| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/PSW.Zbot.233472.224 BefallWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.07.2013, 12:17
| #1 |
 |  TR/PSW.Zbot.233472.224 Befall Hallo zusammen! Ich habe mit einen Trojaner eingefangen, zumindest sagt das mein Avira  Eine Suche hat mich leider nur bedingt weitergebracht, da ich zwar einen "TR/PSW.Zbot" gefunden habe, aber keine Info zu "TR/PSW.Zbot.233472.224" Ob der Trojaner der gleiche ist oder nicht weiß ich leider nicht  Ich hoffe dass ihr mir hier weiterhelfen könnt. Was ich bisher gemacht habe: Scan mit Avira - Trojaner gefunden Scan mit Kapersky(Online) - kein Fund Scan mit Malwarebyte - kein Fund Scan mit OTL Die Berichte von Avia und OTL kommen hier: Avira Free Antivirus Erstellungsdatum der Reportdatei: Dienstag, 2. Juli 2013 12:59 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Code:
ATTFilter Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : DESKTOP Versionsinformationen: BUILD.DAT : 13.0.0.3737 54853 Bytes 20.06.2013 15:37:00 AVSCAN.EXE : 13.6.0.1722 634936 Bytes 01.07.2013 17:30:57 AVSCANRC.DLL : 13.6.0.1550 62520 Bytes 01.07.2013 17:30:57 LUKE.DLL : 13.6.0.1550 65080 Bytes 01.07.2013 17:31:18 AVSCPLR.DLL : 13.6.0.1712 92216 Bytes 01.07.2013 17:30:57 AVREG.DLL : 13.6.0.1550 247864 Bytes 01.07.2013 17:30:56 avlode.dll : 13.6.2.1704 449592 Bytes 01.07.2013 17:30:54 avlode.rdf : 13.0.1.18 26349 Bytes 22.06.2013 16:46:30 VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 10:15:34 VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 08:06:34 VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 13:50:21 VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 16:46:23 VBASE004.VDF : 7.11.85.215 2048 Bytes 21.06.2013 16:46:23 VBASE005.VDF : 7.11.85.216 2048 Bytes 21.06.2013 16:46:23 VBASE006.VDF : 7.11.85.217 2048 Bytes 21.06.2013 16:46:23 VBASE007.VDF : 7.11.85.218 2048 Bytes 21.06.2013 16:46:23 VBASE008.VDF : 7.11.85.219 2048 Bytes 21.06.2013 16:46:23 VBASE009.VDF : 7.11.85.220 2048 Bytes 21.06.2013 16:46:23 VBASE010.VDF : 7.11.85.221 2048 Bytes 21.06.2013 16:46:24 VBASE011.VDF : 7.11.85.222 2048 Bytes 21.06.2013 16:46:24 VBASE012.VDF : 7.11.85.223 2048 Bytes 21.06.2013 16:46:24 VBASE013.VDF : 7.11.85.224 2048 Bytes 21.06.2013 16:46:24 VBASE014.VDF : 7.11.86.93 870400 Bytes 24.06.2013 11:29:39 VBASE015.VDF : 7.11.86.223 331776 Bytes 25.06.2013 16:21:48 VBASE016.VDF : 7.11.87.67 204800 Bytes 27.06.2013 16:21:48 VBASE017.VDF : 7.11.87.157 247296 Bytes 28.06.2013 17:30:46 VBASE018.VDF : 7.11.87.221 196608 Bytes 30.06.2013 17:30:47 VBASE019.VDF : 7.11.87.222 2048 Bytes 30.06.2013 17:30:47 VBASE020.VDF : 7.11.87.223 2048 Bytes 30.06.2013 17:30:47 VBASE021.VDF : 7.11.87.224 2048 Bytes 30.06.2013 17:30:47 VBASE022.VDF : 7.11.87.225 2048 Bytes 30.06.2013 17:30:47 VBASE023.VDF : 7.11.87.226 2048 Bytes 30.06.2013 17:30:48 VBASE024.VDF : 7.11.87.227 2048 Bytes 30.06.2013 17:30:48 VBASE025.VDF : 7.11.87.228 2048 Bytes 30.06.2013 17:30:48 VBASE026.VDF : 7.11.87.229 2048 Bytes 30.06.2013 17:30:48 VBASE027.VDF : 7.11.87.230 2048 Bytes 30.06.2013 17:30:48 VBASE028.VDF : 7.11.87.231 2048 Bytes 30.06.2013 17:30:48 VBASE029.VDF : 7.11.87.232 2048 Bytes 30.06.2013 17:30:49 VBASE030.VDF : 7.11.87.233 2048 Bytes 30.06.2013 17:30:49 VBASE031.VDF : 7.11.88.26 79360 Bytes 01.07.2013 17:30:49 Engineversion : 8.2.12.68 AEVDF.DLL : 8.1.3.4 102774 Bytes 15.06.2013 18:26:24 AESCRIPT.DLL : 8.1.4.126 483710 Bytes 28.06.2013 16:21:54 AESCN.DLL : 8.1.10.4 131446 Bytes 04.04.2013 07:10:18 AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06 AERDL.DLL : 8.2.0.128 688504 Bytes 15.06.2013 18:26:24 AEPACK.DLL : 8.3.2.24 749945 Bytes 22.06.2013 16:46:29 AEOFFICE.DLL : 8.1.2.60 205181 Bytes 19.06.2013 06:24:15 AEHEUR.DLL : 8.1.4.436 5964154 Bytes 28.06.2013 16:21:54 AEHELP.DLL : 8.1.27.4 266617 Bytes 28.06.2013 16:21:50 AEGEN.DLL : 8.1.7.6 442742 Bytes 28.06.2013 16:21:50 AEEXP.DLL : 8.4.0.34 201079 Bytes 09.06.2013 17:05:40 AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55 AECORE.DLL : 8.1.31.6 201081 Bytes 28.06.2013 16:21:50 AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 18:52:33 AVWINLL.DLL : 13.6.0.1550 23608 Bytes 01.07.2013 17:30:46 AVPREF.DLL : 13.6.0.1550 48184 Bytes 01.07.2013 17:30:56 AVREP.DLL : 13.6.0.1550 175672 Bytes 01.07.2013 17:30:56 AVARKT.DLL : 13.6.0.1626 258104 Bytes 01.07.2013 17:30:50 AVEVTLOG.DLL : 13.6.0.1550 164920 Bytes 01.07.2013 17:30:53 SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40 AVSMTP.DLL : 13.6.0.1550 59960 Bytes 01.07.2013 17:30:58 NETNT.DLL : 13.6.0.1550 13368 Bytes 01.07.2013 17:31:18 RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 11.12.2012 15:10:11 RCTEXT.DLL : 13.6.0.1624 67128 Bytes 01.07.2013 17:30:46 Konfiguration für den aktuellen Suchlauf: Job Name..............................: AVGuardAsyncScan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_51d285ae\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: ein Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Abweichende Archivtypen...............: +, +, +, +, +, +, +, +, Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR, Beginn des Suchlaufs: Dienstag, 2. Juli 2013 12:59 Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'nvSCPAPISvr.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '87' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '157' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '86' Modul(e) wurden durchsucht Durchsuche Prozess 'nvxdsync.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '72' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '69' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '165' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'IGDCTRL.EXE' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'HeciServer.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'jhi_service.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'kss.exe' - '173' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'rndlresolversvc.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'TeamViewer_Service.exe' - '92' Modul(e) wurden durchsucht Durchsuche Prozess 'viakaraokesrv.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSVC.EXE' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSvcM.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'LCore.exe' - '72' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxpers.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'VDeck.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'kss.exe' - '91' Modul(e) wurden durchsucht Durchsuche Prozess 'nvtray.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '93' Modul(e) wurden durchsucht Durchsuche Prozess 'iusb3mon.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'realsched.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'LCDRSS.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'LCDPictureViewer.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'LCDWebCam.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'LCDClock.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'LCDMovieViewer.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'LCDYT.exe' - '98' Modul(e) wurden durchsucht Durchsuche Prozess 'LCDMedia.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'LCDPop3.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'LCDCountdown.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'iPodService.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'LMS.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'UNS.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'IELowutil.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'OSPPSVC.EXE' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '147' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '87' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_224.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_224.exe' - '70' Modul(e) wurden durchsucht Durchsuche Prozess 'OTL.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '123' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '33' Modul(e) wurden durchsucht Untersuchung der Systemdateien wird begonnen: Signiert -> 'C:\Windows\system32\svchost.exe' Signiert -> 'C:\Windows\system32\winlogon.exe' Signiert -> 'C:\Windows\explorer.exe' Signiert -> 'C:\Windows\system32\smss.exe' Signiert -> 'C:\Windows\system32\wininet.DLL' Signiert -> 'C:\Windows\system32\wsock32.DLL' Signiert -> 'C:\Windows\system32\ws2_32.DLL' Signiert -> 'C:\Windows\system32\services.exe' Signiert -> 'C:\Windows\system32\lsass.exe' Signiert -> 'C:\Windows\system32\csrss.exe' Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys' Signiert -> 'C:\Windows\system32\spoolsv.exe' Signiert -> 'C:\Windows\system32\alg.exe' Signiert -> 'C:\Windows\system32\wuauclt.exe' Signiert -> 'C:\Windows\system32\advapi32.DLL' Signiert -> 'C:\Windows\system32\user32.DLL' Signiert -> 'C:\Windows\system32\gdi32.DLL' Signiert -> 'C:\Windows\system32\kernel32.DLL' Signiert -> 'C:\Windows\system32\ntdll.DLL' Signiert -> 'C:\Windows\system32\ntoskrnl.exe' Signiert -> 'C:\Windows\system32\ctfmon.exe' Die Systemdateien wurden durchsucht ('21' Dateien) Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57c9fd79-2458a1a2' C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57c9fd79-2458a1a2 [FUND] Ist das Trojanische Pferd TR/PSW.Zbot.233472.224 Beginne mit der Desinfektion: C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57c9fd79-2458a1a2 [FUND] Ist das Trojanische Pferd TR/PSW.Zbot.233472.224 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54681d14.qua' verschoben! Ende des Suchlaufs: Dienstag, 2. Juli 2013 12:59 Benötigte Zeit: 00:28 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 908 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 907 Dateien ohne Befall 1 Archive wurden durchsucht 0 Warnungen 1 Hinweise 108510 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Die Suchergebnisse werden an den Guard übermittelt. Code:
ATTFilter OTL logfile created on: 02.07.2013 13:11:57 - Run 1[/B] OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 5,09 Gb Available Physical Memory | 64,45% Memory free 7,99 Gb Paging File | 4,99 Gb Available in Paging File | 62,41% Paging File free Paging file location(s): c:\pagefile.sys 100 1024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 0,67 Gb Free Space | 0,56% Space Free | Partition Type: NTFS Drive E: | 78,12 Gb Total Space | 2,82 Gb Free Space | 3,61% Space Free | Partition Type: NTFS Drive F: | 28,59 Gb Total Space | 10,89 Gb Free Space | 38,08% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 23,08 Gb Free Space | 47,26% Space Free | Partition Type: NTFS Drive H: | 142,54 Gb Total Space | 4,15 Gb Free Space | 2,91% Space Free | Partition Type: NTFS Drive J: | 488,28 Gb Total Space | 199,27 Gb Free Space | 40,81% Space Free | Partition Type: NTFS Drive K: | 443,23 Gb Total Space | 429,90 Gb Free Space | 96,99% Space Free | Partition Type: NTFS Computer Name: DESKTOP | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Logitech Gaming Software\Applets\LCDYT.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\Applets\LCDWebCam.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\Applets\LCDMovieViewer.exe (Logitech Inc.) PRC - C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (KSS) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IGDCTRL) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) ========== Driver Services (SafeList) ========== DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech) DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Qualcomm Atheros Co., Ltd.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.) DRV:64bit: - (FETNDIS) -- C:\Windows\SysNative\drivers\fet6x64.sys (VIA Technologies, Inc. ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=798 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: G:\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.01.18 15:27:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.25 17:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2013.06.25 17:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.06.25 17:46:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll CHR - plugin: RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll CHR - plugin: RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: VLC Web Plugin (Enabled) = G:\VLC\npvlc.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll CHR - Extension: Docs = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: RealDownloader = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\ CHR - Extension: Google Mail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Microsoft-Konto-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7416E48D-2790-46BC-B926-A416FC8BB1E4}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found O29 - HKLM SecurityProviders - (credssp.dll) - File not found O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{ef99db7b-090b-11e2-a3b5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ef99db7b-090b-11e2-a3b5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.01 21:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2013.07.01 20:45:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment [2013.07.01 20:24:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft [2013.07.01 20:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2013.07.01 20:14:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2013.07.01 20:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2013.06.27 20:41:51 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Arma 3 - Other Profiles [2013.06.27 20:41:45 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Arma 3 [2013.06.27 20:41:45 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Arma 3 [2013.06.25 17:46:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Mozilla [2013.06.25 17:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.25 16:34:05 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Mozilla [2013.06.25 14:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.06.25 14:56:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.06.25 14:56:19 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Google [2013.06.25 14:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.06.25 13:32:53 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan [2013.06.25 13:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.06.25 13:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013.06.25 12:29:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Ywewu [2013.06.25 12:29:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Epera [2013.06.25 08:55:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\The Lord of the Rings Online [2013.06.25 08:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine [2013.06.24 17:58:54 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\PMB Files [2013.06.24 17:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013.06.24 17:58:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013.06.24 17:53:31 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\The Lord of the Rings Online [2013.06.24 12:42:54 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Turbine [2013.06.24 12:42:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Turbine [2013.06.24 12:42:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\ApplicationHistory [2013.06.24 12:41:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2013.06.19 23:53:17 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Star Wars - The Old Republic [2013.06.19 17:36:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\SWTOR [2013.06.19 17:36:28 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\HeroBlade Logs [2013.06.19 13:04:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA [2013.06.19 12:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2013.06.19 12:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2013.06.19 11:13:29 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\SWTORPerf [2013.06.18 11:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.18 11:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.06.18 11:55:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.06.18 11:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.18 11:55:27 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.06.17 21:16:18 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2013.06.16 00:12:46 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.16 00:12:46 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.13 09:49:24 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Arma 3 Alpha - Other Profiles [2013.06.13 09:47:43 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Arma 3 Alpha [2013.06.13 09:47:43 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Arma 3 Alpha [2013.06.12 23:18:25 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.12 23:18:25 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.12 23:18:25 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.12 23:18:25 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.06.12 23:18:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.06.12 23:18:25 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.06.12 23:18:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.06.12 23:18:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.06.12 23:18:25 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.06.12 23:18:25 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.06.12 23:18:25 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.06.12 23:18:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.06.12 23:18:24 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.12 08:50:23 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.06.12 08:50:23 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.06.12 08:50:20 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.06.12 08:50:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.06.12 08:50:16 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.06.12 08:50:13 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.06.12 08:50:13 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.06.12 08:50:13 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.06.12 08:50:13 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.06.12 08:50:13 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013.06.12 08:50:13 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013.06.12 08:50:08 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.06.12 08:50:08 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.06.11 21:04:15 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Arma 3 Alpha Lite - Other Profiles [2013.06.11 20:53:15 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Arma 3 Alpha Lite [2013.06.11 20:53:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Arma 3 Alpha Lite [2013.06.11 20:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive [2013.06.06 08:36:49 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Chromium [2013.06.04 18:48:42 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Gameforge4d [2013.06.04 18:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live [2013.06.03 11:31:23 | 000,000,000 | ---D | C] -- C:\Windows\de [2013.06.03 11:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2013.06.03 11:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2013.06.03 11:30:26 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Windows Live [2013.06.03 11:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live ========== Files - Modified Within 30 Days ========== [2013.07.02 13:01:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.02 12:51:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.02 09:55:09 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.02 09:55:09 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.02 09:53:59 | 001,536,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.02 09:53:59 | 000,668,274 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.02 09:53:59 | 000,627,850 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.02 09:53:59 | 000,135,942 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.02 09:53:59 | 000,111,428 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.02 09:48:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.02 09:47:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.01 21:18:27 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2013.07.01 19:31:25 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.06.30 18:15:17 | 000,000,270 | ---- | M] () -- C:\Users\*****\Desktop\TS 3 backup.ini [2013.06.25 17:46:50 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.06.25 16:42:10 | 000,113,988 | ---- | M] () -- C:\Users\*****\Documents\cc_20130625_164204.reg [2013.06.25 14:57:35 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.25 14:32:58 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.06.25 13:32:51 | 000,001,077 | ---- | M] () -- C:\Users\*****\Desktop\Kaspersky Security Scan.lnk [2013.06.25 13:28:20 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.25 12:41:23 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.06.25 12:41:23 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.06.25 08:37:53 | 000,002,720 | ---- | M] () -- C:\Users\*****\Documents\UserPreferences.ini [2013.06.25 08:36:27 | 000,000,729 | ---- | M] () -- C:\Users\*****\Desktop\Der Herr der Ringe Online.lnk [2013.06.24 17:50:31 | 000,000,846 | ---- | M] () -- C:\Users\*****\Desktop\Der Herr de Ringe Online Die Schatten von Angmar.lnk [2013.06.24 13:38:30 | 000,000,202 | ---- | M] () -- C:\Users\*****\Desktop\APB Reloaded.url [2013.06.24 12:42:24 | 000,000,103 | ---- | M] () -- C:\Users\*****\AppData\Local\fusioncache.dat [2013.06.24 12:42:18 | 001,562,390 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.06.21 09:03:30 | 000,001,483 | ---- | M] () -- C:\Users\*****\Desktop\Star Wars - The Old Republic.lnk [2013.06.20 20:54:55 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.06.20 20:54:55 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.06.20 20:54:31 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.06.18 11:55:35 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.17 21:16:18 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2013.06.17 16:47:00 | 000,000,923 | ---- | M] () -- C:\Users\*****\Desktop\Logitech Gaming Software 8.35.lnk [2013.06.12 19:44:59 | 000,000,202 | ---- | M] () -- C:\Users\*****\Desktop\Arma 3 Alpha.url [2013.06.11 21:51:23 | 009,089,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.03 14:22:20 | 106,159,115 | ---- | M] () -- C:\Users\*****\Hochwasser 2013.mp4 [2013.06.03 12:51:23 | 055,285,607 | ---- | M] () -- C:\Users\*****\Mein Film.mp4 ========== Files Created - No Company Name ========== [2013.07.01 20:14:37 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2013.06.30 18:15:17 | 000,000,270 | ---- | C] () -- C:\Users\*****\Desktop\TS 3 backup.ini [2013.06.25 17:46:50 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.06.25 16:42:08 | 000,113,988 | ---- | C] () -- C:\Users\*****\Documents\cc_20130625_164204.reg [2013.06.25 14:57:35 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.25 14:56:21 | 000,001,128 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.25 14:56:21 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.25 14:32:58 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.06.25 13:32:53 | 000,001,077 | ---- | C] () -- C:\Users\*****\Desktop\Kaspersky Security Scan.lnk [2013.06.25 13:28:20 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.25 08:37:08 | 000,002,720 | ---- | C] () -- C:\Users\*****\Documents\UserPreferences.ini [2013.06.25 08:36:27 | 000,000,729 | ---- | C] () -- C:\Users\*****\Desktop\Der Herr der Ringe Online.lnk [2013.06.24 17:50:31 | 000,000,846 | ---- | C] () -- C:\Users\*****\Desktop\Der Herr de Ringe Online Die Schatten von Angmar.lnk [2013.06.24 13:38:30 | 000,000,202 | ---- | C] () -- C:\Users\*****\Desktop\APB Reloaded.url [2013.06.24 12:42:24 | 000,000,103 | ---- | C] () -- C:\Users\*****\AppData\Local\fusioncache.dat [2013.06.24 12:42:01 | 001,562,390 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.06.21 09:03:30 | 000,001,483 | ---- | C] () -- C:\Users\*****\Desktop\Star Wars - The Old Republic.lnk [2013.06.18 11:55:35 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.17 16:47:00 | 000,000,923 | ---- | C] () -- C:\Users\*****\Desktop\Logitech Gaming Software 8.35.lnk [2013.06.12 19:44:59 | 000,000,202 | ---- | C] () -- C:\Users\*****\Desktop\Arma 3 Alpha.url [2013.06.03 14:17:56 | 106,159,115 | ---- | C] () -- C:\Users\*****\Hochwasser 2013.mp4 [2013.06.03 12:49:07 | 055,285,607 | ---- | C] () -- C:\Users\*****\Mein Film.mp4 [2013.06.03 11:31:20 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk [2013.06.03 11:31:19 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk [2013.02.14 19:39:11 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.14 19:39:11 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.01.10 14:29:01 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2013.01.03 00:30:26 | 000,038,429 | ---- | C] () -- C:\Users\*****\AppData\Local\recently-used.xbel [2013.01.03 00:22:41 | 000,000,286 | ---- | C] () -- C:\Users\*****\AppData\Roaming\gmic_faves [2012.12.26 14:51:39 | 000,001,052 | ---- | C] () -- C:\Users\*****\AppData\Roaming\gmic_sources.cimgz [2012.10.29 23:05:36 | 000,000,073 | ---- | C] () -- C:\Users\*****\.gtk-bookmarks [2012.10.10 03:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 03:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.10 03:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.09.28 22:36:40 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.04.20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Hat Avira alles gefunden ? Kann ich noch irgendwelche Tests machen, um festzustellen ob mein System bereinigt ist ? Was macht der Trojaner eigentlich genau, weiß das jemand ? Wäre wirklich toll wenn ihr mit helfen könnt!! lg yosh Geändert von yosherl (02.07.2013 um 12:45 Uhr) |
|
02.07.2013, 12:20
| #2 |
| /// the machine /// TB-Ausbilder    |  TR/PSW.Zbot.233472.224 Befall Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
 So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
02.07.2013, 12:36
| #3 |
| | TR/PSW.Zbot.233472.224 Befall Hallo Schrauber!
__________________Vielen Dank für Deine Hilfe. Hier die beiden Txt Files. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2013 Ran by ***** at 2013-07-02 13:33:38 Running from C:\Users\*****\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= „Der Herr der Ringe Online™“ v1100.0052.1373.8030 (x32 Version: 1100.0052.1373.8030) 4Media iPhone Contacts Transfer (x32 Version: 1.2.7.20121110) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Photoshop 7.0 (x32 Version: 7.0) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) APB Reloaded (x32) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) applicationupdater (HKCU) Arma 3 Alpha (x32) Arma 3 Alpha Lite (x32) Asheron's Call 2 (x32 Version: 1.0.0) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.7) Avira Free Antivirus (x32 Version: 13.0.0.3737) AVM FRITZ!Box Dokumentation (x32) AVM FRITZ!DSL (x32 Version: 2.04.02) Battlefield 3™ (x32 Version: 1.5.0.0) Bonjour (Version: 3.0.0.10) Canon MG4100 series MP Drivers CCleaner (Version: 4.02) CDBurnerXP (x32 Version: 4.4.2.3442) CINEMA 4D 12.016 (Version: 12.016) Counter-Strike: Global Offensive (x32) D3DX10 (x32 Version: 15.4.2368.0902) DAEMON Tools Lite (x32 Version: 4.45.4.0314) Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition DER HERR DER RINGE ONLINE: Schatten von Angmar v07.12.30.70 (x32 Version: 07.12.30.70) Dota 2 (x32) Dota 2 Test (x32) Dual-Core Optimizer (x32 Version: 1.1.4.0169) ESN Sonar (x32 Version: 0.70.4) Etron USB3.0 Host Controller (x32 Version: 0.109) Fotogalerie (x32 Version: 16.4.3508.0205) Fraps (remove only) (x32) gamelauncher-ps2-psg (HKCU) GIMP 2.8.2 (Version: 2.8.2) G'MIC for GIMP Version 1.5.2.4 (x32 Version: 1.5.2.4) Google Chrome (x32 Version: 27.0.1453.116) Google Update Helper (x32 Version: 1.3.21.145) Hamachi 1.0.3.0 (x32) Inkscape 0.48.3.1 (x32 Version: 0.48.3.1) Intel(R) Management Engine Components (x32 Version: 8.1.0.1252) Intel(R) Processor Graphics (x32 Version: 9.17.10.2867) Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.225) Intel® Trusted Connect Service Client (Version: 1.24.388.1) iTunes (Version: 11.0.4.4) Java 7 Update 17 (64-bit) (Version: 7.0.170) Java 7 Update 17 (x32 Version: 7.0.170) Java Auto Updater (x32 Version: 2.1.9.0) Java SE Development Kit 7 Update 17 (64-bit) (Version: 1.7.0.170) Kaspersky Security Scan (x32 Version: 12.0.1.340) Logitech Gaming Software (Version: 8.35.18) Logitech Gaming Software 8.46 (Version: 8.46.27) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mein CEWE FOTOBUCH (x32 Version: 5.0.1) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322) Microsoft .NET Framework 1.1 (x32) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Standard 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Outlook Hotmail Connector 64-Bit (Version: 14.0.6123.5001) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Movie Maker (x32 Version: 16.4.3508.0205) Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0) mp3-2-wav converter 1.14 (x32) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) NVIDIA 3D Vision Controller-Treiber 310.90 (Version: 310.90) NVIDIA 3D Vision Treiber 311.06 (Version: 311.06) NVIDIA Grafiktreiber 311.06 (Version: 311.06) NVIDIA Install Application (Version: 2.1002.108.688) NVIDIA PhysX (x32 Version: 9.12.1031) NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106) NVIDIA Systemsteuerung 311.06 (Version: 311.06) NVIDIA Update 1.11.3 (Version: 1.11.3) NVIDIA Update Components (Version: 1.11.3) OpenOffice.org 3.4.1 (x32 Version: 3.41.9593) Origin (x32 Version: 9.1.13.85) Pando Media Booster (x32 Version: 2.6.0.9) Photo Common (x32 Version: 16.4.3508.0205) Photo Gallery (x32 Version: 16.4.3508.0205) Platform (x32 Version: 1.39) PunkBuster Services (x32 Version: 0.991) RealDownloader (x32 Version: 1.3.0) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0) RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0) RealUpgrade 1.1 (x32 Version: 1.1.0) Samsung Magician (x32 Version: 4.0.1) SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0) Sid Meier's Civilization 4 - Beyond the Sword (x32 Version: 3.01) Sid Meier's Civilization 4 - Warlords (x32 Version: 2.13) Sid Meier's Civilization 4 (x32 Version: 1.00.0000) Sid Meier's Civilization 4 (x32 Version: 1.74) Skype™ 6.3 (x32 Version: 6.3.105) Sorian AI Mod 2.1.1 (x32) SpeedFan (remove only) (x32) Star Trek Online (x32) Star Wars: The Old Republic (x32 Version: 1.00) Steam (x32 Version: 1.0.0.0) TeamSpeak 3 Client (HKCU Version: 3.0.10.1) TeamViewer 7 (x32 Version: 7.0.15723) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition VIA Plattform-Geräte-Manager (x32 Version: 1.39) VLC media player 2.0.3 (x32 Version: 2.0.3) VTrain (Vokabeltrainer) 5.2 (x32) Windows Live Communications Platform (x32 Version: 16.4.3508.0205) Windows Live Essentials (x32 Version: 16.4.3508.0205) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 16.4.3508.0205) Windows Live Photo Common (x32 Version: 16.4.3508.0205) Windows Live PIMT Platform (x32 Version: 16.4.3508.0205) Windows Live SOXE (x32 Version: 16.4.3508.0205) Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205) Windows Live UX Platform (x32 Version: 16.4.3508.0205) Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205) WinRAR 4.20 (64-Bit) (Version: 4.20.0) World of Warcraft (x32 Version: 5.3.0.17128) ==================== Restore Points ========================= 14-02-2013 08:10:33 Windows Update 14-02-2013 08:14:54 Windows Update ==================== Scheduled Tasks (whitelisted) ============= Task: {2C6E8146-5BC1-461F-9655-B0E796A7D749} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-25] (Google Inc.) Task: {471FD391-AA62-4537-8976-FA6FB437D42B} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {5328F7D3-5BA0-4267-A416-F76E4ECCB092} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2633229710-3872475631-2564557350-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.) Task: {65BDB40B-EACB-4A6E-87A4-1FD05524C9C1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd) Task: {7A24E188-36A0-4D78-835B-888D4A46EEE3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2633229710-3872475631-2564557350-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.) Task: {98C11027-7FC3-43B4-97F2-2A8DF55C127A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-25] (Google Inc.) Task: {9CE0B31B-EAB5-40B6-B463-526CD104E78B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2633229710-3872475631-2564557350-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.) Task: {9F967BD9-0332-4466-960C-BFDC463FB810} - System32\Tasks\{931FE2AF-51A5-4AB6-9627-659204BBDAE5} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-05-12] (Mozilla Corporation) Task: {AD97E911-84FD-47E3-8500-F42C4B9042E6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2633229710-3872475631-2564557350-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.) Task: {B15DC10D-9690-49CA-B9FB-0BE6BCF6B0B1} - System32\Tasks\User_Feed_Synchronization-{8C22BAB9-115F-42DC-933C-D0F775D5F0DC} => C:\Windows\system32\msfeedssync.exe [2013-04-30] (Microsoft Corporation) Task: {D5A0FC38-2467-4EEA-B6BA-17B576E0E0EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-25] (Adobe Systems Incorporated) Task: {E4B50748-4B75-4099-8966-E45FD573A0FD} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: High Definition Audio-Gerät Description: High Definition Audio-Gerät Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HdAudAddService Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/02/2013 09:49:46 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 10:13:29 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/01/2013 08:48:04 PM) (Source: Bonjour Service) (User: ) Description: Client application bug: DNSServiceResolve(54A0C32C00049C73532ABLZ00011CyF1F8C\032DE19DA6D2B3C8D4p._bzdn._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (07/01/2013 08:21:53 PM) (Source: Application Hang) (User: ) Description: Programm WoW-64.exe, Version 5.3.0.17128 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1528 Startzeit: 01ce7687c42be20f Endzeit: 387 Anwendungspfad: J:\WoW\World of Warcraft\WoW-64.exe Berichts-ID: Error: (07/01/2013 07:58:30 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: swtor.exe, Version: 1.0.0.0, Zeitstempel: 0x51c21f36 Name des fehlerhaften Moduls: nvd3dum.dll, Version: 9.18.13.1106, Zeitstempel: 0x50f946b6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0068ef61 ID des fehlerhaften Prozesses: 0xc8c Startzeit der fehlerhaften Anwendung: 0xswtor.exe0 Pfad der fehlerhaften Anwendung: swtor.exe1 Pfad des fehlerhaften Moduls: swtor.exe2 Berichtskennung: swtor.exe3 Error: (07/01/2013 07:58:30 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: swtor.exe, Version: 1.0.0.0, Zeitstempel: 0x51c21f36 Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel: 0x4dace5b9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003734d ID des fehlerhaften Prozesses: 0x133c Startzeit der fehlerhaften Anwendung: 0xswtor.exe0 Pfad der fehlerhaften Anwendung: swtor.exe1 Pfad des fehlerhaften Moduls: swtor.exe2 Berichtskennung: swtor.exe3 Error: (07/01/2013 07:21:07 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/30/2013 09:38:23 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 02:22:12 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (06/29/2013 10:22:56 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/02/2013 00:42:47 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (07/02/2013 09:50:07 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (07/02/2013 09:50:07 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (07/01/2013 09:45:49 AM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (07/01/2013 07:21:29 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (07/01/2013 07:21:29 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (06/30/2013 02:19:49 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (06/30/2013 09:38:44 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (06/30/2013 09:38:44 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (06/29/2013 10:23:18 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Microsoft Office Sessions: ========================= Error: (07/02/2013 09:49:46 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/01/2013 10:13:29 PM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe Error: (07/01/2013 08:48:04 PM) (Source: Bonjour Service)(User: ) Description: Client application bug: DNSServiceResolve(54A0C32C00049C73532ABLZ00011CyF1F8C\032DE19DA6D2B3C8D4p._bzdn._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (07/01/2013 08:21:53 PM) (Source: Application Hang)(User: ) Description: WoW-64.exe5.3.0.17128152801ce7687c42be20f387J:\WoW\World of Warcraft\WoW-64.exe Error: (07/01/2013 07:58:30 PM) (Source: Application Error)(User: ) Description: swtor.exe1.0.0.051c21f36nvd3dum.dll9.18.13.110650f946b6c00000050068ef61c8c01ce761ae70f5017C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exeC:\Windows\system32\nvd3dum.dlld645e6c5-e277-11e2-b955-902b3490862b Error: (07/01/2013 07:58:30 PM) (Source: Application Error)(User: ) Description: swtor.exe1.0.0.051c21f36MSVCR90.dll9.0.30729.61614dace5b9c00000050003734d133c01ce761ae551e222C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\RetailClient\swtor.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dlld645bfb5-e277-11e2-b955-902b3490862b Error: (07/01/2013 07:21:07 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/30/2013 09:38:23 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/29/2013 02:22:12 PM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe Error: (06/29/2013 10:22:56 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 40% Total physical RAM: 8086.23 MB Available physical RAM: 4831.54 MB Total Pagefile: 8184.42 MB Available Pagefile: 4763.74 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.14 GB) (Free:0.09 GB) NTFS (Disk=0 Partition=2) Drive e: (Altes C) (Fixed) (Total:78.12 GB) (Free:2.82 GB) NTFS (Disk=2 Partition=1) ==>[System with boot components (obtained from reading drive)] Drive f: (Backup) (Fixed) (Total:28.59 GB) (Free:10.89 GB) NTFS (Disk=2 Partition=4) Drive g: (Altes D) (Fixed) (Total:48.83 GB) (Free:23.08 GB) NTFS (Disk=2 Partition=2) Drive h: (Spiele) (Fixed) (Total:142.54 GB) (Free:4.15 GB) NTFS (Disk=2 Partition=3) Drive j: (Downloads) (Fixed) (Total:488.28 GB) (Free:199.27 GB) NTFS (Disk=1 Partition=1) Drive k: (Volume) (Fixed) (Total:443.23 GB) (Free:429.9 GB) NTFS (Disk=1 Partition=2) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 6B6C1E98) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 725D6C28) Partition 1: (Not Active) - (Size=488 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=443 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 71F8B3BB) Partition 1: (Active) - (Size=78 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=49 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=143 GB) - (Type=07 NTFS) ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by ***** (administrator) on 02-07-2013 13:33:21
Running from C:\Users\*****\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\avscan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [5299320 2012-10-25] (VIA)
HKCU\...\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun [202328 2012-12-07] (Kaspersky Lab ZAO)
MountPoints2: {ef99db7b-090b-11e2-a3b5-806e6f6e6963} - D:\Run.exe
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295072 2013-01-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [NPSStartup] [x]
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-02-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\cxol3jfn.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - G:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - G:\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (RealDownloader) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Gmail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 IGDCTRL; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-03-03] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-09] (DT Soft Ltd)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fet6x64.sys [47872 2009-06-10] (VIA Technologies, Inc. )
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 ALSysIO; \??\C:\Users\RICHAR~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S4 NVHDA; system32\drivers\nvhda64v.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-02 13:33 - 2013-07-02 13:33 - 00000000 ____D C:\FRST
2013-07-02 13:32 - 2013-07-02 13:33 - 01933556 ____A (Farbar) C:\Users\*****\Downloads\FRST64.exe
2013-07-02 13:03 - 2013-07-02 13:03 - 00000264 ____A C:\Users\*****\Downloads\defogger_enable.log
2013-07-02 13:02 - 2013-07-02 13:18 - 00104460 ____A C:\Users\*****\Downloads\OTL.Txt
2013-07-02 13:02 - 2013-07-02 13:13 - 00088718 ____A C:\Users\*****\Downloads\Extras.Txt
2013-07-02 12:56 - 2013-07-02 12:56 - 00602112 ____A (OldTimer Tools) C:\Users\*****\Downloads\OTL.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00050477 ____A C:\Users\*****\Downloads\Defogger.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00000492 ____A C:\Users\*****\Downloads\defogger_disable.log
2013-07-02 09:47 - 2013-07-02 09:47 - 00001660 ____A C:\Windows\PFRO.log
2013-07-01 20:45 - 2013-07-01 20:45 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-07-01 20:24 - 2013-07-01 20:25 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-07-01 20:14 - 2013-07-01 21:18 - 00000830 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2013-07-01 20:14 - 2013-07-01 20:14 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-07-01 20:11 - 2013-07-01 20:13 - 00000000 ____D C:\ProgramData\Battle.net
2013-07-01 20:09 - 2013-07-01 20:11 - 83293072 ____A (Blizzard Entertainment) C:\Users\*****\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-06-30 18:15 - 2013-06-30 18:15 - 00000270 ____A C:\Users\*****\Desktop\TS 3 backup.ini
2013-06-27 20:41 - 2013-06-28 21:12 - 00000000 ____D C:\Users\*****\AppData\Local\Arma 3
2013-06-27 20:41 - 2013-06-27 20:41 - 00000000 ____D C:\Users\*****\Documents\Arma 3
2013-06-25 17:46 - 2013-07-02 00:15 - 00120555 ____A C:\Windows\WindowsUpdate.log
2013-06-25 17:46 - 2013-06-25 17:46 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Users\*****\AppData\Roaming\Mozilla
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 17:45 - 2013-06-25 17:46 - 21151576 ____A (Mozilla) C:\Users\*****\Downloads\Firefox_Setup_21.0.exe
2013-06-25 17:44 - 2013-07-02 09:48 - 00000616 ____A C:\Windows\setupact.log
2013-06-25 17:44 - 2013-06-25 17:44 - 00000000 ____A C:\Windows\setuperr.log
2013-06-25 16:42 - 2013-06-25 16:42 - 00113988 ____A C:\Users\*****\Documents\cc_20130625_164204.reg
2013-06-25 16:34 - 2013-06-25 16:34 - 00000000 ____D C:\Users\*****\AppData\Local\Mozilla
2013-06-25 14:57 - 2013-06-25 14:57 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-25 14:56 - 2013-07-02 13:01 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-25 14:56 - 2013-07-02 09:48 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-25 14:56 - 2013-06-25 14:57 - 00000000 ____D C:\Users\*****\AppData\Local\Google
2013-06-25 14:56 - 2013-06-25 14:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-25 14:39 - 2013-06-25 14:39 - 00903080 ____A (Oracle Corporation) C:\Users\*****\Downloads\jxpiinstall.exe
2013-06-25 14:32 - 2013-06-25 14:32 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-25 14:32 - 2013-06-25 14:32 - 00000000 ____D C:\Program Files\CCleaner
2013-06-25 13:32 - 2013-06-25 13:32 - 00001077 ____A C:\Users\*****\Desktop\Kaspersky Security Scan.lnk
2013-06-25 13:32 - 2013-06-25 13:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-25 13:32 - 2013-06-25 13:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-06-25 13:28 - 2013-06-25 13:28 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-25 12:29 - 2013-06-25 12:35 - 00000000 ____D C:\Users\*****\AppData\Roaming\Ywewu
2013-06-25 12:29 - 2013-06-25 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Epera
2013-06-25 08:55 - 2013-06-25 08:55 - 00000000 ____D C:\Users\*****\AppData\Local\The Lord of the Rings Online
2013-06-25 08:37 - 2013-06-25 08:37 - 00002720 ____A C:\Users\*****\Documents\UserPreferences.ini
2013-06-25 08:36 - 2013-06-25 08:36 - 00000729 ____A C:\Users\*****\Desktop\Der Herr der Ringe Online.lnk
2013-06-24 17:58 - 2013-06-25 12:34 - 00000000 ____D C:\Users\*****\AppData\Local\PMB Files
2013-06-24 17:58 - 2013-06-24 18:07 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-24 17:58 - 2013-06-24 17:58 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-24 17:53 - 2013-06-25 09:03 - 00000000 ____D C:\Users\*****\Documents\The Lord of the Rings Online
2013-06-24 17:50 - 2013-06-24 17:50 - 00000846 ____A C:\Users\*****\Desktop\Der Herr de Ringe Online Die Schatten von Angmar.lnk
2013-06-24 13:38 - 2013-06-24 13:38 - 00000202 ____A C:\Users\*****\Desktop\APB Reloaded.url
2013-06-24 12:42 - 2013-06-25 08:39 - 00000000 ____D C:\Users\*****\AppData\Local\Turbine
2013-06-24 12:42 - 2013-06-24 12:42 - 01562390 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 12:42 - 2013-06-24 12:42 - 00000103 ____A C:\Users\*****\AppData\Local\fusioncache.dat
2013-06-24 12:42 - 2013-06-24 12:42 - 00000000 ____D C:\Users\*****\AppData\Roaming\Turbine
2013-06-21 09:03 - 2013-06-21 09:03 - 00001483 ____A C:\Users\*****\Desktop\Star Wars - The Old Republic.lnk
2013-06-19 17:36 - 2013-06-19 17:36 - 00000000 ____D C:\Users\*****\AppData\Local\SWTOR
2013-06-19 12:29 - 2013-06-19 12:29 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-06-19 12:28 - 2013-06-19 13:05 - 00113868 ____A C:\Users\*****\Documents\Install STAR WARS The Old Republic.log
2013-06-19 11:13 - 2013-06-19 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\SWTORPerf
2013-06-18 11:55 - 2013-06-18 11:55 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iTunes
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iPod
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-17 21:16 - 2013-06-17 21:16 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-06-17 16:47 - 2013-06-17 16:47 - 00000923 ____A C:\Users\*****\Desktop\Logitech Gaming Software 8.35.lnk
2013-06-16 00:12 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 00:12 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 00:12 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 00:12 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 00:12 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 09:47 - 2013-06-17 19:01 - 00000000 ____D C:\Users\*****\AppData\Local\Arma 3 Alpha
2013-06-13 09:47 - 2013-06-13 09:48 - 00000000 ____D C:\Users\*****\Documents\Arma 3 Alpha
2013-06-12 23:18 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 23:18 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:18 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 23:18 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 23:18 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 23:18 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 19:44 - 2013-06-12 19:44 - 00000202 ____A C:\Users\*****\Desktop\Arma 3 Alpha.url
2013-06-12 08:50 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:50 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:50 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:50 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 08:50 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:50 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 08:50 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 08:50 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 08:50 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 08:50 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:50 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:50 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 08:50 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 08:50 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 08:50 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 08:50 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 20:53 - 2013-06-27 20:41 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-11 20:53 - 2013-06-12 19:39 - 00000000 ____D C:\Users\*****\AppData\Local\Arma 3 Alpha Lite
2013-06-11 20:53 - 2013-06-11 20:53 - 00000000 ____D C:\Users\*****\Documents\Arma 3 Alpha Lite
2013-06-06 08:36 - 2013-06-06 08:36 - 00000000 ____D C:\Users\*****\AppData\Local\Chromium
2013-06-04 19:01 - 2013-06-04 19:02 - 18989296 ____A (Gameforge ) C:\Users\*****\Downloads\AION_GameforgeLiveSetup.exe
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\*****\Downloads\Gameforge Live
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\*****\AppData\Local\Gameforge4d
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-06-03 14:17 - 2013-06-03 14:22 - 106159115 ____A C:\Users\*****\Hochwasser 2013.mp4
2013-06-03 12:49 - 2013-06-03 12:51 - 55285607 ____A C:\Users\*****\Mein Film.mp4
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Windows\de
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-03 11:30 - 2013-06-18 12:26 - 00000000 ____D C:\Users\*****\AppData\Local\Windows Live
==================== One Month Modified Files and Folders =======
2013-07-02 13:33 - 2013-07-02 13:33 - 00000000 ____D C:\FRST
2013-07-02 13:33 - 2013-07-02 13:32 - 01933556 ____A (Farbar) C:\Users\*****\Downloads\FRST64.exe
2013-07-02 13:18 - 2013-07-02 13:02 - 00104460 ____A C:\Users\*****\Downloads\OTL.Txt
2013-07-02 13:13 - 2013-07-02 13:02 - 00088718 ____A C:\Users\*****\Downloads\Extras.Txt
2013-07-02 13:03 - 2013-07-02 13:03 - 00000264 ____A C:\Users\*****\Downloads\defogger_enable.log
2013-07-02 13:03 - 2012-09-28 21:33 - 00000000 ____D C:\users\*****
2013-07-02 13:01 - 2013-06-25 14:56 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-02 12:56 - 2013-07-02 12:56 - 00602112 ____A (OldTimer Tools) C:\Users\*****\Downloads\OTL.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00050477 ____A C:\Users\*****\Downloads\Defogger.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00000492 ____A C:\Users\*****\Downloads\defogger_disable.log
2013-07-02 12:51 - 2013-05-06 14:33 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 11:49 - 2012-09-29 00:11 - 00000000 ____D C:\Users\*****\AppData\Roaming\TS3Client
2013-07-02 10:31 - 2012-10-09 11:52 - 00000000 ____D C:\Users\*****\Documents\Outlook-Dateien
2013-07-02 09:55 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 09:55 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 09:53 - 2011-04-12 09:43 - 00668274 ____A C:\Windows\System32\perfh007.dat
2013-07-02 09:53 - 2011-04-12 09:43 - 00135942 ____A C:\Windows\System32\perfc007.dat
2013-07-02 09:53 - 2009-07-14 07:13 - 01536742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 09:48 - 2013-06-25 17:44 - 00000616 ____A C:\Windows\setupact.log
2013-07-02 09:48 - 2013-06-25 14:56 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 09:48 - 2012-09-28 23:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-02 09:48 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 09:47 - 2013-07-02 09:47 - 00001660 ____A C:\Windows\PFRO.log
2013-07-02 00:15 - 2013-06-25 17:46 - 00120555 ____A C:\Windows\WindowsUpdate.log
2013-07-01 21:19 - 2012-09-29 02:55 - 00000000 ____D C:\Users\*****\AppData\Roaming\Skype
2013-07-01 21:18 - 2013-07-01 20:14 - 00000830 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2013-07-01 20:45 - 2013-07-01 20:45 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-07-01 20:25 - 2013-07-01 20:24 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-07-01 20:14 - 2013-07-01 20:14 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-07-01 20:13 - 2013-07-01 20:11 - 00000000 ____D C:\ProgramData\Battle.net
2013-07-01 20:11 - 2013-07-01 20:09 - 83293072 ____A (Blizzard Entertainment) C:\Users\*****\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-07-01 19:31 - 2013-05-20 10:07 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-30 18:15 - 2013-06-30 18:15 - 00000270 ____A C:\Users\*****\Desktop\TS 3 backup.ini
2013-06-28 21:12 - 2013-06-27 20:41 - 00000000 ____D C:\Users\*****\AppData\Local\Arma 3
2013-06-27 20:41 - 2013-06-27 20:41 - 00000000 ____D C:\Users\*****\Documents\Arma 3
2013-06-27 20:41 - 2013-06-11 20:53 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-25 17:46 - 2013-06-25 17:46 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Users\*****\AppData\Roaming\Mozilla
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 17:46 - 2013-06-25 17:45 - 21151576 ____A (Mozilla) C:\Users\*****\Downloads\Firefox_Setup_21.0.exe
2013-06-25 17:44 - 2013-06-25 17:44 - 00000000 ____A C:\Windows\setuperr.log
2013-06-25 16:42 - 2013-06-25 16:42 - 00113988 ____A C:\Users\*****\Documents\cc_20130625_164204.reg
2013-06-25 16:34 - 2013-06-25 16:34 - 00000000 ____D C:\Users\*****\AppData\Local\Mozilla
2013-06-25 14:57 - 2013-06-25 14:57 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-25 14:57 - 2013-06-25 14:56 - 00000000 ____D C:\Users\*****\AppData\Local\Google
2013-06-25 14:57 - 2013-06-25 14:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-25 14:56 - 2013-02-14 17:44 - 00000000 ____D C:\Users\*****\AppData\Local\Deployment
2013-06-25 14:40 - 2012-09-30 03:15 - 00000000 ____D C:\Users\*****\AppData\Local\Adobe
2013-06-25 14:39 - 2013-06-25 14:39 - 00903080 ____A (Oracle Corporation) C:\Users\*****\Downloads\jxpiinstall.exe
2013-06-25 14:33 - 2012-09-28 04:28 - 00000000 ____D C:\Windows\Panther
2013-06-25 14:32 - 2013-06-25 14:32 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-25 14:32 - 2013-06-25 14:32 - 00000000 ____D C:\Program Files\CCleaner
2013-06-25 13:32 - 2013-06-25 13:32 - 00001077 ____A C:\Users\*****\Desktop\Kaspersky Security Scan.lnk
2013-06-25 13:32 - 2013-06-25 13:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-06-25 13:32 - 2013-06-25 13:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-06-25 13:28 - 2013-06-25 13:28 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-25 13:28 - 2013-01-20 09:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-25 13:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-25 12:41 - 2013-05-06 14:33 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-25 12:41 - 2013-05-06 14:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-25 12:35 - 2013-06-25 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Ywewu
2013-06-25 12:34 - 2013-06-24 17:58 - 00000000 ____D C:\Users\*****\AppData\Local\PMB Files
2013-06-25 12:29 - 2013-06-25 12:29 - 00000000 ____D C:\Users\*****\AppData\Roaming\Epera
2013-06-25 09:03 - 2013-06-24 17:53 - 00000000 ____D C:\Users\*****\Documents\The Lord of the Rings Online
2013-06-25 08:55 - 2013-06-25 08:55 - 00000000 ____D C:\Users\*****\AppData\Local\The Lord of the Rings Online
2013-06-25 08:39 - 2013-06-24 12:42 - 00000000 ____D C:\Users\*****\AppData\Local\Turbine
2013-06-25 08:37 - 2013-06-25 08:37 - 00002720 ____A C:\Users\*****\Documents\UserPreferences.ini
2013-06-25 08:36 - 2013-06-25 08:36 - 00000729 ____A C:\Users\*****\Desktop\Der Herr der Ringe Online.lnk
2013-06-24 18:07 - 2013-06-24 17:58 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-24 17:58 - 2013-06-24 17:58 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-24 17:50 - 2013-06-24 17:50 - 00000846 ____A C:\Users\*****\Desktop\Der Herr de Ringe Online Die Schatten von Angmar.lnk
2013-06-24 13:38 - 2013-06-24 13:38 - 00000202 ____A C:\Users\*****\Desktop\APB Reloaded.url
2013-06-24 12:42 - 2013-06-24 12:42 - 01562390 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 12:42 - 2013-06-24 12:42 - 00000103 ____A C:\Users\*****\AppData\Local\fusioncache.dat
2013-06-24 12:42 - 2013-06-24 12:42 - 00000000 ____D C:\Users\*****\AppData\Roaming\Turbine
2013-06-24 12:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2013-06-24 12:13 - 2012-09-28 22:24 - 00000000 ____D C:\Users\*****\AppData\Roaming\vlc
2013-06-21 09:03 - 2013-06-21 09:03 - 00001483 ____A C:\Users\*****\Desktop\Star Wars - The Old Republic.lnk
2013-06-21 08:41 - 2013-03-03 19:47 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-06-20 20:54 - 2013-02-14 19:40 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-06-20 20:54 - 2013-02-14 19:39 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-06-20 20:54 - 2013-02-14 19:39 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-06-19 17:36 - 2013-06-19 17:36 - 00000000 ____D C:\Users\*****\AppData\Local\SWTOR
2013-06-19 13:05 - 2013-06-19 12:28 - 00113868 ____A C:\Users\*****\Documents\Install STAR WARS The Old Republic.log
2013-06-19 12:29 - 2013-06-19 12:29 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-06-19 12:29 - 2013-03-03 11:39 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-19 11:13 - 2013-06-19 11:13 - 00000000 ____D C:\Users\*****\AppData\Local\SWTORPerf
2013-06-19 11:02 - 2013-03-03 11:39 - 00000000 ____D C:\Users\*****\AppData\Roaming\Origin
2013-06-19 11:02 - 2013-03-03 11:39 - 00000000 ____D C:\Users\*****\AppData\Local\Origin
2013-06-19 11:02 - 2013-03-03 11:37 - 00000000 ____D C:\ProgramData\Origin
2013-06-18 12:26 - 2013-06-03 11:30 - 00000000 ____D C:\Users\*****\AppData\Local\Windows Live
2013-06-18 11:55 - 2013-06-18 11:55 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iTunes
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iPod
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-17 21:16 - 2013-06-17 21:16 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-06-17 21:16 - 2012-09-29 00:41 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-06-17 19:01 - 2013-06-13 09:47 - 00000000 ____D C:\Users\*****\AppData\Local\Arma 3 Alpha
2013-06-17 16:47 - 2013-06-17 16:47 - 00000923 ____A C:\Users\*****\Desktop\Logitech Gaming Software 8.35.lnk
2013-06-16 06:46 - 2013-03-02 15:59 - 00000000 ____D C:\Users\*****\Desktop\TTZ
2013-06-15 09:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:48 - 2013-06-13 09:47 - 00000000 ____D C:\Users\*****\Documents\Arma 3 Alpha
2013-06-12 23:18 - 2012-09-28 23:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 19:44 - 2013-06-12 19:44 - 00000202 ____A C:\Users\*****\Desktop\Arma 3 Alpha.url
2013-06-12 19:39 - 2013-06-11 20:53 - 00000000 ____D C:\Users\*****\AppData\Local\Arma 3 Alpha Lite
2013-06-11 21:51 - 2013-05-15 09:51 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-11 20:53 - 2013-06-11 20:53 - 00000000 ____D C:\Users\*****\Documents\Arma 3 Alpha Lite
2013-06-08 16:08 - 2013-06-16 00:12 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-16 00:12 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-16 00:12 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-16 00:12 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-16 00:12 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 08:36 - 2013-06-06 08:36 - 00000000 ____D C:\Users\*****\AppData\Local\Chromium
2013-06-06 01:35 - 2012-10-09 11:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-06 01:34 - 2009-07-14 04:34 - 00000478 ____A C:\Windows\win.ini
2013-06-04 19:02 - 2013-06-04 19:01 - 18989296 ____A (Gameforge ) C:\Users\*****\Downloads\AION_GameforgeLiveSetup.exe
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\*****\Downloads\Gameforge Live
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\*****\AppData\Local\Gameforge4d
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-06-03 14:22 - 2013-06-03 14:17 - 106159115 ____A C:\Users\*****\Hochwasser 2013.mp4
2013-06-03 12:51 - 2013-06-03 12:49 - 55285607 ____A C:\Users\*****\Mein Film.mp4
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Windows\de
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-03 11:31 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 19:37
==================== End Of Log ============================
|
|
02.07.2013, 13:38
| #4 |
| /// the machine /// TB-Ausbilder | TR/PSW.Zbot.233472.224 Befall Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.07.2013, 14:14
| #5 |
| | TR/PSW.Zbot.233472.224 Befall - TFC ausgeführt Kein Neustart verlangt, konnte alles gelöscht werden. - AdwCleaner ausgeführt (1. Neustart) Log: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 02/07/2013 um 14:52:37 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : **** - DESKTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\cxol3jfn.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.116
Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [9185 octets] - [21/02/2013 19:59:23]
AdwCleaner[R2].txt - [3027 octets] - [25/02/2013 15:44:38]
AdwCleaner[S1].txt - [9194 octets] - [21/02/2013 19:59:36]
AdwCleaner[S2].txt - [332 octets] - [25/02/2013 15:44:47]
AdwCleaner[S3].txt - [1395 octets] - [02/07/2013 14:52:37]
########## EOF - C:\AdwCleaner[S3].txt - [1455 octets] ##########
- JRT als Admin ausgeführt - Avira ausgemacht, Kapersky deinstalliert.... Hier bekomme ich ein kurzes Popup (CMD) mit einer Meldung dass "fsutil" falsch ist oder falsch geschrieben. CMD schließt sich, und das wars. Frisches FRST File: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by **** (administrator) on 02-07-2013 15:08:12
Running from C:\Users\****\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\mspaint.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [5299320 2012-10-25] (VIA)
MountPoints2: {ef99db7b-090b-11e2-a3b5-806e6f6e6963} - D:\Run.exe
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295072 2013-01-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [NPSStartup] [x]
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-02-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\cxol3jfn.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - G:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - G:\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Docs) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (RealDownloader) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Gmail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 IGDCTRL; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-03-03] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-09] (DT Soft Ltd)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fet6x64.sys [47872 2009-06-10] (VIA Technologies, Inc. )
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 ALSysIO; \??\C:\Users\RICHAR~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S4 NVHDA; system32\drivers\nvhda64v.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-02 14:58 - 2013-07-02 14:58 - 00001343 ____A C:\AdwCleaner[S4].txt
2013-07-02 14:56 - 2013-07-02 15:07 - 00000000 ____D C:\JRT
2013-07-02 14:56 - 2013-07-02 14:56 - 00001480 ____A C:\Users\****\Desktop\AdwCleaner[S1].txt
2013-07-02 14:52 - 2013-07-02 14:52 - 00001524 ____A C:\AdwCleaner[S3].txt
2013-07-02 14:50 - 2013-07-02 14:54 - 00001363 ____A C:\Users\****\Desktop\Neues Textdokument.txt
2013-07-02 14:48 - 2013-07-02 14:48 - 00648201 ____A C:\Users\****\Downloads\adwcleaner.exe
2013-07-02 14:48 - 2013-07-02 14:48 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\****\Downloads\JRT.exe
2013-07-02 14:47 - 2013-07-02 14:47 - 00448512 ____A (OldTimer Tools) C:\Users\****\Downloads\TFC.exe
2013-07-02 13:33 - 2013-07-02 13:36 - 00023669 ____A C:\Users\****\Downloads\Addition.txt
2013-07-02 13:33 - 2013-07-02 13:33 - 00000000 ____D C:\FRST
2013-07-02 13:32 - 2013-07-02 13:33 - 01933556 ____A (Farbar) C:\Users\****\Downloads\FRST64.exe
2013-07-02 13:03 - 2013-07-02 13:03 - 00000264 ____A C:\Users\****\Downloads\defogger_enable.log
2013-07-02 13:02 - 2013-07-02 13:18 - 00104460 ____A C:\Users\****\Downloads\OTL.Txt
2013-07-02 13:02 - 2013-07-02 13:13 - 00088718 ____A C:\Users\****\Downloads\Extras.Txt
2013-07-02 12:56 - 2013-07-02 12:56 - 00602112 ____A (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00050477 ____A C:\Users\****\Downloads\Defogger.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00000492 ____A C:\Users\****\Downloads\defogger_disable.log
2013-07-02 09:47 - 2013-07-02 14:53 - 00002036 ____A C:\Windows\PFRO.log
2013-07-01 20:45 - 2013-07-01 20:45 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-07-01 20:24 - 2013-07-01 20:25 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-07-01 20:14 - 2013-07-01 21:18 - 00000830 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2013-07-01 20:14 - 2013-07-01 20:14 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-07-01 20:11 - 2013-07-01 20:13 - 00000000 ____D C:\ProgramData\Battle.net
2013-07-01 20:09 - 2013-07-01 20:11 - 83293072 ____A (Blizzard Entertainment) C:\Users\****\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-06-30 18:15 - 2013-06-30 18:15 - 00000270 ____A C:\Users\****\Desktop\TS 3 backup.ini
2013-06-27 20:41 - 2013-06-28 21:12 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3
2013-06-27 20:41 - 2013-06-27 20:41 - 00000000 ____D C:\Users\****\Documents\Arma 3
2013-06-25 17:46 - 2013-07-02 14:58 - 00137853 ____A C:\Windows\WindowsUpdate.log
2013-06-25 17:46 - 2013-06-25 17:46 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Users\****\AppData\Roaming\Mozilla
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 17:45 - 2013-06-25 17:46 - 21151576 ____A (Mozilla) C:\Users\****\Downloads\Firefox_Setup_21.0.exe
2013-06-25 17:44 - 2013-07-02 14:59 - 00000728 ____A C:\Windows\setupact.log
2013-06-25 17:44 - 2013-06-25 17:44 - 00000000 ____A C:\Windows\setuperr.log
2013-06-25 16:42 - 2013-06-25 16:42 - 00113988 ____A C:\Users\****\Documents\cc_20130625_164204.reg
2013-06-25 16:34 - 2013-06-25 16:34 - 00000000 ____D C:\Users\****\AppData\Local\Mozilla
2013-06-25 14:57 - 2013-06-25 14:57 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-25 14:56 - 2013-07-02 15:02 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-25 14:56 - 2013-07-02 15:01 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-25 14:56 - 2013-06-25 14:57 - 00000000 ____D C:\Users\****\AppData\Local\Google
2013-06-25 14:56 - 2013-06-25 14:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-25 14:39 - 2013-06-25 14:39 - 00903080 ____A (Oracle Corporation) C:\Users\****\Downloads\jxpiinstall.exe
2013-06-25 14:32 - 2013-06-25 14:32 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-25 14:32 - 2013-06-25 14:32 - 00000000 ____D C:\Program Files\CCleaner
2013-06-25 13:28 - 2013-06-25 13:28 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-25 12:29 - 2013-06-25 12:35 - 00000000 ____D C:\Users\****\AppData\Roaming\Ywewu
2013-06-25 12:29 - 2013-06-25 12:29 - 00000000 ____D C:\Users\****\AppData\Roaming\Epera
2013-06-25 08:55 - 2013-06-25 08:55 - 00000000 ____D C:\Users\****\AppData\Local\The Lord of the Rings Online
2013-06-25 08:37 - 2013-06-25 08:37 - 00002720 ____A C:\Users\****\Documents\UserPreferences.ini
2013-06-25 08:36 - 2013-06-25 08:36 - 00000729 ____A C:\Users\****\Desktop\Der Herr der Ringe Online.lnk
2013-06-24 17:58 - 2013-06-25 12:34 - 00000000 ____D C:\Users\****\AppData\Local\PMB Files
2013-06-24 17:58 - 2013-06-24 18:07 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-24 17:58 - 2013-06-24 17:58 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-24 17:53 - 2013-06-25 09:03 - 00000000 ____D C:\Users\****\Documents\The Lord of the Rings Online
2013-06-24 17:50 - 2013-06-24 17:50 - 00000846 ____A C:\Users\****\Desktop\Der Herr de Ringe Online Die Schatten von Angmar.lnk
2013-06-24 13:38 - 2013-06-24 13:38 - 00000202 ____A C:\Users\****\Desktop\APB Reloaded.url
2013-06-24 12:42 - 2013-06-25 08:39 - 00000000 ____D C:\Users\****\AppData\Local\Turbine
2013-06-24 12:42 - 2013-06-24 12:42 - 01562390 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 12:42 - 2013-06-24 12:42 - 00000103 ____A C:\Users\****\AppData\Local\fusioncache.dat
2013-06-24 12:42 - 2013-06-24 12:42 - 00000000 ____D C:\Users\****\AppData\Roaming\Turbine
2013-06-21 09:03 - 2013-06-21 09:03 - 00001483 ____A C:\Users\****\Desktop\Star Wars - The Old Republic.lnk
2013-06-19 17:36 - 2013-06-19 17:36 - 00000000 ____D C:\Users\****\AppData\Local\SWTOR
2013-06-19 12:29 - 2013-06-19 12:29 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-06-19 12:28 - 2013-06-19 13:05 - 00113868 ____A C:\Users\****\Documents\Install STAR WARS The Old Republic.log
2013-06-19 11:13 - 2013-06-19 11:13 - 00000000 ____D C:\Users\****\AppData\Local\SWTORPerf
2013-06-18 11:55 - 2013-06-18 11:55 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iTunes
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iPod
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-17 21:16 - 2013-06-17 21:16 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-06-17 16:47 - 2013-06-17 16:47 - 00000923 ____A C:\Users\****\Desktop\Logitech Gaming Software 8.35.lnk
2013-06-16 00:12 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 00:12 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 00:12 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 00:12 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 00:12 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 09:47 - 2013-06-17 19:01 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3 Alpha
2013-06-13 09:47 - 2013-06-13 09:48 - 00000000 ____D C:\Users\****\Documents\Arma 3 Alpha
2013-06-12 23:18 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 23:18 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:18 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 23:18 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 23:18 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 23:18 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 19:44 - 2013-06-12 19:44 - 00000202 ____A C:\Users\****\Desktop\Arma 3 Alpha.url
2013-06-12 08:50 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:50 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:50 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:50 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 08:50 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:50 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 08:50 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 08:50 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 08:50 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 08:50 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:50 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:50 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 08:50 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 08:50 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 08:50 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 08:50 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 20:53 - 2013-06-27 20:41 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-11 20:53 - 2013-06-12 19:39 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3 Alpha Lite
2013-06-11 20:53 - 2013-06-11 20:53 - 00000000 ____D C:\Users\****\Documents\Arma 3 Alpha Lite
2013-06-06 08:36 - 2013-06-06 08:36 - 00000000 ____D C:\Users\****\AppData\Local\Chromium
2013-06-04 19:01 - 2013-06-04 19:02 - 18989296 ____A (Gameforge ) C:\Users\****\Downloads\AION_GameforgeLiveSetup.exe
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\****\Downloads\Gameforge Live
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\****\AppData\Local\Gameforge4d
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-06-03 14:17 - 2013-06-03 14:22 - 106159115 ____A C:\Users\****\Hochwasser 2013.mp4
2013-06-03 12:49 - 2013-06-03 12:51 - 55285607 ____A C:\Users\****\Mein Film.mp4
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Windows\de
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-03 11:30 - 2013-06-18 12:26 - 00000000 ____D C:\Users\****\AppData\Local\Windows Live
==================== One Month Modified Files and Folders =======
2013-07-02 15:07 - 2013-07-02 14:56 - 00000000 ____D C:\JRT
2013-07-02 15:06 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 15:06 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 15:05 - 2011-04-12 09:43 - 00668274 ____A C:\Windows\System32\perfh007.dat
2013-07-02 15:05 - 2011-04-12 09:43 - 00135942 ____A C:\Windows\System32\perfc007.dat
2013-07-02 15:05 - 2009-07-14 07:13 - 01536742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 15:02 - 2013-06-25 14:56 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-02 15:01 - 2013-06-25 14:56 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 14:59 - 2013-06-25 17:44 - 00000728 ____A C:\Windows\setupact.log
2013-07-02 14:59 - 2012-09-28 23:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-02 14:59 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 14:58 - 2013-07-02 14:58 - 00001343 ____A C:\AdwCleaner[S4].txt
2013-07-02 14:58 - 2013-06-25 17:46 - 00137853 ____A C:\Windows\WindowsUpdate.log
2013-07-02 14:56 - 2013-07-02 14:56 - 00001480 ____A C:\Users\****\Desktop\AdwCleaner[S1].txt
2013-07-02 14:54 - 2013-07-02 14:50 - 00001363 ____A C:\Users\****\Desktop\Neues Textdokument.txt
2013-07-02 14:53 - 2013-07-02 09:47 - 00002036 ____A C:\Windows\PFRO.log
2013-07-02 14:52 - 2013-07-02 14:52 - 00001524 ____A C:\AdwCleaner[S3].txt
2013-07-02 14:51 - 2013-05-06 14:33 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 14:50 - 2012-09-29 00:11 - 00000000 ____D C:\Users\****\AppData\Roaming\TS3Client
2013-07-02 14:48 - 2013-07-02 14:48 - 00648201 ____A C:\Users\****\Downloads\adwcleaner.exe
2013-07-02 14:48 - 2013-07-02 14:48 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\****\Downloads\JRT.exe
2013-07-02 14:47 - 2013-07-02 14:47 - 00448512 ____A (OldTimer Tools) C:\Users\****\Downloads\TFC.exe
2013-07-02 14:18 - 2012-10-09 11:52 - 00000000 ____D C:\Users\****\Documents\Outlook-Dateien
2013-07-02 13:36 - 2013-07-02 13:33 - 00023669 ____A C:\Users\****\Downloads\Addition.txt
2013-07-02 13:33 - 2013-07-02 13:33 - 00000000 ____D C:\FRST
2013-07-02 13:33 - 2013-07-02 13:32 - 01933556 ____A (Farbar) C:\Users\****\Downloads\FRST64.exe
2013-07-02 13:18 - 2013-07-02 13:02 - 00104460 ____A C:\Users\****\Downloads\OTL.Txt
2013-07-02 13:13 - 2013-07-02 13:02 - 00088718 ____A C:\Users\****\Downloads\Extras.Txt
2013-07-02 13:03 - 2013-07-02 13:03 - 00000264 ____A C:\Users\****\Downloads\defogger_enable.log
2013-07-02 13:03 - 2012-09-28 21:33 - 00000000 ____D C:\users\****
2013-07-02 12:56 - 2013-07-02 12:56 - 00602112 ____A (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00050477 ____A C:\Users\****\Downloads\Defogger.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00000492 ____A C:\Users\****\Downloads\defogger_disable.log
2013-07-01 21:19 - 2012-09-29 02:55 - 00000000 ____D C:\Users\****\AppData\Roaming\Skype
2013-07-01 21:18 - 2013-07-01 20:14 - 00000830 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2013-07-01 20:45 - 2013-07-01 20:45 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-07-01 20:25 - 2013-07-01 20:24 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-07-01 20:14 - 2013-07-01 20:14 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-07-01 20:13 - 2013-07-01 20:11 - 00000000 ____D C:\ProgramData\Battle.net
2013-07-01 20:11 - 2013-07-01 20:09 - 83293072 ____A (Blizzard Entertainment) C:\Users\****\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-07-01 19:31 - 2013-05-20 10:07 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-30 18:15 - 2013-06-30 18:15 - 00000270 ____A C:\Users\****\Desktop\TS 3 backup.ini
2013-06-28 21:12 - 2013-06-27 20:41 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3
2013-06-27 20:41 - 2013-06-27 20:41 - 00000000 ____D C:\Users\****\Documents\Arma 3
2013-06-27 20:41 - 2013-06-11 20:53 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-25 17:46 - 2013-06-25 17:46 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Users\****\AppData\Roaming\Mozilla
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 17:46 - 2013-06-25 17:45 - 21151576 ____A (Mozilla) C:\Users\****\Downloads\Firefox_Setup_21.0.exe
2013-06-25 17:44 - 2013-06-25 17:44 - 00000000 ____A C:\Windows\setuperr.log
2013-06-25 16:42 - 2013-06-25 16:42 - 00113988 ____A C:\Users\****\Documents\cc_20130625_164204.reg
2013-06-25 16:34 - 2013-06-25 16:34 - 00000000 ____D C:\Users\****\AppData\Local\Mozilla
2013-06-25 14:57 - 2013-06-25 14:57 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-25 14:57 - 2013-06-25 14:56 - 00000000 ____D C:\Users\****\AppData\Local\Google
2013-06-25 14:57 - 2013-06-25 14:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-25 14:56 - 2013-02-14 17:44 - 00000000 ____D C:\Users\****\AppData\Local\Deployment
2013-06-25 14:40 - 2012-09-30 03:15 - 00000000 ____D C:\Users\****\AppData\Local\Adobe
2013-06-25 14:39 - 2013-06-25 14:39 - 00903080 ____A (Oracle Corporation) C:\Users\****\Downloads\jxpiinstall.exe
2013-06-25 14:33 - 2012-09-28 04:28 - 00000000 ____D C:\Windows\Panther
2013-06-25 14:32 - 2013-06-25 14:32 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-25 14:32 - 2013-06-25 14:32 - 00000000 ____D C:\Program Files\CCleaner
2013-06-25 13:28 - 2013-06-25 13:28 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-25 13:28 - 2013-01-20 09:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-25 13:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-25 12:41 - 2013-05-06 14:33 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-25 12:41 - 2013-05-06 14:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-25 12:35 - 2013-06-25 12:29 - 00000000 ____D C:\Users\****\AppData\Roaming\Ywewu
2013-06-25 12:34 - 2013-06-24 17:58 - 00000000 ____D C:\Users\****\AppData\Local\PMB Files
2013-06-25 12:29 - 2013-06-25 12:29 - 00000000 ____D C:\Users\****\AppData\Roaming\Epera
2013-06-25 09:03 - 2013-06-24 17:53 - 00000000 ____D C:\Users\****\Documents\The Lord of the Rings Online
2013-06-25 08:55 - 2013-06-25 08:55 - 00000000 ____D C:\Users\****\AppData\Local\The Lord of the Rings Online
2013-06-25 08:39 - 2013-06-24 12:42 - 00000000 ____D C:\Users\****\AppData\Local\Turbine
2013-06-25 08:37 - 2013-06-25 08:37 - 00002720 ____A C:\Users\****\Documents\UserPreferences.ini
2013-06-25 08:36 - 2013-06-25 08:36 - 00000729 ____A C:\Users\****\Desktop\Der Herr der Ringe Online.lnk
2013-06-24 18:07 - 2013-06-24 17:58 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-24 17:58 - 2013-06-24 17:58 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-24 17:50 - 2013-06-24 17:50 - 00000846 ____A C:\Users\****\Desktop\Der Herr de Ringe Online Die Schatten von Angmar.lnk
2013-06-24 13:38 - 2013-06-24 13:38 - 00000202 ____A C:\Users\****\Desktop\APB Reloaded.url
2013-06-24 12:42 - 2013-06-24 12:42 - 01562390 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 12:42 - 2013-06-24 12:42 - 00000103 ____A C:\Users\****\AppData\Local\fusioncache.dat
2013-06-24 12:42 - 2013-06-24 12:42 - 00000000 ____D C:\Users\****\AppData\Roaming\Turbine
2013-06-24 12:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2013-06-24 12:13 - 2012-09-28 22:24 - 00000000 ____D C:\Users\****\AppData\Roaming\vlc
2013-06-21 09:03 - 2013-06-21 09:03 - 00001483 ____A C:\Users\****\Desktop\Star Wars - The Old Republic.lnk
2013-06-21 08:41 - 2013-03-03 19:47 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-06-20 20:54 - 2013-02-14 19:40 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-06-20 20:54 - 2013-02-14 19:39 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-06-20 20:54 - 2013-02-14 19:39 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-06-19 17:36 - 2013-06-19 17:36 - 00000000 ____D C:\Users\****\AppData\Local\SWTOR
2013-06-19 13:05 - 2013-06-19 12:28 - 00113868 ____A C:\Users\****\Documents\Install STAR WARS The Old Republic.log
2013-06-19 12:29 - 2013-06-19 12:29 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-06-19 12:29 - 2013-03-03 11:39 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-19 11:13 - 2013-06-19 11:13 - 00000000 ____D C:\Users\****\AppData\Local\SWTORPerf
2013-06-19 11:02 - 2013-03-03 11:39 - 00000000 ____D C:\Users\****\AppData\Roaming\Origin
2013-06-19 11:02 - 2013-03-03 11:39 - 00000000 ____D C:\Users\****\AppData\Local\Origin
2013-06-19 11:02 - 2013-03-03 11:37 - 00000000 ____D C:\ProgramData\Origin
2013-06-18 12:26 - 2013-06-03 11:30 - 00000000 ____D C:\Users\****\AppData\Local\Windows Live
2013-06-18 11:55 - 2013-06-18 11:55 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iTunes
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iPod
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-17 21:16 - 2013-06-17 21:16 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-06-17 21:16 - 2012-09-29 00:41 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-06-17 19:01 - 2013-06-13 09:47 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3 Alpha
2013-06-17 16:47 - 2013-06-17 16:47 - 00000923 ____A C:\Users\****\Desktop\Logitech Gaming Software 8.35.lnk
2013-06-16 06:46 - 2013-03-02 15:59 - 00000000 ____D C:\Users\****\Desktop\TTZ
2013-06-15 09:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:48 - 2013-06-13 09:47 - 00000000 ____D C:\Users\****\Documents\Arma 3 Alpha
2013-06-12 23:18 - 2012-09-28 23:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 19:44 - 2013-06-12 19:44 - 00000202 ____A C:\Users\****\Desktop\Arma 3 Alpha.url
2013-06-12 19:39 - 2013-06-11 20:53 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3 Alpha Lite
2013-06-11 21:51 - 2013-05-15 09:51 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-11 20:53 - 2013-06-11 20:53 - 00000000 ____D C:\Users\****\Documents\Arma 3 Alpha Lite
2013-06-08 16:08 - 2013-06-16 00:12 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-16 00:12 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-16 00:12 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-16 00:12 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-16 00:12 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 08:36 - 2013-06-06 08:36 - 00000000 ____D C:\Users\****\AppData\Local\Chromium
2013-06-06 01:35 - 2012-10-09 11:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-06 01:34 - 2009-07-14 04:34 - 00000478 ____A C:\Windows\win.ini
2013-06-04 19:02 - 2013-06-04 19:01 - 18989296 ____A (Gameforge ) C:\Users\****\Downloads\AION_GameforgeLiveSetup.exe
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\****\Downloads\Gameforge Live
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\****\AppData\Local\Gameforge4d
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-06-03 14:22 - 2013-06-03 14:17 - 106159115 ____A C:\Users\****\Hochwasser 2013.mp4
2013-06-03 12:51 - 2013-06-03 12:49 - 55285607 ____A C:\Users\****\Mein Film.mp4
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Windows\de
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-06-03 11:31 - 2013-06-03 11:31 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-06-03 11:31 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 19:37
==================== End Of Log ============================
Mein Avira hat sich mittlerweile auch nochmal gemeldet, mit folgender Meldung: "Die Datei 'C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57c9fd79-1d24f0b0' enthielt einen Virus oder unerwünschtes Programm 'JAVA/Dldr.Obfshlp.MA' [virus]." |
|
02.07.2013, 16:29
| #6 |
| /// the machine /// TB-Ausbilder | TR/PSW.Zbot.233472.224 Befall Sollte mit TFC eigentlich erledigt sein. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Log bitte. Noch Probleme?
__________________ --> TR/PSW.Zbot.233472.224 Befall |
|
04.07.2013, 11:33
| #7 |
| | TR/PSW.Zbot.233472.224 Befall Hallo Schrauber, so nun bin ich wieder daheim. Hier die Files: Eset Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8a
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e4942df96867254ebc4cfaeb41230c78
# engine=14262
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-04 09:54:29
# local_time=2013-07-04 11:54:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 0 238354959 113986 0
# compatibility_mode=5893 16776574 100 94 24065285 124561519 0 0
# scanned=497197
# found=0
# cleaned=0
# scan_time=8717
FRT FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by **** (administrator) on 04-07-2013 12:21:43
Running from C:\Users\****\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [5299320 2012-10-25] (VIA)
MountPoints2: {ef99db7b-090b-11e2-a3b5-806e6f6e6963} - D:\Run.exe
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295072 2013-01-18] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [NPSStartup] [x]
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-02-26] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-26] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\cxol3jfn.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - G:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - G:\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Docs) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (RealDownloader) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0
CHR Extension: (Gmail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 IGDCTRL; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-03-03] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-04] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-09] (DT Soft Ltd)
S3 FETNDIS; C:\Windows\System32\DRIVERS\fet6x64.sys [47872 2009-06-10] (VIA Technologies, Inc. )
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
S3 ALSysIO; \??\C:\Users\RICHAR~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 gdrv; \??\C:\Windows\gdrv.sys [x]
S4 NVHDA; system32\drivers\nvhda64v.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-04 09:29 - 2013-07-04 09:29 - 00890988 ____A C:\Users\****\Downloads\SecurityCheck.exe
2013-07-04 09:27 - 2013-07-04 09:27 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-04 09:26 - 2013-07-04 09:26 - 02347384 ____A (ESET) C:\Users\****\Downloads\esetsmartinstaller_enu.exe
2013-07-03 13:04 - 2013-07-03 13:04 - 00000000 ____D C:\Users\****\Documents\My Curse
2013-07-03 13:03 - 2013-07-03 13:04 - 00000000 ____D C:\Users\****\AppData\Roaming\Curse Advertising
2013-07-03 13:02 - 2013-07-03 13:02 - 00000318 ____A C:\Users\****\Desktop\Curse Client.appref-ms
2013-07-03 13:00 - 2013-07-03 13:00 - 00402696 ____A () C:\Users\****\Downloads\setup.exe
2013-07-02 14:58 - 2013-07-02 14:58 - 00001343 ____A C:\AdwCleaner[S4].txt
2013-07-02 14:56 - 2013-07-02 17:20 - 00000000 ____D C:\JRT
2013-07-02 14:56 - 2013-07-02 14:56 - 00001480 ____A C:\Users\****\Desktop\AdwCleaner[S1].txt
2013-07-02 14:52 - 2013-07-02 14:52 - 00001524 ____A C:\AdwCleaner[S3].txt
2013-07-02 14:50 - 2013-07-02 14:54 - 00001363 ____A C:\Users\****\Desktop\Neues Textdokument.txt
2013-07-02 14:48 - 2013-07-02 14:48 - 00648201 ____A C:\Users\****\Downloads\adwcleaner.exe
2013-07-02 14:48 - 2013-07-02 14:48 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\****\Downloads\JRT.exe
2013-07-02 14:47 - 2013-07-02 14:47 - 00448512 ____A (OldTimer Tools) C:\Users\****\Downloads\TFC.exe
2013-07-02 13:33 - 2013-07-02 13:36 - 00023669 ____A C:\Users\****\Downloads\Addition.txt
2013-07-02 13:33 - 2013-07-02 13:33 - 00000000 ____D C:\FRST
2013-07-02 13:32 - 2013-07-02 13:33 - 01933556 ____A (Farbar) C:\Users\****\Downloads\FRST64.exe
2013-07-02 13:03 - 2013-07-02 13:03 - 00000264 ____A C:\Users\****\Downloads\defogger_enable.log
2013-07-02 13:02 - 2013-07-02 13:18 - 00104460 ____A C:\Users\****\Downloads\OTL.Txt
2013-07-02 13:02 - 2013-07-02 13:13 - 00088718 ____A C:\Users\****\Downloads\Extras.Txt
2013-07-02 12:56 - 2013-07-02 12:56 - 00602112 ____A (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00050477 ____A C:\Users\****\Downloads\Defogger.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00000492 ____A C:\Users\****\Downloads\defogger_disable.log
2013-07-02 09:47 - 2013-07-03 10:04 - 00002450 ____A C:\Windows\PFRO.log
2013-07-01 20:45 - 2013-07-01 20:45 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-07-01 20:24 - 2013-07-01 20:25 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-07-01 20:14 - 2013-07-01 21:18 - 00000830 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2013-07-01 20:14 - 2013-07-01 20:14 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-07-01 20:11 - 2013-07-01 20:13 - 00000000 ____D C:\ProgramData\Battle.net
2013-07-01 20:09 - 2013-07-01 20:11 - 83293072 ____A (Blizzard Entertainment) C:\Users\****\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-06-30 18:15 - 2013-06-30 18:15 - 00000270 ____A C:\Users\****\Desktop\TS 3 backup.ini
2013-06-27 20:41 - 2013-06-28 21:12 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3
2013-06-27 20:41 - 2013-06-27 20:41 - 00000000 ____D C:\Users\****\Documents\Arma 3
2013-06-25 17:46 - 2013-07-04 01:16 - 00248850 ____A C:\Windows\WindowsUpdate.log
2013-06-25 17:46 - 2013-06-25 17:46 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Users\****\AppData\Roaming\Mozilla
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 17:45 - 2013-06-25 17:46 - 21151576 ____A (Mozilla) C:\Users\****\Downloads\Firefox_Setup_21.0.exe
2013-06-25 17:44 - 2013-07-04 09:12 - 00002238 ____A C:\Windows\setupact.log
2013-06-25 17:44 - 2013-06-25 17:44 - 00000000 ____A C:\Windows\setuperr.log
2013-06-25 16:42 - 2013-06-25 16:42 - 00113988 ____A C:\Users\****\Documents\cc_20130625_164204.reg
2013-06-25 16:34 - 2013-06-25 16:34 - 00000000 ____D C:\Users\****\AppData\Local\Mozilla
2013-06-25 14:57 - 2013-06-25 14:57 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-25 14:56 - 2013-07-04 12:21 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-25 14:56 - 2013-07-04 09:12 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-25 14:56 - 2013-06-25 14:57 - 00000000 ____D C:\Users\****\AppData\Local\Google
2013-06-25 14:56 - 2013-06-25 14:57 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-25 14:39 - 2013-06-25 14:39 - 00903080 ____A (Oracle Corporation) C:\Users\****\Downloads\jxpiinstall.exe
2013-06-25 14:32 - 2013-06-25 14:32 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-25 14:32 - 2013-06-25 14:32 - 00000000 ____D C:\Program Files\CCleaner
2013-06-25 13:28 - 2013-06-25 13:28 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-25 12:29 - 2013-06-25 12:35 - 00000000 ____D C:\Users\****\AppData\Roaming\Ywewu
2013-06-25 12:29 - 2013-06-25 12:29 - 00000000 ____D C:\Users\****\AppData\Roaming\Epera
2013-06-25 08:55 - 2013-06-25 08:55 - 00000000 ____D C:\Users\****\AppData\Local\The Lord of the Rings Online
2013-06-25 08:37 - 2013-06-25 08:37 - 00002720 ____A C:\Users\****\Documents\UserPreferences.ini
2013-06-25 08:36 - 2013-06-25 08:36 - 00000729 ____A C:\Users\****\Desktop\Der Herr der Ringe Online.lnk
2013-06-24 17:58 - 2013-06-25 12:34 - 00000000 ____D C:\Users\****\AppData\Local\PMB Files
2013-06-24 17:58 - 2013-06-24 18:07 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-24 17:58 - 2013-06-24 17:58 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-24 17:53 - 2013-06-25 09:03 - 00000000 ____D C:\Users\****\Documents\The Lord of the Rings Online
2013-06-24 17:50 - 2013-06-24 17:50 - 00000846 ____A C:\Users\****\Desktop\Der Herr de Ringe Online Die Schatten von Angmar.lnk
2013-06-24 13:38 - 2013-06-24 13:38 - 00000202 ____A C:\Users\****\Desktop\APB Reloaded.url
2013-06-24 12:42 - 2013-06-25 08:39 - 00000000 ____D C:\Users\****\AppData\Local\Turbine
2013-06-24 12:42 - 2013-06-24 12:42 - 01562390 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 12:42 - 2013-06-24 12:42 - 00000103 ____A C:\Users\****\AppData\Local\fusioncache.dat
2013-06-24 12:42 - 2013-06-24 12:42 - 00000000 ____D C:\Users\****\AppData\Roaming\Turbine
2013-06-21 09:03 - 2013-06-21 09:03 - 00001483 ____A C:\Users\****\Desktop\Star Wars - The Old Republic.lnk
2013-06-19 17:36 - 2013-06-19 17:36 - 00000000 ____D C:\Users\****\AppData\Local\SWTOR
2013-06-19 12:29 - 2013-06-19 12:29 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-06-19 12:28 - 2013-06-19 13:05 - 00113868 ____A C:\Users\****\Documents\Install STAR WARS The Old Republic.log
2013-06-19 11:13 - 2013-06-19 11:13 - 00000000 ____D C:\Users\****\AppData\Local\SWTORPerf
2013-06-18 11:55 - 2013-06-18 11:55 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iTunes
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iPod
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-17 21:16 - 2013-06-17 21:16 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-06-17 16:47 - 2013-06-17 16:47 - 00000923 ____A C:\Users\****\Desktop\Logitech Gaming Software 8.35.lnk
2013-06-16 00:12 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 00:12 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 00:12 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 00:12 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 00:12 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 00:12 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 00:12 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-13 09:47 - 2013-06-17 19:01 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3 Alpha
2013-06-13 09:47 - 2013-06-13 09:48 - 00000000 ____D C:\Users\****\Documents\Arma 3 Alpha
2013-06-12 23:18 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 23:18 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 23:18 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 23:18 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 23:18 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 23:18 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 23:18 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 23:18 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 19:44 - 2013-06-12 19:44 - 00000202 ____A C:\Users\****\Desktop\Arma 3 Alpha.url
2013-06-12 08:50 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 08:50 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 08:50 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 08:50 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 08:50 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 08:50 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 08:50 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 08:50 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 08:50 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 08:50 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 08:50 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 08:50 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 08:50 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 08:50 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 08:50 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 08:50 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 08:50 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 20:53 - 2013-06-27 20:41 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-11 20:53 - 2013-06-12 19:39 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3 Alpha Lite
2013-06-11 20:53 - 2013-06-11 20:53 - 00000000 ____D C:\Users\****\Documents\Arma 3 Alpha Lite
2013-06-06 08:36 - 2013-06-06 08:36 - 00000000 ____D C:\Users\****\AppData\Local\Chromium
2013-06-04 19:01 - 2013-06-04 19:02 - 18989296 ____A (Gameforge ) C:\Users\****\Downloads\AION_GameforgeLiveSetup.exe
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\****\Downloads\Gameforge Live
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\****\AppData\Local\Gameforge4d
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
==================== One Month Modified Files and Folders =======
2013-07-04 12:21 - 2013-06-25 14:56 - 00001128 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-04 11:51 - 2013-05-06 14:33 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-04 09:29 - 2013-07-04 09:29 - 00890988 ____A C:\Users\****\Downloads\SecurityCheck.exe
2013-07-04 09:27 - 2013-07-04 09:27 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-04 09:26 - 2013-07-04 09:26 - 02347384 ____A (ESET) C:\Users\****\Downloads\esetsmartinstaller_enu.exe
2013-07-04 09:20 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-04 09:20 - 2009-07-14 06:45 - 00021856 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-04 09:17 - 2011-04-12 09:43 - 00668274 ____A C:\Windows\System32\perfh007.dat
2013-07-04 09:17 - 2011-04-12 09:43 - 00135942 ____A C:\Windows\System32\perfc007.dat
2013-07-04 09:17 - 2009-07-14 07:13 - 01536742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-04 09:12 - 2013-06-25 17:44 - 00002238 ____A C:\Windows\setupact.log
2013-07-04 09:12 - 2013-06-25 14:56 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-04 09:12 - 2013-02-14 17:44 - 00000000 ____D C:\Users\****\AppData\Local\Deployment
2013-07-04 09:12 - 2012-09-28 23:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-04 09:12 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-04 01:16 - 2013-06-25 17:46 - 00248850 ____A C:\Windows\WindowsUpdate.log
2013-07-03 23:59 - 2012-09-29 00:11 - 00000000 ____D C:\Users\****\AppData\Roaming\TS3Client
2013-07-03 15:53 - 2012-10-09 11:52 - 00000000 ____D C:\Users\****\Documents\Outlook-Dateien
2013-07-03 13:04 - 2013-07-03 13:04 - 00000000 ____D C:\Users\****\Documents\My Curse
2013-07-03 13:04 - 2013-07-03 13:03 - 00000000 ____D C:\Users\****\AppData\Roaming\Curse Advertising
2013-07-03 13:02 - 2013-07-03 13:02 - 00000318 ____A C:\Users\****\Desktop\Curse Client.appref-ms
2013-07-03 13:00 - 2013-07-03 13:00 - 00402696 ____A () C:\Users\****\Downloads\setup.exe
2013-07-03 10:04 - 2013-07-02 09:47 - 00002450 ____A C:\Windows\PFRO.log
2013-07-03 01:44 - 2012-09-29 02:55 - 00000000 ____D C:\Users\****\AppData\Roaming\Skype
2013-07-02 17:20 - 2013-07-02 14:56 - 00000000 ____D C:\JRT
2013-07-02 14:58 - 2013-07-02 14:58 - 00001343 ____A C:\AdwCleaner[S4].txt
2013-07-02 14:56 - 2013-07-02 14:56 - 00001480 ____A C:\Users\****\Desktop\AdwCleaner[S1].txt
2013-07-02 14:54 - 2013-07-02 14:50 - 00001363 ____A C:\Users\****\Desktop\Neues Textdokument.txt
2013-07-02 14:52 - 2013-07-02 14:52 - 00001524 ____A C:\AdwCleaner[S3].txt
2013-07-02 14:48 - 2013-07-02 14:48 - 00648201 ____A C:\Users\****\Downloads\adwcleaner.exe
2013-07-02 14:48 - 2013-07-02 14:48 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\****\Downloads\JRT.exe
2013-07-02 14:47 - 2013-07-02 14:47 - 00448512 ____A (OldTimer Tools) C:\Users\****\Downloads\TFC.exe
2013-07-02 13:36 - 2013-07-02 13:33 - 00023669 ____A C:\Users\****\Downloads\Addition.txt
2013-07-02 13:33 - 2013-07-02 13:33 - 00000000 ____D C:\FRST
2013-07-02 13:33 - 2013-07-02 13:32 - 01933556 ____A (Farbar) C:\Users\****\Downloads\FRST64.exe
2013-07-02 13:18 - 2013-07-02 13:02 - 00104460 ____A C:\Users\****\Downloads\OTL.Txt
2013-07-02 13:13 - 2013-07-02 13:02 - 00088718 ____A C:\Users\****\Downloads\Extras.Txt
2013-07-02 13:03 - 2013-07-02 13:03 - 00000264 ____A C:\Users\****\Downloads\defogger_enable.log
2013-07-02 13:03 - 2012-09-28 21:33 - 00000000 ____D C:\users\****
2013-07-02 12:56 - 2013-07-02 12:56 - 00602112 ____A (OldTimer Tools) C:\Users\****\Downloads\OTL.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00050477 ____A C:\Users\****\Downloads\Defogger.exe
2013-07-02 12:55 - 2013-07-02 12:55 - 00000492 ____A C:\Users\****\Downloads\defogger_disable.log
2013-07-01 21:18 - 2013-07-01 20:14 - 00000830 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2013-07-01 20:45 - 2013-07-01 20:45 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2013-07-01 20:25 - 2013-07-01 20:24 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2013-07-01 20:14 - 2013-07-01 20:14 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-07-01 20:13 - 2013-07-01 20:11 - 00000000 ____D C:\ProgramData\Battle.net
2013-07-01 20:11 - 2013-07-01 20:09 - 83293072 ____A (Blizzard Entertainment) C:\Users\****\Downloads\World-of-Warcraft-Setup-deDE.exe
2013-07-01 19:31 - 2013-05-20 10:07 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-30 18:15 - 2013-06-30 18:15 - 00000270 ____A C:\Users\****\Desktop\TS 3 backup.ini
2013-06-28 21:12 - 2013-06-27 20:41 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3
2013-06-27 20:41 - 2013-06-27 20:41 - 00000000 ____D C:\Users\****\Documents\Arma 3
2013-06-27 20:41 - 2013-06-11 20:53 - 00000000 ____D C:\ProgramData\Bohemia Interactive
2013-06-25 17:46 - 2013-06-25 17:46 - 00001151 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Users\****\AppData\Roaming\Mozilla
2013-06-25 17:46 - 2013-06-25 17:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 17:46 - 2013-06-25 17:45 - 21151576 ____A (Mozilla) C:\Users\****\Downloads\Firefox_Setup_21.0.exe
2013-06-25 17:44 - 2013-06-25 17:44 - 00000000 ____A C:\Windows\setuperr.log
2013-06-25 16:42 - 2013-06-25 16:42 - 00113988 ____A C:\Users\****\Documents\cc_20130625_164204.reg
2013-06-25 16:34 - 2013-06-25 16:34 - 00000000 ____D C:\Users\****\AppData\Local\Mozilla
2013-06-25 14:57 - 2013-06-25 14:57 - 00002259 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-25 14:57 - 2013-06-25 14:56 - 00000000 ____D C:\Users\****\AppData\Local\Google
2013-06-25 14:57 - 2013-06-25 14:56 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-25 14:40 - 2012-09-30 03:15 - 00000000 ____D C:\Users\****\AppData\Local\Adobe
2013-06-25 14:39 - 2013-06-25 14:39 - 00903080 ____A (Oracle Corporation) C:\Users\****\Downloads\jxpiinstall.exe
2013-06-25 14:33 - 2012-09-28 04:28 - 00000000 ____D C:\Windows\Panther
2013-06-25 14:32 - 2013-06-25 14:32 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-06-25 14:32 - 2013-06-25 14:32 - 00000000 ____D C:\Program Files\CCleaner
2013-06-25 13:28 - 2013-06-25 13:28 - 00001113 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-06-25 13:28 - 2013-01-20 09:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-25 13:23 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-25 12:41 - 2013-05-06 14:33 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-25 12:41 - 2013-05-06 14:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-25 12:35 - 2013-06-25 12:29 - 00000000 ____D C:\Users\****\AppData\Roaming\Ywewu
2013-06-25 12:34 - 2013-06-24 17:58 - 00000000 ____D C:\Users\****\AppData\Local\PMB Files
2013-06-25 12:29 - 2013-06-25 12:29 - 00000000 ____D C:\Users\****\AppData\Roaming\Epera
2013-06-25 09:03 - 2013-06-24 17:53 - 00000000 ____D C:\Users\****\Documents\The Lord of the Rings Online
2013-06-25 08:55 - 2013-06-25 08:55 - 00000000 ____D C:\Users\****\AppData\Local\The Lord of the Rings Online
2013-06-25 08:39 - 2013-06-24 12:42 - 00000000 ____D C:\Users\****\AppData\Local\Turbine
2013-06-25 08:37 - 2013-06-25 08:37 - 00002720 ____A C:\Users\****\Documents\UserPreferences.ini
2013-06-25 08:36 - 2013-06-25 08:36 - 00000729 ____A C:\Users\****\Desktop\Der Herr der Ringe Online.lnk
2013-06-24 18:07 - 2013-06-24 17:58 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-24 17:58 - 2013-06-24 17:58 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2013-06-24 17:50 - 2013-06-24 17:50 - 00000846 ____A C:\Users\****\Desktop\Der Herr de Ringe Online Die Schatten von Angmar.lnk
2013-06-24 13:38 - 2013-06-24 13:38 - 00000202 ____A C:\Users\****\Desktop\APB Reloaded.url
2013-06-24 12:42 - 2013-06-24 12:42 - 01562390 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-24 12:42 - 2013-06-24 12:42 - 00000103 ____A C:\Users\****\AppData\Local\fusioncache.dat
2013-06-24 12:42 - 2013-06-24 12:42 - 00000000 ____D C:\Users\****\AppData\Roaming\Turbine
2013-06-24 12:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2013-06-24 12:13 - 2012-09-28 22:24 - 00000000 ____D C:\Users\****\AppData\Roaming\vlc
2013-06-21 09:03 - 2013-06-21 09:03 - 00001483 ____A C:\Users\****\Desktop\Star Wars - The Old Republic.lnk
2013-06-21 08:41 - 2013-03-03 19:47 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-06-20 20:54 - 2013-02-14 19:40 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-06-20 20:54 - 2013-02-14 19:39 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-06-20 20:54 - 2013-02-14 19:39 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-06-19 17:36 - 2013-06-19 17:36 - 00000000 ____D C:\Users\****\AppData\Local\SWTOR
2013-06-19 13:05 - 2013-06-19 12:28 - 00113868 ____A C:\Users\****\Documents\Install STAR WARS The Old Republic.log
2013-06-19 12:29 - 2013-06-19 12:29 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-06-19 12:29 - 2013-03-03 11:39 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-19 11:13 - 2013-06-19 11:13 - 00000000 ____D C:\Users\****\AppData\Local\SWTORPerf
2013-06-19 11:02 - 2013-03-03 11:39 - 00000000 ____D C:\Users\****\AppData\Roaming\Origin
2013-06-19 11:02 - 2013-03-03 11:39 - 00000000 ____D C:\Users\****\AppData\Local\Origin
2013-06-19 11:02 - 2013-03-03 11:37 - 00000000 ____D C:\ProgramData\Origin
2013-06-18 12:26 - 2013-06-03 11:30 - 00000000 ____D C:\Users\****\AppData\Local\Windows Live
2013-06-18 11:55 - 2013-06-18 11:55 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iTunes
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files\iPod
2013-06-18 11:55 - 2013-06-18 11:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-17 21:16 - 2013-06-17 21:16 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2013-06-17 21:16 - 2012-09-29 00:41 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-06-17 19:01 - 2013-06-13 09:47 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3 Alpha
2013-06-17 16:47 - 2013-06-17 16:47 - 00000923 ____A C:\Users\****\Desktop\Logitech Gaming Software 8.35.lnk
2013-06-16 06:46 - 2013-03-02 15:59 - 00000000 ____D C:\Users\****\Desktop\TTZ
2013-06-15 09:02 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-13 09:48 - 2013-06-13 09:47 - 00000000 ____D C:\Users\****\Documents\Arma 3 Alpha
2013-06-12 23:18 - 2012-09-28 23:15 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 19:44 - 2013-06-12 19:44 - 00000202 ____A C:\Users\****\Desktop\Arma 3 Alpha.url
2013-06-12 19:39 - 2013-06-11 20:53 - 00000000 ____D C:\Users\****\AppData\Local\Arma 3 Alpha Lite
2013-06-11 21:51 - 2013-05-15 09:51 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-11 20:53 - 2013-06-11 20:53 - 00000000 ____D C:\Users\****\Documents\Arma 3 Alpha Lite
2013-06-08 16:08 - 2013-06-16 00:12 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-16 00:12 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-16 00:12 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-16 00:12 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-16 00:12 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-16 00:12 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-16 00:12 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-06 08:36 - 2013-06-06 08:36 - 00000000 ____D C:\Users\****\AppData\Local\Chromium
2013-06-06 01:35 - 2012-10-09 11:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-06 01:34 - 2009-07-14 04:34 - 00000478 ____A C:\Windows\win.ini
2013-06-04 19:02 - 2013-06-04 19:01 - 18989296 ____A (Gameforge ) C:\Users\****\Downloads\AION_GameforgeLiveSetup.exe
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\****\Downloads\Gameforge Live
2013-06-04 18:48 - 2013-06-04 18:48 - 00000000 ____D C:\Users\****\AppData\Local\Gameforge4d
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-06-04 14:08 - 2013-06-04 14:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-03 05:45
==================== End Of Log ============================
Bei dem Securitycheck habe ich folgendes Fenster erhalten: Directupload.net - jxdmap5z.jpg s7.directupload.net/file/d/3306/jxdmap5z_jpg.htm Eine Textdatei wurde scheinbar nicht erstellt. gruß, yosh Geändert von yosherl (04.07.2013 um 11:40 Uhr) |
|
04.07.2013, 12:34
| #8 |
| /// the machine /// TB-Ausbilder | TR/PSW.Zbot.233472.224 Befall Supi, noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.07.2013, 12:39
| #9 |
| | TR/PSW.Zbot.233472.224 Befall hm nein aktuell nicht Vielen Dank schonmal !!! Lasse gerade Malwarebytes und Avira nochmal komplett durchlaufen. Im Avira - Forum habe ich gelesen dass viele Rechner kompromittiert wurden durch so einen Trojaner..?? Da hilft dann wohl nur neu aufsetzen. Wie sieht das in meinem Fall nun aus? Und da ich gerade den Ausbilder an der Hand habe, wie kann man bei euch "Part of the Team" werden? Bin zwar Fachinformatiker, aber das was hier so abläuft war bisher nicht mein Schwerpunkt Finde es aber Interessant, und würde gern mitmachen! gruß, yosh ps: wohne auch nähe Muc =) |
|
04.07.2013, 12:50
| #10 |
| /// the machine /// TB-Ausbilder | TR/PSW.Zbot.233472.224 Befall Guckst Du hier http://www.trojaner-board.de/88896-a...ner-board.html Nee in deinem Fall nicht. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu TR/PSW.Zbot.233472.224 Befall |
| adobe, antivirus, autorun, avira, bho, bonjour, dsl, flash player, ftp, home, intranet, kaspersky, launch, logfile, mozilla, ntdll.dll, object, plug-in, programm, prozesse, registry, schannel.dll, security, senden, services.exe, software, svchost.exe, taskhost.exe, tr/psw.zbot., trojaner, windows, wuauclt.exe |
Linear-Darstellung
