| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ArenaNet Phishing E-MailWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.07.2013, 17:30
| #1 |
 |  ArenaNet Phishing E-Mail Schönen guten Abend, ich habe dummerweise auf den Link in einer Phishing Mail geklickt, welcher mich auf eine Seite weitergeleitet hat, auf der ich natürlich meine Account-Informationen eintragen sollte. Ich hab das 1. Feld ausgefüllt, was die Email beinhaltet, bevor ich realisiert habe, dass es sich um eine Phishing Seite handelt. Nun, stellt sich für mich die Frage, ob ich mir Viren eingefangen habe oder sich andere Sicherheitslücken geöffnet haben. Malewarebytes und Anvira Antivir haben nichts gefunden. Allgemein habe ich keine Probleme mit meinem Laptop, aber bei dem OTL Scan wurde keine Extra Datei generiert, wieso auch immer. Schöne Grüße Ghost OTL: Code:
ATTFilter OTL logfile created on: 13.07.2013 16:42:36 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lara\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,84 Gb Total Physical Memory | 3,47 Gb Available Physical Memory | 59,35% Memory free 11,68 Gb Paging File | 9,24 Gb Available in Paging File | 79,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 445,66 Gb Total Space | 240,77 Gb Free Space | 54,03% Space Free | Partition Type: NTFS Computer Name: LARA-PC | User Name: Lara | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Lara\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Lara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Lara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Atheros) PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Users\Lara\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Lara\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll () MOD - C:\Users\Lara\AppData\Local\Google\Chrome\Application\28.0.1500.72\libglesv2.dll () MOD - C:\Users\Lara\AppData\Local\Google\Chrome\Application\28.0.1500.72\libegl.dll () MOD - C:\Users\Lara\AppData\Local\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll () MOD - C:\Users\Lara\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Users\Lara\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll () ========== Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (GREGService) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe (Acer Incorporated) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (Live Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer Incorporated) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (ZAtheros Wlan Agent) -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe (Atheros) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (AdobeActiveFileMonitor9.0) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation) DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation) DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B3b56bcc7-54e5-44a2-9b44-66c3ef58c13e%7D:0.9.5.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lara\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lara\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.02.20 21:10:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.21 19:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lara\AppData\Roaming\mozilla\Extensions [2013.06.28 17:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lara\AppData\Roaming\mozilla\Firefox\Profiles\lo880qz8.default\extensions [2013.01.15 15:00:18 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Lara\AppData\Roaming\mozilla\Firefox\Profiles\lo880qz8.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2013.05.19 18:22:32 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Lara\AppData\Roaming\mozilla\firefox\profiles\lo880qz8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.06.17 12:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013.06.17 12:55:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Lara\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lara\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Adblock Plus = C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0\ CHR - Extension: Google-Suche = C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Good Smile Company = C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifaliahpcbohdpbocfjpfeaofkmcjai\2_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Lara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Programme\Rainmeter\Rainmeter.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B194387-35F0-42E8-A614-51965BF0D3E6}: DhcpNameServer = 192.168.178.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52CD1597-889E-4C74-9FF0-CA89E574144E}: DhcpNameServer = 192.168.178.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.13 16:41:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lara\Desktop\OTL.exe [2013.07.13 14:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2013.06.29 19:32:20 | 000,000,000 | ---D | C] -- C:\Users\Lara\AppData\Roaming\StepMania 5 [2013.06.29 19:31:38 | 000,000,000 | ---D | C] -- C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StepMania 5 [2013.06.29 19:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StepMania 5 [2013.06.29 19:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StepMania 5 [2013.06.21 20:48:00 | 000,000,000 | ---D | C] -- C:\Users\Lara\AppData\Local\Targem [2013.06.18 20:06:40 | 000,000,000 | ---D | C] -- C:\Users\Lara\Documents\Updater [2013.06.18 20:03:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF [2013.06.18 20:03:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared [2013.06.18 20:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2013.06.18 20:00:33 | 000,000,000 | ---D | C] -- C:\PS_CS2_Gr_NonRet [2013.06.17 12:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.17 11:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu! [2013.06.17 11:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\osu! [2013.06.17 11:51:50 | 000,000,000 | ---D | C] -- C:\Users\Lara\AppData\Roaming\Downloaded Installations [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.13 16:41:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lara\Desktop\OTL.exe [2013.07.13 16:26:20 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001UA.job [2013.07.13 16:26:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.13 16:14:35 | 000,000,000 | ---- | M] () -- C:\Users\Lara\defogger_reenable [2013.07.13 11:42:59 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.13 11:42:59 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.13 11:34:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.13 11:34:53 | 409,747,455 | -HS- | M] () -- C:\hiberfil.sys [2013.07.12 23:26:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001Core.job [2013.07.12 15:52:02 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2013.07.12 15:52:02 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.07.11 20:18:36 | 004,985,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.11 19:00:06 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.11 19:00:06 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.11 19:00:06 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.11 19:00:06 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.11 19:00:06 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.27 15:06:30 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.06.18 20:03:20 | 000,001,357 | ---- | M] () -- C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.13 16:14:35 | 000,000,000 | ---- | C] () -- C:\Users\Lara\defogger_reenable [2013.06.18 20:04:46 | 000,002,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk [2013.06.18 20:03:20 | 000,001,357 | ---- | C] () -- C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013.06.18 20:02:59 | 000,002,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk [2013.06.18 20:02:36 | 000,002,014 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk [2013.06.18 20:02:34 | 000,002,017 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk [2013.06.11 21:06:45 | 000,001,456 | ---- | C] () -- C:\Users\Lara\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2013.06.08 16:52:28 | 000,004,057 | ---- | C] () -- C:\Users\Lara\AppData\Local\recently-used.xbel [2012.11.28 05:07:05 | 000,000,698 | ---- | C] () -- C:\Windows\wininit.ini [2012.03.02 06:10:04 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.03.02 06:10:01 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.03.02 06:10:00 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.03.02 06:09:58 | 013,020,160 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.11 16:44:09 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\.minecraft [2013.03.06 12:44:43 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\Beat Hazard [2013.06.17 11:51:50 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\Downloaded Installations [2013.07.13 11:37:29 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\Dropbox [2013.02.20 21:10:56 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\DVDVideoSoft [2013.02.20 21:10:48 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\DVDVideoSoftIEHelpers [2013.03.31 11:51:31 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\FileZilla [2013.07.01 21:33:59 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\inkscape [2012.12.28 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\LolClient [2012.10.23 19:02:33 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\Notepad++ [2013.05.18 11:13:51 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\PDAppFlex [2012.10.13 23:57:28 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\Rainmeter [2012.10.13 19:02:46 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\Screensaver [2012.10.13 22:23:57 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\SNS [2013.07.13 11:49:01 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\Spotify [2013.05.18 15:15:25 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.06.29 19:32:21 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\StepMania 5 [2012.10.14 12:59:32 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\The Creative Assembly [2013.07.09 22:04:57 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\TS3Client [2013.07.13 14:06:34 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\Ubisoft [2012.10.13 22:48:43 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\WildTangent [2013.05.06 16:18:23 | 000,000,000 | ---D | M] -- C:\Users\Lara\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-13 18:15:33
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Lara\AppData\Local\Temp\kxldapow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775a1465 2 bytes [5A, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775a14bb 2 bytes [5A, 77]
.text ... * 2
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3320] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076b787b1 5 bytes [33, C0, C2, 04, 00]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775a1465 2 bytes [5A, 77]
.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775a14bb 2 bytes [5A, 77]
.text ... * 2
.text C:\Users\Lara\AppData\Roaming\Dropbox\bin\Dropbox.exe[3616] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000775a1465 2 bytes [5A, 77]
.text C:\Users\Lara\AppData\Roaming\Dropbox\bin\Dropbox.exe[3616] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000775a14bb 2 bytes [5A, 77]
.text ... * 2
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775a1465 2 bytes [5A, 77]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775a14bb 2 bytes [5A, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2568:3916] 000007fef5447c4c
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2568:3924] 000007fef644c0d0
Thread c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2556:2944] 000007fef644c0d0
---- EOF - GMER 2.1 ----
|
|
13.07.2013, 17:34
| #2 |
| /// the machine /// TB-Ausbilder    | ArenaNet Phishing E-Mail hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
13.07.2013, 18:21
| #3 |
| | ArenaNet Phishing E-Mail FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2013 01
Ran by Lara (administrator) on 13-07-2013 19:17:49
Running from C:\Users\Lara\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Spotify Ltd) C:\Users\Lara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Lara\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Lara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lara\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lara\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Users\Lara\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - %ProgramFiles%\Elantech\ETDCtrl.exe [2821936 2012-03-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4123 2012-01-20] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKCU\...\Run: [Google Update] - "C:\Users\Lara\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-10-13] (Google Inc.)
HKCU\...\Run: [Steam] - "C:\Program Files (x86)\Steam\steam.exe" -silent [1672616 2013-07-10] (Valve Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-10-26] ()
HKCU\...\Run: [Spotify Web Helper] - "C:\Users\Lara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-07-11] (Spotify Ltd)
HKCU\...\Run: [GoogleChromeAutoLaunch_5ED22A371E18F418053871167250F536] - "C:\Users\Lara\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window [846288 2013-07-12] (Google Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1075296 2013-04-25] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162408 2011-09-13] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.254
FireFox:
========
FF ProfilePath: C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\lo880qz8.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lara\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lara\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Html Validator - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\lo880qz8.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
FF Extension: No Name - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\lo880qz8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0
CHR Extension: (Google Search) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Good Smile Company) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifaliahpcbohdpbocfjpfeaofkmcjai\2_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-06-18] (Adobe Systems)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [871296 2012-02-07] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [28264 2012-02-29] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [255376 2012-02-07] (Acer Incorporated)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-01-18] (Atheros)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-21] (Avira Operations GmbH & Co. KG)
U3 kxldapow; \??\C:\Users\Lara\AppData\Local\Temp\kxldapow.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-13 19:17 - 2013-07-13 19:17 - 00000000 ____D C:\FRST
2013-07-13 19:16 - 2013-07-13 19:16 - 01777829 _____ (Farbar) C:\Users\Lara\Desktop\FRST64.exe
2013-07-13 17:19 - 2013-07-13 17:19 - 00082750 _____ C:\Users\Lara\Downloads\OTL.Txt
2013-07-13 17:15 - 2013-07-13 17:15 - 00602112 _____ (OldTimer Tools) C:\Users\Lara\Downloads\OTL.exe
2013-07-13 16:14 - 2013-07-13 16:14 - 00000470 _____ C:\Users\Lara\Downloads\defogger_disable.log
2013-07-13 16:14 - 2013-07-13 16:14 - 00000000 _____ C:\Users\Lara\defogger_reenable
2013-07-13 14:07 - 2013-07-13 14:07 - 00000000 ____D C:\ProgramData\Solidshield
2013-07-11 18:55 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 18:55 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 18:55 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 18:55 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 18:55 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 18:55 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 18:55 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 18:55 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 18:55 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 09:11 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 09:11 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 09:11 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 09:11 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 09:11 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 09:11 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 09:11 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-02 17:09 - 2013-07-02 17:09 - 00000000 ____D C:\Users\Lara\Downloads\pc2
2013-06-29 19:32 - 2013-06-29 19:32 - 00000000 ____D C:\Users\Lara\AppData\Roaming\StepMania 5
2013-06-29 19:31 - 2013-06-29 19:35 - 00000000 ____D C:\Program Files (x86)\StepMania 5
2013-06-29 19:31 - 2013-06-29 19:31 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StepMania 5
2013-06-29 19:29 - 2013-06-29 19:31 - 52092526 _____ C:\Users\Lara\Downloads\StepMania v5.0 beta 2a.exe
2013-06-22 19:43 - 2013-06-22 19:43 - 00039135 _____ C:\Users\Lara\Downloads\nine_inch_nails_wish.gp5
2013-06-22 19:41 - 2013-06-22 19:41 - 00134508 _____ C:\Users\Lara\Downloads\nine_inch_nails_closer.gp5
2013-06-21 20:48 - 2013-06-21 20:48 - 00000000 ____D C:\Users\Lara\AppData\Local\Targem
2013-06-19 19:25 - 2013-06-19 19:25 - 00123926 _____ C:\Users\Lara\Downloads\metallica_creeping_death.gp5
2013-06-19 19:25 - 2013-06-19 19:25 - 00123258 _____ C:\Users\Lara\Downloads\metallica_and_justice_for_all.gp4
2013-06-19 10:55 - 2013-06-19 10:56 - 00000000 ____D C:\Users\Lara\Downloads\Video Game Music Pack, Volume 2
2013-06-19 07:11 - 2013-06-19 07:11 - 00001152 _____ C:\Windows\PFRO.log
2013-06-18 20:06 - 2013-06-18 20:06 - 00000000 ____D C:\Users\Lara\Documents\Updater
2013-06-18 20:03 - 2013-06-18 20:03 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-06-18 20:00 - 2013-06-18 20:00 - 00000000 ____D C:\PS_CS2_Gr_NonRet
2013-06-18 19:50 - 2013-06-18 19:59 - 375232764 _____ (Adobe Systems Inc. ) C:\Users\Lara\Downloads\PS_CS2_Gr_NonRet.exe
2013-06-17 12:55 - 2013-06-17 12:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-17 11:53 - 2013-07-13 16:38 - 00000000 ____D C:\Program Files (x86)\osu!
2013-06-17 11:51 - 2013-06-17 11:51 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Downloaded Installations
2013-06-17 11:48 - 2013-06-17 11:50 - 42172104 _____ (peppy) C:\Users\Lara\Downloads\osu!install.exe
2013-06-15 18:17 - 2013-06-15 18:17 - 00055075 _____ C:\Users\Lara\Downloads\foo_fighters_learn_to_fly.gp3
2013-06-15 18:16 - 2013-06-15 18:16 - 00213837 _____ C:\Users\Lara\Downloads\foo_fighters_bridge_burning.gp5
==================== One Month Modified Files and Folders =======
2013-07-13 19:18 - 2012-10-26 15:15 - 00000000 ____D C:\Users\Lara\AppData\Local\PMB Files
2013-07-13 19:17 - 2013-07-13 19:17 - 00000000 ____D C:\FRST
2013-07-13 19:16 - 2013-07-13 19:16 - 01777829 _____ (Farbar) C:\Users\Lara\Desktop\FRST64.exe
2013-07-13 18:36 - 2012-10-13 23:53 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-13 18:26 - 2012-10-13 21:49 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001UA.job
2013-07-13 18:26 - 2012-04-11 14:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-13 17:35 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-13 17:35 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 17:29 - 2012-11-19 12:40 - 00000000 ___RD C:\Users\Lara\Dropbox
2013-07-13 17:29 - 2012-11-19 12:38 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Dropbox
2013-07-13 17:27 - 2013-04-27 19:25 - 00020835 _____ C:\Windows\setupact.log
2013-07-13 17:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 17:26 - 2012-05-25 02:07 - 01270974 _____ C:\Windows\WindowsUpdate.log
2013-07-13 17:19 - 2013-07-13 17:19 - 00082750 _____ C:\Users\Lara\Downloads\OTL.Txt
2013-07-13 17:15 - 2013-07-13 17:15 - 00602112 _____ (OldTimer Tools) C:\Users\Lara\Downloads\OTL.exe
2013-07-13 16:38 - 2013-06-17 11:53 - 00000000 ____D C:\Program Files (x86)\osu!
2013-07-13 16:14 - 2013-07-13 16:14 - 00000470 _____ C:\Users\Lara\Downloads\defogger_disable.log
2013-07-13 16:14 - 2013-07-13 16:14 - 00000000 _____ C:\Users\Lara\defogger_reenable
2013-07-13 16:14 - 2012-10-13 19:00 - 00000000 ____D C:\Users\Lara
2013-07-13 14:07 - 2013-07-13 14:07 - 00000000 ____D C:\ProgramData\Solidshield
2013-07-13 14:06 - 2013-03-18 16:21 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Ubisoft
2013-07-13 14:05 - 2013-05-31 11:22 - 00073664 _____ C:\Windows\DirectX.log
2013-07-13 11:49 - 2012-11-09 20:10 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Spotify
2013-07-13 11:35 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-13 08:31 - 2012-10-13 19:02 - 00000000 ____D C:\Users\Lara\AppData\Local\Adobe
2013-07-12 23:26 - 2012-10-13 21:49 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001Core.job
2013-07-12 23:21 - 2012-10-13 21:49 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001UA
2013-07-12 23:21 - 2012-10-13 21:49 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001Core
2013-07-12 21:28 - 2012-10-26 15:15 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-12 15:52 - 2012-10-13 11:00 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-07-12 15:52 - 2012-10-13 11:00 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-07-12 15:52 - 2012-10-13 11:00 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-07-12 15:52 - 2012-10-13 11:00 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-07-11 20:18 - 2009-07-14 06:45 - 04985392 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 20:17 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 20:17 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 20:16 - 2013-03-13 12:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 20:16 - 2013-03-13 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 20:16 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 19:01 - 2012-10-14 10:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 19:00 - 2012-05-25 11:59 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-07-11 19:00 - 2012-05-25 11:59 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-07-11 19:00 - 2009-07-14 07:13 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-11 18:56 - 2012-10-13 21:36 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 17:25 - 2012-10-13 14:37 - 00000000 ____D C:\Users\Lara\AppData\Local\Last.fm
2013-07-11 11:50 - 2012-11-09 20:10 - 00000000 ____D C:\Users\Lara\AppData\Local\Spotify
2013-07-09 22:04 - 2012-10-23 17:26 - 00000000 ____D C:\Users\Lara\AppData\Roaming\TS3Client
2013-07-04 20:14 - 2012-10-13 21:57 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-07-03 19:00 - 2012-10-13 17:53 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Skype
2013-07-02 17:09 - 2013-07-02 17:09 - 00000000 ____D C:\Users\Lara\Downloads\pc2
2013-07-01 21:33 - 2013-06-08 12:25 - 00000000 ____D C:\Users\Lara\AppData\Roaming\inkscape
2013-06-29 19:35 - 2013-06-29 19:31 - 00000000 ____D C:\Program Files (x86)\StepMania 5
2013-06-29 19:32 - 2013-06-29 19:32 - 00000000 ____D C:\Users\Lara\AppData\Roaming\StepMania 5
2013-06-29 19:31 - 2013-06-29 19:31 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StepMania 5
2013-06-29 19:31 - 2013-06-29 19:29 - 52092526 _____ C:\Users\Lara\Downloads\StepMania v5.0 beta 2a.exe
2013-06-27 15:06 - 2013-05-02 11:22 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-26 17:13 - 2012-10-13 19:37 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-06-26 17:13 - 2012-10-13 19:09 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Adobe
2013-06-22 19:43 - 2013-06-22 19:43 - 00039135 _____ C:\Users\Lara\Downloads\nine_inch_nails_wish.gp5
2013-06-22 19:41 - 2013-06-22 19:41 - 00134508 _____ C:\Users\Lara\Downloads\nine_inch_nails_closer.gp5
2013-06-22 12:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-21 20:48 - 2013-06-21 20:48 - 00000000 ____D C:\Users\Lara\AppData\Local\Targem
2013-06-21 20:48 - 2013-02-19 13:38 - 00000000 ____D C:\Users\Lara\Documents\My Games
2013-06-19 19:25 - 2013-06-19 19:25 - 00123926 _____ C:\Users\Lara\Downloads\metallica_creeping_death.gp5
2013-06-19 19:25 - 2013-06-19 19:25 - 00123258 _____ C:\Users\Lara\Downloads\metallica_and_justice_for_all.gp4
2013-06-19 12:50 - 2012-10-13 19:00 - 00090600 _____ C:\Users\Lara\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-19 10:56 - 2013-06-19 10:55 - 00000000 ____D C:\Users\Lara\Downloads\Video Game Music Pack, Volume 2
2013-06-19 07:11 - 2013-06-19 07:11 - 00001152 _____ C:\Windows\PFRO.log
2013-06-18 20:24 - 2013-05-18 10:06 - 00000000 ____D C:\Program Files\Adobe
2013-06-18 20:24 - 2013-05-18 10:02 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-06-18 20:23 - 2012-04-11 14:15 - 00000000 ____D C:\ProgramData\Adobe
2013-06-18 20:23 - 2012-04-11 14:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-18 20:07 - 2012-10-13 19:02 - 00000000 ____D C:\Users\Lara\AppData\Local\VirtualStore
2013-06-18 20:06 - 2013-06-18 20:06 - 00000000 ____D C:\Users\Lara\Documents\Updater
2013-06-18 20:03 - 2013-06-18 20:03 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-06-18 20:03 - 2012-10-13 19:02 - 00000000 ___RD C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-06-18 20:00 - 2013-06-18 20:00 - 00000000 ____D C:\PS_CS2_Gr_NonRet
2013-06-18 19:59 - 2013-06-18 19:50 - 375232764 _____ (Adobe Systems Inc. ) C:\Users\Lara\Downloads\PS_CS2_Gr_NonRet.exe
2013-06-18 08:16 - 2012-10-21 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-17 13:44 - 2012-10-13 10:41 - 00000000 ____D C:\Users\Lara\Documents\Studium
2013-06-17 12:55 - 2013-06-17 12:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-17 11:51 - 2013-06-17 11:51 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Downloaded Installations
2013-06-17 11:50 - 2013-06-17 11:48 - 42172104 _____ (peppy) C:\Users\Lara\Downloads\osu!install.exe
2013-06-15 18:17 - 2013-06-15 18:17 - 00055075 _____ C:\Users\Lara\Downloads\foo_fighters_learn_to_fly.gp3
2013-06-15 18:16 - 2013-06-15 18:16 - 00213837 _____ C:\Users\Lara\Downloads\foo_fighters_bridge_burning.gp5
2013-06-15 18:14 - 2013-04-06 17:43 - 00000000 ____D C:\Users\Lara\Documents\TuxGuitar Tabs
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-03 18:45
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-07-2013 01 Ran by Lara at 2013-07-13 19:18:19 Running from C:\Users\Lara\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe AIR (x32 Version: 3.1.0.4880) Adobe Bridge 1.0 (x32 Version: 001.000.001) Adobe Common File Installer (x32 Version: 1.00.001) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Help Center 1.0 (x32 Version: 1.0.1) Adobe Help Manager (x32 Version: 4.0.244) Adobe InDesign CS6 (x32 Version: 8.0) Adobe Photoshop CS2 (x32 Version: 9.0) Adobe Photoshop Elements 9 (x32 Version: 9.0) Adobe Premiere Elements 9 (x32 Version: 9.0) Adobe Reader X (10.1.7) MUI (x32 Version: 10.1.7) Adobe Stock Photos 1.0 (x32 Version: 1.0.1) Anno 2070 (x32) Apple Application Support (x32 Version: 2.2.2) Apple Mobile Device Support (Version: 6.0.0.59) Apple Software Update (x32 Version: 2.1.3.127) Assassin's Creed II (x32) Audiosurf (x32) Avira Free Antivirus (x32 Version: 13.0.0.3737) Back to the Future: Ep 1 - It's About Time (x32) Bastion (x32) Beat Hazard (x32) BIT.TRIP RUNNER (x32) Bonjour (Version: 3.0.0.10) Broadcom Card Reader Driver Installer (Version: 15.0.6.2) Broadcom NetLink Controller (Version: 15.0.7.1) CyberLink MediaEspresso (x32 Version: 6.5.1720_38230) D3DX10 (x32 Version: 15.4.2368.0902) Darksiders (x32) Darksiders II (x32) DarksidersInstaller (x32 Version: 1.00.1000) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Deus Ex: Human Revolution (x32) Dropbox (HKCU Version: 2.0.22) Dungeon Defenders (x32) eaner (Version: 3.23) Elements 9 Organizer (x32 Version: 9.0) Elements STI Installer (x32 Version: 1.0) ETDWare PS/2-X64 10.6.9.9_WHQL (Version: 10.6.9.9) Evernote v. 4.5.2 (x32 Version: 4.5.2.5866) FileZilla Client 3.5.3 (x32 Version: 3.5.3) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922) Free YouTube to MP3 Converter version 3.12.0.128 (x32 Version: 3.12.0.128) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922) Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922) Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922) Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922) Galerie foto Windows Live (x32 Version: 15.4.3502.0922) GIMP 2.8.2 (Version: 2.8.2) Google Chrome (HKCU Version: 28.0.1500.72) Guild Wars 2 (x32) Hotline Miami (x32) Identity Card (x32 Version: 1.00.3501) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 8.0.2.1410) Intel(R) OpenCL CPU Runtime (x32) Intel(R) Processor Graphics (x32 Version: 8.15.10.2653) Intel(R) Rapid Storage Technology (x32 Version: 11.1.0.1006) Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220) Intel® Trusted Connect Service Client (Version: 1.23.605.1) iTunes (Version: 10.7.0.21) Java 7 Update 7 (x32 Version: 7.0.70) Java Auto Updater (x32 Version: 2.1.9.0) Junk Mail filter update (x32 Version: 15.4.3502.0922) Last.fm Scrobbler 2.1.33 (x32) Launch Manager (x32 Version: 5.1.15) League of Legends (x32 Version: 1.3) LIMBO (x32) Magicka (x32) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft-Maus- und Tastatur-Center (Version: 2.1.177.0) Might and Magic: Clash of Heroes (x32) Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0) Mozilla Maintenance Service (x32 Version: 21.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Nero BackItUp 10 (x32 Version: 5.8.11100.9.100) Nero BackItUp 10 Help (CHM) (x32 Version: 10.6.10700) Nero Control Center 10 (x32 Version: 10.6.12700.0.7) Nero ControlCenter 10 Help (CHM) (x32 Version: 10.6.10700) Nero Core Components 10 (x32 Version: 2.0.19900.9.11) Nero DiscSpeed 10 (x32 Version: 6.4.10500.1.100) Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.6.10700) Nero Express 10 (x32 Version: 10.6.10700.5.100) Nero Express 10 Help (CHM) (x32 Version: 10.6.10700) Nero Multimedia Suite 10 Essentials (x32 Version: 10.6.10300) Nero Multimedia Suite 10 Essentials (x32 Version: 10.6.10400) Nero RescueAgent 10 (x32 Version: 3.6.10500.3.100) Nero RescueAgent 10 Help (CHM) (x32 Version: 10.6.10700) Nero StartSmart 10 (x32 Version: 10.6.10600.4.100) Nero StartSmart 10 Help (CHM) (x32 Version: 10.6.10700) Nero Update (x32 Version: 1.0.10900.31.0) Notepad++ (x32 Version: 6.2) NVIDIA Grafiktreiber 306.97 (Version: 306.97) NVIDIA Install Application (Version: 2.1002.85.551) NVIDIA Optimus 1.10.8 (Version: 1.10.8) NVIDIA PhysX (x32 Version: 9.11.1111) NVIDIA Systemsteuerung 306.97 (Version: 306.97) NVIDIA Update 1.10.8 (Version: 1.10.8) NVIDIA Update Components (Version: 1.10.8) OpenAL (x32) osu! (x32 Version: 0.0.0.0) Packard Bell Power Management (x32 Version: 6.00.3010) Packard Bell Recovery Management (x32 Version: 5.00.3508) Packard Bell Registration (x32 Version: 1.04.3506) Packard Bell ScreenSaver (x32 Version: 1.1.0915.2011) Packard Bell Social Networks (x32 Version: 3.0.3106) Packard Bell Updater (x32 Version: 1.02.3501) Pando Media Booster (x32 Version: 2.6.0.8) Path of Exile (x32 Version: 0.10.1.22906) Plants vs. Zombies: Game of the Year (x32) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922) Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922) Portal (x32) Pošta Windows Live (x32 Version: 15.4.3502.0922) Psychonauts (x32) Qualcomm Atheros WiFi Driver Installation (x32 Version: 3.0) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922) Rainmeter (x32 Version: 2.4 beta r1674) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6543) Skype™ 6.3 (x32 Version: 6.3.107) Spotify (HKCU Version: 0.9.1.57.ge7405149) Star Conflict (x32) Steam (x32 Version: 1.0.0.0) Super Meat Boy (x32) TeamSpeak 3 Client (Version: 3.0.10.1) The Walking Dead (x32) Total War: SHOGUN 2 (x32) TuxGuitar (x32 Version: 1.2) Überwachungstool für die Intel® Turbo-Boost-Technik 2.5 (Version: 2.5.1.0) Ubisoft Game Launcher (x32 Version: 1.0.0.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Video Web Camera (x32 Version: 1.5.2624.00) Welcome Center (x32 Version: 1.02.3507) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3538.0513) Windows Live Fotogaléria (x32 Version: 15.4.3502.0922) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live Fotogalleri (x32 Version: 15.4.3502.0922) Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922) Windows Live Fotótár (x32 Version: 15.4.3502.0922) Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922) Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3538.0513) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows Live 影像中心 (x32 Version: 15.4.3502.0922) Windows Live 程式集 (x32 Version: 15.4.3502.0922) Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922) Windows Liven sähköposti (x32 Version: 15.4.3502.0922) Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922) Основные компоненты Windows Live (x32 Version: 15.4.3502.0922) Почта Windows Live (x32 Version: 15.4.3502.0922) Фотоальбом Windows Live (x32 Version: 15.4.3502.0922) Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922) גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922) بريد Windows Live (x32 Version: 15.4.3502.0922) معرض صور Windows Live (x32 Version: 15.4.3502.0922) ==================== Restore Points ========================= 04-07-2013 18:14:54 Geplanter Prüfpunkt 11-07-2013 16:49:06 Windows Update 12-07-2013 13:50:13 DirectX wurde installiert 13-07-2013 12:03:49 DirectX wurde installiert 13-07-2013 12:05:44 Configured Ubisoft Game Launcher ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {17DC0138-376C-4276-A764-8E9AE23E39C1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation) Task: {1F94ADF8-FF21-4CC6-9D69-E6BA4E28D1F1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001Core => C:\Users\Lara\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-13] (Google Inc.) Task: {3A2099A6-50D6-40C4-A3FD-3C7B16758100} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation) Task: {3E832F68-6E00-459A-810E-F03AF73F83DE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation) Task: {47A42A71-C7BA-42E5-8AFC-D51B1D019F37} - System32\Tasks\{DEF2AD22-DC03-4783-8EDB-ED4B625CBC24} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-06-17] (Mozilla Corporation) Task: {4B5F4FDC-126C-45B4-B484-72DCF3490277} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation) Task: {5671E3F7-415E-49B6-A01F-49898D20E3EC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {5A52336D-EA4F-40F8-BE58-9F194B45A725} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {78F00717-9A09-41B6-A17A-8B80F5BBB9D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001UA => C:\Users\Lara\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-13] (Google Inc.) Task: {84EB435F-C4F9-4B8A-9920-122897D4041A} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink) Task: {9A778DF0-31A5-4C01-8A5C-2B098C1A5605} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Packard Bell\Packard Bell Recovery Management\NotificationCenter\Notification.exe [2012-03-15] (Acer) Task: {A171E69E-E39D-49B7-B1A1-879602006E97} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd) Task: {B405EF7F-4737-4379-9694-D8ED9AF6EF2D} - System32\Tasks\AdobeAAMUpdater-1.0-Lara-PC-Lara => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated) Task: {BA3D3ABE-578A-426D-BC01-CCB5BCCBD98A} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft) Task: {C2731A78-8037-413A-A1BC-2A1C99653295} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\WSCStub.exe No File Task: {D0E22B2C-DAD4-45D5-8889-DFE839D1FEEF} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SymErr.exe No File Task: {D113F9E3-4CDD-4061-BA06-446B5DB3FDD9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\SymErr.exe No File Task: {DF3DC1B9-8B94-4960-908F-5A28E4E80980} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2012-01-16] (Nero AG) Task: {E1D56CD6-F82B-43F3-9839-2D6D4378DEF7} - System32\Tasks\UALU notificatin => C:\Program Files\Packard Bell\Packard Bell Updater\UALU.exe [2012-02-07] (Acer Incorporated) Task: {F2C93EE8-2220-4064-A1D1-F72499CCB085} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001Core.job => C:\Users\Lara\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001UA.job => C:\Users\Lara\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/13/2013 05:28:14 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2013 02:32:26 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Rainmeter.exe, Version: 2.4.0.1674, Zeitstempel: 0x5071dc0b Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c96e Ausnahmecode: 0xc0020043 Fehleroffset: 0x000000000008a973 ID des fehlerhaften Prozesses: 0xedc Startzeit der fehlerhaften Anwendung: 0xRainmeter.exe0 Pfad der fehlerhaften Anwendung: Rainmeter.exe1 Pfad des fehlerhaften Moduls: Rainmeter.exe2 Berichtskennung: Rainmeter.exe3 Error: (07/13/2013 11:36:00 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2013 09:31:47 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Rainmeter.exe, Version: 2.4.0.1674, Zeitstempel: 0x5071dc0b Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c96e Ausnahmecode: 0xc0020043 Fehleroffset: 0x000000000008a973 ID des fehlerhaften Prozesses: 0xda0 Startzeit der fehlerhaften Anwendung: 0xRainmeter.exe0 Pfad der fehlerhaften Anwendung: Rainmeter.exe1 Pfad des fehlerhaften Moduls: Rainmeter.exe2 Berichtskennung: Rainmeter.exe3 Error: (07/13/2013 08:22:28 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2013 05:32:08 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2013 04:10:54 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: HotlineMiami.exe, Version: 1.0.0.0, Zeitstempel: 0x2a425e19 Name des fehlerhaften Moduls: BASS.dll, Version: 2.3.0.1, Zeitstempel: 0x448daadd Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000d084 ID des fehlerhaften Prozesses: 0x1554 Startzeit der fehlerhaften Anwendung: 0xHotlineMiami.exe0 Pfad der fehlerhaften Anwendung: HotlineMiami.exe1 Pfad des fehlerhaften Moduls: HotlineMiami.exe2 Berichtskennung: HotlineMiami.exe3 Error: (07/12/2013 01:06:51 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2013 09:09:38 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/11/2013 08:18:49 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/13/2013 05:29:49 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (07/13/2013 05:29:49 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (07/13/2013 11:37:48 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (07/13/2013 11:37:48 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (07/13/2013 11:34:58 AM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 13.07.2013 um 11:33:23 unerwartet heruntergefahren. Error: (07/13/2013 08:24:17 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (07/13/2013 08:24:17 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (07/13/2013 08:23:07 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/13/2013 08:23:07 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error: (07/13/2013 08:23:07 AM) (Source: DCOM) (User: ) Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Microsoft Office Sessions: ========================= Error: (07/13/2013 05:28:14 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2013 02:32:26 PM) (Source: Application Error)(User: ) Description: Rainmeter.exe2.4.0.16745071dc0bRPCRT4.dll6.1.7601.175144ce7c96ec0020043000000000008a973edc01ce7fac61756687C:\Program Files\Rainmeter\Rainmeter.exeC:\Windows\system32\RPCRT4.dll4640422d-ebb8-11e2-b19e-dc0ea1a99f1f Error: (07/13/2013 11:36:00 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/13/2013 09:31:47 AM) (Source: Application Error)(User: ) Description: Rainmeter.exe2.4.0.16745071dc0bRPCRT4.dll6.1.7601.175144ce7c96ec0020043000000000008a973da001ce7f9153daaee3C:\Program Files\Rainmeter\Rainmeter.exeC:\Windows\system32\RPCRT4.dll45bff577-eb8e-11e2-a4ab-dc0ea1a99f1f Error: (07/13/2013 08:22:28 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2013 05:32:08 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2013 04:10:54 PM) (Source: Application Error)(User: ) Description: HotlineMiami.exe1.0.0.02a425e19BASS.dll2.3.0.1448daaddc00000050000d084155401ce7f06fcb52328C:\Program Files (x86)\Steam\steamapps\common\hotline_miami\HotlineMiami.exeC:\Program Files (x86)\Steam\steamapps\common\hotline_miami\BASS.dlldd09f37b-eafc-11e2-8e07-dc0ea1a99f1f Error: (07/12/2013 01:06:51 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2013 09:09:38 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/11/2013 08:18:49 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 52% Total physical RAM: 5982.36 MB Available physical RAM: 2819.3 MB Total Pagefile: 11962.89 MB Available Pagefile: 8496.59 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:445.66 GB) (Free:242.84 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AB0AE60F) Partition 1: (Not Active) - (Size=20 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=446 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
13.07.2013, 19:10
| #4 |
| /// the machine /// TB-Ausbilder | ArenaNet Phishing E-Mail Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.07.2013, 20:19
| #5 |
| | ArenaNet Phishing E-Mail Hier die Logs: AdwCleaner: Code:
ATTFilter # AdwCleaner v2.305 - Datei am 13/07/2013 um 20:48:11 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lara - LARA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lara\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\lo880qz8.default\foxydeal.sqlite
Ordner Gelöscht : C:\Users\Lara\AppData\Roaming\dvdvideosoftiehelpers
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\lo880qz8.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v28.0.1500.72
Datei : C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1983 octets] - [13/07/2013 20:48:11]
########## EOF - C:\AdwCleaner[S1].txt - [2043 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 7 Home Premium x64
Ran by Lara on 13.07.2013 at 20:56:23,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
~~~ Files
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{001DB809-C22A-465A-9C8C-3C07CA42EE97}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{00C2D8FB-DC19-44C9-A1C1-D9EAA835CAEB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{0177A34E-E4B2-44D6-8FB6-B9CBC38FC5BA}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{02A657F2-346A-4BAF-9635-AD386208CF42}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{0316A286-BDDA-4E01-AE92-C8E5F8750FC9}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{03F05603-5EA5-475D-94D1-AC9CAD23C2EA}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{0447E785-5131-46F2-83D3-FD3CD96095EF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{050C85C4-CE2C-4B2C-84C5-2EE0AA5D77D7}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{067CFE41-B750-4A5F-B723-9CA5DEA9D4B6}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{0A8F99FB-B186-4F9E-9EEE-86EF2AF61A18}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{0AABC9CD-5A07-42F0-ABB4-970EE51CFD6C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{0B53B857-5F92-4B5F-A0D9-A308B7A6FD59}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{0B82E46F-A90D-46BB-9900-4110B5C19F62}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{0C65513F-99B6-4559-921A-33BC970E28F9}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{0F701840-A5A3-485E-84F1-8FD08A724401}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{0FAC04D8-802D-42F7-85C3-3762ACD480EA}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1216389E-6D46-4400-869D-4D0DBF268E97}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{13FA0DB0-9925-4501-86E1-E401CB519A55}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{15B508D7-0518-4BBF-AD4D-27148385288B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{16926DD1-4B8F-4F90-9284-1258439523F2}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{174642AF-15B1-4E07-8F77-E799D0FE31E6}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1B2BB07D-7B51-4236-B90B-7D9FD0D0CC49}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1B9CBDE6-136F-4391-968D-6A3F242C9955}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1C858821-D241-4F73-9F9C-DC524932684C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1D8EC433-47C5-48EE-B7FF-41624E26D417}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1E33DDF9-2438-42C3-AD48-BEF15499F301}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{1E5E3B4A-E5E4-462C-B6A3-B889BE54A082}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{20CFA8BF-3AB7-49CC-A1E9-FE1083C33591}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{20D16F60-2897-4C54-8AFF-FFD768EE929A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{21F908DF-3ACE-45D8-A17C-4D452E489DEA}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{22A296D5-28C4-4F76-9CF4-4B2F092B3677}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{234FDD2D-5CAC-4ECF-8D02-5214BC98FF25}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{24A9980D-7996-4F50-AE0F-9A12DB9F16F3}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{24AAA7A7-EECF-429C-8CC8-0971DF2ED400}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{25082B50-928F-41FD-886D-3C79DD2CAF01}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{25490DD6-DB4E-49B0-ADC2-9804E5902EFE}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{2554EFF9-E222-46F7-9C94-2C6AD8AA9248}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{2569E670-9AFE-4ADC-BF87-7FD5F600ECB4}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{2617001B-437F-4C0F-8A06-54C5BFA3F48C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{262E33B8-0977-4526-B556-F37191007716}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{2631EE6A-BEA9-4E64-9C78-12ECAEAB97F1}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{27A1F45B-53DB-4162-B5B0-0FEF584D32DB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{29E26B39-DFC7-4BB3-8EB2-B6B7E271348C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{2AD86B95-1D56-433E-A1B4-C8A6EB50A3B7}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{2ECE054D-0445-49B9-8031-A17C4987ED64}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{2FA49745-857A-4DFE-B89C-F36F47ABC145}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{310E1ED5-55B2-4472-A576-49997EB04515}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{31F1E569-46C7-488E-AEC9-D9E778A4E9C7}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{31F93C96-51C2-4456-A068-3C302EE08A32}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{328B9365-5642-443B-B328-5711C6B23020}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{32EF6039-118E-4099-AC76-0E59DD489F3D}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{33DD4082-865B-44D1-8B9E-EA2DDDDC35D5}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{34ECF773-5AB5-4432-8A83-ED85BEA33D14}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{355E4A3F-82FF-4D69-AA37-FDB7FCA909DF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{35AB5AE4-66A2-43B9-8BD6-84BF796E960B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{37ED9432-4962-4A98-A157-B4595A21E18D}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{3868E738-61C0-41FB-A7DB-17201265944F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{39433DCF-9895-4220-B23C-6EED4019EE06}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{396C8682-D441-412B-BF98-B79D603D1C81}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{39CF0B1C-B516-424F-BB5D-BB4D549328E0}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{3B381E65-83A4-42AA-B8D8-450BFFFF80F4}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{3B7A7586-5113-4191-8087-CFB63CB213D5}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{3CD1ACB4-F9AD-461A-A010-30146C7473F7}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{3E5D3650-8C7A-4BF3-8137-64B28C581FAB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{3E7559C2-3AA6-4B27-89EF-3612E363247A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{450AB785-B57B-43C8-B4C1-4D9004CF8ECC}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{45165C0E-D28C-483D-BD64-6BC97CF3677F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{45C1522A-B666-4970-A5BE-EF2E911C5189}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{463C5729-2F79-4F9C-B720-E54075973728}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{48A45050-E0F6-435E-B207-6CE9EAE8FA2F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{48B0C485-8F77-45C8-80F9-992090B01A88}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{49E02EC1-EE27-4515-ADF5-D014F443EA7C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{4A68BAAD-933E-47B1-BF85-04728AF05718}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{4CF7F665-BFF2-4EA5-87A4-19FA5EC7CC62}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{50C86353-13FE-4F61-9559-55DB0E0106B3}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{50D273B3-E41F-46EB-B814-DAC5602EE2E9}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{54743672-A053-4983-BC06-965A643DF7A3}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{56315065-4B41-4C27-A1E0-53941DD46296}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{580401E3-9F91-40EF-BD9C-8053D0A13063}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5808E0E0-4B2C-4177-B387-9DD5D0DEAC3C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{587A5DE0-D62F-4477-9F6F-8F99BBC83F55}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5A35AC5C-4727-4520-A1DD-5862B84C07C9}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5A812DF9-1239-4596-9F29-4C4EADB32C78}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5C97417C-C666-4239-B7F5-0E270CB1BA43}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5CE4525F-6755-4EF2-A42C-2053DA7AD628}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5E1889AA-9DFE-4DE7-A195-A02AC5084E27}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5F76A266-CC4D-40EA-9220-96F08D75DCB0}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{5FBDE0B8-C814-4707-B5E4-051A7CA1A024}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{61DA92CC-A7DE-41D9-B58F-D280C3F279C0}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6209EB55-486E-47E5-9131-3C2AC776EE9E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6373213F-7D1F-4815-98AC-F873A8A9B5AD}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{63DE49AE-DB59-4C5F-9EED-163FD77CBB17}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{64F1ABDC-B207-4567-861D-EBD4A9EBA09E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6650D585-EC4E-4634-9335-27054B67109E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6702F2EA-69A5-4364-A230-E6A84040CC4D}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{67DF5FB7-1C14-4DCF-AA43-6FB97F508FA4}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{68DB33D6-4C3C-4D73-B4D9-0406A149E8DA}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6914A225-3344-4E54-8285-E5925BF42EFA}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6A462E5A-2064-4214-811B-5C8138579E99}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6AF305AA-AC6B-4802-AFD8-A6B2255B3DFB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6C100922-6734-4180-874F-08973E5A07BB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6CD3DC05-686C-4B7D-A72E-0F11A5B04A3E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6D1C4395-A0C0-42F6-93E1-649413E9C7FE}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{6E7D7537-6A6C-4AB5-9744-C8E4882548C7}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{7150BD20-B2EE-498B-891C-345C66ECC4CE}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{71DAAB7E-0298-41CD-BFB6-1816E3C138D2}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{71DFFAC2-376E-48A8-BC5C-DF60B09C676A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{72EA24E0-13B8-458C-B6C0-8A0076577611}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{7462BD62-6DB6-4244-A13C-6B4FF63BACAF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{74EA1FAA-5B33-468E-B7AA-CB2D86C1E546}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{75334451-8FC9-4194-851C-9C849467B5FF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{7748AB83-5877-47DE-AF52-16719E3B95AD}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{77BB336A-E369-4D12-9EBE-291587F80E18}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{78DBD208-EC3C-44F9-B46A-417B29C78902}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{792B0045-9983-446B-9325-C03E439C3770}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{79631125-569F-45FD-AD1A-46114E9C9032}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{798290B3-DBF0-40D1-927D-885FA1F541BB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{7A5D7A6C-B3C4-418A-BEA9-F4A6F4B6D9F1}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{7B1AB70C-CD8F-4241-B319-45CAB8D99111}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{7CA52439-55C9-40FA-AD7A-0B82D018D531}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{7DB98A20-7C26-4E62-A63D-389D27EBC69D}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{7F45D63B-31B2-4003-9876-6614C98D3680}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{83347123-BC28-4F52-8DCF-4A9527D7A7EA}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{8368B5B7-7F48-4A03-9099-592411CFE50B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{83A9B807-2691-454F-82C3-FCA6F5E6CFC5}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{879FE9C0-E6DD-422F-BE7E-69A9CAD1F3F4}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{893326D7-C5A1-4834-B830-C2D817FC8C67}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{8C386E95-2238-4BAC-AAE3-F0AD1E870384}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{8E09CE97-1AF1-4049-952D-F9E5E78BE3BF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{8E577635-F46D-4580-9DED-CAE8350F58D9}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{8E9ED599-7EDA-4638-8A3D-A00AB465453F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{8F1B2B15-1F7A-44D5-955C-4B3A8B99C396}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{8F95EADA-2595-4CDD-B1C4-DEFB9E0ED6B7}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{909BC126-CED7-4933-BD63-E7C6A4C97B53}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{91AE9BCC-BD13-4718-A4BA-F49A16703FDB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{93C8D18C-4D72-45D4-8020-CC40B4A232C6}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{93DBFE36-F963-46BB-857F-4285C1223B4B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{9445A32E-B7D9-4620-8DC4-AC4DFA678934}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{947A467F-A398-4F07-A894-769BE7DBBC17}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{9541CA8C-C1F4-4BDE-983E-290417BAD40A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{97364C94-CDA7-4CDC-8A06-FFD5DF139E4D}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{97548738-BB8B-4DE2-8686-E89CAB6B590A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{98C0DA5D-461D-4A75-9D6F-18D234D36908}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{99197739-53F3-45FC-92A8-AE2D01F60A21}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{9928D319-287B-49F6-B82C-A82E53886934}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{9BD7A86C-1A4B-4533-BAB8-A9F635F17E81}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{9C304A3B-1176-474D-BC32-14A807028249}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{9CFF4E0B-6679-4DE9-BABA-5A7A9DB44900}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{A32753E1-715C-45D5-9B42-199D5D9A3E5C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{A3C87EA2-125B-42AD-887A-E034E047F44B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{A616C0A2-FFF9-47C7-B342-0F2B874BEADE}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{A76F8EBC-4EFC-4479-84A2-362E98FB0925}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{AAAC67E6-0BB1-4AD6-95D0-439F72E1259A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{ABCE3777-1A04-4393-94EE-9DDAB1E9DCAC}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{ADCA87D2-3CFC-4290-8EE8-470749A834B2}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{AE14DAD7-29AC-4F57-A85C-CF203E3F5FB3}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{AF2E2D8E-E329-4EFC-B8C1-7593D233D34C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B09F1F6E-A6BE-459E-8A0E-B6ACFD12E7E5}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B3105C37-F44B-4C09-9BEE-5E839007A6DB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B447422A-AA2A-4BD7-8CC7-F0C138115986}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B4EF4BD1-DD69-494B-8EA7-9F23127C6C71}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B546A7A1-E3A3-495B-A683-F4BEE5E5B057}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B6F3AA5E-4D05-4F2C-83C3-153B6ACB200B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B6F63E54-950E-44BA-B390-E3C192696802}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B7D6D249-258D-4009-8F2F-F599A8762082}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{B8351F89-94DB-4C65-B45F-ABCE0AA83C9F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{BA757737-5381-423A-A377-3190A05ABAFF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{BAC42544-E148-4451-9B14-F3ED4484AC5F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{BBA30C42-165D-4FDD-B571-17BE4593EAD4}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{BC7E793E-8E43-44C4-8F43-F287120179EF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{BD787E8E-E5E7-46E5-ACE7-868028118FE0}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{BFFAB319-E5F9-4C70-8F46-CF24DA84E83E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C01017C5-1EF2-44F2-B36B-F067473579EB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C0F1BA42-7E72-4FD3-A006-B617381A4F55}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C2FC0E6A-7719-4597-80BC-B1765677BC0E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C3028759-545D-44C1-A87D-7E2BD665C15F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C30AF4B2-E413-4DA6-9BAC-116123A1CB6E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C367086D-844F-4BD5-A4E5-E737A68F9943}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C36A66B1-31AF-4A57-811C-612AC8E3826A}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C66B36F3-FE35-4D4C-8733-CA3A184001A2}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C6AF0FE1-3583-40E3-B1C5-69BDA09B42FC}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C89A91D9-08EF-4A17-83E4-1690603E4D63}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{C8D59B0F-9AA4-4379-864D-F1200F6D6056}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{CA310014-09B0-44D0-97DA-BD4B84646BCF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{CB27A557-A6B3-4328-BED2-D50EC9B0A1CB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{CCD554B2-B87E-486B-B036-31188E57355C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{CCFCE4F6-3547-4C60-9F71-BCFB07914199}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{D14437DD-66D8-4BC3-BD79-E3DD710208B3}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{D27574F0-BE9F-4AD1-8B83-C26CB4D8E8BF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{D3ACCC89-DCF3-414F-BAC9-4FA32BF9FFE0}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{D5C9D8A3-8616-406E-A720-EDCAC271B36C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{D9C368AC-C4E0-42C8-83CB-457E89DEF4FD}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{DA323A7C-D30B-41A2-9AA0-54368656ED7F}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{DA98590E-7210-428A-9C67-85A1651B5A39}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{DC0AC033-5A60-4A79-8148-90E013E23BB9}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{DD77B1A8-7FBE-410D-BF17-56C1481E51AF}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{DE797BBF-5998-4AA7-BEBA-CCA1A1A680AC}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{E1BE3585-A3B2-4E42-9CFA-FC33DCED932E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{E1E27B50-6BE8-4AF0-8E6F-52B4DAD2B3D6}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{E26B71AF-F532-4728-B970-F17053235A9E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{E6D58B05-B8DE-496B-AA44-BC8B816EFEDB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{E720F89D-F648-4BF8-A96E-A7F933261410}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{E853E9DE-1C03-4343-A50A-BE19C42D8A3E}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{E951048C-E684-4A54-8985-35C29062C97D}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{EABCCD9F-8C90-4338-9AAC-218CF68C2034}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{EAF1BF3B-AE6F-4DEE-9B7E-97544F604C51}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{ED0BBE56-4D58-4895-B7D8-44EDBA5BE325}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{ED3CC764-3CC2-4C57-BABC-252B3F07BDD4}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{EF47A37A-61A9-4B27-96E8-C9D2ACFE9D0B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{EF870BCB-7E4C-4F59-A22D-3891DF04F495}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{EFD37A1A-81F9-4DA4-9EF6-8FA4097F1BDB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{F0CDE064-709F-4E57-B1F6-2B277EF2C73D}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{F12FBDC6-47D3-4CBC-8C42-30C94BA61417}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{F1BC1BAE-9979-45FD-BFEF-FF360F476DCC}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{F268ABBA-9568-42FC-8488-7721064AFC74}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{F2B1928D-3EC8-4D61-A7EF-285D6AFEA1C4}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{F50F8BB1-AE67-4A8D-A5B3-62EDD33CC3AD}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{F59E1406-161B-48AA-A78A-52F06A48DB3C}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{F5BF8605-42F9-403C-8985-039C295FA9AB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{F8F50869-830A-4BF6-AE63-B0A7538C2F43}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{F9F645E1-0D64-46EA-9CFB-B8AEE3B6C9B7}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{FA60D1FE-6E61-4291-B3E3-26513E22FB85}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{FB9157EC-9A39-40C9-AF30-EB93D4C7F498}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{FC9E52C5-337A-4045-ABD8-29B7F1C1BE5B}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{FD37A60C-2DCE-46AC-B83E-8C745D50BB97}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{FD8E4EB7-8271-4532-8361-A8AA7E68881D}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{FE5132B9-AB6D-4382-845A-273DD349B1CB}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{FF2E54DF-79CF-453F-B4B0-4E4F6F1627F6}
Successfully deleted: [Empty Folder] C:\Users\Lara\appdata\local\{FFD4388E-AD7D-4BCC-BC95-FB3EBC61EA3F}
~~~ FireFox
Emptied folder: C:\Users\Lara\AppData\Roaming\mozilla\firefox\profiles\lo880qz8.default\minidumps [100 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.07.2013 at 21:03:09,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2013 01
Ran by Lara (administrator) on 13-07-2013 21:06:57
Running from C:\Users\Lara\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Spotify Ltd) C:\Users\Lara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Lara\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - %ProgramFiles%\Elantech\ETDCtrl.exe [2821936 2012-03-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4123 2012-01-20] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKCU\...\Run: [Google Update] - "C:\Users\Lara\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-10-13] (Google Inc.)
HKCU\...\Run: [Steam] - "C:\Program Files (x86)\Steam\steam.exe" -silent [1672616 2013-07-10] (Valve Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-10-26] ()
HKCU\...\Run: [Spotify Web Helper] - "C:\Users\Lara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-07-11] (Spotify Ltd)
HKCU\...\Run: [GoogleChromeAutoLaunch_5ED22A371E18F418053871167250F536] - "C:\Users\Lara\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window [846288 2013-07-12] (Google Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1075296 2013-04-25] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162408 2011-09-13] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.254
FireFox:
========
FF ProfilePath: C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\lo880qz8.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lara\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lara\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Html Validator - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\lo880qz8.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
FF Extension: No Name - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\lo880qz8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0
CHR Extension: (Google Search) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Good Smile Company) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifaliahpcbohdpbocfjpfeaofkmcjai\2_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-06-18] (Adobe Systems)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [871296 2012-02-07] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [28264 2012-02-29] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
S2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [255376 2012-02-07] (Acer Incorporated)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-01-18] (Atheros)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-21] (Avira Operations GmbH & Co. KG)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-13 21:03 - 2013-07-13 21:03 - 00025871 _____ C:\Users\Lara\Desktop\JRT.txt
2013-07-13 20:56 - 2013-07-13 20:56 - 00003098 _____ C:\Windows\System32\Tasks\{12611F9A-C3F8-4E45-993D-B004FAC012B7}
2013-07-13 20:56 - 2013-07-13 20:56 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 20:51 - 2013-07-13 20:51 - 00002108 _____ C:\Users\Lara\Desktop\AdwCleaner[S1].txt
2013-07-13 20:48 - 2013-07-13 20:49 - 00002108 _____ C:\AdwCleaner[S1].txt
2013-07-13 20:47 - 2013-07-13 20:47 - 00662345 _____ C:\Users\Lara\Desktop\adwcleaner.exe
2013-07-13 20:47 - 2013-07-13 20:47 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Lara\Desktop\JRT.exe
2013-07-13 20:21 - 2013-07-13 20:21 - 00000000 ____D C:\Users\Lara\Documents\ANNO 2070
2013-07-13 19:17 - 2013-07-13 19:17 - 00000000 ____D C:\FRST
2013-07-13 19:16 - 2013-07-13 19:16 - 01777829 _____ (Farbar) C:\Users\Lara\Desktop\FRST64.exe
2013-07-13 17:19 - 2013-07-13 17:19 - 00082750 _____ C:\Users\Lara\Downloads\OTL.Txt
2013-07-13 17:15 - 2013-07-13 17:15 - 00602112 _____ (OldTimer Tools) C:\Users\Lara\Downloads\OTL.exe
2013-07-13 16:14 - 2013-07-13 16:14 - 00000470 _____ C:\Users\Lara\Downloads\defogger_disable.log
2013-07-13 16:14 - 2013-07-13 16:14 - 00000000 _____ C:\Users\Lara\defogger_reenable
2013-07-13 14:07 - 2013-07-13 14:07 - 00000000 ____D C:\ProgramData\Solidshield
2013-07-11 18:55 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 18:55 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 18:55 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 18:55 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 18:55 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 18:55 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 18:55 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 18:55 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 18:55 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 09:11 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 09:11 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 09:11 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 09:11 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 09:11 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 09:11 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 09:11 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-02 17:09 - 2013-07-02 17:09 - 00000000 ____D C:\Users\Lara\Downloads\pc2
2013-06-29 19:32 - 2013-06-29 19:32 - 00000000 ____D C:\Users\Lara\AppData\Roaming\StepMania 5
2013-06-29 19:31 - 2013-06-29 19:35 - 00000000 ____D C:\Program Files (x86)\StepMania 5
2013-06-29 19:31 - 2013-06-29 19:31 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StepMania 5
2013-06-29 19:29 - 2013-06-29 19:31 - 52092526 _____ C:\Users\Lara\Downloads\StepMania v5.0 beta 2a.exe
2013-06-22 19:43 - 2013-06-22 19:43 - 00039135 _____ C:\Users\Lara\Downloads\nine_inch_nails_wish.gp5
2013-06-22 19:41 - 2013-06-22 19:41 - 00134508 _____ C:\Users\Lara\Downloads\nine_inch_nails_closer.gp5
2013-06-21 20:48 - 2013-06-21 20:48 - 00000000 ____D C:\Users\Lara\AppData\Local\Targem
2013-06-19 19:25 - 2013-06-19 19:25 - 00123926 _____ C:\Users\Lara\Downloads\metallica_creeping_death.gp5
2013-06-19 19:25 - 2013-06-19 19:25 - 00123258 _____ C:\Users\Lara\Downloads\metallica_and_justice_for_all.gp4
2013-06-19 10:55 - 2013-06-19 10:56 - 00000000 ____D C:\Users\Lara\Downloads\Video Game Music Pack, Volume 2
2013-06-19 07:11 - 2013-06-19 07:11 - 00001152 _____ C:\Windows\PFRO.log
2013-06-18 20:06 - 2013-06-18 20:06 - 00000000 ____D C:\Users\Lara\Documents\Updater
2013-06-18 20:03 - 2013-06-18 20:03 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-06-18 20:00 - 2013-06-18 20:00 - 00000000 ____D C:\PS_CS2_Gr_NonRet
2013-06-18 19:50 - 2013-06-18 19:59 - 375232764 _____ (Adobe Systems Inc. ) C:\Users\Lara\Downloads\PS_CS2_Gr_NonRet.exe
2013-06-17 12:55 - 2013-06-17 12:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-17 11:53 - 2013-07-13 16:38 - 00000000 ____D C:\Program Files (x86)\osu!
2013-06-17 11:51 - 2013-06-17 11:51 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Downloaded Installations
2013-06-17 11:48 - 2013-06-17 11:50 - 42172104 _____ (peppy) C:\Users\Lara\Downloads\osu!install.exe
2013-06-15 18:17 - 2013-06-15 18:17 - 00055075 _____ C:\Users\Lara\Downloads\foo_fighters_learn_to_fly.gp3
2013-06-15 18:16 - 2013-06-15 18:16 - 00213837 _____ C:\Users\Lara\Downloads\foo_fighters_bridge_burning.gp5
==================== One Month Modified Files and Folders =======
2013-07-13 21:07 - 2012-10-26 15:15 - 00000000 ____D C:\Users\Lara\AppData\Local\PMB Files
2013-07-13 21:03 - 2013-07-13 21:03 - 00025871 _____ C:\Users\Lara\Desktop\JRT.txt
2013-07-13 20:58 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-13 20:58 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 20:56 - 2013-07-13 20:56 - 00003098 _____ C:\Windows\System32\Tasks\{12611F9A-C3F8-4E45-993D-B004FAC012B7}
2013-07-13 20:56 - 2013-07-13 20:56 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 20:53 - 2012-10-13 23:53 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-13 20:51 - 2013-07-13 20:51 - 00002108 _____ C:\Users\Lara\Desktop\AdwCleaner[S1].txt
2013-07-13 20:51 - 2012-11-19 12:40 - 00000000 ___RD C:\Users\Lara\Dropbox
2013-07-13 20:51 - 2012-11-19 12:38 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Dropbox
2013-07-13 20:50 - 2013-04-27 19:25 - 00020947 _____ C:\Windows\setupact.log
2013-07-13 20:50 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 20:49 - 2013-07-13 20:48 - 00002108 _____ C:\AdwCleaner[S1].txt
2013-07-13 20:49 - 2012-05-25 02:07 - 01300553 _____ C:\Windows\WindowsUpdate.log
2013-07-13 20:47 - 2013-07-13 20:47 - 00662345 _____ C:\Users\Lara\Desktop\adwcleaner.exe
2013-07-13 20:47 - 2013-07-13 20:47 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Lara\Desktop\JRT.exe
2013-07-13 20:26 - 2012-10-13 21:49 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001UA.job
2013-07-13 20:26 - 2012-04-11 14:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-13 20:21 - 2013-07-13 20:21 - 00000000 ____D C:\Users\Lara\Documents\ANNO 2070
2013-07-13 19:17 - 2013-07-13 19:17 - 00000000 ____D C:\FRST
2013-07-13 19:16 - 2013-07-13 19:16 - 01777829 _____ (Farbar) C:\Users\Lara\Desktop\FRST64.exe
2013-07-13 17:19 - 2013-07-13 17:19 - 00082750 _____ C:\Users\Lara\Downloads\OTL.Txt
2013-07-13 17:15 - 2013-07-13 17:15 - 00602112 _____ (OldTimer Tools) C:\Users\Lara\Downloads\OTL.exe
2013-07-13 16:38 - 2013-06-17 11:53 - 00000000 ____D C:\Program Files (x86)\osu!
2013-07-13 16:14 - 2013-07-13 16:14 - 00000470 _____ C:\Users\Lara\Downloads\defogger_disable.log
2013-07-13 16:14 - 2013-07-13 16:14 - 00000000 _____ C:\Users\Lara\defogger_reenable
2013-07-13 16:14 - 2012-10-13 19:00 - 00000000 ____D C:\Users\Lara
2013-07-13 14:07 - 2013-07-13 14:07 - 00000000 ____D C:\ProgramData\Solidshield
2013-07-13 14:06 - 2013-03-18 16:21 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Ubisoft
2013-07-13 14:05 - 2013-05-31 11:22 - 00073664 _____ C:\Windows\DirectX.log
2013-07-13 11:49 - 2012-11-09 20:10 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Spotify
2013-07-13 11:35 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-13 08:31 - 2012-10-13 19:02 - 00000000 ____D C:\Users\Lara\AppData\Local\Adobe
2013-07-12 23:26 - 2012-10-13 21:49 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001Core.job
2013-07-12 23:21 - 2012-10-13 21:49 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001UA
2013-07-12 23:21 - 2012-10-13 21:49 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001Core
2013-07-12 21:28 - 2012-10-26 15:15 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-12 15:52 - 2012-10-13 11:00 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-07-12 15:52 - 2012-10-13 11:00 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-07-12 15:52 - 2012-10-13 11:00 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-07-12 15:52 - 2012-10-13 11:00 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-07-11 20:18 - 2009-07-14 06:45 - 04985392 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 20:17 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 20:17 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 20:16 - 2013-03-13 12:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 20:16 - 2013-03-13 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 20:16 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 19:01 - 2012-10-14 10:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 19:00 - 2012-05-25 11:59 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-07-11 19:00 - 2012-05-25 11:59 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-07-11 19:00 - 2009-07-14 07:13 - 01519874 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-11 18:56 - 2012-10-13 21:36 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 17:25 - 2012-10-13 14:37 - 00000000 ____D C:\Users\Lara\AppData\Local\Last.fm
2013-07-11 11:50 - 2012-11-09 20:10 - 00000000 ____D C:\Users\Lara\AppData\Local\Spotify
2013-07-09 22:04 - 2012-10-23 17:26 - 00000000 ____D C:\Users\Lara\AppData\Roaming\TS3Client
2013-07-04 20:14 - 2012-10-13 21:57 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-07-03 19:00 - 2012-10-13 17:53 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Skype
2013-07-02 17:09 - 2013-07-02 17:09 - 00000000 ____D C:\Users\Lara\Downloads\pc2
2013-07-01 21:33 - 2013-06-08 12:25 - 00000000 ____D C:\Users\Lara\AppData\Roaming\inkscape
2013-06-29 19:35 - 2013-06-29 19:31 - 00000000 ____D C:\Program Files (x86)\StepMania 5
2013-06-29 19:32 - 2013-06-29 19:32 - 00000000 ____D C:\Users\Lara\AppData\Roaming\StepMania 5
2013-06-29 19:31 - 2013-06-29 19:31 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StepMania 5
2013-06-29 19:31 - 2013-06-29 19:29 - 52092526 _____ C:\Users\Lara\Downloads\StepMania v5.0 beta 2a.exe
2013-06-27 15:06 - 2013-05-02 11:22 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-26 17:13 - 2012-10-13 19:37 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-06-26 17:13 - 2012-10-13 19:09 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Adobe
2013-06-22 19:43 - 2013-06-22 19:43 - 00039135 _____ C:\Users\Lara\Downloads\nine_inch_nails_wish.gp5
2013-06-22 19:41 - 2013-06-22 19:41 - 00134508 _____ C:\Users\Lara\Downloads\nine_inch_nails_closer.gp5
2013-06-22 12:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-21 20:48 - 2013-06-21 20:48 - 00000000 ____D C:\Users\Lara\AppData\Local\Targem
2013-06-21 20:48 - 2013-02-19 13:38 - 00000000 ____D C:\Users\Lara\Documents\My Games
2013-06-19 19:25 - 2013-06-19 19:25 - 00123926 _____ C:\Users\Lara\Downloads\metallica_creeping_death.gp5
2013-06-19 19:25 - 2013-06-19 19:25 - 00123258 _____ C:\Users\Lara\Downloads\metallica_and_justice_for_all.gp4
2013-06-19 12:50 - 2012-10-13 19:00 - 00090600 _____ C:\Users\Lara\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-19 10:56 - 2013-06-19 10:55 - 00000000 ____D C:\Users\Lara\Downloads\Video Game Music Pack, Volume 2
2013-06-19 07:11 - 2013-06-19 07:11 - 00001152 _____ C:\Windows\PFRO.log
2013-06-18 20:24 - 2013-05-18 10:06 - 00000000 ____D C:\Program Files\Adobe
2013-06-18 20:24 - 2013-05-18 10:02 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-06-18 20:23 - 2012-04-11 14:15 - 00000000 ____D C:\ProgramData\Adobe
2013-06-18 20:23 - 2012-04-11 14:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-18 20:07 - 2012-10-13 19:02 - 00000000 ____D C:\Users\Lara\AppData\Local\VirtualStore
2013-06-18 20:06 - 2013-06-18 20:06 - 00000000 ____D C:\Users\Lara\Documents\Updater
2013-06-18 20:03 - 2013-06-18 20:03 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-06-18 20:03 - 2012-10-13 19:02 - 00000000 ___RD C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-06-18 20:00 - 2013-06-18 20:00 - 00000000 ____D C:\PS_CS2_Gr_NonRet
2013-06-18 19:59 - 2013-06-18 19:50 - 375232764 _____ (Adobe Systems Inc. ) C:\Users\Lara\Downloads\PS_CS2_Gr_NonRet.exe
2013-06-18 08:16 - 2012-10-21 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-17 13:44 - 2012-10-13 10:41 - 00000000 ____D C:\Users\Lara\Documents\Studium
2013-06-17 12:55 - 2013-06-17 12:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-17 11:51 - 2013-06-17 11:51 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Downloaded Installations
2013-06-17 11:50 - 2013-06-17 11:48 - 42172104 _____ (peppy) C:\Users\Lara\Downloads\osu!install.exe
2013-06-15 18:17 - 2013-06-15 18:17 - 00055075 _____ C:\Users\Lara\Downloads\foo_fighters_learn_to_fly.gp3
2013-06-15 18:16 - 2013-06-15 18:16 - 00213837 _____ C:\Users\Lara\Downloads\foo_fighters_bridge_burning.gp5
2013-06-15 18:14 - 2013-04-06 17:43 - 00000000 ____D C:\Users\Lara\Documents\TuxGuitar Tabs
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-03 18:45
==================== End Of Log ============================
--- --- --- --- --- --- |
|
13.07.2013, 21:06
| #6 |
| /// the machine /// TB-Ausbilder | ArenaNet Phishing E-MailESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> ArenaNet Phishing E-Mail |
|
14.07.2013, 10:42
| #7 |
| | ArenaNet Phishing E-Mail Probleme bestehen nach wie vor keine, aber soweit ich das sehe, muss ich wohl Java, Firefox und den Adobe Reader updaten. ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bbd4249660eb2b42ad901b799bd1bf93
# engine=14385
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-13 09:15:01
# local_time=2013-07-13 11:15:01 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 10087 239173391 2863 0
# compatibility_mode=5893 16776574 100 94 183478 125379951 0 0
# scanned=17624
# found=0
# cleaned=0
# scan_time=2372
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bbd4249660eb2b42ad901b799bd1bf93
# engine=14385
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-14 09:23:44
# local_time=2013-07-14 11:23:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 53810 239217114 4763 0
# compatibility_mode=5893 16776574 100 94 227201 125423674 0 0
# scanned=284060
# found=0
# cleaned=0
# scan_time=11868
Code:
ATTFilter Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 7 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox 21.0 Firefox out of Date! Google Chrome 22.0.1229.94 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-07-2013 01
Ran by Lara (administrator) on 14-07-2013 11:37:23
Running from C:\Users\Lara\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Spotify Ltd) C:\Users\Lara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Lara\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - %ProgramFiles%\Elantech\ETDCtrl.exe [2821936 2012-03-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4123 2012-01-20] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKCU\...\Run: [Google Update] - "C:\Users\Lara\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-10-13] (Google Inc.)
HKCU\...\Run: [Steam] - "C:\Program Files (x86)\Steam\steam.exe" -silent [1672616 2013-07-10] (Valve Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-10-26] ()
HKCU\...\Run: [Spotify Web Helper] - "C:\Users\Lara\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-07-11] (Spotify Ltd)
HKCU\...\Run: [GoogleChromeAutoLaunch_5ED22A371E18F418053871167250F536] - "C:\Users\Lara\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window [846288 2013-07-12] (Google Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1075296 2013-04-25] (Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162408 2011-09-13] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162408 2011-09-13] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.254
FireFox:
========
FF ProfilePath: C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\lo880qz8.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Lara\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Lara\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Html Validator - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\lo880qz8.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
FF Extension: No Name - C:\Users\Lara\AppData\Roaming\Mozilla\Firefox\Profiles\lo880qz8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lara\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0
CHR Extension: (Google Search) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Good Smile Company) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifaliahpcbohdpbocfjpfeaofkmcjai\2_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-06-18] (Adobe Systems)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [871296 2012-02-07] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [28264 2012-02-29] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [255376 2012-02-07] (Acer Incorporated)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-01-18] (Atheros)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-21] (Avira Operations GmbH & Co. KG)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-14 11:37 - 2013-07-14 11:37 - 00000960 _____ C:\Users\Lara\Desktop\checkup.txt
2013-07-14 11:32 - 2013-07-14 11:32 - 00890988 _____ C:\Users\Lara\Desktop\SecurityCheck.exe
2013-07-14 11:29 - 2013-07-14 11:29 - 00001437 _____ C:\Users\Lara\Desktop\ESET.txt
2013-07-13 20:56 - 2013-07-13 20:56 - 00003098 _____ C:\Windows\System32\Tasks\{12611F9A-C3F8-4E45-993D-B004FAC012B7}
2013-07-13 20:56 - 2013-07-13 20:56 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 20:48 - 2013-07-13 20:49 - 00002108 _____ C:\AdwCleaner[S1].txt
2013-07-13 20:21 - 2013-07-13 20:21 - 00000000 ____D C:\Users\Lara\Documents\ANNO 2070
2013-07-13 19:17 - 2013-07-13 19:17 - 00000000 ____D C:\FRST
2013-07-13 19:16 - 2013-07-13 19:16 - 01777829 _____ (Farbar) C:\Users\Lara\Desktop\FRST64.exe
2013-07-13 17:19 - 2013-07-13 17:19 - 00082750 _____ C:\Users\Lara\Downloads\OTL.Txt
2013-07-13 17:15 - 2013-07-13 17:15 - 00602112 _____ (OldTimer Tools) C:\Users\Lara\Downloads\OTL.exe
2013-07-13 16:14 - 2013-07-13 16:14 - 00000470 _____ C:\Users\Lara\Downloads\defogger_disable.log
2013-07-13 16:14 - 2013-07-13 16:14 - 00000000 _____ C:\Users\Lara\defogger_reenable
2013-07-13 14:07 - 2013-07-13 14:07 - 00000000 ____D C:\ProgramData\Solidshield
2013-07-11 18:55 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 18:55 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 18:55 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 18:55 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 18:55 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 18:55 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 18:55 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 18:55 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 18:55 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 18:55 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 18:55 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 18:55 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 09:11 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 09:11 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 09:11 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 09:11 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 09:11 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 09:11 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 09:11 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-02 17:09 - 2013-07-02 17:09 - 00000000 ____D C:\Users\Lara\Downloads\pc2
2013-06-29 19:32 - 2013-06-29 19:32 - 00000000 ____D C:\Users\Lara\AppData\Roaming\StepMania 5
2013-06-29 19:31 - 2013-06-29 19:35 - 00000000 ____D C:\Program Files (x86)\StepMania 5
2013-06-29 19:31 - 2013-06-29 19:31 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StepMania 5
2013-06-29 19:29 - 2013-06-29 19:31 - 52092526 _____ C:\Users\Lara\Downloads\StepMania v5.0 beta 2a.exe
2013-06-22 19:43 - 2013-06-22 19:43 - 00039135 _____ C:\Users\Lara\Downloads\nine_inch_nails_wish.gp5
2013-06-22 19:41 - 2013-06-22 19:41 - 00134508 _____ C:\Users\Lara\Downloads\nine_inch_nails_closer.gp5
2013-06-21 20:48 - 2013-06-21 20:48 - 00000000 ____D C:\Users\Lara\AppData\Local\Targem
2013-06-19 19:25 - 2013-06-19 19:25 - 00123926 _____ C:\Users\Lara\Downloads\metallica_creeping_death.gp5
2013-06-19 19:25 - 2013-06-19 19:25 - 00123258 _____ C:\Users\Lara\Downloads\metallica_and_justice_for_all.gp4
2013-06-19 10:55 - 2013-06-19 10:56 - 00000000 ____D C:\Users\Lara\Downloads\Video Game Music Pack, Volume 2
2013-06-19 07:11 - 2013-06-19 07:11 - 00001152 _____ C:\Windows\PFRO.log
2013-06-18 20:06 - 2013-06-18 20:06 - 00000000 ____D C:\Users\Lara\Documents\Updater
2013-06-18 20:03 - 2013-06-18 20:03 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-06-18 20:00 - 2013-06-18 20:00 - 00000000 ____D C:\PS_CS2_Gr_NonRet
2013-06-18 19:50 - 2013-06-18 19:59 - 375232764 _____ (Adobe Systems Inc. ) C:\Users\Lara\Downloads\PS_CS2_Gr_NonRet.exe
2013-06-17 12:55 - 2013-06-17 12:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-17 11:53 - 2013-07-13 21:53 - 00000000 ____D C:\Program Files (x86)\osu!
2013-06-17 11:51 - 2013-06-17 11:51 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Downloaded Installations
2013-06-17 11:48 - 2013-06-17 11:50 - 42172104 _____ (peppy) C:\Users\Lara\Downloads\osu!install.exe
2013-06-15 18:17 - 2013-06-15 18:17 - 00055075 _____ C:\Users\Lara\Downloads\foo_fighters_learn_to_fly.gp3
2013-06-15 18:16 - 2013-06-15 18:16 - 00213837 _____ C:\Users\Lara\Downloads\foo_fighters_bridge_burning.gp5
==================== One Month Modified Files and Folders =======
2013-07-14 11:37 - 2013-07-14 11:37 - 00000960 _____ C:\Users\Lara\Desktop\checkup.txt
2013-07-14 11:37 - 2012-10-26 15:15 - 00000000 ____D C:\Users\Lara\AppData\Local\PMB Files
2013-07-14 11:32 - 2013-07-14 11:32 - 00890988 _____ C:\Users\Lara\Desktop\SecurityCheck.exe
2013-07-14 11:29 - 2013-07-14 11:29 - 00001437 _____ C:\Users\Lara\Desktop\ESET.txt
2013-07-14 11:26 - 2012-10-13 21:49 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001UA.job
2013-07-14 11:26 - 2012-04-11 14:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-14 10:48 - 2012-05-25 02:07 - 01350297 _____ C:\Windows\WindowsUpdate.log
2013-07-14 08:09 - 2012-10-13 19:02 - 00000000 ____D C:\Users\Lara\AppData\Local\Adobe
2013-07-14 08:07 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-14 08:07 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-14 08:03 - 2012-10-13 23:53 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-14 08:02 - 2012-11-19 12:40 - 00000000 ___RD C:\Users\Lara\Dropbox
2013-07-14 08:02 - 2012-11-19 12:38 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Dropbox
2013-07-14 07:59 - 2013-04-27 19:25 - 00021115 _____ C:\Windows\setupact.log
2013-07-14 07:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-13 22:29 - 2012-05-25 11:59 - 00654340 _____ C:\Windows\system32\perfh007.dat
2013-07-13 22:29 - 2012-05-25 11:59 - 00130180 _____ C:\Windows\system32\perfc007.dat
2013-07-13 22:29 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-13 21:53 - 2013-06-17 11:53 - 00000000 ____D C:\Program Files (x86)\osu!
2013-07-13 21:12 - 2012-10-23 17:26 - 00000000 ____D C:\Users\Lara\AppData\Roaming\TS3Client
2013-07-13 20:56 - 2013-07-13 20:56 - 00003098 _____ C:\Windows\System32\Tasks\{12611F9A-C3F8-4E45-993D-B004FAC012B7}
2013-07-13 20:56 - 2013-07-13 20:56 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 20:49 - 2013-07-13 20:48 - 00002108 _____ C:\AdwCleaner[S1].txt
2013-07-13 20:21 - 2013-07-13 20:21 - 00000000 ____D C:\Users\Lara\Documents\ANNO 2070
2013-07-13 19:17 - 2013-07-13 19:17 - 00000000 ____D C:\FRST
2013-07-13 19:16 - 2013-07-13 19:16 - 01777829 _____ (Farbar) C:\Users\Lara\Desktop\FRST64.exe
2013-07-13 17:19 - 2013-07-13 17:19 - 00082750 _____ C:\Users\Lara\Downloads\OTL.Txt
2013-07-13 17:15 - 2013-07-13 17:15 - 00602112 _____ (OldTimer Tools) C:\Users\Lara\Downloads\OTL.exe
2013-07-13 16:14 - 2013-07-13 16:14 - 00000470 _____ C:\Users\Lara\Downloads\defogger_disable.log
2013-07-13 16:14 - 2013-07-13 16:14 - 00000000 _____ C:\Users\Lara\defogger_reenable
2013-07-13 16:14 - 2012-10-13 19:00 - 00000000 ____D C:\Users\Lara
2013-07-13 14:07 - 2013-07-13 14:07 - 00000000 ____D C:\ProgramData\Solidshield
2013-07-13 14:06 - 2013-03-18 16:21 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Ubisoft
2013-07-13 14:05 - 2013-05-31 11:22 - 00073664 _____ C:\Windows\DirectX.log
2013-07-13 11:49 - 2012-11-09 20:10 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Spotify
2013-07-13 11:35 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-12 23:26 - 2012-10-13 21:49 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001Core.job
2013-07-12 23:21 - 2012-10-13 21:49 - 00004084 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001UA
2013-07-12 23:21 - 2012-10-13 21:49 - 00003688 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2589874485-1697414770-2327982917-1001Core
2013-07-12 21:28 - 2012-10-26 15:15 - 00000000 ____D C:\ProgramData\PMB Files
2013-07-12 15:52 - 2012-10-13 11:00 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-07-12 15:52 - 2012-10-13 11:00 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2013-07-12 15:52 - 2012-10-13 11:00 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-07-12 15:52 - 2012-10-13 11:00 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-07-11 20:18 - 2009-07-14 06:45 - 04985392 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 20:17 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 20:17 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 20:16 - 2013-03-13 12:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 20:16 - 2013-03-13 12:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 20:16 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 19:01 - 2012-10-14 10:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 18:56 - 2012-10-13 21:36 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 17:25 - 2012-10-13 14:37 - 00000000 ____D C:\Users\Lara\AppData\Local\Last.fm
2013-07-11 11:50 - 2012-11-09 20:10 - 00000000 ____D C:\Users\Lara\AppData\Local\Spotify
2013-07-04 20:14 - 2012-10-13 21:57 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-07-03 19:00 - 2012-10-13 17:53 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Skype
2013-07-02 17:09 - 2013-07-02 17:09 - 00000000 ____D C:\Users\Lara\Downloads\pc2
2013-07-01 21:33 - 2013-06-08 12:25 - 00000000 ____D C:\Users\Lara\AppData\Roaming\inkscape
2013-06-29 19:35 - 2013-06-29 19:31 - 00000000 ____D C:\Program Files (x86)\StepMania 5
2013-06-29 19:32 - 2013-06-29 19:32 - 00000000 ____D C:\Users\Lara\AppData\Roaming\StepMania 5
2013-06-29 19:31 - 2013-06-29 19:31 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StepMania 5
2013-06-29 19:31 - 2013-06-29 19:29 - 52092526 _____ C:\Users\Lara\Downloads\StepMania v5.0 beta 2a.exe
2013-06-27 15:06 - 2013-05-02 11:22 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-06-26 17:13 - 2012-10-13 19:37 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-06-26 17:13 - 2012-10-13 19:09 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Adobe
2013-06-22 19:43 - 2013-06-22 19:43 - 00039135 _____ C:\Users\Lara\Downloads\nine_inch_nails_wish.gp5
2013-06-22 19:41 - 2013-06-22 19:41 - 00134508 _____ C:\Users\Lara\Downloads\nine_inch_nails_closer.gp5
2013-06-22 12:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-21 20:48 - 2013-06-21 20:48 - 00000000 ____D C:\Users\Lara\AppData\Local\Targem
2013-06-21 20:48 - 2013-02-19 13:38 - 00000000 ____D C:\Users\Lara\Documents\My Games
2013-06-19 19:25 - 2013-06-19 19:25 - 00123926 _____ C:\Users\Lara\Downloads\metallica_creeping_death.gp5
2013-06-19 19:25 - 2013-06-19 19:25 - 00123258 _____ C:\Users\Lara\Downloads\metallica_and_justice_for_all.gp4
2013-06-19 12:50 - 2012-10-13 19:00 - 00090600 _____ C:\Users\Lara\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-19 10:56 - 2013-06-19 10:55 - 00000000 ____D C:\Users\Lara\Downloads\Video Game Music Pack, Volume 2
2013-06-19 07:11 - 2013-06-19 07:11 - 00001152 _____ C:\Windows\PFRO.log
2013-06-18 20:24 - 2013-05-18 10:06 - 00000000 ____D C:\Program Files\Adobe
2013-06-18 20:24 - 2013-05-18 10:02 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-06-18 20:23 - 2012-04-11 14:15 - 00000000 ____D C:\ProgramData\Adobe
2013-06-18 20:23 - 2012-04-11 14:15 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-06-18 20:07 - 2012-10-13 19:02 - 00000000 ____D C:\Users\Lara\AppData\Local\VirtualStore
2013-06-18 20:06 - 2013-06-18 20:06 - 00000000 ____D C:\Users\Lara\Documents\Updater
2013-06-18 20:03 - 2013-06-18 20:03 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2013-06-18 20:03 - 2012-10-13 19:02 - 00000000 ___RD C:\Users\Lara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-06-18 20:00 - 2013-06-18 20:00 - 00000000 ____D C:\PS_CS2_Gr_NonRet
2013-06-18 19:59 - 2013-06-18 19:50 - 375232764 _____ (Adobe Systems Inc. ) C:\Users\Lara\Downloads\PS_CS2_Gr_NonRet.exe
2013-06-18 08:16 - 2012-10-21 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-17 13:44 - 2012-10-13 10:41 - 00000000 ____D C:\Users\Lara\Documents\Studium
2013-06-17 12:55 - 2013-06-17 12:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-17 11:51 - 2013-06-17 11:51 - 00000000 ____D C:\Users\Lara\AppData\Roaming\Downloaded Installations
2013-06-17 11:50 - 2013-06-17 11:48 - 42172104 _____ (peppy) C:\Users\Lara\Downloads\osu!install.exe
2013-06-15 18:17 - 2013-06-15 18:17 - 00055075 _____ C:\Users\Lara\Downloads\foo_fighters_learn_to_fly.gp3
2013-06-15 18:16 - 2013-06-15 18:16 - 00213837 _____ C:\Users\Lara\Downloads\foo_fighters_bridge_burning.gp5
2013-06-15 18:14 - 2013-04-06 17:43 - 00000000 ____D C:\Users\Lara\Documents\TuxGuitar Tabs
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-03 18:45
==================== End Of Log ============================
--- --- --- |
|
14.07.2013, 12:47
| #8 |
| /// the machine /// TB-Ausbilder | ArenaNet Phishing E-Mail Genau, die bitte updaten. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.07.2013, 14:21
| #9 |
| | ArenaNet Phishing E-Mail So, alles erledigt. Vielen Dank für deine Hilfe! |
|
14.07.2013, 18:40
| #10 |
| /// the machine /// TB-Ausbilder | ArenaNet Phishing E-Mail Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu ArenaNet Phishing E-Mail |
| adblock, antivir, autorun, avira, bho, bonjour, browser, converter, dvdvideosoft ltd., e-mail, email, firefox, flash player, frage, google, home, homepage, launch, logfile, mp3, nvpciflt.sys, packard bell, phishing, phishing mail, plug-in, realtek, registry, scan, senden, spotify web helper, usb, viren, windows, wscript.exe |
Linear-Darstellung
