Hilfe4321 | 19.09.2014 14:27 | Hey,
hier sind die geforderten Log-Dateien.
Gruß Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 19.09.2014
Suchlauf-Zeit: 14:02:06
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.09.19.03
Rootkit Datenbank: v2014.09.18.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: pc
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 322811
Verstrichene Zeit: 13 Min, 1 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 36
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3981403820-1071516951-1015314759-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [fc8324cb9dde2e083fa272169c666d93],
PUP.Optional.Astromenda, HKU\S-1-5-21-3981403820-1071516951-1015314759-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, In Quarantäne, [512e67884536201617c9f7907f838b75],
PUP.Optional.Astromenda, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, In Quarantäne, [512e67884536201617c9f7907f838b75],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}, In Quarantäne, [d1aed11e5f1ce1559418b013788af907],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\TypeLib\{105F25A9-C42F-48A6-998D-0494E8AE336A}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6D3C9858-2674-46E1-9112-107340758481}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{909112FE-C4A2-4990-A499-E58867D55B15}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B618C19D-A418-4586-80C6-09DBDA9C748E}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B68B00A0-95B9-4162-BA45-7A1113317DA9}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E413D78F-283C-45F1-9992-8EF7D55A4933}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4B62762D-AA67-4312-A5BF-91BCB7A4720A}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{506DD7C6-B05D-43CE-81FF-AA05E11DBDFD}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6D3C9858-2674-46E1-9112-107340758481}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{79C9FA6C-352A-49BA-89BA-85077BC35DC3}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{909112FE-C4A2-4990-A499-E58867D55B15}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BEEB5A2-8B02-465A-904D-FE5A447F59EB}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B618C19D-A418-4586-80C6-09DBDA9C748E}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B68B00A0-95B9-4162-BA45-7A1113317DA9}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BFE45A8B-650C-4E99-A3F4-CC6A2874893B}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E413D78F-283C-45F1-9992-8EF7D55A4933}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E7C2FDF1-1635-41B4-8207-C1684B6807D7}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F9F5A267-FA5A-4CA3-8BE5-4C1EEAD01011}, In Quarantäne, [1d6209e67efdee48dfcdc4ffe1218c74],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{105F25A9-C42F-48A6-998D-0494E8AE336A}, In Quarantäne, [304f5b946714191de7c5467dd131728e],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [0a75836c7ffc72c4f7f63141a95b10f0],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [3649b43b4a311d19a8447df50ff5b64a],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\BONANZADEALS, In Quarantäne, [8df2fef1e299ab8b9108bb9bb54f8f71],
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, In Quarantäne, [e49b89663348999d37e2cb434ab9e11f],
PUP.Optional.FreeSoftToday.A, HKU\S-1-5-21-3981403820-1071516951-1015314759-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\freesofttoday, In Quarantäne, [4738b6397209c37389120070d62e7789],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-3981403820-1071516951-1015314759-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, In Quarantäne, [f08f4ba4146787af22d25c1530d49868],
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-3981403820-1071516951-1015314759-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BONANZADEALS, In Quarantäne, [2d52e50ae398d4622f68f6608e76a45c],
Registrierungswerte: 5
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{00078E95-3A4A-4137-8DE7-2824908D1C17}, In Quarantäne, [ef9049a6f38837ffbded41821be7f30d],
PUP.Optional.SearchGolTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{00078E95-3A4A-4137-8DE7-2824908D1C17}, searchgol Toolbar, In Quarantäne, [ef9049a6f38837ffbded41821be7f30d]
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\BONANZADEALS|ChromeCrxPath, C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx, In Quarantäne, [8df2fef1e299ab8b9108bb9bb54f8f71]
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\Windows\system32\drivers\SPPD.sys, In Quarantäne, [e49b89663348999d37e2cb434ab9e11f]
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-3981403820-1071516951-1015314759-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BONANZADEALS|ChromeCrxPath, C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx, In Quarantäne, [2d52e50ae398d4622f68f6608e76a45c]
Registrierungsdaten: 2
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[b5cad619eb90aa8cc77845c0dd2831cf]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-3981403820-1071516951-1015314759-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://astromenda.com/?f=1&a=ast_aw_14_35_ff&cd=2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtB0Fzz0BzztB0Czz0E0CtN0D0Tzu0SzyyCzytN1L2XzutAtFtDtFtCtDtFyEtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyByB0BzztDtDyC0CtGyEyEyBtDtG0CzztC0BtGyB0AyD0CtGtD0C0E0C0CyCyC0A0CyEzz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyByD0CtAyC0AyCtG0D0E0A0EtGyE0FzztDtG0B0EtDyCtGtAzzyE0C0FtCyB0Ezy0D0C0A2QtN1B1L1H1Ezu1O2U1M1B&cr=831414011&ir=, Gut: (www.google.com), Schlecht: (hxxp://astromenda.com/?f=1&a=ast_aw_14_35_ff&cd=2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtB0Fzz0BzztB0Czz0E0CtN0D0Tzu0SzyyCzytN1L2XzutAtFtDtFtCtDtFyEtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyByB0BzztDtDyC0CtGyEyEyBtDtG0CzztC0BtGyB0AyD0CtGtD0C0E0C0CyCyC0A0CyEzz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyByD0CtAyC0AyCtG0D0E0A0EtGyE0FzztDtG0B0EtDyCtGtAzzyE0C0FtCyB0Ezy0D0C0A2QtN1B1L1H1Ezu1O2U1M1B&cr=831414011&ir=),Ersetzt,[88f78e61215aed49facb4fb78481a55b]
Ordner: 16
PUP.Optional.OpenCandy, C:\Users\pc\AppData\Roaming\OpenCandy, In Quarantäne, [93ec4ca3e5967db9fe8a3c991be76a96],
PUP.Optional.OpenCandy, C:\Users\pc\AppData\Roaming\OpenCandy\1175FE7C7FE94F4B909316E9D2527C23, In Quarantäne, [93ec4ca3e5967db9fe8a3c991be76a96],
PUP.Optional.OpenCandy, C:\Users\pc\AppData\Roaming\OpenCandy\140B4EF5FF2049BD92C6328EF29AD60E, In Quarantäne, [93ec4ca3e5967db9fe8a3c991be76a96],
PUP.Optional.OpenCandy, C:\Users\pc\AppData\Roaming\OpenCandy\48E56BF0595348FEA11E56F699747DF7, In Quarantäne, [93ec4ca3e5967db9fe8a3c991be76a96],
PUP.Optional.NextLive.A, C:\Users\pc\AppData\Roaming\newnext.me, In Quarantäne, [532c38b7403b3bfb4ce27463fe04e11f],
PUP.Optional.NextLive.A, C:\Users\pc\AppData\Roaming\newnext.me\cache, In Quarantäne, [532c38b7403b3bfb4ce27463fe04e11f],
PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoilcbjfkbdplcfglkiedhefcomondlk, In Quarantäne, [0f70a54adc9fa0962bf57d5c5ca68a76],
PUP.Optional.ReMarkit.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel, In Quarantäne, [651a6c830279fc3a4a522eadf50d8a76],
PUP.Optional.ReMarkit.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.150_0, In Quarantäne, [651a6c830279fc3a4a522eadf50d8a76],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit, In Quarantäne, [0a75a6490b70f0465449a63536cc3fc1],
PUP.Optional.SearchProtect.A, C:\Users\pc\AppData\Local\SearchProtect, In Quarantäne, [afd0866995e647ef99a89d4e5ba7e917],
PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aoilcbjfkbdplcfglkiedhefcomondlk, In Quarantäne, [a2ddd41b7506a88ee6bb995326dc619f],
PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_aoilcbjfkbdplcfglkiedhefcomondlk_0, In Quarantäne, [e09fbe31205b0036fda54ca0fe044cb4],
PUP.Optional.AffiliatedUpdate.A, C:\Users\pc\AppData\Roaming\AffiliatedUpdate, In Quarantäne, [b5ca549b3546c3738fc5a34d37cbc23e],
PUP.Optional.AffiliatedUpdate.A, C:\Users\pc\AppData\Roaming\AffiliatedUpdate\UpdateProc, In Quarantäne, [b5ca549b3546c3738fc5a34d37cbc23e],
PUP.Optional.Astromenda.A, C:\Users\pc\AppData\Roaming\WSE_Astromenda, In Quarantäne, [6c13c12e9ddecd6908dd807a9e647a86],
Dateien: 39
PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, In Quarantäne, [86f97a759edd37ff79ed8de46f92aa56],
PUP.Optional.NextLive.A, C:\Users\pc\AppData\Roaming\newnext.me\nengine.dll, In Quarantäne, [8df29a5590eb241238ce4a1b1fe203fd],
PUP.Optional.AdLyrics.A, C:\Program Files (x86)\Re-markit\ReMarkit_up.exe, In Quarantäne, [2659b837483339fd3f9276c7659bc739],
PUP.Optional.NextLive.A, C:\Users\pc\AppData\Local\genienext\nengine.dll, In Quarantäne, [2b544fa0e19a49ed22e483e2ea174eb2],
PUP.Optional.QuickStart.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx, In Quarantäne, [7807935cb1ca999d3e9557b0f01340c0],
PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aoilcbjfkbdplcfglkiedhefcomondlk_0.localstorage, In Quarantäne, [0877757a4d2ef1458f11b4616a990000],
PUP.Optional.ReMarkIt.A, C:\Windows\Tasks\Re-markit Update.job, In Quarantäne, [b4cbbe31accfbe785a5885a781820ef2],
PUP.Optional.NewTab.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, In Quarantäne, [9ee1c827314a3df9e90ae94bf1123cc4],
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantäne, [95eafff080fbc1752bc5dd958d77dc24],
PUP.Optional.NextLive.A, C:\Users\pc\AppData\Roaming\newnext.me\nengine.cookie, In Quarantäne, [532c38b7403b3bfb4ce27463fe04e11f],
PUP.Optional.NextLive.A, C:\Users\pc\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantäne, [532c38b7403b3bfb4ce27463fe04e11f],
PUP.Optional.ReMarkit.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.150_0\b.html, In Quarantäne, [651a6c830279fc3a4a522eadf50d8a76],
PUP.Optional.ReMarkit.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.150_0\b.js, In Quarantäne, [651a6c830279fc3a4a522eadf50d8a76],
PUP.Optional.ReMarkit.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.150_0\c.js, In Quarantäne, [651a6c830279fc3a4a522eadf50d8a76],
PUP.Optional.ReMarkit.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.150_0\icon128.png, In Quarantäne, [651a6c830279fc3a4a522eadf50d8a76],
PUP.Optional.ReMarkit.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.150_0\icon16.png, In Quarantäne, [651a6c830279fc3a4a522eadf50d8a76],
PUP.Optional.ReMarkit.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.150_0\icon48.png, In Quarantäne, [651a6c830279fc3a4a522eadf50d8a76],
PUP.Optional.ReMarkit.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.150_0\manifest.json, In Quarantäne, [651a6c830279fc3a4a522eadf50d8a76],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit\01.db, In Quarantäne, [0a75a6490b70f0465449a63536cc3fc1],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit\150.crx, In Quarantäne, [0a75a6490b70f0465449a63536cc3fc1],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit\150.dat, In Quarantäne, [0a75a6490b70f0465449a63536cc3fc1],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit\150.xpi, In Quarantäne, [0a75a6490b70f0465449a63536cc3fc1],
PUP.Optional.ReMarkIt.A, C:\Program Files (x86)\Re-markit\Sqlite3.dll, In Quarantäne, [0a75a6490b70f0465449a63536cc3fc1],
PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aoilcbjfkbdplcfglkiedhefcomondlk\000005.ldb, In Quarantäne, [a2ddd41b7506a88ee6bb995326dc619f],
PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aoilcbjfkbdplcfglkiedhefcomondlk\000008.log, In Quarantäne, [a2ddd41b7506a88ee6bb995326dc619f],
PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aoilcbjfkbdplcfglkiedhefcomondlk\CURRENT, In Quarantäne, [a2ddd41b7506a88ee6bb995326dc619f],
PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aoilcbjfkbdplcfglkiedhefcomondlk\LOCK, In Quarantäne, [a2ddd41b7506a88ee6bb995326dc619f],
PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aoilcbjfkbdplcfglkiedhefcomondlk\LOG, In Quarantäne, [a2ddd41b7506a88ee6bb995326dc619f],
PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aoilcbjfkbdplcfglkiedhefcomondlk\LOG.old, In Quarantäne, [a2ddd41b7506a88ee6bb995326dc619f],
PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aoilcbjfkbdplcfglkiedhefcomondlk\MANIFEST-000007, In Quarantäne, [a2ddd41b7506a88ee6bb995326dc619f],
PUP.Optional.CrossRider.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_aoilcbjfkbdplcfglkiedhefcomondlk_0\1, In Quarantäne, [e09fbe31205b0036fda54ca0fe044cb4],
PUP.Optional.AffiliatedUpdate.A, C:\Users\pc\AppData\Roaming\AffiliatedUpdate\UpdateProc\config.dat, In Quarantäne, [b5ca549b3546c3738fc5a34d37cbc23e],
PUP.Optional.AffiliatedUpdate.A, C:\Users\pc\AppData\Roaming\AffiliatedUpdate\UpdateProc\prod.dat, In Quarantäne, [b5ca549b3546c3738fc5a34d37cbc23e],
PUP.Optional.AffiliatedUpdate.A, C:\Users\pc\AppData\Roaming\AffiliatedUpdate\UpdateProc\UpdateTask.exe, In Quarantäne, [b5ca549b3546c3738fc5a34d37cbc23e],
PUP.Optional.Astromenda.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": ["hxxp://astromenda.com/?f=7&a=ast_aw_14_35_ff&cd=2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtB0Fzz0BzztB0Czz0E0CtN0D0Tzu0SzyyCzytN1L2XzutAtFtDtFtCtDtFyEtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyByB0BzztDtDyC0CtGyEyEyBtDtG0CzztC0BtGyB0AyD0CtGtD0C0E0C0CyCyC0A0CyEzz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyByD0CtAyC0AyCtG0D0E0A0EtGyE0FzztDtG0B0EtDyCtGtAzzyE0C0FtCyB0Ezy0D0C0A2QtN1B1L1H1Ezu1O2U1M1B&cr=831414011&ir="]), Ersetzt,[91ee1fd03c3f7abcd05f1b1c62a321df]
PUP.Optional.Astromenda.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": ["hxxp://astromenda.com/?f=1&a=ast_aw_14_35_ff&cd=2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtB0Fzz0BzztB0Czz0E0CtN0D0Tzu0SzyyCzytN1L2XzutAtFtDtFtCtDtFyEtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyByB0BzztDtDyC0CtGyEyEyBtDtG0CzztC0BtGyB0AyD0CtGtD0C0E0C0CyCyC0A0CyEzz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyByD0CtAyC0AyCtG0D0E0A0EtGyE0FzztDtG0B0EtDyCtGtAzzyE0C0FtCyB0Ezy0D0C0A2QtN1B1L1H1Ezu1O2U1M1B&cr=831414011&ir="]), Ersetzt,[dca37c73bebd290dbd7204335baa9a66]
PUP.Optional.Astromenda.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://astromenda.com/?f=1&a=ast_aw_14_35_ff&cd=2XzuyEtN2Y1L1Qzu0BzzzyyByD0AtB0Fzz0BzztB0Czz0E0CtN0D0Tzu0SzyyCzytN1L2XzutAtFtDtFtCtDtFyEtN1L1Czu0S0P0D0YtN1L1G1B1V1N2Y1L1Qzu2SyByB0BzztDtDyC0CtGyEyEyBtDtG0CzztC0BtGyB0AyD0CtGtD0C0E0C0CyCyC0A0CyEzz0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyByD0CtAyC0AyCtG0D0E0A0EtGyE0FzztDtG0B0EtDyCtGtAzzyE0C0FtCyB0Ezy0D0C0A2QtN1B1L1H1Ezu1O2U1M1B&cr=831414011&ir=",), Ersetzt,[156a747b106bc670ca66c275d13457a9]
PUP.Optional.Conduit.A, C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://search.conduit.com/?ctid=CT3317933&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP23D2458E-61C8-4DE7-A55D-09969AE12E97&SSPV=" ],), Ersetzt,[b0cf915e7ffc7cba938a4deceb1a42be]
PUP.Optional.Trovi.A, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\lwt3npvm.default-1409221247971\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M72A6F66E-BC78-480A-8F4B-7480AF7E8D13&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPB74B93B7-105F-47A3-BC11-81FF55FE8A29");), Ersetzt,[96e9905f7ffc80b6619c5addc83d42be]
Physische Sektoren: 0
(No malicious items detected)
(end) Code:
# AdwCleaner v3.310 - Bericht erstellt am 19/09/2014 um 14:39:24
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : pc - PC-PC
# Gestartet von : C:\Users\pc\Desktop\AdwCleaner_3.310.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Users\pc\AppData\Local\genienext
Ordner Gelöscht : C:\Users\pc\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Ordner Gelöscht : C:\Users\pc\Documents\Mobogenie
Datei Gelöscht : C:\Users\pc\daemonprocess.txt
Datei Gelöscht : C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\lwt3npvm.default-1409221247971\user.js
***** [ Tasks ] *****
Task Gelöscht : Desk 365 RunAsStdUser
Task Gelöscht : EPUpdater
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{43197567-e651-4b4a-85be-9700454c88b6}]
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Schlüssel Gelöscht : HKCU\Software\Classes\Applications\lollipop.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902260}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902260}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re_Markit
Schlüssel Gelöscht : HKLM\SOFTWARE\hdcode
Schlüssel Gelöscht : HKLM\SOFTWARE\IePlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v32.0.2 (x86 de)
[ Datei : C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\lwt3npvm.default-1409221247971\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M72A6F66E-BC78-480A-8F4B-7480AF7E8D13&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SPB74B93B7-105F-47A[...]
-\\ Google Chrome v37.0.2062.120
[ Datei : C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : cekcjpgehmohobmdiikfnopibipmgnml
Gelöscht [Extension] : dcpfhaghaadpjpgocojgnlhjcieeooel
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
Gelöscht [Extension] : ifohbjbgfchkkfhphahclmkpgejiplfo
Gelöscht [Extension] : pkndmigholgfjlniaohblojbhgjbkakn
*************************
AdwCleaner[R0].txt - [14602 octets] - [08/10/2013 05:22:10]
AdwCleaner[R1].txt - [9872 octets] - [17/10/2013 16:45:41]
AdwCleaner[R2].txt - [12876 octets] - [29/01/2014 19:28:37]
AdwCleaner[R3].txt - [1418 octets] - [29/01/2014 19:32:31]
AdwCleaner[R4].txt - [1417 octets] - [29/01/2014 19:35:32]
AdwCleaner[R5].txt - [7018 octets] - [19/09/2014 14:38:02]
AdwCleaner[S0].txt - [11634 octets] - [08/10/2013 05:22:45]
AdwCleaner[S1].txt - [6612 octets] - [17/10/2013 16:46:24]
AdwCleaner[S2].txt - [12527 octets] - [29/01/2014 19:29:43]
AdwCleaner[S3].txt - [1479 octets] - [29/01/2014 19:33:28]
AdwCleaner[S4].txt - [1478 octets] - [29/01/2014 19:37:40]
AdwCleaner[S5].txt - [6441 octets] - [19/09/2014 14:39:24]
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [6501 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.7 (09.18.2014:2)
OS: Windows 7 Professional x64
Ran by pc on 19.09.2014 at 14:48:53,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3981403820-1071516951-1015314759-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilWhilokii_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilWhilokii_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilWhilokii_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilWhilokii_RASMANCS
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
~~~ FireFox
Emptied folder: C:\Users\pc\AppData\Roaming\mozilla\firefox\profiles\lwt3npvm.default-1409221247971\minidumps [17 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\pc\appdata\local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.09.2014 at 14:58:30,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by pc (administrator) on PC-PC on 19-09-2014 15:16:41
Running from C:\Users\pc\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Tor\tor.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AMD) C:\Windows\SysWOW64\WinMsgBalloonServer.exe
(AMD) C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5123216 2012-06-04] (VIA)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-30] (DivX, LLC)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1702672 2014-01-21] (Simply Super Software)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-09-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} -> No File
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\lwt3npvm.default-1409221247971
FF Homepage: www-google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.0.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\pc\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll (Anvisoft)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\lwt3npvm.default-1409221247971\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-08]
FF Extension: AnviAdblock - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\AnviAdblock@anvisoft.com.xpi [2014-09-19]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-27]
Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchKeyword: Default -> awesomehp
CHR DefaultSearchProvider: Default -> awesomehp
CHR DefaultSearchURL: Default -> hxxp://www.awesomehp.com/web/?type=ds&ts=1391015635&from=tugs&uid=HitachiXHDS721050CLA360_JP1532FR2ZVLHK2ZVLHKX&q={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-16]
CHR Extension: (Google Drive) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-16]
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-16]
CHR Extension: (Google-Suche) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-16]
CHR Extension: (Google Wallet) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-16]
CHR Extension: (Mehr Leistung und Videoformate fr dein HTML5 video) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-10-16]
CHR Extension: (Google Mail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-16]
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2014-04-30]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 ASD2Svc; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe [1206504 2014-08-20] (Anvisoft)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [161016 2014-09-17] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-08-30] () [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-05-04] (VIA Technologies, Inc.)
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 asd2fsm; C:\Windows\System32\DRIVERS\asd2fsm.sys [48656 2014-08-20] (Anvisoft)
R1 Asdids; C:\Windows\System32\DRIVERS\asdids.sys [47632 2014-08-20] (Anvisoft)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 BSMEM; C:\Windows\system32\drivers\BSMEM.sys [29344 2012-07-26] (BIOSTAR Group)
R1 BSMEM; C:\Windows\SysWOW64\drivers\BSMEM.sys [17024 2012-07-26] (BIOSTAR Group) [File not signed]
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-19] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\pc\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-19 15:16 - 2014-09-19 15:16 - 00014505 _____ () C:\Users\pc\Downloads\FRST.txt
2014-09-19 14:58 - 2014-09-19 14:58 - 00001777 _____ () C:\Users\pc\Desktop\JRT.txt
2014-09-19 14:50 - 2014-09-19 15:14 - 00000000 ____D () C:\Users\pc\Desktop\Neuer Ordner
2014-09-19 14:50 - 2014-09-19 14:50 - 00000000 ____D () C:\Users\pc\Desktop\Neuer Ordner (2)
2014-09-19 14:48 - 2014-09-19 14:48 - 00000000 ____D () C:\Windows\ERUNT
2014-09-19 14:46 - 2014-09-19 14:46 - 01019328 _____ (Thisisu) C:\Users\pc\Desktop\JRT.exe
2014-09-19 14:42 - 2014-09-19 14:42 - 00006593 _____ () C:\Users\pc\Desktop\AdwCleaner[S5].txt
2014-09-19 14:34 - 2014-09-19 14:34 - 01373475 _____ () C:\Users\pc\Desktop\AdwCleaner_3.310.exe
2014-09-19 14:30 - 2014-09-19 14:30 - 00019890 _____ () C:\Users\pc\Desktop\mbam.txt
2014-09-19 13:59 - 2014-09-19 14:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 13:59 - 2014-09-19 13:59 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-19 13:59 - 2014-09-19 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 13:59 - 2014-09-19 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-19 13:59 - 2014-09-19 13:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-19 13:59 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-19 13:59 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-19 13:59 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-19 13:56 - 2014-09-19 13:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\pc\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-19 03:35 - 2014-09-19 03:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 14:06 - 2014-09-18 14:06 - 00034421 _____ () C:\ComboFix.txt
2014-09-18 13:51 - 2014-09-18 14:06 - 00000000 ____D () C:\Qoobox
2014-09-18 13:51 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-18 13:51 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-18 13:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-18 13:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-18 13:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-18 13:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-18 13:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-18 13:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-18 13:50 - 2014-09-18 14:05 - 00000000 ____D () C:\Windows\erdnt
2014-09-18 13:46 - 2014-09-18 13:49 - 05578824 ____R (Swearware) C:\Users\pc\Desktop\ComboFix.exe
2014-09-18 13:11 - 2014-09-18 13:11 - 00001268 _____ () C:\Users\pc\Desktop\Revo Uninstaller.lnk
2014-09-18 13:11 - 2014-09-18 13:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-18 10:04 - 2014-09-18 10:04 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Avira
2014-09-18 10:00 - 2014-09-18 09:59 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-18 09:58 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-18 09:58 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-18 09:58 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-18 09:50 - 2014-09-18 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-18 09:50 - 2014-09-18 09:50 - 04756944 _____ (Avira Operations GmbH & Co. KG) C:\Users\pc\Downloads\avira_de_av___ws.exe
2014-09-18 09:50 - 2014-09-18 09:50 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-18 09:50 - 2014-09-18 09:50 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-18 09:27 - 2014-09-18 09:27 - 00380416 _____ () C:\Users\pc\Downloads\Gmer-19357.exe
2014-09-18 09:23 - 2014-09-19 15:16 - 00000000 ____D () C:\FRST
2014-09-18 09:22 - 2014-09-18 09:22 - 02105856 _____ (Farbar) C:\Users\pc\Downloads\FRST64.exe
2014-09-18 09:20 - 2014-09-18 09:20 - 00000000 _____ () C:\Users\pc\defogger_reenable
2014-09-18 09:19 - 2014-09-18 09:19 - 00050477 _____ () C:\Users\pc\Downloads\Defogger.exe
2014-09-18 05:04 - 2014-09-18 05:04 - 00000000 _____ () C:\autoexec.bat
2014-09-18 04:51 - 2014-09-18 04:51 - 00002252 _____ () C:\Users\pc\Desktop\SpyHunter.lnk
2014-09-18 04:51 - 2014-09-18 04:51 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-09-18 04:51 - 2014-09-18 04:51 - 00000000 ____D () C:\sh4ldr
2014-09-18 04:51 - 2014-09-18 04:51 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-18 04:51 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-09-18 04:50 - 2014-09-18 04:52 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-18 04:49 - 2014-09-18 04:49 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\pc\Downloads\SpyHunter-Installer.exe
2014-09-18 04:39 - 2014-09-19 14:40 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-09-18 04:39 - 2014-09-18 04:55 - 00000354 _____ () C:\Windows\Tasks\ASD_Main.job
2014-09-18 04:39 - 2014-09-18 04:39 - 00001195 _____ () C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2014-09-18 04:39 - 2014-09-18 04:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-09-18 04:37 - 2014-09-18 04:37 - 00000000 ____D () C:\ProgramData\Anvisoft
2014-09-18 04:37 - 2014-09-18 04:37 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-09-18 04:37 - 2014-08-20 08:52 - 00048656 _____ (Anvisoft) C:\Windows\system32\Drivers\asd2fsm.sys
2014-09-18 04:36 - 2014-09-18 04:36 - 36024808 _____ (Anvisoft) C:\Users\pc\Downloads\asdsetup.exe
2014-09-18 04:17 - 2014-09-18 04:17 - 00000000 ____D () C:\Users\pc\Desktop\Bil TeilB
2014-09-11 12:58 - 2014-09-11 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-11 03:13 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:13 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 03:13 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:13 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:13 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:13 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 03:13 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:13 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:13 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:13 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:13 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:13 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:13 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 03:13 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:13 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:13 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:13 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:13 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:13 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:13 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 03:13 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:13 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:13 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 03:13 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:13 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 03:13 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 03:13 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 03:13 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 03:13 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:13 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:13 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 03:13 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 03:13 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:13 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 03:13 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 03:13 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 03:13 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 03:13 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:13 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:13 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:13 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:13 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 03:13 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 03:13 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 03:13 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 03:13 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:13 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 03:13 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:13 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 03:13 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 03:13 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 03:13 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:13 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 03:13 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 03:13 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:13 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 03:01 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 03:01 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 22:22 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 22:22 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 22:22 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 22:22 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 22:21 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 22:21 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 22:21 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 22:21 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 22:21 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 22:21 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 22:21 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 14:45 - 2014-09-10 14:45 - 00000000 ____D () C:\Users\pc\dwhelper
2014-09-10 10:18 - 2014-09-10 10:18 - 00000000 ____D () C:\Users\pc\AppData\Local\TuneUp Software
2014-09-10 10:16 - 2014-09-10 10:17 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-09-10 10:16 - 2014-09-10 10:16 - 00000000 ____D () C:\Users\pc\AppData\Local\Skype
2014-09-10 10:11 - 2014-09-10 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-09-10 10:10 - 2014-09-10 10:16 - 00000000 ____D () C:\Users\pc\AppData\Roaming\RHEng
2014-09-10 10:10 - 2014-09-10 10:11 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-09-10 10:10 - 2014-09-10 10:10 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-09-02 21:31 - 2014-09-02 21:31 - 00000000 ____D () C:\Users\pc\AppData\Local\Adobe
2014-08-30 12:49 - 2014-09-15 20:54 - 00016877 _____ () C:\Windows\system32\ScanResults.xml
2014-08-30 12:45 - 2014-09-15 20:51 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-08-28 12:24 - 2014-09-19 14:40 - 00174946 _____ () C:\Windows\PFRO.log
2014-08-28 03:48 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 03:48 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 03:48 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 11:53 - 2014-08-27 11:55 - 00000163 _____ () C:\Windows\Reimage.ini
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT WWED1.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT WW2.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT WW1.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT WTUE1.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT WTHUR1.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT WMON1.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT WFRI1.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT W2.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT W1.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT T.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT N.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000000 ____D () C:\Users\pc\AppData\Roaming\WorldofTanks
2014-08-27 11:41 - 2014-08-27 11:41 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks
2014-08-27 11:41 - 2014-08-27 11:41 - 00000000 ____D () C:\Users\pc\AppData\Local\WorldofTanks
2014-08-20 08:52 - 2014-08-20 08:52 - 00047632 _____ (Anvisoft) C:\Windows\system32\Drivers\asdids.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-19 15:17 - 2014-09-19 15:16 - 00014505 _____ () C:\Users\pc\Downloads\FRST.txt
2014-09-19 15:16 - 2014-09-18 09:23 - 00000000 ____D () C:\FRST
2014-09-19 15:14 - 2014-09-19 14:50 - 00000000 ____D () C:\Users\pc\Desktop\Neuer Ordner
2014-09-19 14:58 - 2014-09-19 14:58 - 00001777 _____ () C:\Users\pc\Desktop\JRT.txt
2014-09-19 14:50 - 2014-09-19 14:50 - 00000000 ____D () C:\Users\pc\Desktop\Neuer Ordner (2)
2014-09-19 14:49 - 2009-07-14 06:45 - 00025872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-19 14:49 - 2009-07-14 06:45 - 00025872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-19 14:48 - 2014-09-19 14:48 - 00000000 ____D () C:\Windows\ERUNT
2014-09-19 14:46 - 2014-09-19 14:46 - 01019328 _____ (Thisisu) C:\Users\pc\Desktop\JRT.exe
2014-09-19 14:43 - 2014-09-19 13:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 14:42 - 2014-09-19 14:42 - 00006593 _____ () C:\Users\pc\Desktop\AdwCleaner[S5].txt
2014-09-19 14:40 - 2014-09-18 04:39 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-09-19 14:40 - 2014-08-28 12:24 - 00174946 _____ () C:\Windows\PFRO.log
2014-09-19 14:40 - 2014-08-04 12:54 - 00003315 _____ () C:\Windows\setupact.log
2014-09-19 14:39 - 2013-10-08 05:33 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-19 14:39 - 2013-10-08 05:21 - 00000000 ____D () C:\AdwCleaner
2014-09-19 14:39 - 2013-03-27 20:48 - 01524021 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 14:39 - 2013-03-27 14:01 - 00000989 _____ () C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-19 14:39 - 2013-03-27 14:01 - 00000000 ____D () C:\Users\pc
2014-09-19 14:34 - 2014-09-19 14:34 - 01373475 _____ () C:\Users\pc\Desktop\AdwCleaner_3.310.exe
2014-09-19 14:30 - 2014-09-19 14:30 - 00019890 _____ () C:\Users\pc\Desktop\mbam.txt
2014-09-19 13:59 - 2014-09-19 13:59 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-19 13:59 - 2014-09-19 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 13:59 - 2014-09-19 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-19 13:59 - 2014-09-19 13:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-19 13:56 - 2014-09-19 13:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\pc\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-19 13:45 - 2013-10-08 05:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 03:35 - 2014-09-19 03:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 20:36 - 2013-05-18 15:55 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-18 14:06 - 2014-09-18 14:06 - 00034421 _____ () C:\ComboFix.txt
2014-09-18 14:06 - 2014-09-18 13:51 - 00000000 ____D () C:\Qoobox
2014-09-18 14:06 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-18 14:05 - 2014-09-18 13:50 - 00000000 ____D () C:\Windows\erdnt
2014-09-18 14:02 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-18 13:49 - 2014-09-18 13:46 - 05578824 ____R (Swearware) C:\Users\pc\Desktop\ComboFix.exe
2014-09-18 13:11 - 2014-09-18 13:11 - 00001268 _____ () C:\Users\pc\Desktop\Revo Uninstaller.lnk
2014-09-18 13:11 - 2014-09-18 13:11 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-18 10:04 - 2014-09-18 10:04 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Avira
2014-09-18 09:59 - 2014-09-18 10:00 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-18 09:59 - 2014-09-18 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-18 09:58 - 2014-01-13 17:53 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-18 09:58 - 2013-07-19 11:22 - 00000000 ____D () C:\ProgramData\Avira
2014-09-18 09:50 - 2014-09-18 09:50 - 04756944 _____ (Avira Operations GmbH & Co. KG) C:\Users\pc\Downloads\avira_de_av___ws.exe
2014-09-18 09:50 - 2014-09-18 09:50 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-18 09:50 - 2014-09-18 09:50 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-18 09:34 - 2013-07-19 11:23 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-09-18 09:27 - 2014-09-18 09:27 - 00380416 _____ () C:\Users\pc\Downloads\Gmer-19357.exe
2014-09-18 09:22 - 2014-09-18 09:22 - 02105856 _____ (Farbar) C:\Users\pc\Downloads\FRST64.exe
2014-09-18 09:20 - 2014-09-18 09:20 - 00000000 _____ () C:\Users\pc\defogger_reenable
2014-09-18 09:19 - 2014-09-18 09:19 - 00050477 _____ () C:\Users\pc\Downloads\Defogger.exe
2014-09-18 05:04 - 2014-09-18 05:04 - 00000000 _____ () C:\autoexec.bat
2014-09-18 04:55 - 2014-09-18 04:39 - 00000354 _____ () C:\Windows\Tasks\ASD_Main.job
2014-09-18 04:52 - 2014-09-18 04:50 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-18 04:51 - 2014-09-18 04:51 - 00002252 _____ () C:\Users\pc\Desktop\SpyHunter.lnk
2014-09-18 04:51 - 2014-09-18 04:51 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-09-18 04:51 - 2014-09-18 04:51 - 00000000 ____D () C:\sh4ldr
2014-09-18 04:51 - 2014-09-18 04:51 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-18 04:49 - 2014-09-18 04:49 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\pc\Downloads\SpyHunter-Installer.exe
2014-09-18 04:39 - 2014-09-18 04:39 - 00001195 _____ () C:\Users\Public\Desktop\Anvi Smart Defender.lnk
2014-09-18 04:39 - 2014-09-18 04:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-09-18 04:37 - 2014-09-18 04:37 - 00000000 ____D () C:\ProgramData\Anvisoft
2014-09-18 04:37 - 2014-09-18 04:37 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-09-18 04:36 - 2014-09-18 04:36 - 36024808 _____ (Anvisoft) C:\Users\pc\Downloads\asdsetup.exe
2014-09-18 04:30 - 2014-08-17 18:44 - 00000000 ____D () C:\Users\pc\AppData\Roaming\uTorrent
2014-09-18 04:26 - 2014-08-17 01:31 - 00000000 ____D () C:\Users\pc\Desktop\aktuell
2014-09-18 04:17 - 2014-09-18 04:17 - 00000000 ____D () C:\Users\pc\Desktop\Bil TeilB
2014-09-18 03:48 - 2014-02-20 00:40 - 00000000 ____D () C:\Program Files (x86)\Pidgin
2014-09-15 20:54 - 2014-08-30 12:49 - 00016877 _____ () C:\Windows\system32\ScanResults.xml
2014-09-15 20:51 - 2014-08-30 12:45 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-09-12 08:29 - 2013-10-13 20:15 - 00000000 ____D () C:\Users\pc\Documents\Uni
2014-09-11 13:00 - 2013-07-13 01:53 - 00000000 ____D () C:\ProgramData\Skype
2014-09-11 12:58 - 2014-09-11 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-11 12:58 - 2013-07-13 01:53 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Skype
2014-09-11 03:11 - 2013-05-18 16:00 - 01594156 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 03:11 - 2013-03-28 05:43 - 00699462 _____ () C:\Windows\system32\perfh007.dat
2014-09-11 03:11 - 2013-03-28 05:43 - 00149602 _____ () C:\Windows\system32\perfc007.dat
2014-09-11 03:11 - 2009-07-14 07:13 - 01594156 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 03:10 - 2013-07-15 00:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:02 - 2013-03-27 15:44 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 03:01 - 2014-05-06 10:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 14:58 - 2013-04-08 16:35 - 00000000 ____D () C:\Users\pc\AppData\Roaming\vlc
2014-09-10 14:45 - 2014-09-10 14:45 - 00000000 ____D () C:\Users\pc\dwhelper
2014-09-10 14:09 - 2013-10-17 16:00 - 00000000 ____D () C:\Users\pc\AppData\Local\cache
2014-09-10 10:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-09-10 10:18 - 2014-09-10 10:18 - 00000000 ____D () C:\Users\pc\AppData\Local\TuneUp Software
2014-09-10 10:18 - 2013-03-27 14:55 - 00000000 ____D () C:\Users\pc\AppData\Roaming\TuneUp Software
2014-09-10 10:17 - 2014-09-10 10:16 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-09-10 10:17 - 2013-07-07 18:02 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-09-10 10:16 - 2014-09-10 10:16 - 00000000 ____D () C:\Users\pc\AppData\Local\Skype
2014-09-10 10:16 - 2014-09-10 10:10 - 00000000 ____D () C:\Users\pc\AppData\Roaming\RHEng
2014-09-10 10:11 - 2014-09-10 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-09-10 10:11 - 2014-09-10 10:10 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-09-10 10:11 - 2013-07-07 18:01 - 00000000 ____D () C:\Users\pc\AppData\Roaming\DVDVideoSoft
2014-09-10 10:10 - 2014-09-10 10:10 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-09-05 04:10 - 2014-09-10 22:22 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 22:22 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 21:31 - 2014-09-02 21:31 - 00000000 ____D () C:\Users\pc\AppData\Local\Adobe
2014-09-02 12:12 - 2013-04-16 10:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 12:12 - 2013-03-27 14:51 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 12:12 - 2013-03-27 14:51 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-29 03:19 - 2009-07-14 06:45 - 00292040 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 11:55 - 2014-08-27 11:53 - 00000163 _____ () C:\Windows\Reimage.ini
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT WWED1.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT WW2.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT WW1.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT WTUE1.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT WTHUR1.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT WMON1.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT WFRI1.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT W2.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT W1.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT T.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000370 _____ () C:\Windows\Tasks\WOT N.job
2014-08-27 11:41 - 2014-08-27 11:41 - 00000000 ____D () C:\Users\pc\AppData\Roaming\WorldofTanks
2014-08-27 11:41 - 2014-08-27 11:41 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks
2014-08-27 11:41 - 2014-08-27 11:41 - 00000000 ____D () C:\Users\pc\AppData\Local\WorldofTanks
2014-08-27 11:41 - 2013-10-08 05:33 - 00001041 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-26 10:12 - 2014-08-17 18:47 - 00000000 ____D () C:\Program Files\World_of_Warcraft_BC-B2B
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-28 03:48 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 03:48 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 03:48 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 08:52 - 2014-09-18 04:37 - 00048656 _____ (Anvisoft) C:\Windows\system32\Drivers\asd2fsm.sys
2014-08-20 08:52 - 2014-08-20 08:52 - 00047632 _____ (Anvisoft) C:\Windows\system32\Drivers\asdids.sys
Some content of TEMP:
====================
C:\Users\pc\AppData\Local\Temp\avgnt.exe
C:\Users\pc\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-09-03 01:30
==================== End Of Log ============================ --- --- ---
--- --- --- |