Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by Tukan (ATTENTION: The logged in user is not administrator) on 09-08-2013 16:58:02
Running from C:\Users\Tukan\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(PC Drivers Headquarters) C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe
(Anoto AB) C:\Program Files (x86)\CREALOGIX E-Payment AG\PayPen\PayPen.exe
(Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Dropbox, Inc.) C:\Users\Tukan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Anoto AB) C:\Program Files (x86)\CREALOGIX E-Payment AG\PayPen\CPenDesk.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe
() C:\Program Files (x86)\CREALOGIX E-Payment AG\PayPen\CPenOCR.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\klwtblfs.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2011-03-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-03] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-02-05] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10361616 2011-02-11] (Intel Corporation)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [4002248 2013-01-07] (O&O Software GmbH)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [DIMUpdate wird heruntergeladen...1300677038394] - c:\programdata\corel\downloads\540214035_807001\1300677038394\dim_params.xml [1060 2011-07-01] ()
HKCU\...\Run: [DriverBoost] - C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [3978096 2013-07-22] (PC Drivers Headquarters)
MountPoints2: {6d866fcb-2c0d-11e2-959d-00262dc79d5a} - F:\LaunchU3.exe -a
MountPoints2: {fbec8e90-6edd-11e2-8a97-00262dc79d5a} - "F:\WD Drive Unlock.exe" autoplay=true
HKLM-x32\...\Run: [HotkeyApp] - C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [207400 2010-12-16] (Wistron)
HKLM-x32\...\Run: [LMgrVolOSD] - C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2009-12-12] (Wistron Corp.)
HKLM-x32\...\Run: [Wbutton] - C:\Program Files (x86)\Launch Manager\Wbutton.exe [436264 2010-06-21] (Wistron Corp.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-04] (CyberLink)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-07] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40048 2007-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SOSUAUI] - C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe [53144 2013-04-01] (Malwarebytes Secure Backup)
HKLM-x32\...\Run: [SMessaging] - C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe [63896 2013-04-01] (Malwarebytes Secure Backup)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll [63896 2013-04-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PayPen.lnk
ShortcutTarget: PayPen.lnk -> C:\Program Files (x86)\CREALOGIX E-Payment AG\PayPen\PayPen.exe (Anoto AB)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
Startup: C:\Users\Tukan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tukan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * 6)\* O\* OODons\* s\* OOeLOOOODBS
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
Welcome to ALDI
HKCU\Software\Microsoft\Internet Explorer\Main,start page =
Welcome to ALDI
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_uid=4508871060674747&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=CH&userid=a4465df4-96e2-4c14-a4e3-c2155d8a539a&searchtype=ds&q={searchTerms}&installDate=28/04/2013
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_uid=4508871060674747&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKCU - WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
FireFox:
========
FF ProfilePath: C:\Users\Tukan\AppData\Roaming\Mozilla\Firefox\Profiles\7c5q79bo.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\Tukan\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Extension: No Name - C:\Users\Tukan\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected]
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\
[email protected]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=MDNC&bmod=MDNC
CHR RestoreOnStartup: "hxxp://www.google.com/ig/redirectdomain?brand=MDNC&bmod=MDNC"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google
riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll (Kaspersky Lab ZAO)
CHR Plugin: (Skype Toolbars) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0
CHR Extension: (Virtual Keyboard) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0
CHR Extension: (Skype Click to Call) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (Anti-Banner) - C:\Users\Tukan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-01-07] (Kaspersky Lab ZAO)
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [2231616 2010-07-19] ()
R2 IBUpdaterService; C:\ProgramData\IBUpdaterService\ibsvc.exe [596224 2013-06-28] ()
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-02-05] ()
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [231752 2012-09-25] (NETGEAR)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3294152 2013-01-07] (O&O Software GmbH)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-06-14] (Western Digital )
R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2009-10-23] (Wistron Corp.)
R2 x10nets; C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [88288 2011-07-04] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [123784 2011-07-04] (Avira GmbH)
S3 FNETTBOH; C:\Windows\SysWow64\drivers\FNETTBOH.SYS [27648 2011-10-09] (FNet Co., Ltd.)
S3 FNETTBOH; C:\Windows\SysWow64\drivers\FNETTBOH.SYS [27648 2011-10-09] (FNet Co., Ltd.)
S1 FNETURPX; C:\Windows\SysWow64\drivers\FNETURPX.SYS [9216 2011-10-09] (FNet Co., Ltd.)
S1 FNETURPX; C:\Windows\SysWow64\drivers\FNETURPX.SYS [9216 2011-10-09] (FNet Co., Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-22] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
S3 mod7764; C:\Windows\System32\DRIVERS\mod77-64.sys [1077416 2010-09-16] (DiBcom SA)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2012-12-06] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2012-12-30] (CACE Technologies, Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2010-06-10] (CACE Technologies)
S3 PayPen; C:\Windows\System32\Drivers\PayPen.sys [20840 2008-01-14] ()
S3 pendfu; C:\Windows\SysWow64\Drivers\pendfu.sys [39040 2008-01-25] (Anoto AB)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [15896 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [32792 2009-05-13] (X10 Wireless Technology, Inc.)
S3 pendfu; System32\Drivers\pendfu.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-09 16:35 - 2013-08-09 16:35 - 00000000 ____D C:\FRST
2013-08-07 22:14 - 2013-08-07 22:15 - 00000000 ____D C:\Users\Public\Documents\Cairns Reiseunterlagen
2013-08-07 17:37 - 2013-08-07 17:37 - 00000000 ____D C:\Users\Tukan\AppData\Local\PC_Drivers_Headquarters
2013-08-07 17:37 - 2013-08-07 17:37 - 00000000 ____D C:\ProgramData\UAB
2013-08-07 17:36 - 2013-08-07 17:36 - 00002275 _____ C:\Users\Public\Desktop\DriverBoost.lnk
2013-08-07 17:36 - 2013-08-07 17:36 - 00000000 ____D C:\ProgramData\DriverBoost
2013-08-07 17:35 - 2013-08-07 17:35 - 00000000 ____D C:\Program Files (x86)\DriverBoost
2013-08-07 17:24 - 2013-08-09 16:21 - 00000490 _____ C:\Windows\Tasks\Online Backup Update Notifier.job
2013-08-07 17:24 - 2013-08-07 17:24 - 00002009 _____ C:\Users\Public\Desktop\Malwarebytes Secure Backup.lnk
2013-08-07 17:24 - 2013-08-07 17:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Secure Backup
2013-08-07 17:23 - 2013-08-07 17:23 - 00000000 ____D C:\Windows\Downloaded Installations
2013-08-07 16:00 - 2013-08-07 16:01 - 00000000 ____D C:\Users\Tukan\AppData\Local\{A2D24722-D146-4CF3-9228-63DEA2E4D669}
2013-08-07 12:18 - 2013-08-07 12:18 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-07 12:18 - 2013-08-07 12:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-07 12:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-04 16:14 - 2013-08-04 16:14 - 00000000 ____D C:\Users\Tukan\Documents\Reise nach Cairns
2013-08-04 16:12 - 2013-08-04 16:12 - 00029159 _____ C:\Users\Tukan\Documents\Adressen Liste text.txt
2013-08-04 11:15 - 2013-08-04 11:15 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 10:28 - 2013-08-04 10:28 - 00000000 ____D C:\Users\Tukan\AppData\Local\{97806D18-AB45-4327-83B4-D861C0D5BB2E}
2013-07-31 11:01 - 2013-07-31 11:01 - 00000000 ____D C:\Users\Tukan\AppData\Local\{2A0C5A82-29CD-4F00-BCE5-0C8A41270939}
2013-07-21 22:46 - 2013-07-21 22:53 - 00002196 _____ C:\Windows\system32\ASOROSet.bin
2013-07-21 22:43 - 2013-07-22 00:06 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\Systweak
2013-07-21 22:39 - 2013-07-21 22:40 - 16437296 _____ (Systweak Inc. ) C:\Users\JPS\Downloads\photostudio_r.exe
2013-07-21 22:39 - 2013-07-21 22:39 - 05499544 _____ (Systweak INC. ) C:\Users\JPS\Downloads\dsusetup_r.exe
2013-07-21 22:38 - 2013-07-21 22:39 - 03756976 _____ (Systweak Inc ) C:\Users\JPS\Downloads\rcpsetup_r.exe
2013-07-21 22:31 - 2013-07-21 22:31 - 00238932 ____H C:\Windows\SysWOW64\mlfcache.dat
2013-07-21 22:22 - 2013-07-25 14:19 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Systweak
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Babylon
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\ProgramData\Babylon
2013-07-19 12:11 - 2013-07-19 12:18 - 00000000 ____D C:\Users\JPS\AppData\Roaming\DVDVideoSoft
2013-07-19 12:11 - 2013-07-19 12:11 - 00000000 ____D C:\Users\Tukan\Documents\DVDVideoSoft
2013-07-19 12:11 - 2013-07-19 12:11 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\DVDVideoSoft
2013-07-19 10:54 - 2013-07-19 10:54 - 00000000 ____D C:\Users\Tukan\AppData\Local\{9EA97B51-AE16-4F1C-8F3F-52742AD3D310}
2013-07-19 10:46 - 2013-07-19 10:46 - 00000000 ____D C:\Users\Tukan\AppData\Local\{3666A9DD-8558-40D1-BADE-6430B4B5B679}
2013-07-17 14:59 - 2013-07-17 15:02 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 13:08 - 2013-07-13 13:08 - 00000000 ____D C:\Users\Tukan\AppData\Local\{78125210-BF5F-4A09-AF9F-3FB081B369C9}
2013-07-10 21:50 - 2013-07-10 21:50 - 00000000 ____D C:\Users\Tukan\AppData\Local\{443C5905-EF3E-4D60-AA15-7646FAE5A040}
2013-07-10 13:26 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 13:26 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 13:26 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 13:26 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 13:26 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 13:26 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 13:26 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 13:26 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 13:26 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-10 13:26 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-10 13:26 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 13:26 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 13:25 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 13:25 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 13:25 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 13:25 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 13:25 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 13:25 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 13:08 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 13:08 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 13:08 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 13:08 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 13:07 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 13:07 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 13:07 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
==================== One Month Modified Files and Folders =======
2013-08-09 16:57 - 2013-08-09 16:57 - 01790169 _____ (Farbar) C:\Users\Tukan\Desktop\FRST64.exe
2013-08-09 16:35 - 2013-08-09 16:35 - 00000000 ____D C:\FRST
2013-08-09 16:28 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 16:28 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 16:24 - 2011-06-22 17:43 - 01395767 _____ C:\Windows\WindowsUpdate.log
2013-08-09 16:22 - 2013-06-26 20:58 - 00000000 ___RD C:\Users\Tukan\Dropbox
2013-08-09 16:22 - 2013-06-26 20:55 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\Dropbox
2013-08-09 16:22 - 2011-10-11 16:26 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-08-09 16:21 - 2013-08-07 17:24 - 00000490 _____ C:\Windows\Tasks\Online Backup Update Notifier.job
2013-08-09 16:21 - 2013-04-28 12:38 - 00086860 _____ C:\Windows\system32\oodbs.lor
2013-08-09 16:21 - 2012-12-23 17:08 - 00026644 _____ C:\Windows\setupact.log
2013-08-09 16:21 - 2011-06-22 17:45 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-09 16:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 14:13 - 2011-06-22 17:45 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-09 14:04 - 2012-04-20 22:59 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-09 11:47 - 2011-04-24 01:02 - 00654852 _____ C:\Windows\system32\perfh007.dat
2013-08-09 11:47 - 2011-04-24 01:02 - 00130434 _____ C:\Windows\system32\perfc007.dat
2013-08-09 11:47 - 2009-07-14 07:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-07 23:56 - 2011-06-22 21:12 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\SoftGrid Client
2013-08-07 22:15 - 2013-08-07 22:14 - 00000000 ____D C:\Users\Public\Documents\Cairns Reiseunterlagen
2013-08-07 21:46 - 2013-05-30 13:28 - 00000000 ____D C:\Users\Tukan\Documents\MAC_Dokumente
2013-08-07 19:59 - 2009-03-07 15:26 - 00000000 ____D C:\Users\Tukan\Documents\ADRV
2013-08-07 19:30 - 2011-06-22 17:51 - 00000000 ____D C:\Users\JPS
2013-08-07 17:37 - 2013-08-07 17:37 - 00000000 ____D C:\Users\Tukan\AppData\Local\PC_Drivers_Headquarters
2013-08-07 17:37 - 2013-08-07 17:37 - 00000000 ____D C:\ProgramData\UAB
2013-08-07 17:36 - 2013-08-07 17:36 - 00002275 _____ C:\Users\Public\Desktop\DriverBoost.lnk
2013-08-07 17:36 - 2013-08-07 17:36 - 00000000 ____D C:\ProgramData\DriverBoost
2013-08-07 17:35 - 2013-08-07 17:35 - 00000000 ____D C:\Program Files (x86)\DriverBoost
2013-08-07 17:24 - 2013-08-07 17:24 - 00002009 _____ C:\Users\Public\Desktop\Malwarebytes Secure Backup.lnk
2013-08-07 17:24 - 2013-08-07 17:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Secure Backup
2013-08-07 17:24 - 2012-12-23 16:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-07 17:23 - 2013-08-07 17:23 - 00000000 ____D C:\Windows\Downloaded Installations
2013-08-07 17:05 - 2010-11-21 05:47 - 00314942 _____ C:\Windows\PFRO.log
2013-08-07 17:03 - 2013-04-28 13:48 - 00000000 ____D C:\Users\JPS\AppData\Roaming\File Scout
2013-08-07 16:01 - 2013-08-07 16:00 - 00000000 ____D C:\Users\Tukan\AppData\Local\{A2D24722-D146-4CF3-9228-63DEA2E4D669}
2013-08-07 12:18 - 2013-08-07 12:18 - 00001117 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-07 12:18 - 2013-08-07 12:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-05 15:42 - 2011-07-07 11:22 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-08-04 16:14 - 2013-08-04 16:14 - 00000000 ____D C:\Users\Tukan\Documents\Reise nach Cairns
2013-08-04 16:12 - 2013-08-04 16:12 - 00029159 _____ C:\Users\Tukan\Documents\Adressen Liste text.txt
2013-08-04 13:03 - 2010-07-30 11:17 - 00000000 ____D C:\Users\Tukan\Documents\Reisen
2013-08-04 11:15 - 2013-08-04 11:15 - 00002216 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-04 10:28 - 2013-08-04 10:28 - 00000000 ____D C:\Users\Tukan\AppData\Local\{97806D18-AB45-4327-83B4-D861C0D5BB2E}
2013-07-31 15:25 - 2011-06-22 22:13 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\Skype
2013-07-31 14:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-31 12:18 - 2011-06-22 20:57 - 00000000 ____D C:\Users\Tukan
2013-07-31 12:17 - 2012-12-20 14:09 - 00001748 _____ C:\Users\Tukan\Julia + Rohan Wadham.contact
2013-07-31 11:31 - 2011-06-22 22:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-31 11:31 - 2011-06-22 22:13 - 00000000 ____D C:\ProgramData\Skype
2013-07-31 11:01 - 2013-07-31 11:01 - 00000000 ____D C:\Users\Tukan\AppData\Local\{2A0C5A82-29CD-4F00-BCE5-0C8A41270939}
2013-07-29 23:13 - 2011-08-16 01:18 - 00000000 ____D C:\Users\JPS\AppData\Roaming\NCH Software
2013-07-29 20:49 - 2011-08-25 13:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-29 20:49 - 2009-07-14 04:34 - 00000478 _____ C:\Windows\win.ini
2013-07-25 14:19 - 2013-07-21 22:22 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Systweak
2013-07-22 00:06 - 2013-07-21 22:43 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\Systweak
2013-07-21 22:53 - 2013-07-21 22:46 - 00002196 _____ C:\Windows\system32\ASOROSet.bin
2013-07-21 22:44 - 2011-04-24 14:58 - 00000000 ___RD C:\Users\Public\Desktop\Medion MediaPack
2013-07-21 22:42 - 2011-07-18 15:08 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Apple Computer
2013-07-21 22:40 - 2013-07-21 22:39 - 16437296 _____ (Systweak Inc. ) C:\Users\JPS\Downloads\photostudio_r.exe
2013-07-21 22:39 - 2013-07-21 22:39 - 05499544 _____ (Systweak INC. ) C:\Users\JPS\Downloads\dsusetup_r.exe
2013-07-21 22:39 - 2013-07-21 22:38 - 03756976 _____ (Systweak Inc ) C:\Users\JPS\Downloads\rcpsetup_r.exe
2013-07-21 22:36 - 2011-07-07 11:48 - 00000000 ____D C:\Users\JPS\AppData\Local\Adobe
2013-07-21 22:31 - 2013-07-21 22:31 - 00238932 ____H C:\Windows\SysWOW64\mlfcache.dat
2013-07-19 12:18 - 2013-07-19 12:11 - 00000000 ____D C:\Users\JPS\AppData\Roaming\DVDVideoSoft
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\Users\JPS\AppData\Roaming\Babylon
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-19 12:13 - 2013-07-19 12:13 - 00000000 ____D C:\ProgramData\Babylon
2013-07-19 12:11 - 2013-07-19 12:11 - 00000000 ____D C:\Users\Tukan\Documents\DVDVideoSoft
2013-07-19 12:11 - 2013-07-19 12:11 - 00000000 ____D C:\Users\Tukan\AppData\Roaming\DVDVideoSoft
2013-07-19 12:11 - 2013-03-07 14:02 - 00000000 ____D C:\Users\JPS\AppData\Roaming\OpenCandy
2013-07-19 10:54 - 2013-07-19 10:54 - 00000000 ____D C:\Users\Tukan\AppData\Local\{9EA97B51-AE16-4F1C-8F3F-52742AD3D310}
2013-07-19 10:46 - 2013-07-19 10:46 - 00000000 ____D C:\Users\Tukan\AppData\Local\{3666A9DD-8558-40D1-BADE-6430B4B5B679}
2013-07-18 19:26 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-18 17:36 - 2011-04-24 13:54 - 00045434 _____ C:\Windows\DPINST.LOG
2013-07-17 15:02 - 2013-07-17 14:59 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 14:48 - 2012-04-20 22:59 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-13 14:48 - 2011-07-12 00:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-13 13:08 - 2013-07-13 13:08 - 00000000 ____D C:\Users\Tukan\AppData\Local\{78125210-BF5F-4A09-AF9F-3FB081B369C9}
2013-07-10 21:50 - 2013-07-10 21:50 - 00000000 ____D C:\Users\Tukan\AppData\Local\{443C5905-EF3E-4D60-AA15-7646FAE5A040}
2013-07-10 21:40 - 2009-07-14 06:45 - 00481072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-10 21:39 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 21:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 21:39 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-10 21:38 - 2012-05-20 15:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 21:38 - 2012-05-20 15:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit