Trojaner-Board - Sponsorship

FRST.txt:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01

Ran by Phil (administrator) on 15-08-2013 17:08:10

Running from C:\Users\Phil\Downloads

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe

(Microsoft Corporation) C:\Windows\system32\msiexec.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe

() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

(Akamai Technologies, Inc.) C:\Users\Phil\AppData\Local\Akamai\netsession_win.exe

(Akamai Technologies, Inc.) C:\Users\Phil\AppData\Local\Akamai\netsession_win.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

() C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

() C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.175\deploy\LoLLauncher.exe

() C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.35\deploy\LolClient.exe

(Microsoft Corporation) C:\Windows\syswow64\wwahost.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)

HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)

HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1568512 2013-07-24] (Bitdefender)

HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-31] ()

HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Phil\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2844608 2012-10-15] (Eastman Kodak Company)

HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe [x]
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=2CFF801F028E9CF3&affID=119357&tt=230713_18215&tsp=4953

SearchScopes: HKCU - DefaultScope {526D2D7C-C6E3-4732-92D6-4B159562C674} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=2CFF801F028E9CF3&affID=119357&tt=230713_18215&tsp=4953

SearchScopes: HKCU - {526D2D7C-C6E3-4732-92D6-4B159562C674} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\2f6libmm.default

FF user.js: detected! => C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\2f6libmm.default\user.js

FF Homepage: https://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nexon.com/NxGame - C:\ProgramData\Nexon\NGM\npnxgame.dll (Nexon)

FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF SearchPlugin: C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\2f6libmm.default\searchplugins\babylon.xml

FF SearchPlugin: C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\2f6libmm.default\searchplugins\delta.xml

FF Extension: Bazaar Friend - C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\2f6libmm.default\Extensions\addon@bazaarfriend.com

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext

FF Extension: No Name - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext

FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext

FF Extension: No Name - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
 

==================== Services (Whitelisted) =================
 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)

S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-02-26] (Bitdefender)

R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)

R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-07-24] (Bitdefender)

R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1646280 2013-07-24] (Bitdefender)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)

R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [597776 2013-07-24] (BitDefender)

S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23456 2012-07-11] (Bitdefender)

R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-04-09] (BitDefender LLC)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [106568 2012-10-17] (BitDefender LLC)

S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82384 2012-11-12] (BitDefender SRL)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [147232 2012-10-04] (BitDefender LLC)

S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation                           )

R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation                           )

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-06-03] (BitDefender S.R.L.)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-15 17:07 - 2013-08-15 17:07 - 01575570 _____ (Farbar) C:\Users\Phil\Downloads\FRST64.exe

2013-08-15 17:03 - 2013-08-15 17:03 - 00003586 _____ C:\Windows\System32\Tasks\Bitdefender Auto-Scan

2013-08-14 13:12 - 2013-08-14 13:12 - 00003272 _____ C:\Windows\System32\Tasks\{36C383F7-F614-46D0-BCD9-1D57CD066E08}

2013-08-14 12:58 - 2013-08-14 12:58 - 00000000 ____D C:\Users\Phil\AppData\Roaming\Malwarebytes

2013-08-14 12:58 - 2013-08-14 12:58 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-14 12:57 - 2013-08-14 12:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Phil\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-09 13:54 - 2013-08-09 13:55 - 00000000 ____D C:\Windows\system32\MRT

2013-07-27 15:10 - 2013-08-03 15:12 - 00000070 _____ C:\Users\Phil\AppData\Roaming\WB.CFG

2013-07-25 17:33 - 2013-07-25 17:33 - 00001286 _____ C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2013-07-25 17:33 - 2013-07-25 17:33 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-07-25 17:33 - 2013-07-25 17:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-07-24 21:29 - 2013-07-25 13:22 - 00000000 ____D C:\Users\Phil\Documents\LOLReplay

2013-07-24 21:29 - 2013-07-24 21:29 - 00001909 _____ C:\Users\Public\Desktop\LOL Recorder.lnk

2013-07-24 21:29 - 2013-07-24 21:29 - 00000000 ____D C:\Program Files (x86)\LOLReplay

2013-07-24 21:28 - 2013-07-24 21:28 - 01583130 _____ C:\Users\Phil\Downloads\LOLReplay-0.8.2.2.exe

2013-07-24 18:10 - 2013-08-15 16:13 - 00000005 _____ C:\Users\Phil\AppData\Roaming\WBPU-TTL.DAT

2013-07-24 17:10 - 2013-08-15 16:13 - 00000308 _____ C:\Windows\Tasks\DSite.job

2013-07-24 17:10 - 2013-07-24 17:14 - 00000000 ____D C:\Users\Phil\AppData\Roaming\BabSolution

2013-07-24 17:10 - 2013-07-24 17:10 - 00002646 _____ C:\Windows\System32\Tasks\DSite

2013-07-24 17:10 - 2013-07-24 17:10 - 00000000 ____D C:\Users\Phil\AppData\Roaming\Zip Opener Packages

2013-07-24 17:10 - 2013-07-24 17:10 - 00000000 ____D C:\Users\Phil\AppData\Roaming\DSite

2013-07-24 17:10 - 2013-07-24 17:10 - 00000000 ____D C:\ProgramData\BrowserDefender

2013-07-24 17:08 - 2013-07-24 17:08 - 00793536 _____ C:\Users\Phil\Downloads\ZipOpenerSetup.exe

2013-07-24 16:37 - 2013-07-24 16:37 - 00597776 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys

2013-07-21 16:37 - 2013-07-21 16:37 - 00000000 ____D C:\Users\Phil\AppData\Local\bdch

2013-07-21 16:37 - 2013-07-21 16:37 - 00000000 ____D C:\ProgramData\bdch

2013-07-17 15:36 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys

2013-07-17 15:36 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys

2013-07-17 15:36 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys

2013-07-17 15:36 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe

2013-07-17 15:36 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-07-17 15:36 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS

2013-07-17 15:36 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS

2013-07-17 15:36 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-07-17 15:36 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys

2013-07-17 15:36 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

2013-07-17 15:36 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-07-17 15:36 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll

2013-07-17 15:36 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll

2013-07-17 15:36 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll

2013-07-17 15:36 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll

2013-07-17 15:36 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll

2013-07-17 15:36 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe

2013-07-17 15:36 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2013-07-17 15:36 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2013-07-17 15:36 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll

2013-07-17 15:36 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe

2013-07-17 15:36 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll

2013-07-17 15:36 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll

2013-07-17 15:36 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll

2013-07-17 15:36 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll

2013-07-17 15:36 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll

2013-07-17 15:36 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll

2013-07-17 15:36 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2013-07-17 15:36 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll

2013-07-17 15:36 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys

2013-07-17 15:36 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2013-07-17 15:36 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2013-07-17 15:36 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2013-07-17 15:36 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2013-07-17 15:36 - 2013-05-20 02:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml

2013-07-17 15:25 - 2013-07-17 15:25 - 00308672 _____ C:\Windows\system32\FNTCACHE.DAT
 

==================== One Month Modified Files and Folders =======
 

2013-08-15 17:08 - 2013-01-31 18:36 - 00000000 ____D C:\Users\Phil\AppData\Local\PMB Files

2013-08-15 17:07 - 2013-08-15 17:07 - 01575570 _____ (Farbar) C:\Users\Phil\Downloads\FRST64.exe

2013-08-15 17:03 - 2013-08-15 17:03 - 00003586 _____ C:\Windows\System32\Tasks\Bitdefender Auto-Scan

2013-08-15 17:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru

2013-08-15 16:55 - 2013-01-31 19:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-15 16:35 - 2013-01-31 18:13 - 01489394 _____ C:\Windows\WindowsUpdate.log

2013-08-15 16:13 - 2013-07-24 18:10 - 00000005 _____ C:\Users\Phil\AppData\Roaming\WBPU-TTL.DAT

2013-08-15 16:13 - 2013-07-24 17:10 - 00000308 _____ C:\Windows\Tasks\DSite.job

2013-08-15 14:36 - 2013-01-31 18:20 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1419772598-1401349071-2118496725-1002

2013-08-15 14:31 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent

2013-08-14 18:01 - 2013-02-01 21:16 - 00000000 ____D C:\ProgramData\Kodak

2013-08-14 13:12 - 2013-08-14 13:12 - 00003272 _____ C:\Windows\System32\Tasks\{36C383F7-F614-46D0-BCD9-1D57CD066E08}

2013-08-14 13:12 - 2013-07-14 15:58 - 00000000 ____D C:\ProgramData\Nexon

2013-08-14 13:10 - 2012-11-08 15:34 - 00751892 _____ C:\Windows\system32\perfh007.dat

2013-08-14 13:10 - 2012-11-08 15:34 - 00155620 _____ C:\Windows\system32\perfc007.dat

2013-08-14 13:10 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-14 13:06 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-14 13:06 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM

2013-08-14 13:05 - 2012-11-08 14:51 - 00022280 _____ C:\Windows\PFRO.log

2013-08-14 13:05 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI

2013-08-14 12:58 - 2013-08-14 12:58 - 00000000 ____D C:\Users\Phil\AppData\Roaming\Malwarebytes

2013-08-14 12:58 - 2013-08-14 12:58 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-14 12:57 - 2013-08-14 12:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Phil\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-13 21:51 - 2013-02-03 15:01 - 00000000 ____D C:\Users\Phil\AppData\Roaming\TS3Client

2013-08-09 13:55 - 2013-08-09 13:54 - 00000000 ____D C:\Windows\system32\MRT

2013-08-07 20:08 - 2013-02-03 15:01 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client

2013-08-03 15:12 - 2013-07-27 15:10 - 00000070 _____ C:\Users\Phil\AppData\Roaming\WB.CFG

2013-07-25 17:33 - 2013-07-25 17:33 - 00001286 _____ C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2013-07-25 17:33 - 2013-07-25 17:33 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-07-25 17:33 - 2013-07-25 17:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-07-25 17:33 - 2013-07-03 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-07-25 13:22 - 2013-07-24 21:29 - 00000000 ____D C:\Users\Phil\Documents\LOLReplay

2013-07-24 21:29 - 2013-07-24 21:29 - 00001909 _____ C:\Users\Public\Desktop\LOL Recorder.lnk

2013-07-24 21:29 - 2013-07-24 21:29 - 00000000 ____D C:\Program Files (x86)\LOLReplay

2013-07-24 21:28 - 2013-07-24 21:28 - 01583130 _____ C:\Users\Phil\Downloads\LOLReplay-0.8.2.2.exe

2013-07-24 17:14 - 2013-07-24 17:10 - 00000000 ____D C:\Users\Phil\AppData\Roaming\BabSolution

2013-07-24 17:10 - 2013-07-24 17:10 - 00002646 _____ C:\Windows\System32\Tasks\DSite

2013-07-24 17:10 - 2013-07-24 17:10 - 00000000 ____D C:\Users\Phil\AppData\Roaming\Zip Opener Packages

2013-07-24 17:10 - 2013-07-24 17:10 - 00000000 ____D C:\Users\Phil\AppData\Roaming\DSite

2013-07-24 17:10 - 2013-07-24 17:10 - 00000000 ____D C:\ProgramData\BrowserDefender

2013-07-24 17:08 - 2013-07-24 17:08 - 00793536 _____ C:\Users\Phil\Downloads\ZipOpenerSetup.exe

2013-07-24 16:37 - 2013-07-24 16:37 - 00597776 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys

2013-07-21 16:37 - 2013-07-21 16:37 - 00000000 ____D C:\Users\Phil\AppData\Local\bdch

2013-07-21 16:37 - 2013-07-21 16:37 - 00000000 ____D C:\ProgramData\bdch

2013-07-17 15:25 - 2013-07-17 15:25 - 00308672 _____ C:\Windows\system32\FNTCACHE.DAT

2013-07-17 15:24 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing

2013-07-16 19:13 - 2012-07-26 11:45 - 00000000 ____D C:\Program Files\Windows Journal

2013-07-16 19:13 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-11 18:30
 

==================== End Of Log ============================

--- --- ---

Addition.txt:

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2013 01

Ran by Phil at 2013-08-15 17:08:43

Running from C:\Users\Phil\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Installed Programs =======================
 

   

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)

Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)

aioscnnr (x32 Version: 5.7.5.30)

aioscnnr (x32 Version: 7.6.11.10)

Akamai NetSession Interface (HKCU)

AMD Accelerated Video Transcoding (Version: 2.00.0002)

AMD APP SDK Runtime (Version: 10.0.938.2)

AMD Catalyst Install Manager (Version: 8.0.881.0)

AMD Fuel (Version: 2012.0806.1156.19437)

AMD VISION Engine Control Center (x32 Version: 2012.0806.1156.19437)

Ashampoo AppLauncher (Medion) v.1.0.0 (x32 Version: 1.0.0)

Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437)

Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437)

CCC Help Danish (x32 Version: 2012.0806.1155.19437)

CCC Help Dutch (x32 Version: 2012.0806.1155.19437)

CCC Help English (x32 Version: 2012.0806.1155.19437)

CCC Help Finnish (x32 Version: 2012.0806.1155.19437)

CCC Help French (x32 Version: 2012.0806.1155.19437)

CCC Help German (x32 Version: 2012.0806.1155.19437)

CCC Help Italian (x32 Version: 2012.0806.1155.19437)

CCC Help Japanese (x32 Version: 2012.0806.1155.19437)

CCC Help Norwegian (x32 Version: 2012.0806.1155.19437)

CCC Help Spanish (x32 Version: 2012.0806.1155.19437)

CCC Help Swedish (x32 Version: 2012.0806.1155.19437)

ccc-utility64 (Version: 2012.0806.1156.19437)

center (x32 Version: 6.2.5.0)

CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415)

CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3111_44883)

CyberLink PhotoDirector 3 (x32 Version: 3.0.3124)

CyberLink PhotoNow (x32 Version: 1.1.7717)

CyberLink Power2Go 8 (x32 Version: 8.0.0.1920)

CyberLink PowerDirector (Version: 9.0.0.3815c)

CyberLink PowerDVD 10 (x32 Version: 10.0.4125.02)

CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.2715b)

CyberLink PowerRecover (Version: 5.7.0.0913)

CyberLink PowerRecover (x32 Version: 5.7.0.0913)

D3DX10 (x32 Version: 15.4.2368.0902)

defender Internet Security 2013 (Version: 16.29.0.1830)

essentials (x32 Version: 6.0.14.0)

Fotogalerie (x32 Version: 16.4.3505.0912)

Fotogalerija (x32 Version: 16.4.3505.0912)

Fotogalleri (x32 Version: 16.4.3505.0912)

Fotogalleriet (x32 Version: 16.4.3505.0912)

Fotoğraf Galerisi (x32 Version: 16.4.3505.0912)

Fotótár (x32 Version: 16.4.3505.0912)

Galeria de Fotografias (x32 Version: 16.4.3505.0912)

Galería de fotos (x32 Version: 16.4.3505.0912)

Galeria fotografii (x32 Version: 16.4.3505.0912)

Galerie de photos (x32 Version: 16.4.3505.0912)

Kodak AIO Printer (Version: 7.0.3.0)

KODAK All-in-One Software (x32 Version: 7.6.12.20)

League of Legends (x32 Version: 1.3)

LOLReplay (x32 Version: 0.8.2.2)

Mediathek (x32 Version: 1.4.0)

Medion Home Cinema 10 (x32 Version: 10.0)

Medion Home Cinema 10 (x32 Version: 10.1924)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office (x32 Version: 14.0.6120.5004)

Microsoft Silverlight (x32 Version: 4.1.10329.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Movie Maker (x32 Version: 16.4.3505.0912)

Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)

Mozilla Maintenance Service (x32 Version: 22.0)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT110 (x32 Version: 16.4.1108.0727)

MSVCRT110_amd64 (Version: 16.4.1109.0912)

Nexon Game Manager (x32)

ocr (x32 Version: 6.2.3.50)

Pando Media Booster (x32 Version: 2.6.0.8)

Photo Common (x32 Version: 16.4.3505.0912)

Photo Gallery (x32 Version: 16.4.3505.0912)

Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912)

PreReq (x32 Version: 6.2.4.0)

PrintProjects (x32 Version: 1.0.0.9282)

QuickLaunch (x32 Version: 1.00.0019)

Raccolta foto (x32 Version: 16.4.3505.0912)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6710)

TeamSpeak 3 Client (Version: 3.0.11.1)

TmNationsForever (x32)

Update for Zip Opener (HKCU)

Windows Live (x32 Version: 16.4.3505.0912)

Windows Live Communications Platform (x32 Version: 16.4.3505.0912)

Windows Live Essentials (x32 Version: 16.4.3505.0912)

Windows Live Installer (x32 Version: 16.4.3505.0912)

Windows Live Photo Common (x32 Version: 16.4.3505.0912)

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)

Windows Live SOXE (x32 Version: 16.4.3505.0912)

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)

Windows Live Temel Parçalar (x32 Version: 16.4.3505.0912)

Windows Live UX Platform (x32 Version: 16.4.3505.0912)

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)

WinRAR 4.20 (64-Bit) (Version: 4.20.0)

Zip Opener Packages (HKCU)

Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912)
 

==================== Restore Points  =========================
 

06-08-2013 18:19:08 Geplanter Prüfpunkt

14-08-2013 10:27:02 Geplanter Prüfpunkt
 

==================== Hosts content: ==========================
 

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {0576B18D-10D7-4442-B981-059AB6761477} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15] (Adobe Systems Incorporated)

Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)

Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical

Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)

Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents

Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance

Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)

Task: {247C9A39-ED4B-42FD-A12D-21BDC244A131} - System32\Tasks\DSite => C:\Users\Phil\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE [2013-07-24] ()

Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh

Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks

Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update

Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator

Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask

Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem

Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance

Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage

Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)

Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon

Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance

Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required

Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)

Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)

Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319

Task: {708998B9-BBD2-433C-B46C-D83DC84BB26D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)

Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update

Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance

Task: {81915DC0-B84C-41D6-AB67-5B1D356CA498} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)

Task: {8340135C-7E7D-4044-9FA1-79A0C6401C7C} - System32\Tasks\Bitdefender Auto-Scan => C:\Program Files\Bitdefender\Bitdefender 2013\mtasklaunch.exe [2013-02-26] (Bitdefender)

Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance

Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)

Task: {908B7B8F-5350-4E79-9DC5-C2DDC6539D2A} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup

Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses

Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime

Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64

Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic

Task: {9CF1E310-EAB7-4DC4-9465-7A5557D3BCF7} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)

Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask

Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh

Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask

Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask

Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan

Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific

Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan

Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)

Task: {CB2D56F7-ABB6-4C66-91F4-2A2133FFEB96} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1419772598-1401349071-2118496725-500

Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork

Task: {CF50A4EC-6E4D-4299-81F0-78D4BFDA7E89} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall

Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical

Task: {DD0C256C-4DC3-49E2-99D5-AF5D0ABFB530} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1419772598-1401349071-2118496725-1002

Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery

Task: {E491E5A2-7A5B-4D03-A23D-86B9D736B997} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall

Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask

Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)

Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM

Task: {F257E411-EEB1-42FE-B35B-0A4E102C490E} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1419772598-1401349071-2118496725-1002 => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)

Task: {F4C1BCE7-1869-4C38-BA22-E745684894BB} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\DSite.job => C:\Users\Phil\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (08/13/2013 04:55:56 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: LolClient.exe, Version: 0.0.0.0, Zeitstempel: 0x515663e0

Name des fehlerhaften Moduls: Air.dll, Version: 0.0.0.0, Zeitstempel: 0x51caef80

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00002e42

ID des fehlerhaften Prozesses: 0x23b0

Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0

Pfad der fehlerhaften Anwendung: LolClient.exe1

Pfad des fehlerhaften Moduls: LolClient.exe2

Berichtskennung: LolClient.exe3

Vollständiger Name des fehlerhaften Pakets: LolClient.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LolClient.exe5
 

Error: (08/10/2013 05:44:29 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a90d6

Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.451, Zeitstempel: 0x501a0a26

Ausnahmecode: 0xc0000005

Fehleroffset: 0x000624f2

ID des fehlerhaften Prozesses: 0xfb4

Startzeit der fehlerhaften Anwendung: 0xwwahost.exe0

Pfad der fehlerhaften Anwendung: wwahost.exe1

Pfad des fehlerhaften Moduls: wwahost.exe2

Berichtskennung: wwahost.exe3

Vollständiger Name des fehlerhaften Pakets: wwahost.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: wwahost.exe5
 

Error: (08/09/2013 02:12:33 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_8_800_94.exe, Version: 11.8.800.94, Zeitstempel: 0x51c4d74d

Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000

Ausnahmecode: 0xc0000005

Fehleroffset: 0x708d2366

ID des fehlerhaften Prozesses: 0x784

Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_8_800_94.exe0

Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_8_800_94.exe1

Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_8_800_94.exe2

Berichtskennung: FlashPlayerPlugin_11_8_800_94.exe3

Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_11_8_800_94.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_11_8_800_94.exe5
 

Error: (08/09/2013 02:12:31 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_8_800_94.exe, Version: 11.8.800.94, Zeitstempel: 0x51c4d74d

Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000

Ausnahmecode: 0xc00001a5

Fehleroffset: 0x00ec49b0

ID des fehlerhaften Prozesses: 0x784

Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_8_800_94.exe0

Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_8_800_94.exe1

Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_8_800_94.exe2

Berichtskennung: FlashPlayerPlugin_11_8_800_94.exe3

Vollständiger Name des fehlerhaften Pakets: FlashPlayerPlugin_11_8_800_94.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: FlashPlayerPlugin_11_8_800_94.exe5
 

Error: (08/08/2013 07:35:36 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b

Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00173668

ID des fehlerhaften Prozesses: 0x112c

Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0

Pfad der fehlerhaften Anwendung: firefox.exe1

Pfad des fehlerhaften Moduls: firefox.exe2

Berichtskennung: firefox.exe3

Vollständiger Name des fehlerhaften Pakets: firefox.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5
 

Error: (08/08/2013 05:44:32 PM) (Source: Desktop Window Manager) (User: )

Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.
 

Error: (08/07/2013 04:18:26 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b

Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00173668

ID des fehlerhaften Prozesses: 0x1770

Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0

Pfad der fehlerhaften Anwendung: firefox.exe1

Pfad des fehlerhaften Moduls: firefox.exe2

Berichtskennung: firefox.exe3

Vollständiger Name des fehlerhaften Pakets: firefox.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5
 

Error: (08/05/2013 07:48:44 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06ab5

Name des fehlerhaften Moduls: NPSWF32_11_8_800_94.dll, Version: 11.8.800.94, Zeitstempel: 0x51c4d986

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0033dec2

ID des fehlerhaften Prozesses: 0x920

Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0

Pfad der fehlerhaften Anwendung: plugin-container.exe1

Pfad des fehlerhaften Moduls: plugin-container.exe2

Berichtskennung: plugin-container.exe3

Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
 

Error: (08/01/2013 03:36:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: TanzDichFame)

Description: Die App „Microsoft.BingSports_8wekyb3d8bbwe!AppexSports“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 

Error: (07/29/2013 04:03:37 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: LolClient.exe, Version: 0.0.0.0, Zeitstempel: 0x515663e0

Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.7.0.1530, Zeitstempel: 0x5156646c

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0006dd76

ID des fehlerhaften Prozesses: 0x1198

Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0

Pfad der fehlerhaften Anwendung: LolClient.exe1

Pfad des fehlerhaften Moduls: LolClient.exe2

Berichtskennung: LolClient.exe3

Vollständiger Name des fehlerhaften Pakets: LolClient.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: LolClient.exe5
 
 

System errors:

=============

Error: (08/14/2013 01:06:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)

Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
 

Modulpfad: C:\Windows\system32\Rtlihvs.dll

Fehlercode: 126
 

Error: (08/10/2013 05:42:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)

Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
 

Modulpfad: C:\Windows\system32\Rtlihvs.dll

Fehlercode: 126
 

Error: (08/10/2013 05:42:09 PM) (Source: EventLog) (User: )

Description: Das System wurde zuvor am ‎10.‎08.‎2013 um 17:22:02 unerwartet heruntergefahren.
 

Error: (08/06/2013 09:28:23 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AudioEndpointBuilder erreicht.
 

Error: (08/06/2013 09:27:53 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WlanSvc erreicht.
 

Error: (08/05/2013 06:27:57 PM) (Source: Service Control Manager) (User: )

Description: Dienst "Bitdefender Virus Shield" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (07/29/2013 07:57:52 PM) (Source: bowser) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ELKE",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B37694CD-C8CF-455D-A18C-04361AA66989}-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (07/29/2013 05:27:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)

Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
 

Modulpfad: C:\Windows\system32\Rtlihvs.dll

Fehlercode: 126
 

Error: (07/29/2013 04:55:27 PM) (Source: bowser) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "IGEL-PC",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B37694CD-C8CF-455D-A18C-04361AA66989}-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 

Error: (07/28/2013 03:29:20 PM) (Source: bowser) (User: )

Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "IGEL-PC",

der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B37694CD-C8CF-455D-A18C-04361AA66989}-Transport zu sein scheint.

Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
 

Microsoft Office Sessions:

=========================

Error: (08/13/2013 04:55:56 PM) (Source: Application Error)(User: )

Description: LolClient.exe0.0.0.0515663e0Air.dll0.0.0.051caef80c000000500002e4223b001ce982dcb6f3937C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.35\deploy\LolClient.exeC:\Program Files (x86)\LOLReplay\Air.dll7483f3fe-0428-11e3-be94-d43d7e2f445e
 

Error: (08/10/2013 05:44:29 PM) (Source: Application Error)(User: )

Description: wwahost.exe6.2.9200.16420505a90d6atidxx32.dll8.17.10.451501a0a26c0000005000624f2fb401ce95e072df6653C:\Windows\syswow64\wwahost.exeC:\Windows\SYSTEM32\atidxx32.dllbddb6c55-01d3-11e3-be94-d43d7e2f445eMicrosoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5cApp
 

Error: (08/09/2013 02:12:33 PM) (Source: Application Error)(User: )

Description: FlashPlayerPlugin_11_8_800_94.exe11.8.800.9451c4d74dunknown0.0.0.000000000c0000005708d236678401ce94f9b8da20b8C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exeunknownf7dfd40d-00ec-11e3-be93-d43d7e2f445e
 

Error: (08/09/2013 02:12:31 PM) (Source: Application Error)(User: )

Description: FlashPlayerPlugin_11_8_800_94.exe11.8.800.9451c4d74dunknown0.0.0.000000000c00001a500ec49b078401ce94f9b8da20b8C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exeunknownf702737e-00ec-11e3-be93-d43d7e2f445e
 

Error: (08/08/2013 07:35:36 PM) (Source: Application Error)(User: )

Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc000000500173668112c01ce94559c0d3910C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dlleec1df3c-0050-11e3-be93-d43d7e2f445e
 

Error: (08/08/2013 05:44:32 PM) (Source: Desktop Window Manager)(User: )

Description: 0x8898008d
 

Error: (08/07/2013 04:18:26 PM) (Source: Application Error)(User: )

Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc000000500173668177001ce936b676bf89aC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll39465f42-ff6c-11e2-be93-d43d7e2f445e
 

Error: (08/05/2013 07:48:44 PM) (Source: Application Error)(User: )

Description: plugin-container.exe22.0.0.491751c06ab5NPSWF32_11_8_800_94.dll11.8.800.9451c4d986c00000050033dec292001ce920405e7a2c7C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_11_8_800_94.dll4517197a-fdf7-11e2-be93-d43d7e2f445e
 

Error: (08/01/2013 03:36:13 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: TanzDichFame)

Description: Microsoft.BingSports_8wekyb3d8bbwe!AppexSports
 

Error: (07/29/2013 04:03:37 PM) (Source: Application Error)(User: )

Description: LolClient.exe0.0.0.0515663e0Adobe AIR.dll3.7.0.15305156646cc00000050006dd76119801ce8c62da3f8eb3C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.33\deploy\LolClient.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.33\deploy\Adobe AIR\Versions\1.0\Adobe AIR.dlla990da20-f857-11e2-be92-d43d7e2f445e
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 52%

Total physical RAM: 3542.76 MB

Available physical RAM: 1700.02 MB

Total Pagefile: 5846.76 MB

Available Pagefile: 3441.05 MB

Total Virtual: 8192 MB

Available Virtual: 8191.76 MB
 

==================== Drives ================================
 

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:810.81 GB) NTFS

Drive d: (Recover) (Fixed) (Total:60 GB) (Free:43.94 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: 00000000)
 

Partition: GPT Partition Type

==================== End Of Log ============================

AdwCleaner:

Code:

# AdwCleaner v2.306 - Datei am 15/08/2013 um 20:54:06 erstellt

# Aktualisiert am 19/07/2013 von Xplode

# Betriebssystem : Windows 8  (64 bits)

# Benutzer : Phil - TANZDICHFAME

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\Phil\Downloads\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\2f6libmm.default\bprotector_extensions.sqlite

Datei Gelöscht : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\2f6libmm.default\bprotector_prefs.js

Datei Gelöscht : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\2f6libmm.default\searchplugins\Babylon.xml

Datei Gelöscht : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\2f6libmm.default\searchplugins\delta.xml

Datei Gelöscht : C:\Windows\Tasks\DSite.job

Ordner Gelöscht : C:\ProgramData\Babylon

Ordner Gelöscht : C:\ProgramData\BrowserDefender

Ordner Gelöscht : C:\ProgramData\Tarma Installer

Ordner Gelöscht : C:\Users\Phil\AppData\LocalLow\delta

Ordner Gelöscht : C:\Users\Phil\AppData\Roaming\BabSolution

Ordner Gelöscht : C:\Users\Phil\AppData\Roaming\Babylon

Ordner Gelöscht : C:\Users\Phil\AppData\Roaming\DSite
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\1ClickDownload

Schlüssel Gelöscht : HKCU\Software\BabSolution

Schlüssel Gelöscht : HKCU\Software\DataMngr

Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}

Schlüssel Gelöscht : HKCU\Software\5955888fb43aed47

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Schlüssel Gelöscht : HKLM\Software\Babylon

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gelöscht : HKLM\Software\DataMngr

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5955888fb43aed47

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}

Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}

Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v10.0.9200.16537
 

[OK] Die Registrierungsdatenbank ist sauber.
 

-\\ Mozilla Firefox v22.0 (de)
 

Datei : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\2f6libmm.default\prefs.js
 

C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\2f6libmm.default\user.js ... Gelöscht !
 

Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);

Gelöscht : user_pref("extensions.delta.admin", false);

Gelöscht : user_pref("extensions.delta.aflt", "babsst");

Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

Gelöscht : user_pref("extensions.delta.autoRvrt", "false");

Gelöscht : user_pref("extensions.delta.dfltLng", "de");

Gelöscht : user_pref("extensions.delta.excTlbr", false);

Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);

Gelöscht : user_pref("extensions.delta.id", "2cff0616000000000000801f028e9cf3");

Gelöscht : user_pref("extensions.delta.instlDay", "15910");

Gelöscht : user_pref("extensions.delta.instlRef", "sst");

Gelöscht : user_pref("extensions.delta.newTab", false);

Gelöscht : user_pref("extensions.delta.prdct", "delta");

Gelöscht : user_pref("extensions.delta.prtnrId", "delta");

Gelöscht : user_pref("extensions.delta.rvrt", "false");

Gelöscht : user_pref("extensions.delta.smplGrp", "none");

Gelöscht : user_pref("extensions.delta.tlbrId", "base");

Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");

Gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");

Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.517:10:35");

Gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");

Gelöscht : user_pref("extensions.delta_i.babExt", "");

Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=230713_18215&tsp=4953");

Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
 

*************************
 

AdwCleaner[S1].txt - [4986 octets] - [15/08/2013 20:54:06]
 

########## EOF - C:\AdwCleaner[S1].txt - [5046 octets] ##########

JRT:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.4.6 (08.15.2013:1)

OS: Windows 8 x64

Ran by Phil on 15.08.2013 at 21:04:25,61

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\Users\Phil\AppData\Roaming\zip opener packages"
 
 
 

~~~ FireFox
 

Successfully deleted: [File] C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\2f6libmm.default\invalidprefs.js

Emptied folder: C:\Users\Phil\AppData\Roaming\mozilla\firefox\profiles\2f6libmm.default\minidumps [78 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 15.08.2013 at 21:09:34,73

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.txt

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01

Ran by Phil (administrator) on 15-08-2013 21:10:46

Running from C:\Users\Phil\Downloads

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe

(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe

() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

(Akamai Technologies, Inc.) C:\Users\Phil\AppData\Local\Akamai\netsession_win.exe

(Akamai Technologies, Inc.) C:\Users\Phil\AppData\Local\Akamai\netsession_win.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Microsoft Corporation) C:\Windows\system32\msiexec.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\BdParentalSysTray.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)

HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)

HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1568512 2013-07-24] (Bitdefender)

HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-31] ()

HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Phil\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2844608 2012-10-15] (Eastman Kodak Company)

HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exe [x]
 

==================== Internet (Whitelisted) ====================
 

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {526D2D7C-C6E3-4732-92D6-4B159562C674} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

Winsock: Catalog9 01 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)

Winsock: Catalog9 02 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)

Winsock: Catalog9 03 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)

Winsock: Catalog9 04 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)

Winsock: Catalog9 05 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)

Winsock: Catalog9 06 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)

Winsock: Catalog9 07 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)

Winsock: Catalog9 08 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)

Winsock: Catalog9 09 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)

Winsock: Catalog9 10 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)

Winsock: Catalog9 21 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider32\BdProvider.dll [96160] (Bitdefender)

Winsock: Catalog9-x64 01 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [116784] (Bitdefender)

Winsock: Catalog9-x64 02 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [116784] (Bitdefender)

Winsock: Catalog9-x64 03 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [116784] (Bitdefender)

Winsock: Catalog9-x64 04 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [116784] (Bitdefender)

Winsock: Catalog9-x64 05 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [116784] (Bitdefender)

Winsock: Catalog9-x64 06 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [116784] (Bitdefender)

Winsock: Catalog9-x64 07 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [116784] (Bitdefender)

Winsock: Catalog9-x64 08 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [116784] (Bitdefender)

Winsock: Catalog9-x64 09 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [116784] (Bitdefender)

Winsock: Catalog9-x64 10 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [116784] (Bitdefender)

Winsock: Catalog9-x64 21 C:\Program Files\Bitdefender\Bitdefender 2013\BdProvider.dll [116784] (Bitdefender)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\2f6libmm.default

FF Homepage: https://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nexon.com/NxGame - C:\ProgramData\Nexon\NGM\npnxgame.dll (Nexon)

FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Extension: Bazaar Friend - C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\2f6libmm.default\Extensions\addon@bazaarfriend.com

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext

FF Extension: No Name - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext

FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext

FF Extension: No Name - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
 

==================== Services (Whitelisted) =================
 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)

R2 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [69392 2013-02-26] (Bitdefender)

R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)

R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [67320 2013-07-24] (Bitdefender)

R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1646280 2013-07-24] (Bitdefender)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)

R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [597776 2013-07-24] (BitDefender)

S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23456 2012-07-11] (Bitdefender)

R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-04-09] (BitDefender LLC)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [106568 2012-10-17] (BitDefender LLC)

S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82384 2012-11-12] (BitDefender SRL)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [147232 2012-10-04] (BitDefender LLC)

S3 RTL8192cu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation                           )

R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1576080 2012-08-07] (Realtek Semiconductor Corporation                           )

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-06-03] (BitDefender S.R.L.)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-08-15 21:09 - 2013-08-15 21:09 - 00002003 _____ C:\Users\Phil\Desktop\JRT.txt

2013-08-15 21:04 - 2013-08-15 21:04 - 00000000 ____D C:\Windows\ERUNT

2013-08-15 21:03 - 2013-08-15 21:03 - 01159319 _____ (Thisisu) C:\Users\Phil\Downloads\JRT.exe

2013-08-15 21:01 - 2013-08-15 21:01 - 00005109 _____ C:\Users\Phil\Desktop\AdwCleaner[S1].txt

2013-08-15 20:54 - 2013-08-15 20:54 - 00005109 _____ C:\AdwCleaner[S1].txt

2013-08-15 20:53 - 2013-08-15 20:53 - 00666633 _____ C:\Users\Phil\Downloads\adwcleaner.exe

2013-08-15 17:08 - 2013-08-15 17:09 - 00026767 _____ C:\Users\Phil\Downloads\Addition.txt

2013-08-15 17:08 - 2013-08-15 17:08 - 00000000 ____D C:\FRST

2013-08-15 17:07 - 2013-08-15 17:07 - 01575570 _____ (Farbar) C:\Users\Phil\Downloads\FRST64.exe

2013-08-14 17:04 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-14 17:04 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-14 17:04 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2013-08-14 17:04 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2013-08-14 17:04 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-14 17:04 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-14 17:04 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-14 17:04 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-14 17:04 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-14 17:04 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-14 17:04 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-14 17:04 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-14 17:04 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-14 17:04 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-14 17:04 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-14 17:04 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-14 17:04 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-14 17:04 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-14 17:04 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2013-08-14 17:04 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-14 17:04 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-14 17:04 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-14 17:04 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-14 17:04 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-14 17:04 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-14 17:04 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-14 17:04 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-14 17:04 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-14 17:04 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-14 17:04 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-14 17:04 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2013-08-14 17:04 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-14 17:03 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-14 17:03 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-14 17:03 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-14 17:03 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll

2013-08-14 17:03 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll

2013-08-14 17:03 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-14 17:03 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-14 17:03 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll

2013-08-14 17:03 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll

2013-08-14 13:12 - 2013-08-14 13:12 - 00003272 _____ C:\Windows\System32\Tasks\{36C383F7-F614-46D0-BCD9-1D57CD066E08}

2013-08-14 12:58 - 2013-08-14 12:58 - 00000000 ____D C:\Users\Phil\AppData\Roaming\Malwarebytes

2013-08-14 12:58 - 2013-08-14 12:58 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-14 12:57 - 2013-08-14 12:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Phil\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-09 13:54 - 2013-08-15 20:52 - 00000000 ____D C:\Windows\system32\MRT

2013-07-27 15:10 - 2013-08-03 15:12 - 00000070 _____ C:\Users\Phil\AppData\Roaming\WB.CFG

2013-07-25 17:33 - 2013-07-25 17:33 - 00001286 _____ C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2013-07-25 17:33 - 2013-07-25 17:33 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-07-25 17:33 - 2013-07-25 17:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-07-24 21:29 - 2013-07-25 13:22 - 00000000 ____D C:\Users\Phil\Documents\LOLReplay

2013-07-24 21:29 - 2013-07-24 21:29 - 00001909 _____ C:\Users\Public\Desktop\LOL Recorder.lnk

2013-07-24 21:29 - 2013-07-24 21:29 - 00000000 ____D C:\Program Files (x86)\LOLReplay

2013-07-24 21:28 - 2013-07-24 21:28 - 01583130 _____ C:\Users\Phil\Downloads\LOLReplay-0.8.2.2.exe

2013-07-24 18:10 - 2013-08-15 16:13 - 00000005 _____ C:\Users\Phil\AppData\Roaming\WBPU-TTL.DAT

2013-07-24 17:08 - 2013-07-24 17:08 - 00793536 _____ C:\Users\Phil\Downloads\ZipOpenerSetup.exe

2013-07-24 16:37 - 2013-07-24 16:37 - 00597776 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys

2013-07-21 16:37 - 2013-07-21 16:37 - 00000000 ____D C:\Users\Phil\AppData\Local\bdch

2013-07-21 16:37 - 2013-07-21 16:37 - 00000000 ____D C:\ProgramData\bdch

2013-07-17 15:36 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys

2013-07-17 15:36 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys

2013-07-17 15:36 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys

2013-07-17 15:36 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe

2013-07-17 15:36 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS

2013-07-17 15:36 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS

2013-07-17 15:36 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-07-17 15:36 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys

2013-07-17 15:36 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe

2013-07-17 15:36 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-07-17 15:36 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll

2013-07-17 15:36 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll

2013-07-17 15:36 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll

2013-07-17 15:36 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll

2013-07-17 15:36 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll

2013-07-17 15:36 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe

2013-07-17 15:36 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2013-07-17 15:36 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2013-07-17 15:36 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll

2013-07-17 15:36 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe

2013-07-17 15:36 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll

2013-07-17 15:36 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll

2013-07-17 15:36 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll

2013-07-17 15:36 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll

2013-07-17 15:36 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll

2013-07-17 15:36 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll

2013-07-17 15:36 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2013-07-17 15:36 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll

2013-07-17 15:36 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys

2013-07-17 15:36 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2013-07-17 15:36 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2013-07-17 15:36 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2013-07-17 15:36 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2013-07-17 15:36 - 2013-05-20 02:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml

2013-07-17 15:25 - 2013-07-17 15:25 - 00308672 _____ C:\Windows\system32\FNTCACHE.DAT
 

==================== One Month Modified Files and Folders =======
 

2013-08-15 21:10 - 2013-01-31 18:20 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1419772598-1401349071-2118496725-1002

2013-08-15 21:09 - 2013-08-15 21:09 - 00003586 _____ C:\Windows\System32\Tasks\Bitdefender Auto-Scan

2013-08-15 21:09 - 2013-08-15 21:09 - 00002003 _____ C:\Users\Phil\Desktop\JRT.txt

2013-08-15 21:04 - 2013-08-15 21:04 - 00000000 ____D C:\Windows\ERUNT

2013-08-15 21:03 - 2013-08-15 21:03 - 01159319 _____ (Thisisu) C:\Users\Phil\Downloads\JRT.exe

2013-08-15 21:02 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\ELAM

2013-08-15 21:01 - 2013-08-15 21:01 - 00005109 _____ C:\Users\Phil\Desktop\AdwCleaner[S1].txt

2013-08-15 21:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\sru

2013-08-15 20:58 - 2013-02-01 21:16 - 00000000 ____D C:\ProgramData\Kodak

2013-08-15 20:58 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-15 20:57 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI

2013-08-15 20:56 - 2013-01-31 18:13 - 01580311 _____ C:\Windows\WindowsUpdate.log

2013-08-15 20:55 - 2013-01-31 19:21 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-15 20:54 - 2013-08-15 20:54 - 00005109 _____ C:\AdwCleaner[S1].txt

2013-08-15 20:54 - 2013-08-09 13:54 - 00000000 ____D C:\Windows\system32\MRT

2013-08-15 20:53 - 2013-08-15 20:53 - 00666633 _____ C:\Users\Phil\Downloads\adwcleaner.exe

2013-08-15 20:52 - 2012-11-09 10:35 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-08-15 17:09 - 2013-08-15 17:08 - 00026767 _____ C:\Users\Phil\Downloads\Addition.txt

2013-08-15 17:08 - 2013-08-15 17:08 - 00000000 ____D C:\FRST

2013-08-15 17:07 - 2013-08-15 17:07 - 01575570 _____ (Farbar) C:\Users\Phil\Downloads\FRST64.exe

2013-08-15 16:13 - 2013-07-24 18:10 - 00000005 _____ C:\Users\Phil\AppData\Roaming\WBPU-TTL.DAT

2013-08-15 14:32 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent

2013-08-14 13:12 - 2013-08-14 13:12 - 00003272 _____ C:\Windows\System32\Tasks\{36C383F7-F614-46D0-BCD9-1D57CD066E08}

2013-08-14 13:12 - 2013-07-14 15:58 - 00000000 ____D C:\ProgramData\Nexon

2013-08-14 13:10 - 2013-07-14 15:39 - 00000000 ____D C:\Nexon

2013-08-14 13:10 - 2012-11-08 15:34 - 00751892 _____ C:\Windows\system32\perfh007.dat

2013-08-14 13:10 - 2012-11-08 15:34 - 00155620 _____ C:\Windows\system32\perfc007.dat

2013-08-14 13:10 - 2012-07-26 09:28 - 01745416 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-14 13:05 - 2012-11-08 14:51 - 00022280 _____ C:\Windows\PFRO.log

2013-08-14 12:58 - 2013-08-14 12:58 - 00000000 ____D C:\Users\Phil\AppData\Roaming\Malwarebytes

2013-08-14 12:58 - 2013-08-14 12:58 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-14 12:57 - 2013-08-14 12:57 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Phil\Downloads\mbam-setup-1.75.0.1300.exe

2013-08-13 21:51 - 2013-02-03 15:01 - 00000000 ____D C:\Users\Phil\AppData\Roaming\TS3Client

2013-08-07 20:08 - 2013-02-03 15:01 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client

2013-08-03 15:12 - 2013-07-27 15:10 - 00000070 _____ C:\Users\Phil\AppData\Roaming\WB.CFG

2013-07-26 07:13 - 2013-08-14 17:04 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-26 07:13 - 2013-08-14 17:04 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-26 07:13 - 2013-08-14 17:04 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2013-07-26 07:13 - 2013-08-14 17:04 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2013-07-26 07:13 - 2013-08-14 17:04 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-07-26 07:12 - 2013-08-14 17:04 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-26 07:12 - 2013-08-14 17:04 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-26 07:12 - 2013-08-14 17:04 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-26 07:12 - 2013-08-14 17:04 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-26 07:12 - 2013-08-14 17:04 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-26 07:12 - 2013-08-14 17:04 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-26 07:12 - 2013-08-14 17:04 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-07-26 07:12 - 2013-08-14 17:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-07-26 07:12 - 2013-08-14 17:04 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-26 07:12 - 2013-08-14 17:04 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-07-26 05:35 - 2013-08-14 17:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-26 05:13 - 2013-08-14 17:04 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-26 05:13 - 2013-08-14 17:04 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-26 05:13 - 2013-08-14 17:04 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2013-07-26 05:12 - 2013-08-14 17:04 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-26 05:12 - 2013-08-14 17:04 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-26 05:12 - 2013-08-14 17:04 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-26 05:12 - 2013-08-14 17:04 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-26 05:12 - 2013-08-14 17:04 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-26 05:12 - 2013-08-14 17:04 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-07-26 05:12 - 2013-08-14 17:04 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-07-26 05:12 - 2013-08-14 17:04 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-26 05:11 - 2013-08-14 17:04 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-26 05:11 - 2013-08-14 17:04 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-07-26 04:49 - 2013-08-14 17:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-26 02:54 - 2013-08-14 17:04 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2013-07-25 17:33 - 2013-07-25 17:33 - 00001286 _____ C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2013-07-25 17:33 - 2013-07-25 17:33 - 00001155 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-07-25 17:33 - 2013-07-25 17:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-07-25 17:33 - 2013-07-03 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-07-25 13:22 - 2013-07-24 21:29 - 00000000 ____D C:\Users\Phil\Documents\LOLReplay

2013-07-24 21:29 - 2013-07-24 21:29 - 00001909 _____ C:\Users\Public\Desktop\LOL Recorder.lnk

2013-07-24 21:29 - 2013-07-24 21:29 - 00000000 ____D C:\Program Files (x86)\LOLReplay

2013-07-24 21:28 - 2013-07-24 21:28 - 01583130 _____ C:\Users\Phil\Downloads\LOLReplay-0.8.2.2.exe

2013-07-24 17:08 - 2013-07-24 17:08 - 00793536 _____ C:\Users\Phil\Downloads\ZipOpenerSetup.exe

2013-07-24 16:37 - 2013-07-24 16:37 - 00597776 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys

2013-07-21 16:37 - 2013-07-21 16:37 - 00000000 ____D C:\Users\Phil\AppData\Local\bdch

2013-07-21 16:37 - 2013-07-21 16:37 - 00000000 ____D C:\ProgramData\bdch

2013-07-17 15:25 - 2013-07-17 15:25 - 00308672 _____ C:\Windows\system32\FNTCACHE.DAT

2013-07-17 15:24 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\servicing

2013-07-16 19:13 - 2012-07-26 11:45 - 00000000 ____D C:\Program Files\Windows Journal

2013-07-16 19:13 - 2012-07-26 07:38 - 00000000 ____D C:\Windows\system32\oobe
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-08-11 18:30
 

==================== End Of Log ============================

--- --- ---

Addition.txt:

Code:

Farbar Recovery Scan Tool (x64) Version: 14-08-2013 01

Ran by Phil at 2013-08-15 21:12:36

Running from C:\Users\Phil\Downloads

Boot Mode: Normal
 

================== Search: "Addition.txt" ===================
 

C:\Users\Phil\Downloads\Addition.txt

[2013-08-15 17:08] - [2013-08-15 17:09] - 0026767 ____A () D14C363F421AEC6A928A7D5E4E12D65C
 

C:\FRST\Logs\Addition.txt

[2013-08-15 17:09] - [2013-08-15 17:09] - 0026028 ____A () F5B69C7A983EE60CCDBD145419809DBD
 

====== End Of Search ======