-09-14 16:39 - 2014-09-18 00:20 - 00000000 ____D () C:\ProgramData\TEMP

2014-09-14 16:39 - 2014-09-18 00:18 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster

2014-09-14 16:39 - 2014-09-14 16:39 - 00000000 ____D () C:\ProgramData\Licenses

2014-09-14 16:39 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL

2014-09-14 16:30 - 2014-09-14 16:30 - 00000614 _____ () C:\Users\Ich\Desktop\Fehler.txt

2014-09-14 16:06 - 2014-09-17 21:04 - 00032056 _____ () C:\Users\Ich\Desktop\Addition.txt

2014-09-14 16:05 - 2014-09-18 00:41 - 00000000 ____D () C:\FRST

2014-09-14 16:05 - 2014-09-17 21:04 - 00052974 _____ () C:\Users\Ich\Desktop\FRST.txt

2014-09-14 16:04 - 2014-09-14 16:05 - 02105856 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe

2014-09-14 15:28 - 2014-09-14 15:28 - 00448512 _____ (OldTimer Tools) C:\Users\Ich\Downloads\TFC.exe

2014-09-14 15:19 - 2014-09-14 15:19 - 04095448 _____ (BrightFort LLC ) C:\Users\Ich\Downloads\spywareblastersetup50.exe

2014-09-14 15:18 - 2014-09-14 15:18 - 01156136 _____ (Ruiware) C:\Users\Ich\Downloads\wpsetup.exe

2014-09-14 15:09 - 2014-09-14 15:09 - 00001578 _____ () C:\Users\Ich\Desktop\DelFix.txt

2014-09-13 12:01 - 2014-09-13 12:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-12 22:36 - 2014-09-12 22:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MINE-Microsoft-Windows-7-Enterprise-(64-bit).dat

2014-09-12 22:36 - 2014-09-12 22:36 - 00000000 ____D () C:\RegBackup

2014-09-12 21:47 - 2014-09-12 21:47 - 00002163 _____ () C:\Users\Ich\Desktop\Tweaking.com - Windows Repair (All in One).lnk

2014-09-12 21:47 - 2014-09-12 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2014-09-12 21:47 - 2014-09-12 21:47 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com

2014-09-12 21:38 - 2014-09-12 21:39 - 09526552 _____ () C:\Users\Ich\Downloads\tweaking.com_windows_repair_aio_setup.exe

2014-09-12 13:20 - 2014-09-12 13:20 - 00000000 ____D () C:\Users\Ich\AppData\Local\Apps\2.0

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe Mini Bridge CS5.1

2014-09-10 18:27 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-10 18:27 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-10 18:27 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-10 18:27 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-10 18:27 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-10 18:27 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-10 18:27 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-10 18:27 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-10 18:27 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-10 18:27 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-10 18:27 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-10 18:27 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-10 18:27 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-10 18:27 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-10 18:27 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-10 18:27 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-10 18:27 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-10 18:27 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-10 18:27 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-10 18:27 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-10 18:27 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-10 18:27 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-10 18:27 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-10 18:27 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-10 18:27 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-10 18:27 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-10 18:27 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-10 18:27 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-10 18:27 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-10 18:27 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-10 18:27 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-10 18:27 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-10 18:27 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-10 18:27 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-10 18:27 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-10 18:27 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-10 18:27 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-10 18:27 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-10 18:27 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-10 18:27 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-10 18:27 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-10 18:27 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-10 18:27 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-10 18:27 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-10 18:27 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-10 18:27 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-10 18:27 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-10 18:27 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-10 18:27 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-10 18:27 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-10 18:21 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-10 18:21 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-10 18:20 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-10 18:20 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-10 18:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-10 18:20 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-10 18:20 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-10 18:20 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-10 18:20 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-10 18:20 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-10 18:20 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00000000 ____D () C:\Program Files (x86)\Java

2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan

2014-09-08 22:26 - 2014-09-08 22:27 - 00000085 _____ () C:\Windows\wininit.ini

2014-09-08 22:16 - 2014-09-10 23:13 - 00000000 ____D () C:\Users\Ich\Desktop\Log2

2014-09-08 21:37 - 2014-09-14 15:08 - 00000000 ____D () C:\Windows\ERUNT

2014-09-07 20:09 - 2014-09-07 20:22 - 00000000 ____D () C:\Windows\erdnt

2014-09-06 23:26 - 2014-09-06 23:35 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 17:56 - 2014-09-08 22:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-05 17:18 - 2014-09-17 22:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-05 17:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-05 17:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-05 17:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-05 13:43 - 2014-09-06 10:14 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-02 21:22 - 2014-09-06 14:54 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-02 21:22 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-02 21:22 - 2014-09-02 23:55 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-09-02 21:21 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Skype

2014-08-30 12:42 - 2014-09-12 23:13 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-30 10:58 - 2014-09-12 23:03 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-29 15:40 - 2014-08-29 15:41 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-29 12:49 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-29 12:49 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-29 12:49 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-21 10:54 - 2014-09-10 21:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-08-21 10:54 - 2014-08-21 11:09 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-18 00:42 - 2014-09-18 00:41 - 00013338 _____ () C:\Users\Ich\Downloads\FRST.txt

2014-09-18 00:41 - 2014-09-14 16:05 - 00000000 ____D () C:\FRST

2014-09-18 00:40 - 2014-09-17 20:15 - 00001475 _____ () C:\Windows\setupact.log

2014-09-18 00:40 - 2014-01-24 01:28 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-18 00:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-18 00:38 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-18 00:38 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-18 00:35 - 2014-01-23 23:27 - 01092277 _____ () C:\Windows\WindowsUpdate.log

2014-09-18 00:32 - 2014-08-09 16:10 - 00007643 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg

2014-09-18 00:28 - 2014-01-24 02:00 - 00684944 _____ () C:\Windows\system32\perfh007.dat

2014-09-18 00:28 - 2014-01-24 02:00 - 00144812 _____ () C:\Windows\system32\perfc007.dat

2014-09-18 00:28 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-18 00:23 - 2014-09-17 21:25 - 00003436 _____ () C:\Windows\PFRO.log

2014-09-18 00:20 - 2014-09-14 16:39 - 00000000 ____D () C:\ProgramData\TEMP

2014-09-18 00:18 - 2014-09-18 00:18 - 00001083 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk

2014-09-18 00:18 - 2014-09-18 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

2014-09-18 00:18 - 2014-09-14 16:39 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster

2014-09-18 00:07 - 2014-01-24 14:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-17 23:24 - 2014-09-17 23:23 - 04095448 _____ (BrightFort LLC ) C:\Users\Ich\Downloads\spywareblastersetup50(1).exe

2014-09-17 23:10 - 2014-09-17 23:10 - 00929768 _____ (Focusrite Audio Engineering Limited. ) C:\Users\Ich\Downloads\focusrite-usb-2-driver-2.5.1(1).exe

2014-09-17 22:52 - 2014-09-05 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-17 22:24 - 2014-09-17 22:24 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys

2014-09-17 21:51 - 2014-09-17 21:43 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Bitdefender

2014-09-17 21:49 - 2014-09-17 21:49 - 00621747 _____ () C:\ProgramData\1410982583.bdinstall.bin

2014-09-17 21:45 - 2014-09-17 21:45 - 00002126 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security 2015.lnk

2014-09-17 21:45 - 2014-09-17 21:45 - 00000684 ____H () C:\bdr-cf01

2014-09-17 21:45 - 2014-09-17 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015

2014-09-17 21:45 - 2014-09-17 21:43 - 00253404 ____H () C:\bdr-ld01

2014-09-17 21:45 - 2014-09-17 21:43 - 00009216 ____H () C:\bdr-ld01.mbr

2014-09-17 21:45 - 2014-01-24 02:11 - 00000000 ____D () C:\ProgramData\Bitdefender

2014-09-17 21:36 - 2014-09-17 21:36 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender

2014-09-17 21:36 - 2014-01-24 02:11 - 00000000 ____D () C:\Program Files\Bitdefender

2014-09-17 21:04 - 2014-09-14 16:06 - 00032056 _____ () C:\Users\Ich\Desktop\Addition.txt

2014-09-17 21:04 - 2014-09-14 16:05 - 00052974 _____ () C:\Users\Ich\Desktop\FRST.txt

2014-09-17 20:40 - 2014-09-17 20:40 - 00854417 _____ () C:\Users\Ich\Downloads\SecurityCheck.exe

2014-09-17 20:15 - 2014-09-17 20:15 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-17 20:05 - 2014-05-02 12:11 - 00000000 ____D () C:\Users\Ich\Documents\Citavi 4

2014-09-17 19:43 - 2014-09-17 19:43 - 00000000 ____D () C:\Users\Ich\AppData\Local\Secunia PSI

2014-09-17 19:23 - 2014-09-17 19:23 - 00000000 ____D () C:\Program Files (x86)\Secunia

2014-09-17 19:19 - 2014-09-17 19:18 - 05329480 _____ (Secunia) C:\Users\Ich\Downloads\PSISetup_3.0.0.9016.exe

2014-09-17 18:47 - 2014-09-17 18:47 - 00000000 ____D () C:\Users\Ich\Documents\Ccleaner-Änderungen

2014-09-16 21:37 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Offline Web Pages

2014-09-16 21:15 - 2014-09-16 21:15 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll

2014-09-16 20:21 - 2014-01-24 14:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-09-16 20:09 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe

2014-09-16 00:19 - 2014-08-12 00:05 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige

2014-09-16 00:10 - 2014-09-16 00:10 - 02849160 _____ () C:\Users\Ich\Downloads\bitdefender_isecurity.exe

2014-09-16 00:04 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\encyclios

2014-09-15 21:40 - 2014-05-25 18:14 - 00000000 ____D () C:\Users\Ich\AppData\Local\PokerStars.EU

2014-09-14 16:57 - 2014-04-15 22:49 - 00000000 ____D () C:\Users\Ich\AppData\Temp

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\WinPatrol

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\ProgramData\InstallMate

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\Program Files (x86)\Ruiware

2014-09-14 16:51 - 2014-09-14 16:51 - 00000000 ____D () C:\Users\Ich\Downloads\Neuer Ordner

2014-09-14 16:39 - 2014-09-14 16:39 - 00000000 ____D () C:\ProgramData\Licenses

2014-09-14 16:30 - 2014-09-14 16:30 - 00000614 _____ () C:\Users\Ich\Desktop\Fehler.txt

2014-09-14 16:05 - 2014-09-14 16:04 - 02105856 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe

2014-09-14 15:28 - 2014-09-14 15:28 - 00448512 _____ (OldTimer Tools) C:\Users\Ich\Downloads\TFC.exe

2014-09-14 15:19 - 2014-09-14 15:19 - 04095448 _____ (BrightFort LLC ) C:\Users\Ich\Downloads\spywareblastersetup50.exe

2014-09-14 15:18 - 2014-09-14 15:18 - 01156136 _____ (Ruiware) C:\Users\Ich\Downloads\wpsetup.exe

2014-09-14 15:09 - 2014-09-14 15:09 - 00001578 _____ () C:\Users\Ich\Desktop\DelFix.txt

2014-09-14 15:08 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT

2014-09-13 15:27 - 2014-01-24 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-13 12:01 - 2014-09-13 12:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-12 23:16 - 2014-01-24 14:55 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-09-12 23:16 - 2014-01-24 01:15 - 00003524 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask

2014-09-12 23:15 - 2014-01-25 00:39 - 00003490 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Mine-Ich

2014-09-12 23:15 - 2014-01-24 14:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-12 23:13 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-09-12 23:03 - 2014-08-30 10:58 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-12 23:03 - 2009-07-14 09:13 - 00000000 ____D () C:\Windows\CSC

2014-09-12 23:00 - 2009-07-14 04:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\HOSTS.MVP

2014-09-12 23:00 - 2009-07-14 04:34 - 00000514 _____ () C:\Windows\win.ini

2014-09-12 22:36 - 2014-09-12 22:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MINE-Microsoft-Windows-7-Enterprise-(64-bit).dat

2014-09-12 22:36 - 2014-09-12 22:36 - 00000000 ____D () C:\RegBackup

2014-09-12 21:47 - 2014-09-12 21:47 - 00002163 _____ () C:\Users\Ich\Desktop\Tweaking.com - Windows Repair (All in One).lnk

2014-09-12 21:47 - 2014-09-12 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2014-09-12 21:47 - 2014-09-12 21:47 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com

2014-09-12 21:39 - 2014-09-12 21:38 - 09526552 _____ () C:\Users\Ich\Downloads\tweaking.com_windows_repair_aio_setup.exe

2014-09-12 13:20 - 2014-09-12 13:20 - 00000000 ____D () C:\Users\Ich\AppData\Local\Apps\2.0

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe Mini Bridge CS5.1

2014-09-11 11:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-09-10 23:13 - 2014-09-08 22:16 - 00000000 ____D () C:\Users\Ich\Desktop\Log2

2014-09-10 21:22 - 2014-08-21 10:54 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-09-10 21:21 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-09-10 18:27 - 2014-01-24 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-10 18:26 - 2014-01-24 04:10 - 01589404 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-10 18:25 - 2014-01-24 00:31 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-10 18:20 - 2014-01-24 00:31 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-10 18:17 - 2014-05-24 15:28 - 00000000 ____D () C:\ProgramData\Oracle

2014-09-10 18:14 - 2014-09-10 18:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00000000 ____D () C:\Program Files (x86)\Java

2014-09-09 22:07 - 2014-01-24 14:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-09 22:07 - 2014-01-24 14:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan

2014-09-08 22:27 - 2014-09-08 22:26 - 00000085 _____ () C:\Windows\wininit.ini

2014-09-08 22:27 - 2014-09-05 17:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-08 00:51 - 2009-07-14 07:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-09-07 21:44 - 2014-01-23 23:35 - 00000000 ____D () C:\Users\Ich

2014-09-07 20:22 - 2014-09-07 20:09 - 00000000 ____D () C:\Windows\erdnt

2014-09-07 20:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-09-07 20:21 - 2009-07-14 04:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_417

2014-09-06 23:35 - 2014-09-06 23:26 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:54 - 2014-09-02 21:22 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-06 14:54 - 2014-09-02 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-06 14:54 - 2014-09-02 21:21 - 00000000 ____D () C:\ProgramData\Skype

2014-09-06 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-06 11:44 - 2014-01-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-09-06 10:14 - 2014-09-05 13:43 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 17:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-04 17:28 - 2014-01-24 13:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe

2014-09-04 16:36 - 2014-05-24 10:53 - 00000000 ____D () C:\Users\Ich\Documents\mega_cache_6140226

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-03 00:08 - 2014-07-06 17:25 - 00000000 ____D () C:\Users\Ich\Documents\psynetic-gifx

2014-09-02 23:55 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-08-30 00:38 - 2014-01-24 14:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-08-30 00:38 - 2014-01-24 14:55 - 00000000 ____D () C:\Program Files\CCleaner

2014-08-29 22:21 - 2014-05-25 18:14 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU

2014-08-29 16:13 - 2014-05-23 20:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA_Global

2014-08-29 15:41 - 2014-08-29 15:40 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-23 04:07 - 2014-08-29 12:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 03:45 - 2014-08-29 12:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-23 02:59 - 2014-08-29 12:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 11:19 - 2014-06-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-21 11:09 - 2014-08-21 10:54 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-08-19 20:05 - 2014-09-10 18:27 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-19 19:39 - 2014-09-10 18:27 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-19 01:01 - 2014-09-10 18:27 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-19 00:29 - 2014-09-10 18:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-19 00:29 - 2014-09-10 18:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-19 00:26 - 2014-09-10 18:27 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-19 00:20 - 2014-09-10 18:27 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-19 00:19 - 2014-09-10 18:27 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-19 00:15 - 2014-09-10 18:27 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-19 00:15 - 2014-09-10 18:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-19 00:14 - 2014-09-10 18:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-19 00:14 - 2014-09-10 18:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-19 00:08 - 2014-09-10 18:27 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-19 00:08 - 2014-09-10 18:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-19 00:08 - 2014-09-10 18:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-19 00:05 - 2014-09-10 18:27 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-19 00:03 - 2014-09-10 18:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-19 00:03 - 2014-09-10 18:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-19 00:03 - 2014-09-10 18:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-09-06 18:40
 

==================== End Of Log ============================

--- --- ---

Vielen Dank nochmal für die Hilfe und Grüße

schrauber

19.09.2014 08:28

Dann jetzt Delfix laufen lassen und alles is gut :)

Don_Jascha

20.09.2014 12:14

Hallo,

hab Delfix laufen lassen, aber der Eintrag: "catchme; \??\C:\ComboFix\catchme.sys [X]" ist noch da (gelistet unter Drivers im FRST-Log)..

Delfix-Log:

Code:

# DelFix v10.8 - Logfile created 19/09/2014 at 22:33:10

# Updated 29/07/2014 by Xplode

# Username : Ich - MINE

# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
 

~ Activating UAC ... OK
 

~ Removing disinfection tools ...
 

Deleted : C:\FRST

Deleted : C:\Users\Ich\Desktop\Addition.txt

Deleted : C:\Users\Ich\Desktop\FRST.txt

Deleted : C:\Users\Ich\Downloads\Addition.txt

Deleted : C:\Users\Ich\Downloads\Fixlog.txt

Deleted : C:\Users\Ich\Downloads\FRST.txt

Deleted : C:\Users\Ich\Downloads\FRST64.exe

Deleted : C:\Users\Ich\Downloads\SecurityCheck.exe

Deleted : C:\Users\Ich\Downloads\TFC.exe
 

~ Creating registry backup ... OK
 

~ Cleaning system restore ...
 

Deleted : RP #65 [End of disinfection | 09/14/2014 13:08:42]

Deleted : RP #66 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 | 09/18/2014 17:38:04]

Deleted : RP #67 [Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 | 09/18/2014 17:38:56]
 

New restore point created !
 

~ Resetting system settings ... OK
 

########## - EOF - ##########

FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014

Ran by Ich (administrator) on MINE on 19-09-2014 22:48:40

Running from C:\Users\Ich\Downloads

Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Englisch (USA)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe

(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1580360 2014-08-20] (Bitdefender)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"

HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard

HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"

HKU\S-1-5-21-1268206590-3093409484-1136636918-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)

HKU\S-1-5-21-1268206590-3093409484-1136636918-1001\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [815088 2014-08-14] (Bitdefender)

ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll (Bitdefender)

Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll (Bitdefender)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default

FF Homepage: about:home

FF NetworkProxy: "no_proxies_on", ""

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: YouTube Unblocker - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-01]

FF Extension: WOT - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-14]

FF Extension: Deutsch (DE) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: English (GB) Language Pack - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-08-24]

FF Extension: Adblock Plus - C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\quh1ckxf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-24]

FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-09-17]

FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman

FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-05-02]

FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff

FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-09-17]

FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
 

Chrome: 

=======
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [77632 2014-08-08] (Bitdefender)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-08-08] (Bitdefender)

R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1513952 2014-08-11] (Bitdefender)

S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1260120 2014-05-16] (BitDefender)

R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-05-16] (BitDefender)

R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-11-13] (BitDefender LLC)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)

S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)

S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-04] (BitDefender SRL)

R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)

R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [419616 2014-07-02] (BitDefender S.R.L.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-19 22:48 - 2014-09-19 22:49 - 00013896 _____ () C:\Users\Ich\Downloads\FRST.txt

2014-09-19 22:48 - 2014-09-19 22:48 - 02105856 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe

2014-09-19 22:48 - 2014-09-19 22:48 - 00000000 ____D () C:\FRST

2014-09-19 22:34 - 2014-09-19 22:34 - 00001069 _____ () C:\Users\Ich\Desktop\DelFix.txt

2014-09-19 22:33 - 2014-09-19 22:33 - 00001069 _____ () C:\DelFix.txt

2014-09-19 22:30 - 2014-09-19 22:30 - 00709564 _____ () C:\Users\Ich\Downloads\delfix_10.8.exe

2014-09-19 21:10 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2014-09-19 21:10 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2014-09-19 10:50 - 2014-09-19 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-18 19:38 - 2014-09-18 19:39 - 00000000 ____D () C:\ProgramData\Package Cache

2014-09-18 19:38 - 2014-09-18 19:38 - 00001313 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk

2014-09-18 19:38 - 2014-09-18 19:38 - 00001301 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk

2014-09-18 19:24 - 2014-09-18 19:25 - 65741256 _____ (Adobe Systems Incorporated) C:\Users\Ich\Downloads\ApplicationManager8.0_all.exe

2014-09-18 00:18 - 2014-09-18 00:18 - 00001083 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk

2014-09-18 00:18 - 2014-09-18 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

2014-09-17 22:24 - 2014-09-17 22:24 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys

2014-09-17 21:49 - 2014-09-17 21:49 - 00621747 _____ () C:\ProgramData\1410982583.bdinstall.bin

2014-09-17 21:45 - 2014-09-17 21:45 - 00002126 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security 2015.lnk

2014-09-17 21:45 - 2014-09-17 21:45 - 00000684 ____H () C:\bdr-cf01

2014-09-17 21:45 - 2014-09-17 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015

2014-09-17 21:45 - 2014-05-16 13:04 - 00647752 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys

2014-09-17 21:45 - 2014-05-16 13:01 - 01260120 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2014-09-17 21:45 - 2013-11-13 15:41 - 00093600 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys

2014-09-17 21:45 - 2013-11-04 15:47 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys

2014-09-17 21:43 - 2014-09-17 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Bitdefender

2014-09-17 21:43 - 2014-09-17 21:45 - 00253404 ____H () C:\bdr-ld01

2014-09-17 21:43 - 2014-09-17 21:45 - 00009216 ____H () C:\bdr-ld01.mbr

2014-09-17 21:43 - 2014-07-04 17:49 - 49563064 ____H () C:\bdr-im01.gz

2014-09-17 21:43 - 2013-08-13 13:38 - 03271472 ____H () C:\bdr-bz01

2014-09-17 21:36 - 2014-09-17 21:36 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender

2014-09-17 21:36 - 2014-07-02 17:47 - 00419616 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys

2014-09-17 21:36 - 2013-08-23 13:48 - 00150256 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys

2014-09-17 21:25 - 2014-09-18 00:23 - 00003436 _____ () C:\Windows\PFRO.log

2014-09-17 20:15 - 2014-09-19 22:36 - 00002194 _____ () C:\Windows\setupact.log

2014-09-17 20:15 - 2014-09-17 20:15 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-17 19:43 - 2014-09-17 19:43 - 00000000 ____D () C:\Users\Ich\AppData\Local\Secunia PSI

2014-09-17 19:23 - 2014-09-17 19:23 - 00000000 ____D () C:\Program Files (x86)\Secunia

2014-09-17 19:18 - 2014-09-17 19:19 - 05329480 _____ (Secunia) C:\Users\Ich\Downloads\PSISetup_3.0.0.9016.exe

2014-09-17 18:47 - 2014-09-17 18:47 - 00000000 ____D () C:\Users\Ich\Documents\Ccleaner-Änderungen

2014-09-16 21:15 - 2014-09-16 21:15 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll

2014-09-16 00:10 - 2014-09-16 00:10 - 02849160 _____ () C:\Users\Ich\Downloads\bitdefender_isecurity.exe

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\WinPatrol

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\ProgramData\InstallMate

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\Program Files (x86)\Ruiware

2014-09-14 16:51 - 2014-09-14 16:51 - 00000000 ____D () C:\Users\Ich\Downloads\Neuer Ordner

2014-09-14 16:39 - 2014-09-18 00:20 - 00000000 ____D () C:\ProgramData\TEMP

2014-09-14 16:39 - 2014-09-18 00:18 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster

2014-09-14 16:39 - 2014-09-14 16:39 - 00000000 ____D () C:\ProgramData\Licenses

2014-09-14 16:39 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL

2014-09-14 15:19 - 2014-09-14 15:19 - 04095448 _____ (BrightFort LLC ) C:\Users\Ich\Downloads\spywareblastersetup50.exe

2014-09-14 15:18 - 2014-09-14 15:18 - 01156136 _____ (Ruiware) C:\Users\Ich\Downloads\wpsetup.exe

2014-09-12 22:36 - 2014-09-12 22:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MINE-Microsoft-Windows-7-Enterprise-(64-bit).dat

2014-09-12 22:36 - 2014-09-12 22:36 - 00000000 ____D () C:\RegBackup

2014-09-12 21:47 - 2014-09-12 21:47 - 00002163 _____ () C:\Users\Ich\Desktop\Tweaking.com - Windows Repair (All in One).lnk

2014-09-12 21:47 - 2014-09-12 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2014-09-12 21:47 - 2014-09-12 21:47 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com

2014-09-12 21:38 - 2014-09-12 21:39 - 09526552 _____ () C:\Users\Ich\Downloads\tweaking.com_windows_repair_aio_setup.exe

2014-09-12 13:20 - 2014-09-12 13:20 - 00000000 ____D () C:\Users\Ich\AppData\Local\Apps\2.0

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe Mini Bridge CS5.1

2014-09-10 18:27 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-09-10 18:27 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-09-10 18:27 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-09-10 18:27 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-09-10 18:27 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-09-10 18:27 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-09-10 18:27 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-09-10 18:27 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-09-10 18:27 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-09-10 18:27 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-09-10 18:27 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-09-10 18:27 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-09-10 18:27 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-09-10 18:27 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-09-10 18:27 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-09-10 18:27 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-09-10 18:27 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-09-10 18:27 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-09-10 18:27 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-09-10 18:27 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-09-10 18:27 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-09-10 18:27 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-09-10 18:27 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-09-10 18:27 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-09-10 18:27 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-09-10 18:27 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-09-10 18:27 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-09-10 18:27 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-09-10 18:27 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-09-10 18:27 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-09-10 18:27 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-09-10 18:27 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-09-10 18:27 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-09-10 18:27 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-09-10 18:27 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-09-10 18:27 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-09-10 18:27 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-09-10 18:27 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-10 18:27 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-09-10 18:27 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-09-10 18:27 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-09-10 18:27 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-09-10 18:27 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-09-10 18:27 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-09-10 18:27 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-09-10 18:27 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-09-10 18:27 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-09-10 18:27 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-09-10 18:27 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-09-10 18:27 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-09-10 18:27 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-09-10 18:27 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-09-10 18:21 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll

2014-09-10 18:21 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll

2014-09-10 18:20 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-09-10 18:20 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-09-10 18:20 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-09-10 18:20 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-09-10 18:20 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-09-10 18:20 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll

2014-09-10 18:20 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll

2014-09-10 18:20 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-09-10 18:20 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00000000 ____D () C:\Program Files (x86)\Java

2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan

2014-09-08 22:26 - 2014-09-08 22:27 - 00000085 _____ () C:\Windows\wininit.ini

2014-09-08 22:16 - 2014-09-18 20:04 - 00000000 ____D () C:\Users\Ich\Desktop\Log2

2014-09-08 21:37 - 2014-09-14 15:08 - 00000000 ____D () C:\Windows\ERUNT

2014-09-07 20:09 - 2014-09-07 20:22 - 00000000 ____D () C:\Windows\erdnt

2014-09-06 23:26 - 2014-09-06 23:35 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 17:56 - 2014-09-08 22:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-05 17:18 - 2014-09-19 16:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-05 17:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-05 17:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-09-05 17:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-09-05 13:43 - 2014-09-06 10:14 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-02 21:22 - 2014-09-06 14:54 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-02 21:22 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-02 21:22 - 2014-09-02 23:55 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-09-02 21:21 - 2014-09-06 14:54 - 00000000 ____D () C:\ProgramData\Skype

2014-08-30 12:42 - 2014-09-12 23:13 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-08-30 10:58 - 2014-09-12 23:03 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-29 15:40 - 2014-08-29 15:41 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-29 12:49 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-29 12:49 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-29 12:49 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-21 10:54 - 2014-09-10 21:22 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-08-21 10:54 - 2014-08-21 11:09 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-09-19 22:49 - 2014-09-19 22:48 - 00013896 _____ () C:\Users\Ich\Downloads\FRST.txt

2014-09-19 22:48 - 2014-09-19 22:48 - 02105856 _____ (Farbar) C:\Users\Ich\Downloads\FRST64.exe

2014-09-19 22:48 - 2014-09-19 22:48 - 00000000 ____D () C:\FRST

2014-09-19 22:43 - 2014-01-23 23:27 - 01260179 _____ () C:\Windows\WindowsUpdate.log

2014-09-19 22:41 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-19 22:41 - 2009-07-14 06:45 - 00016448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-19 22:40 - 2014-01-24 02:00 - 00684944 _____ () C:\Windows\system32\perfh007.dat

2014-09-19 22:40 - 2014-01-24 02:00 - 00144812 _____ () C:\Windows\system32\perfc007.dat

2014-09-19 22:40 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-19 22:36 - 2014-09-17 20:15 - 00002194 _____ () C:\Windows\setupact.log

2014-09-19 22:36 - 2014-01-24 01:28 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-19 22:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-19 22:35 - 2014-01-24 02:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-09-19 22:34 - 2014-09-19 22:34 - 00001069 _____ () C:\Users\Ich\Desktop\DelFix.txt

2014-09-19 22:33 - 2014-09-19 22:33 - 00001069 _____ () C:\DelFix.txt

2014-09-19 22:30 - 2014-09-19 22:30 - 00709564 _____ () C:\Users\Ich\Downloads\delfix_10.8.exe

2014-09-19 22:07 - 2014-01-24 14:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-19 16:43 - 2014-09-05 17:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-19 13:01 - 2014-05-02 12:11 - 00000000 ____D () C:\Users\Ich\Documents\Citavi 4

2014-09-19 10:50 - 2014-09-19 10:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-09-19 02:00 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\Ich\AppData\Local\Adobe

2014-09-19 00:00 - 2014-05-25 18:14 - 00000000 ____D () C:\Users\Ich\AppData\Local\PokerStars.EU

2014-09-18 20:04 - 2014-09-08 22:16 - 00000000 ____D () C:\Users\Ich\Desktop\Log2

2014-09-18 19:39 - 2014-09-18 19:38 - 00000000 ____D () C:\ProgramData\Package Cache

2014-09-18 19:38 - 2014-09-18 19:38 - 00001313 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk

2014-09-18 19:38 - 2014-09-18 19:38 - 00001301 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk

2014-09-18 19:25 - 2014-09-18 19:24 - 65741256 _____ (Adobe Systems Incorporated) C:\Users\Ich\Downloads\ApplicationManager8.0_all.exe

2014-09-18 00:32 - 2014-08-09 16:10 - 00007643 _____ () C:\Users\Ich\AppData\Local\Resmon.ResmonCfg

2014-09-18 00:23 - 2014-09-17 21:25 - 00003436 _____ () C:\Windows\PFRO.log

2014-09-18 00:20 - 2014-09-14 16:39 - 00000000 ____D () C:\ProgramData\TEMP

2014-09-18 00:18 - 2014-09-18 00:18 - 00001083 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk

2014-09-18 00:18 - 2014-09-18 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster

2014-09-18 00:18 - 2014-09-14 16:39 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster

2014-09-17 22:24 - 2014-09-17 22:24 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys

2014-09-17 21:51 - 2014-09-17 21:43 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Bitdefender

2014-09-17 21:49 - 2014-09-17 21:49 - 00621747 _____ () C:\ProgramData\1410982583.bdinstall.bin

2014-09-17 21:45 - 2014-09-17 21:45 - 00002126 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security 2015.lnk

2014-09-17 21:45 - 2014-09-17 21:45 - 00000684 ____H () C:\bdr-cf01

2014-09-17 21:45 - 2014-09-17 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015

2014-09-17 21:45 - 2014-09-17 21:43 - 00253404 ____H () C:\bdr-ld01

2014-09-17 21:45 - 2014-09-17 21:43 - 00009216 ____H () C:\bdr-ld01.mbr

2014-09-17 21:45 - 2014-01-24 02:11 - 00000000 ____D () C:\ProgramData\Bitdefender

2014-09-17 21:36 - 2014-09-17 21:36 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender

2014-09-17 21:36 - 2014-01-24 02:11 - 00000000 ____D () C:\Program Files\Bitdefender

2014-09-17 20:15 - 2014-09-17 20:15 - 00000000 _____ () C:\Windows\setuperr.log

2014-09-17 19:43 - 2014-09-17 19:43 - 00000000 ____D () C:\Users\Ich\AppData\Local\Secunia PSI

2014-09-17 19:23 - 2014-09-17 19:23 - 00000000 ____D () C:\Program Files (x86)\Secunia

2014-09-17 19:19 - 2014-09-17 19:18 - 05329480 _____ (Secunia) C:\Users\Ich\Downloads\PSISetup_3.0.0.9016.exe

2014-09-17 18:47 - 2014-09-17 18:47 - 00000000 ____D () C:\Users\Ich\Documents\Ccleaner-Änderungen

2014-09-16 21:37 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Offline Web Pages

2014-09-16 21:15 - 2014-09-16 21:15 - 00074512 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll

2014-09-16 20:21 - 2014-01-24 14:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-09-16 00:19 - 2014-08-12 00:05 - 00000000 ____D () C:\Windows\System32\Tasks\Aufgaben der Ereignisanzeige

2014-09-16 00:10 - 2014-09-16 00:10 - 02849160 _____ () C:\Users\Ich\Downloads\bitdefender_isecurity.exe

2014-09-16 00:04 - 2014-08-12 19:52 - 00000000 ____D () C:\Users\Ich\encyclios

2014-09-14 16:57 - 2014-04-15 22:49 - 00000000 ____D () C:\Users\Ich\AppData\Temp

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\WinPatrol

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\ProgramData\InstallMate

2014-09-14 16:53 - 2014-09-14 16:53 - 00000000 ____D () C:\Program Files (x86)\Ruiware

2014-09-14 16:51 - 2014-09-14 16:51 - 00000000 ____D () C:\Users\Ich\Downloads\Neuer Ordner

2014-09-14 16:39 - 2014-09-14 16:39 - 00000000 ____D () C:\ProgramData\Licenses

2014-09-14 15:19 - 2014-09-14 15:19 - 04095448 _____ (BrightFort LLC ) C:\Users\Ich\Downloads\spywareblastersetup50.exe

2014-09-14 15:18 - 2014-09-14 15:18 - 01156136 _____ (Ruiware) C:\Users\Ich\Downloads\wpsetup.exe

2014-09-14 15:08 - 2014-09-08 21:37 - 00000000 ____D () C:\Windows\ERUNT

2014-09-12 23:16 - 2014-01-24 14:55 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-09-12 23:16 - 2014-01-24 01:15 - 00003524 _____ () C:\Windows\System32\Tasks\CreateChoiceProcessTask

2014-09-12 23:15 - 2014-01-25 00:39 - 00003490 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Mine-Ich

2014-09-12 23:15 - 2014-01-24 14:57 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-09-12 23:13 - 2014-08-30 12:42 - 00109280 _____ () C:\Users\Ich\AppData\Local\GDIPFONTCACHEV1.DAT

2014-09-12 23:03 - 2014-08-30 10:58 - 04966568 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-09-12 23:03 - 2009-07-14 09:13 - 00000000 ____D () C:\Windows\CSC

2014-09-12 23:00 - 2009-07-14 04:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\HOSTS.MVP

2014-09-12 23:00 - 2009-07-14 04:34 - 00000514 _____ () C:\Windows\win.ini

2014-09-12 22:36 - 2014-09-12 22:36 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MINE-Microsoft-Windows-7-Enterprise-(64-bit).dat

2014-09-12 22:36 - 2014-09-12 22:36 - 00000000 ____D () C:\RegBackup

2014-09-12 21:47 - 2014-09-12 21:47 - 00002163 _____ () C:\Users\Ich\Desktop\Tweaking.com - Windows Repair (All in One).lnk

2014-09-12 21:47 - 2014-09-12 21:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2014-09-12 21:47 - 2014-09-12 21:47 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com

2014-09-12 21:39 - 2014-09-12 21:38 - 09526552 _____ () C:\Users\Ich\Downloads\tweaking.com_windows_repair_aio_setup.exe

2014-09-12 13:20 - 2014-09-12 13:20 - 00000000 ____D () C:\Users\Ich\AppData\Local\Apps\2.0

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

2014-09-11 16:50 - 2014-09-11 16:50 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe Mini Bridge CS5.1

2014-09-11 11:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-09-10 21:22 - 2014-08-21 10:54 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-09-10 21:21 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-09-10 18:27 - 2014-01-24 13:44 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-09-10 18:26 - 2014-01-24 04:10 - 01589404 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-09-10 18:25 - 2014-01-24 00:31 - 00000000 ____D () C:\Windows\system32\MRT

2014-09-10 18:20 - 2014-01-24 00:31 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-09-10 18:17 - 2014-05-24 15:28 - 00000000 ____D () C:\ProgramData\Oracle

2014-09-10 18:14 - 2014-09-10 18:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-09-10 18:14 - 2014-09-10 18:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-09-10 18:14 - 2014-09-10 18:14 - 00000000 ____D () C:\Program Files (x86)\Java

2014-09-09 22:07 - 2014-01-24 14:57 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-09-09 22:07 - 2014-01-24 14:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-09-09 00:05 - 2014-09-09 00:05 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\QuickScan

2014-09-08 22:27 - 2014-09-08 22:26 - 00000085 _____ () C:\Windows\wininit.ini

2014-09-08 22:27 - 2014-09-05 17:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-09-08 00:51 - 2009-07-14 07:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-09-07 21:44 - 2014-01-23 23:35 - 00000000 ____D () C:\Users\Ich

2014-09-07 20:22 - 2014-09-07 20:09 - 00000000 ____D () C:\Windows\erdnt

2014-09-07 20:22 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-09-07 20:21 - 2009-07-14 04:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_417

2014-09-06 23:35 - 2014-09-06 23:26 - 00000000 ____D () C:\Windows\Minidump

2014-09-06 19:45 - 2014-09-06 19:45 - 00254858 _____ () C:\Users\Ich\AppData\Local\census.cache

2014-09-06 19:45 - 2014-09-06 19:45 - 00103849 _____ () C:\Users\Ich\AppData\Local\ars.cache

2014-09-06 14:54 - 2014-09-02 21:22 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-06 14:54 - 2014-09-02 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-06 14:54 - 2014-09-02 21:21 - 00000000 ____D () C:\ProgramData\Skype

2014-09-06 14:39 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-09-06 14:15 - 2014-09-06 14:15 - 00000036 _____ () C:\Users\Ich\AppData\Local\housecall.guid.cache

2014-09-06 11:44 - 2014-01-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-09-06 10:14 - 2014-09-05 13:43 - 00001326 _____ () C:\Windows\Tasks\MQDC-job-furz

2014-09-05 18:29 - 2014-09-05 18:29 - 00000000 ____D () C:\Users\Ich\Documents\ProcAlyzer Dumps

2014-09-05 17:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat

2014-09-05 17:17 - 2014-09-05 17:17 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-05 17:17 - 2014-09-05 17:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-04 21:14 - 2014-09-19 21:10 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2014-09-04 21:14 - 2014-09-19 21:10 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2014-09-04 21:14 - 2014-01-24 15:24 - 00034976 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

2014-09-04 17:28 - 2014-01-24 13:12 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Adobe

2014-09-04 16:36 - 2014-05-24 10:53 - 00000000 ____D () C:\Users\Ich\Documents\mega_cache_6140226

2014-09-03 19:45 - 2014-09-03 19:45 - 04870145 _____ () C:\Users\Ich\Downloads\Lemmings_en.zip

2014-09-03 00:08 - 2014-07-06 17:25 - 00000000 ____D () C:\Users\Ich\Documents\psynetic-gifx

2014-09-02 23:55 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-02 21:22 - 2014-09-02 21:22 - 00000000 ____D () C:\Users\Ich\AppData\Local\Skype

2014-08-30 00:38 - 2014-01-24 14:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-08-30 00:38 - 2014-01-24 14:55 - 00000000 ____D () C:\Program Files\CCleaner

2014-08-29 22:21 - 2014-05-25 18:14 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU

2014-08-29 16:13 - 2014-05-23 20:08 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA_Global

2014-08-29 15:41 - 2014-08-29 15:40 - 06224233 _____ () C:\Users\Ich\Downloads\Kokusnu__pilz.zip

2014-08-24 21:51 - 2014-08-24 21:51 - 00000967 _____ () C:\Users\Public\Desktop\MEGA6.lnk

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Users\Ich\AppData\Roaming\MEGA6_6140226

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGA6

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageMagick 6.7.5 Q16

2014-08-24 21:51 - 2014-08-24 21:51 - 00000000 ____D () C:\Program Files (x86)\MEGA6

2014-08-23 04:07 - 2014-08-29 12:49 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 03:45 - 2014-08-29 12:49 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-23 02:59 - 2014-08-29 12:49 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-21 11:19 - 2014-06-26 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-08-21 11:09 - 2014-08-21 10:54 - 00000000 ____D () C:\ProgramData\89862a08bda44ad

2014-08-21 10:54 - 2014-08-21 10:54 - 00000000 ____D () C:\Users\Administrator

2014-08-21 10:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
 

Some content of TEMP:

====================

C:\Users\Ich\AppData\Local\Temp\AdobeApplicationManager.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-09-18 12:32
 

==================== End Of Log ============================

--- --- ---

Viele Grüße und ein angenehmes Wochenende

schrauber

21.09.2014 09:30

Is nit wild, aber fixen wir ihn eben :)

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Don_Jascha

21.09.2014 10:16

Hallo,

Vielen Dank und hier der Fixlog:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014

Ran by Ich at 2014-09-21 11:10:12 Run:1

Running from C:\Users\Ich\Downloads

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

*****************
 

catchme => Service deleted successfully.
 

==== End of Fixlog ====

Viele Grüße und noch einen schönen Sonntag!

schrauber

22.09.2014 07:33

fertig :)

Don_Jascha

23.09.2014 12:21

Ok,

dann vielen Dank nochmal und viele Grüße

schrauber

24.09.2014 10:29

Gern Geschehen :)

Alle Zeitangaben in WEZ +1. Es ist jetzt 08:01 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131