| |
| |||||||
Log-Analyse und Auswertung: Click to Continue entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.07.2013, 23:20
| #1 |
| |  Click to Continue entfernen Hey, ich habe das Problem, dass auf vielen Webseiten manche Wörter unterstrichen sind und wenn ich mit der Maus drübergehe erscheint eine Werbeanzeige und darunter steht click to continue by text enhance. Manchmal öffnen sich auch neue Fenster mit Werbung. Hier zum Beispiel mal ein Screenshot, den ich bei meiner Anmeldung von den Regeln gemacht habe:  Und hier die Logs von Defogger, OTL und gmer: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:17 on 14/07/2013 (Leon)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 13.07.2013 23:32:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Leon\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 46,84% Memory free 4,00 Gb Paging File | 2,42 Gb Available in Paging File | 60,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 347,47 Gb Free Space | 74,60% Space Free | Partition Type: NTFS Drive D: | 465,75 Gb Total Space | 324,86 Gb Free Space | 69,75% Space Free | Partition Type: NTFS Drive E: | 680,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive H: | 3,66 Gb Total Space | 0,55 Gb Free Space | 15,16% Space Free | Partition Type: FAT32 Computer Name: LEON-PC | User Name: Leon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.13 23:06:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe PRC - [2013.07.12 20:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe PRC - [2013.06.27 23:48:10 | 006,427,008 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe PRC - [2013.06.27 23:48:00 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe PRC - [2012.11.13 15:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe ========== Modules (No Company Name) ========== MOD - [2013.07.12 20:49:44 | 000,396,240 | ---- | M] () -- C:\Programme\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll MOD - [2013.07.12 20:49:43 | 013,599,184 | ---- | M] () -- C:\Programme\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll MOD - [2013.07.12 20:49:42 | 004,052,944 | ---- | M] () -- C:\Programme\Google\Chrome\Application\28.0.1500.72\pdf.dll MOD - [2013.07.12 20:48:52 | 000,601,552 | ---- | M] () -- C:\Programme\Google\Chrome\Application\28.0.1500.72\libglesv2.dll MOD - [2013.07.12 20:48:51 | 000,123,344 | ---- | M] () -- C:\Programme\Google\Chrome\Application\28.0.1500.72\libegl.dll MOD - [2013.07.12 20:48:49 | 001,597,392 | ---- | M] () -- C:\Programme\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll MOD - [2012.11.13 15:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 15:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.01.09 20:44:20 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013.07.12 18:21:37 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013.06.27 23:48:00 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service) SRV - [2013.06.11 21:49:53 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.30 07:39:10 | 004,889,032 | ---- | M] (SafeNet Inc.) [Disabled | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2011.09.23 00:40:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.09.22 12:29:48 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.02.23 07:59:00 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe -- (mi-raysat_3dsmax2012_32) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85710821-D163-42ED-85CC-3995B8456DBE}\MpKslf78d58f6.sys -- (MpKslf78d58f6) DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F45C2DA3-4E9C-48A6-A3F2-9E0501F87490}\MpKsl27a6719c.sys -- (MpKsl27a6719c) DRV - [2013.01.03 19:19:03 | 000,105,728 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura) DRV - [2012.07.26 16:05:44 | 000,017,024 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\System32\drivers\BSMEM.sys -- (BSMEM) DRV - [2012.06.22 12:01:32 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner) DRV - [2012.01.17 19:52:11 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2011.10.04 13:03:48 | 000,367,560 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2011.09.23 00:40:00 | 010,318,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.08.10 14:05:24 | 000,596,424 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2011.07.08 01:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.05.06 16:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.01.18 07:43:16 | 000,016,128 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lycosa.sys -- (LycoFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 B6 2C BB 2D C3 CC 01 [binary data] IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197 IE - HKU\S-1-5-21-1348207587-1662218007-360504778-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Leon\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Leon\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.09.02 18:27:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files\AVG\AVG2012\Thunderbird\ [2013.07.13 23:15:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leon\AppData\Roaming\Mozilla\Extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - Extension: Adblock Plus = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0\ CHR - Extension: Adblock for Youtube\u2122 = C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk\1.8_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DNS Error Helper) - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKU\S-1-5-21-1348207587-1662218007-360504778-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Amelie.Leon-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin) O4 - Startup: C:\Users\Amelie.Leon-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Papa.Leon-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\FRITZ!DSL\\sarah.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61E8E280-4D5B-4B7E-9B45-21FBCCC908F9}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6975DBD5-D701-45AF-9D4B-C1FE64F909D5}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\linkscanner - No CLSID value found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.07.12 18:11:26 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2004.08.16 22:25:01 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2012.08.28 20:21:40 | 3327,074,647 | ---- | M] () - H:\Autodesk_3ds_Max_2012_German_Win_32-64bit.exe -- [ FAT32 ] O33 - MountPoints2\{705fcb28-2f1e-11e1-9b64-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{705fcb28-2f1e-11e1-9b64-806e6f6e6963}\Shell\AutoRun\command - "" = E:\LaunchRC.exe -- [2004.12.10 23:37:26 | 000,593,920 | R--- | M] () O33 - MountPoints2\{7c90b315-324a-11e1-bc0f-003067a4b1fc}\Shell - "" = AutoRun O33 - MountPoints2\{7c90b315-324a-11e1-bc0f-003067a4b1fc}\Shell\AutoRun\command - "" = I:\MediaManager.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.13 23:24:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe [2013.07.13 23:15:44 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Mozilla [2013.07.13 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter [2013.07.13 18:31:15 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.07.13 18:31:15 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.07.13 18:09:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.07.13 00:12:33 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\CrashDumps [2013.07.12 18:23:11 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\Autodesk [2013.07.12 18:21:43 | 000,000,000 | ---D | C] -- C:\Users\Leon\Documents\Inventor Server x86 Autodesk 3ds Max 2012 32-bit - German [2013.07.12 18:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2013.07.12 18:20:27 | 000,000,000 | ---D | C] -- C:\Users\Leon\Documents\3dsMax [2013.07.12 18:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk [2013.07.12 18:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2013.07.12 18:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2013.07.12 18:11:26 | 000,000,000 | ---D | C] -- C:\Autodesk [2013.07.12 17:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.07.12 17:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013.07.12 17:08:45 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\Google [2013.07.12 17:06:11 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\Mozilla [2013.07.12 17:04:57 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\VirtualStore [2013.07.12 17:03:10 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Local\Apps [2013.07.12 15:09:29 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Autodesk [2013.07.11 21:42:11 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\Star Wars Republic Commando II - Kopie [2013.07.11 20:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.11 13:47:04 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\.minecraft [2013.07.11 00:20:26 | 000,000,000 | ---D | C] -- C:\UDK [2013.07.10 20:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.07.10 20:10:09 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2013.07.10 20:03:13 | 000,000,000 | ---D | C] -- C:\Users\Leon\Documents\Battlefield 3 [2013.07.10 19:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2013.07.10 19:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Battlefield 3 [2013.07.10 15:44:39 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\NVIDIA [2013.07.09 19:03:48 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.07.09 18:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.07.09 18:16:24 | 000,017,024 | ---- | C] (BIOSTAR Group) -- C:\Windows\System32\drivers\BSMEM.sys [2013.07.09 16:27:41 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.07.09 14:00:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.07.09 11:11:58 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Apple Computer [2013.07.09 11:11:29 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013.07.09 11:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.07.09 10:39:33 | 000,000,000 | ---D | C] -- C:\Users\Leon\AppData\Roaming\Canon [2013.07.01 17:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2013.07.01 17:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt [2013.07.01 17:03:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013.07.01 17:03:14 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information [2013.07.01 17:02:53 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2013.07.01 17:02:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\STRING [2013.07.01 16:59:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJETV [2013.07.01 16:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2013.06.30 14:36:06 | 000,000,000 | ---D | C] -- C:\Users\Leon\Desktop\Star Wars Republic Commando II Development Files [2013.06.29 23:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2013.06.29 23:50:09 | 000,000,000 | ---D | C] -- C:\Fraps [2012.11.05 20:59:17 | 000,625,152 | ---- | C] (Microsoft Corporation) -- C:\Users\Leon\FL_msdia71_dll_2_____X86.3643236F_FC70_11D3_A536_0090278A1BB8 [2011.12.25 20:14:31 | 000,032,768 | ---- | C] (Macrovision Corporation) -- C:\Users\Leon\objectps.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.13 23:25:27 | 000,377,856 | ---- | M] () -- C:\Users\Leon\Desktop\gmer_2.1.19163.exe [2013.07.13 23:23:45 | 000,050,477 | ---- | M] () -- C:\Users\Leon\Desktop\Defogger.exe [2013.07.13 23:18:45 | 000,133,369 | ---- | M] () -- C:\Users\Leon\Desktop\Unbenannt.JPG [2013.07.13 23:18:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.13 23:13:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1001UA.job [2013.07.13 23:06:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Leon\Desktop\OTL.exe [2013.07.13 23:04:13 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.13 23:04:13 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.13 22:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.13 22:57:25 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.13 22:57:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.13 22:56:59 | 1609,523,200 | -HS- | M] () -- C:\hiberfil.sys [2013.07.13 22:53:58 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1003UA.job [2013.07.13 18:44:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1003Core.job [2013.07.13 18:31:16 | 000,002,246 | ---- | M] () -- C:\Users\Leon\Desktop\SpyHunter.lnk [2013.07.13 18:07:36 | 000,000,168 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.07.13 17:16:16 | 000,323,216 | ---- | M] () -- C:\Users\Leon\Desktop\CloneTrooperWave.FBX [2013.07.13 16:22:03 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.07.12 18:21:11 | 000,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 3ds Max.lnk [2013.07.12 15:13:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1001Core.job [2013.07.12 15:06:51 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.12 15:06:51 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.12 15:06:51 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.12 15:06:51 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.07.12 13:49:15 | 000,001,242 | ---- | M] () -- C:\Users\Leon\Desktop\Star Wars Republic Commando.lnk [2013.07.12 12:55:18 | 000,000,004 | ---- | M] () -- C:\ProgramData\icw09hbs.inf [2013.07.11 15:18:49 | 000,001,739 | ---- | M] () -- C:\Users\Leon\Desktop\UDK.lnk [2013.07.10 19:27:47 | 000,000,975 | ---- | M] () -- C:\Users\Leon\Desktop\Battlefield 3.lnk [2013.07.09 14:20:55 | 173,592,306 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.07.09 11:11:29 | 000,001,228 | ---- | M] () -- C:\Users\Leon\Desktop\Revo Uninstaller.lnk [2013.07.09 10:50:03 | 000,007,605 | ---- | M] () -- C:\Users\Leon\AppData\Local\Resmon.ResmonCfg [2013.06.30 18:17:10 | 000,546,732 | ---- | M] () -- C:\Users\Leon\AppData\Local\CloneOnSpeederbike.blend [2013.06.29 23:50:09 | 000,000,568 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk [2013.06.29 23:16:05 | 000,990,472 | ---- | M] () -- C:\Users\Leon\AppData\Local\CloneTrooper.blend [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.13 23:28:33 | 000,377,856 | ---- | C] () -- C:\Users\Leon\Desktop\gmer_2.1.19163.exe [2013.07.13 23:23:53 | 000,050,477 | ---- | C] () -- C:\Users\Leon\Desktop\Defogger.exe [2013.07.13 23:18:44 | 000,133,369 | ---- | C] () -- C:\Users\Leon\Desktop\Unbenannt.JPG [2013.07.13 18:31:16 | 000,002,246 | ---- | C] () -- C:\Users\Leon\Desktop\SpyHunter.lnk [2013.07.13 18:07:30 | 000,000,168 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.07.13 16:57:17 | 000,323,216 | ---- | C] () -- C:\Users\Leon\Desktop\CloneTrooperWave.FBX [2013.07.12 18:21:11 | 000,001,980 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 3ds Max.lnk [2013.07.12 17:09:13 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.07.12 17:08:50 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.12 17:08:49 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.11 22:21:59 | 000,001,242 | ---- | C] () -- C:\Users\Leon\Desktop\Star Wars Republic Commando.lnk [2013.07.11 21:17:31 | 000,000,004 | ---- | C] () -- C:\ProgramData\icw09hbs.inf [2013.07.11 15:18:49 | 000,001,739 | ---- | C] () -- C:\Users\Leon\Desktop\UDK.lnk [2013.07.10 19:27:47 | 000,000,975 | ---- | C] () -- C:\Users\Leon\Desktop\Battlefield 3.lnk [2013.07.09 19:03:09 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1001UA.job [2013.07.09 19:03:09 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1001Core.job [2013.07.09 14:00:45 | 173,592,306 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.07.09 10:50:03 | 000,007,605 | ---- | C] () -- C:\Users\Leon\AppData\Local\Resmon.ResmonCfg [2013.06.30 18:17:10 | 000,546,732 | ---- | C] () -- C:\Users\Leon\AppData\Local\CloneOnSpeederbike.blend [2013.06.29 23:50:09 | 000,000,568 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk [2013.06.29 23:16:01 | 000,990,472 | ---- | C] () -- C:\Users\Leon\AppData\Local\CloneTrooper.blend [2013.04.02 21:42:23 | 000,001,982 | ---- | C] () -- C:\Users\Leon\AppData\Local\recently-used.xbel [2013.03.30 21:53:21 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2013.02.15 17:56:13 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2013.02.15 17:56:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2013.02.02 16:41:43 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.08.10 13:46:34 | 000,000,040 | ---- | C] () -- C:\ProgramData\kqmfvkarpqehfvx [2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys [2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys [2012.04.14 13:31:00 | 000,000,113 | ---- | C] () -- C:\Windows\disney.ini [2012.04.02 20:15:19 | 000,000,065 | ---- | C] () -- C:\Windows\Maus2.ini [2012.03.07 21:43:12 | 003,640,812 | ---- | C] () -- C:\Users\Leon\AppData\Local\clone trooper phase 1 .blend [2012.03.07 21:41:47 | 004,544,340 | ---- | C] () -- C:\Users\Leon\AppData\Local\clone trooper phase 1.blend [2012.03.07 21:39:42 | 004,245,768 | ---- | C] () -- C:\Users\Leon\AppData\Local\clone trooper pilot.blend [2012.03.07 21:33:50 | 002,018,768 | ---- | C] () -- C:\Users\Leon\AppData\Local\raumstation.blend [2012.03.07 21:16:03 | 000,965,224 | ---- | C] () -- C:\Users\Leon\AppData\Local\air taxi.blend [2012.03.07 21:05:46 | 003,709,820 | ---- | C] () -- C:\Users\Leon\AppData\Local\raumschiff.blend [2012.03.05 20:53:28 | 003,982,856 | ---- | C] () -- C:\Users\Leon\AppData\Local\naboo starfighter.blend [2012.03.05 20:45:46 | 005,410,136 | ---- | C] () -- C:\Users\Leon\AppData\Local\trade fedration aat.blend [2012.03.05 20:40:28 | 005,394,592 | ---- | C] () -- C:\Users\Leon\AppData\Local\vulture droid 3.blend [2012.03.05 20:37:34 | 003,659,144 | ---- | C] () -- C:\Users\Leon\AppData\Local\vulture droid 2.blend [2012.03.04 21:46:02 | 007,484,724 | ---- | C] () -- C:\Users\Leon\AppData\Local\coruscant.blend [2012.03.04 21:40:12 | 004,450,008 | ---- | C] () -- C:\Users\Leon\AppData\Local\obi wan kenobi lightsaber.blend [2012.03.04 21:35:29 | 029,480,448 | ---- | C] () -- C:\Users\Leon\AppData\Local\at-te.blend1 [2012.03.04 21:35:29 | 029,459,208 | ---- | C] () -- C:\Users\Leon\AppData\Local\at-te.blend [2012.03.04 20:54:31 | 007,691,140 | ---- | C] () -- C:\Users\Leon\AppData\Local\trade federation mtt.blend [2012.03.04 20:54:31 | 005,492,080 | ---- | C] () -- C:\Users\Leon\AppData\Local\trade federation mtt.blend1 [2012.03.04 20:38:23 | 003,167,892 | ---- | C] () -- C:\Users\Leon\AppData\Local\trade federation landing craft.blend [2012.03.04 20:38:23 | 003,164,556 | ---- | C] () -- C:\Users\Leon\AppData\Local\trade federation landing craft.blend1 [2012.03.04 20:38:23 | 003,036,192 | ---- | C] () -- C:\Users\Leon\AppData\Local\trade federation landing craft.blend2 [2012.03.04 20:35:25 | 010,051,088 | ---- | C] () -- C:\Users\Leon\AppData\Local\t-16 skyhopper.blend [2012.03.04 20:31:33 | 007,903,140 | ---- | C] () -- C:\Users\Leon\AppData\Local\vulture droid.blend [2012.03.04 20:27:39 | 017,466,176 | ---- | C] () -- C:\Users\Leon\AppData\Local\trade federation blockade.blend [2012.03.04 20:19:10 | 018,744,624 | ---- | C] () -- C:\Users\Leon\AppData\Local\republic gunship.blend [2012.03.03 22:12:13 | 020,214,200 | ---- | C] () -- C:\Users\Leon\AppData\Local\clonetrooper.blend1 [2012.03.03 22:12:13 | 020,205,608 | ---- | C] () -- C:\Users\Leon\AppData\Local\clonetrooper.blend2 [2012.03.02 19:38:12 | 000,415,620 | ---- | C] () -- C:\Users\Leon\AppData\Local\seperatist frigate.blend1 [2012.02.18 22:45:55 | 004,898,160 | ---- | C] () -- C:\Users\Leon\AppData\Local\logo.blend1 [2012.02.18 22:45:55 | 004,894,268 | ---- | C] () -- C:\Users\Leon\AppData\Local\logo.blend [2012.02.18 22:45:55 | 004,885,460 | ---- | C] () -- C:\Users\Leon\AppData\Local\logo.blend2 [2012.02.14 21:40:39 | 004,319,124 | ---- | C] () -- C:\Users\Leon\AppData\Local\republic cruiser.blend1 [2012.02.14 21:40:39 | 004,306,892 | ---- | C] () -- C:\Users\Leon\AppData\Local\republic cruiser.blend [2012.02.14 21:40:39 | 000,933,148 | ---- | C] () -- C:\Users\Leon\AppData\Local\republic cruiser.blend2 [2012.01.25 19:50:06 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.01.25 19:50:06 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.01.25 19:46:21 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2012.01.24 20:40:22 | 000,012,800 | ---- | C] () -- C:\Users\Leon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.22 12:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe ========== ZeroAccess Check ========== [2012.12.25 14:27:29 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB35896$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GYX29CL3\t.cxt.ms\lso.swf\u.sol [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.12.25 20:36:34 | 000,000,000 | ---D | M] -- C:\Users\Amelie\AppData\Roaming\AVG10 [2011.12.25 20:36:37 | 000,000,000 | ---D | M] -- C:\Users\Amelie\AppData\Roaming\OpenOffice.org [2011.12.25 20:36:38 | 000,000,000 | ---D | M] -- C:\Users\Amelie\AppData\Roaming\Thunderbird [2013.01.06 16:53:58 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\.minecraft [2013.02.03 16:39:45 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\AVG [2013.01.02 12:11:58 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\AVG2013 [2013.07.03 17:25:55 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\Canon [2013.07.11 13:35:38 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\FRITZ! [2012.08.09 19:26:08 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\LEGO Company [2011.12.28 15:30:24 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\OpenOffice.org [2012.02.29 15:34:53 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\Scribus [2011.12.26 22:34:55 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\Thunderbird [2013.05.24 18:45:26 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\TuneUp Software [2012.06.30 13:22:28 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\Ulead Systems [2012.03.23 13:26:58 | 000,000,000 | ---D | M] -- C:\Users\Amelie.Leon-PC\AppData\Roaming\Unity [2013.01.26 16:17:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013.01.26 16:17:34 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2013.07.11 13:50:22 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\.minecraft [2012.01.24 20:26:59 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\AnvSoft [2012.09.09 09:55:13 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Audacity [2013.07.12 18:26:57 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Autodesk [2013.06.11 21:41:24 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\AVG [2011.12.25 20:14:32 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Blender Foundation [2013.07.09 10:39:33 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Canon [2012.01.02 23:25:30 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.07.10 16:18:32 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\DVDVideoSoft [2013.06.11 21:48:04 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\FRITZ! [2012.07.26 12:07:02 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\LEGO Company [2011.12.25 20:14:40 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\OpenOffice.org [2012.07.19 19:00:54 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Petroglyph [2011.12.25 20:14:41 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Thunderbird [2012.02.21 18:17:53 | 000,000,000 | ---D | M] -- C:\Users\Leon\AppData\Roaming\Ulead Systems [2011.12.25 20:37:06 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\AVG10 [2011.12.25 20:37:09 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\OpenOffice.org [2011.12.25 20:37:11 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\QuickStoresToolbar [2012.01.13 19:58:28 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC\AppData\Roaming\FRITZ! [2012.01.13 20:08:35 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC\AppData\Roaming\Thunderbird [2013.01.29 19:34:42 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\Autodesk [2013.01.29 16:55:14 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\AVG2013 [2013.07.01 17:21:45 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\Canon [2012.08.08 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\FRITZ! [2012.08.08 19:36:03 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\QuickScan [2012.02.21 17:58:49 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\Scribus [2013.01.29 16:55:35 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\TuneUp Software [2012.02.21 17:51:19 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\Ulead Systems [2012.08.08 20:52:40 | 000,000,000 | ---D | M] -- C:\Users\Papa.Leon-PC.000\AppData\Roaming\uTorrent [2013.01.26 16:17:34 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB35896$] -> Error: Cannot create file handle -> Unknown point type < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-14 00:08:14
Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\00000061 SAMSUNG_ rev.1AJ1 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Leon\AppData\Local\Temp\kwtdapog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateKey [0x82E45FEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82E45FEC] ZwCreateKey [0x82E45FEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenKey [0x82E45FF1]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82E45FF1] ZwOpenKey [0x82E45FF1]
INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 82E45FFB
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E833C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBCD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 82EC3E74 4 Bytes [EC, 5F, E4, 82] {IN AL, DX; POP EDI; IN AL, 0x82}
.text ntkrnlpa.exe!KeRemoveQueueEx + 137F 82EC4034 4 Bytes [F1, 5F, E4, 82] {INT1 ; POP EDI; IN AL, 0x82}
? C:\Windows\system32\drivers\afd.sys suspicious PE modification
.text C:\Windows\system32\drivers\aksfridge.sys section is writeable [0x9DE99000, 0x49C57, 0xE0000020]
.init C:\Windows\system32\drivers\aksfridge.sys entry point in ".init" section [0x9DEF0224]
.init C:\Windows\system32\drivers\aksfridge.sys unknown last code section [0x9DEF0000, 0x4000, 0xE20000E0]
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0x9DEF4400, 0x6EED8, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9DF7F020] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9DF7F020]
.protectÿÿÿÿhardlockunknown last code section [0x9DF7EE00, 0x50BA, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0x9DF7EE00, 0x50BA, 0xE0000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtCreateFile + 6 76F055CE 4 Bytes [28, AC, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtCreateFile + B 76F055D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtMapViewOfSection + 6 76F05C2E 4 Bytes [28, AF, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtMapViewOfSection + B 76F05C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenFile + 6 76F05CDE 4 Bytes [68, AC, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenFile + B 76F05CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcess + 6 76F05D8E 4 Bytes [A8, AD, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcess + B 76F05D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessToken + 6 76F05D9E 4 Bytes CALL 75F08D50 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessToken + B 76F05DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DAE 4 Bytes [A8, AE, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessTokenEx + B 76F05DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThread + 6 76F05E0E 4 Bytes [68, AD, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThread + B 76F05E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadToken + 6 76F05E1E 4 Bytes [68, AE, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadToken + B 76F05E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E2E 4 Bytes CALL 75F08DE1 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadTokenEx + B 76F05E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryAttributesFile + 6 76F05F3E 4 Bytes [A8, AC, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryAttributesFile + B 76F05F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryFullAttributesFile + 6 76F05FEE 4 Bytes CALL 75F08F9F C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryFullAttributesFile + B 76F05FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationFile + 6 76F0663E 4 Bytes [28, AD, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationFile + B 76F06643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationThread + 6 76F0669E 4 Bytes [28, AE, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationThread + B 76F066A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtUnmapViewOfSection + 6 76F069BE 4 Bytes [68, AF, 2F, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtUnmapViewOfSection + B 76F069C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtCreateFile + 6 76F055CE 4 Bytes [28, A0, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtCreateFile + B 76F055D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtMapViewOfSection + 6 76F05C2E 4 Bytes [28, A3, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtMapViewOfSection + B 76F05C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenFile + 6 76F05CDE 4 Bytes [68, A0, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenFile + B 76F05CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcess + 6 76F05D8E 4 Bytes [A8, A1, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcess + B 76F05D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessToken + 6 76F05D9E 4 Bytes CALL 75F10944 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessToken + B 76F05DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DAE 4 Bytes [A8, A2, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenProcessTokenEx + B 76F05DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThread + 6 76F05E0E 4 Bytes [68, A1, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThread + B 76F05E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadToken + 6 76F05E1E 4 Bytes [68, A2, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadToken + B 76F05E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E2E 4 Bytes CALL 75F109D5 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtOpenThreadTokenEx + B 76F05E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryAttributesFile + 6 76F05F3E 4 Bytes [A8, A0, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryAttributesFile + B 76F05F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryFullAttributesFile + 6 76F05FEE 4 Bytes CALL 75F10B93 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtQueryFullAttributesFile + B 76F05FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationFile + 6 76F0663E 4 Bytes [28, A1, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationFile + B 76F06643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationThread + 6 76F0669E 4 Bytes [28, A2, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtSetInformationThread + B 76F066A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtUnmapViewOfSection + 6 76F069BE 4 Bytes [68, A3, AB, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3036] ntdll.dll!NtUnmapViewOfSection + B 76F069C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtCreateFile + 6 76F055CE 4 Bytes [28, AC, 01, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtCreateFile + B 76F055D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtMapViewOfSection + 6 76F05C2E 4 Bytes [28, AF, 01, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtMapViewOfSection + B 76F05C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenFile + 6 76F05CDE 4 Bytes [68, AC, 01, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenFile + B 76F05CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcess + 6 76F05D8E 4 Bytes [A8, AD, 01, 01] {TEST AL, 0xad; ADD [ECX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcess + B 76F05D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessToken + 6 76F05D9E 4 Bytes CALL 75F15F50 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessToken + B 76F05DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DAE 4 Bytes [A8, AE, 01, 01] {TEST AL, 0xae; ADD [ECX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenProcessTokenEx + B 76F05DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThread + 6 76F05E0E 4 Bytes [68, AD, 01, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThread + B 76F05E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadToken + 6 76F05E1E 4 Bytes [68, AE, 01, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadToken + B 76F05E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E2E 4 Bytes CALL 75F15FE1 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtOpenThreadTokenEx + B 76F05E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryAttributesFile + 6 76F05F3E 4 Bytes [A8, AC, 01, 01] {TEST AL, 0xac; ADD [ECX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryAttributesFile + B 76F05F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryFullAttributesFile + 6 76F05FEE 4 Bytes CALL 75F1619F C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtQueryFullAttributesFile + B 76F05FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationFile + 6 76F0663E 4 Bytes [28, AD, 01, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationFile + B 76F06643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationThread + 6 76F0669E 4 Bytes [28, AE, 01, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtSetInformationThread + B 76F066A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtUnmapViewOfSection + 6 76F069BE 4 Bytes [68, AF, 01, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3056] ntdll.dll!NtUnmapViewOfSection + B 76F069C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtCreateFile + 6 76F055CE 4 Bytes [28, 90, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtCreateFile + B 76F055D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtMapViewOfSection + 6 76F05C2E 4 Bytes [28, 93, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtMapViewOfSection + B 76F05C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenFile + 6 76F05CDE 4 Bytes [68, 90, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenFile + B 76F05CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcess + 6 76F05D8E 4 Bytes [A8, 91, 38, 00] {TEST AL, 0x91; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcess + B 76F05D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcessToken + 6 76F05D9E 4 Bytes CALL 75F09634 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcessToken + B 76F05DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DAE 4 Bytes [A8, 92, 38, 00] {TEST AL, 0x92; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcessTokenEx + B 76F05DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThread + 6 76F05E0E 4 Bytes [68, 91, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThread + B 76F05E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThreadToken + 6 76F05E1E 4 Bytes [68, 92, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThreadToken + B 76F05E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E2E 4 Bytes CALL 75F096C5 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThreadTokenEx + B 76F05E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtQueryAttributesFile + 6 76F05F3E 4 Bytes [A8, 90, 38, 00] {TEST AL, 0x90; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtQueryAttributesFile + B 76F05F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtQueryFullAttributesFile + 6 76F05FEE 4 Bytes CALL 75F09883 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtQueryFullAttributesFile + B 76F05FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtSetInformationFile + 6 76F0663E 4 Bytes [28, 91, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtSetInformationFile + B 76F06643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtSetInformationThread + 6 76F0669E 4 Bytes [28, 92, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtSetInformationThread + B 76F066A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtUnmapViewOfSection + 6 76F069BE 4 Bytes [68, 93, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtUnmapViewOfSection + B 76F069C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtCreateFile + 6 76F055CE 4 Bytes [28, 80, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtCreateFile + B 76F055D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtMapViewOfSection + 6 76F05C2E 4 Bytes [28, 83, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtMapViewOfSection + B 76F05C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenFile + 6 76F05CDE 4 Bytes [68, 80, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenFile + B 76F05CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcess + 6 76F05D8E 4 Bytes [A8, 81, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcess + B 76F05D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcessToken + 6 76F05D9E 4 Bytes CALL 75F09B24 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcessToken + B 76F05DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcessTokenEx + 6 76F05DAE 4 Bytes [A8, 82, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenProcessTokenEx + B 76F05DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThread + 6 76F05E0E 4 Bytes [68, 81, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThread + B 76F05E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThreadToken + 6 76F05E1E 4 Bytes [68, 82, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThreadToken + B 76F05E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThreadTokenEx + 6 76F05E2E 4 Bytes CALL 75F09BB5 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtOpenThreadTokenEx + B 76F05E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtQueryAttributesFile + 6 76F05F3E 4 Bytes [A8, 80, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtQueryAttributesFile + B 76F05F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtQueryFullAttributesFile + 6 76F05FEE 4 Bytes CALL 75F09D73 C:\Windows\system32\SHELL32.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtQueryFullAttributesFile + B 76F05FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtSetInformationFile + 6 76F0663E 4 Bytes [28, 81, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtSetInformationFile + B 76F06643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtSetInformationThread + 6 76F0669E 4 Bytes [28, 82, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtSetInformationThread + B 76F066A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtUnmapViewOfSection + 6 76F069BE 4 Bytes [68, 83, 3D, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3348] ntdll.dll!NtUnmapViewOfSection + B 76F069C3 1 Byte [E2]
---- Devices - GMER 2.1 ----
Device \Driver\partmgr \Device\PartmgrControl aksfridge.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Trace I/O - GMER 2.1 ----
Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8657b698]<< 8657b698
Trace 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85c68a20] 85c68a20
Trace 3 CLASSPNP.SYS[88fab59e] -> nt!IofCallDriver -> [0x86597668] 86597668
Trace \Driver\00000723[0x86553f38] -> IRP_MJ_CREATE -> 0x8657b698 8657b698
---- Modules - GMER 2.1 ----
Module (noname) (*** hidden *** ) 8F29A000-8F2CE000 (212992 bytes)
 |
|
14.07.2013, 05:58
| #2 |
| /// the machine /// TB-Ausbilder    | Click to Continue entfernen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
14.07.2013, 13:40
| #3 |
| | Click to Continue entfernen Ok, hier die FRST.txt:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-07-2013
Ran by Leon (administrator) on 14-07-2013 14:35:23
Running from C:\Users\Leon\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ==================
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [Spybot-S&D Cleaning] - "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.)
MountPoints2: {705fcb28-2f1e-11e1-9b64-806e6f6e6963} - E:\LaunchRC.exe
MountPoints2: {7c90b315-324a-11e1-bc0f-003067a4b1fc} - I:\MediaManager.exe
HKU\Amelie.Leon-PC\...\Run: [AVMUSBFernanschluss] - "C:\Users\Amelie.Leon-PC\AppData\Local\Apps\2.0\QTXPAWG8.BNG\X6B89DC9.4OD\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe" [x]
HKU\Amelie.Leon-PC\...\Run: [Google Update] - "C:\Users\Amelie.Leon-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2013-03-22] (Google Inc.)
HKU\Amelie.Leon-PC\...\Run: [Spybot-S&D Cleaning] - "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Papa\...\Run: [AVMUSBFernanschluss] - "C:\Users\Papa\AppData\Local\Apps\2.0\WN3DQ72K.X8X\4EKHOQBD.D4Z\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [x]
HKU\Papa.Leon-PC.000\...\Run: [Spybot-S&D Cleaning] - "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Papa.Leon-PC.000\...\Run: [Google Update] - "C:\Users\Leon\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]
HKU\Papa.Leon-PC.000\...\RunOnce: [RunCanonMsetUp] - C:\Program Files\Canon\IJ_MSetup4\MCDCHK2.EXE [ 2011-03-10] (CANON INC.)
HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
Startup: C:\Users\Amelie.Leon-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\Amelie.Leon-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Papa.Leon-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197
SearchScopes: HKCU - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DNS Error Helper - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Winsock: Catalog9 27 mswsock.dll File Not found ()
Winsock: Catalog9 28 mswsock.dll File Not found ()
Winsock: Catalog9 29 mswsock.dll File Not found ()
Winsock: Catalog9 30 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Adblock Plus) - C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5_0
CHR Extension: (Adblock for Youtube\u2122) - C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk\1.8_0
========================== Services (Whitelisted) =================
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-07-12] (Flexera Software, Inc.)
S4 hasplms; C:\Windows\system32\hasplms.exe [4889032 2011-12-30] (SafeNet Inc.)
S4 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
S4 mi-raysat_3dsmax2012_32; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [86016 2011-02-23] ()
S4 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2253120 2011-09-23] (NVIDIA Corporation)
S4 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [367560 2011-10-04] (SafeNet Inc.)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2012-01-17] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2013-01-03] (AVM Berlin)
R1 BSMEM; C:\Windows\system32\drivers\BSMEM.sys [17024 2012-07-26] (BIOSTAR Group)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [596424 2011-08-10] (SafeNet Inc.)
S3 LycoFltr; C:\Windows\System32\Drivers\Lycosa.sys [16128 2008-01-18] (Razer USA Ltd.)
S1 MpKsl27a6719c; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F45C2DA3-4E9C-48A6-A3F2-9E0501F87490}\MpKsl27a6719c.sys [x]
S1 MpKslf78d58f6; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85710821-D163-42ED-85CC-3995B8456DBE}\MpKslf78d58f6.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-14 14:35 - 2013-07-14 14:35 - 00000000 ____D C:\FRST
2013-07-14 14:34 - 2013-07-14 14:34 - 01218214 _____ (Farbar) C:\Users\Leon\Desktop\FRST.exe
2013-07-14 00:17 - 2013-07-14 00:17 - 00000470 _____ C:\Users\Leon\Desktop\defogger_disable.log
2013-07-14 00:08 - 2013-07-14 00:08 - 00044607 _____ C:\Users\Leon\Desktop\gmer.log
2013-07-13 23:35 - 2013-07-13 23:35 - 00092588 _____ C:\Users\Leon\Desktop\OTL.Txt
2013-07-13 23:28 - 2013-07-13 23:25 - 00377856 _____ C:\Users\Leon\Desktop\gmer_2.1.19163.exe
2013-07-13 23:25 - 2013-07-13 23:25 - 00377856 _____ C:\Users\Leon\Downloads\gmer_2.1.19163.exe
2013-07-13 23:24 - 2013-07-13 23:06 - 00602112 _____ (OldTimer Tools) C:\Users\Leon\Desktop\OTL.exe
2013-07-13 23:23 - 2013-07-13 23:23 - 00050477 _____ C:\Users\Leon\Downloads\Defogger.exe
2013-07-13 23:23 - 2013-07-13 23:23 - 00050477 _____ C:\Users\Leon\Desktop\Defogger.exe
2013-07-13 23:15 - 2013-07-13 23:15 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Mozilla
2013-07-13 23:06 - 2013-07-13 23:06 - 00602112 _____ (OldTimer Tools) C:\Users\Leon\Downloads\OTL.exe
2013-07-13 23:05 - 2013-07-13 23:05 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Leon\Downloads\JRT.exe
2013-07-13 23:04 - 2013-07-13 23:04 - 00662345 _____ C:\Users\Leon\Downloads\adwcleaner.exe
2013-07-13 18:31 - 2013-07-13 18:31 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-13 18:30 - 2013-07-13 23:45 - 00000000 ____D C:\Windows\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-07-13 18:09 - 2013-07-13 18:09 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 18:07 - 2013-07-13 18:07 - 00012511 _____ C:\AdwCleaner[S1].txt
2013-07-13 18:07 - 2013-07-13 18:07 - 00000168 _____ C:\Windows\DeleteOnReboot.bat
2013-07-13 18:06 - 2013-07-13 18:07 - 00012886 _____ C:\AdwCleaner[R1].txt
2013-07-13 16:57 - 2013-07-13 17:16 - 00323216 _____ C:\Users\Leon\Desktop\CloneTrooperWave.FBX
2013-07-13 02:15 - 2013-07-14 14:26 - 00000448 _____ C:\Windows\setupact.log
2013-07-13 00:12 - 2013-07-13 18:59 - 00000000 ____D C:\Users\Leon\AppData\Local\CrashDumps
2013-07-12 23:52 - 2013-07-12 23:52 - 40932318 _____ C:\Users\Leon\Downloads\blender-2.67b-windows32.exe
2013-07-12 18:23 - 2013-07-12 18:24 - 00000000 ____D C:\Users\Leon\AppData\Local\Autodesk
2013-07-12 18:21 - 2013-07-12 18:21 - 00001980 _____ C:\Users\Public\Desktop\Autodesk 3ds Max.lnk
2013-07-12 18:21 - 2013-07-12 18:21 - 00000000 ____D C:\Users\Leon\Documents\Inventor Server x86 Autodesk 3ds Max 2012 32-bit - German
2013-07-12 18:21 - 2013-07-12 18:21 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-07-12 18:20 - 2013-07-12 18:53 - 00000000 ____D C:\Users\Leon\Documents\3dsMax
2013-07-12 18:19 - 2013-07-13 19:04 - 00000000 ____D C:\Program Files\Autodesk
2013-07-12 18:17 - 2013-07-12 18:21 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2013-07-12 18:11 - 2013-07-12 18:11 - 00000000 ____D C:\Autodesk
2013-07-12 17:09 - 2013-07-13 16:22 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-12 17:08 - 2013-07-14 14:27 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-12 17:08 - 2013-07-14 00:18 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-12 17:08 - 2013-07-12 17:09 - 00000000 ____D C:\Users\Leon\AppData\Local\Google
2013-07-12 17:08 - 2013-07-12 17:09 - 00000000 ____D C:\Program Files\Google
2013-07-12 17:07 - 2013-07-12 17:07 - 00800232 _____ (Google Inc.) C:\Users\Leon\Downloads\ChromeSetup.exe
2013-07-12 17:06 - 2013-07-12 17:06 - 00000000 ____D C:\Users\Leon\AppData\Local\Mozilla
2013-07-12 17:05 - 2013-07-14 14:34 - 00000910 _____ C:\Users\Leon\AppData\Roaming\Safer-Networking.log
2013-07-12 17:04 - 2013-07-13 23:57 - 00000000 ____D C:\Users\Leon\AppData\Local\VirtualStore
2013-07-12 17:03 - 2013-07-12 17:03 - 00000000 ____D C:\Users\Leon\AppData\Local\Apps\2.0
2013-07-12 15:09 - 2013-07-12 18:26 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Autodesk
2013-07-11 22:21 - 2013-07-12 13:49 - 00001242 _____ C:\Users\Leon\Desktop\Star Wars Republic Commando.lnk
2013-07-11 21:42 - 2013-07-11 21:45 - 00000000 ____D C:\Users\Leon\Desktop\Star Wars Republic Commando II - Kopie
2013-07-11 20:56 - 2013-07-11 20:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-11 15:18 - 2013-07-11 15:18 - 00001739 _____ C:\Users\Leon\Desktop\UDK.lnk
2013-07-11 13:47 - 2013-07-11 13:50 - 00000000 ____D C:\Users\Leon\AppData\Roaming\.minecraft
2013-07-11 13:36 - 2013-07-11 13:36 - 00001120 _____ C:\Windows\avmacc.log
2013-07-11 00:20 - 2013-07-11 00:20 - 00000000 ____D C:\UDK
2013-07-11 00:07 - 2013-07-11 00:18 - 1991390952 _____ (Epic Games, Inc.) C:\Users\Leon\Downloads\UDKInstall-2013-02-BETA2.exe
2013-07-10 20:11 - 2013-07-10 20:11 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Startmenü
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Netzwerkumgebung
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Druckumgebung
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Musik
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-07-10 20:11 - 2013-01-26 16:17 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\TuneUp Software
2013-07-10 20:11 - 2012-01-02 23:25 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2013-07-10 20:11 - 2011-09-23 00:40 - 03074368 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-07-10 20:11 - 2011-09-23 00:40 - 00602432 _____ (NVIDIA Corporation) C:\Windows\system32\easyupdatusapiu.dll
2013-07-10 20:11 - 2009-07-14 04:04 - 00000000 ___RD C:\Users\UpdatusUser\Desktop
2013-07-10 20:10 - 2011-09-23 00:40 - 18870592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2013-07-10 20:10 - 2011-09-23 00:40 - 17248576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-07-10 20:10 - 2011-09-23 00:40 - 13200704 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2013-07-10 20:10 - 2011-09-23 00:40 - 10318656 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-07-10 20:10 - 2011-09-23 00:40 - 05576000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-07-10 20:10 - 2011-09-23 00:40 - 02401088 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-07-10 20:10 - 2011-09-23 00:40 - 02099520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-07-10 20:10 - 2011-09-23 00:40 - 00919872 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco32.dll
2013-07-10 20:10 - 2011-09-23 00:40 - 00877376 _____ (NVIDIA Corporation) C:\Windows\system32\nvgenco32.dll
2013-07-10 20:10 - 2011-09-23 00:40 - 00061248 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-07-10 20:10 - 2011-07-08 01:21 - 00876136 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco3220102.dll
2013-07-10 20:10 - 2011-07-08 01:21 - 00139880 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys
2013-07-10 20:10 - 2011-07-08 01:21 - 00026216 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll
2013-07-10 20:03 - 2013-07-10 20:18 - 00000000 ____D C:\Users\Leon\Documents\Battlefield 3
2013-07-10 19:27 - 2013-07-10 20:26 - 00000000 ____D C:\Program Files\Battlefield 3
2013-07-10 19:27 - 2013-07-10 19:27 - 00000975 _____ C:\Users\Leon\Desktop\Battlefield 3.lnk
2013-07-10 15:44 - 2013-07-11 00:23 - 00000000 ____D C:\Users\Leon\AppData\Roaming\NVIDIA
2013-07-09 19:03 - 2013-07-14 00:13 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1001UA.job
2013-07-09 19:03 - 2013-07-12 15:13 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1001Core.job
2013-07-09 19:03 - 2013-07-09 19:03 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-07-09 18:40 - 2011-09-23 00:40 - 07183168 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2013-07-09 18:40 - 2011-09-23 00:40 - 02458432 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2013-07-09 18:40 - 2010-07-10 00:37 - 00314984 _____ (NVIDIA Corporation) C:\Windows\system32\nvdecodemft.dll
2013-07-09 18:40 - 2010-07-10 00:37 - 00236136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod1922.dll
2013-07-09 18:40 - 2010-07-10 00:37 - 00236136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod.dll
2013-07-09 18:40 - 2010-07-10 00:37 - 00010920 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvBridge.kmd
2013-07-09 18:21 - 2013-07-09 18:21 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-09 18:20 - 2013-07-09 18:20 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-09 18:20 - 2013-07-09 18:20 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-09 18:20 - 2013-07-09 18:20 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-09 18:20 - 2013-07-09 18:20 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-09 18:16 - 2012-07-26 16:05 - 00017024 _____ (BIOSTAR Group) C:\Windows\system32\Drivers\BSMEM.sys
2013-07-09 16:27 - 2013-07-09 16:27 - 00000000 ____D C:\NVIDIA
2013-07-09 14:21 - 2013-07-09 14:21 - 00148968 _____ C:\Windows\Minidump\070913-18220-01.dmp
2013-07-09 14:19 - 2013-07-09 14:19 - 00148968 _____ C:\Windows\Minidump\070913-20155-01.dmp
2013-07-09 14:09 - 2013-07-09 14:09 - 00149792 _____ C:\Windows\Minidump\070913-15740-01.dmp
2013-07-09 14:06 - 2013-07-09 14:06 - 00149744 _____ C:\Windows\Minidump\070913-19905-01.dmp
2013-07-09 14:02 - 2013-07-09 14:02 - 00148920 _____ C:\Windows\Minidump\070913-15194-01.dmp
2013-07-09 14:00 - 2013-07-09 14:21 - 00000000 ____D C:\Windows\Minidump
2013-07-09 14:00 - 2013-07-09 14:20 - 173592306 _____ C:\Windows\MEMORY.DMP
2013-07-09 14:00 - 2013-07-09 14:00 - 00148920 _____ C:\Windows\Minidump\070913-20748-01.dmp
2013-07-09 12:37 - 2013-07-11 13:35 - 00000182 _____ C:\Users\Amelie.Leon-PC\AppData\Roaming\Safer-Networking.log
2013-07-09 11:11 - 2013-07-09 11:12 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Apple Computer
2013-07-09 11:11 - 2013-07-09 11:11 - 00000000 ____D C:\ProgramData\Apple
2013-07-09 10:50 - 2013-07-09 10:50 - 00007605 _____ C:\Users\Leon\AppData\Local\Resmon.ResmonCfg
2013-07-09 10:39 - 2013-07-09 10:39 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Canon
2013-07-03 17:25 - 2013-07-03 17:25 - 00000000 ____D C:\Users\Amelie.Leon-PC\AppData\Roaming\Canon
2013-07-01 17:21 - 2013-07-01 17:21 - 00000000 ____D C:\Users\Papa.Leon-PC.000\AppData\Roaming\Canon
2013-07-01 17:06 - 2013-07-01 17:06 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-07-01 17:06 - 2013-07-01 17:06 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-07-01 17:03 - 2013-07-01 17:03 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-07-01 17:03 - 2013-07-01 17:03 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-07-01 17:03 - 2012-04-16 05:00 - 00314880 _____ (CANON INC.) C:\Windows\system32\CNMLMBA.DLL
2013-07-01 17:02 - 2013-07-01 17:02 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-01 17:02 - 2013-07-01 17:02 - 00000000 ____D C:\Windows\system32\STRING
2013-07-01 17:02 - 2012-03-28 19:00 - 00035840 _____ (CANON INC.) C:\Windows\system32\CNMNPUI.DLL
2013-07-01 16:59 - 2013-07-01 16:59 - 00000000 ___HD C:\ProgramData\CanonIJETV
2013-07-01 16:58 - 2013-07-09 11:23 - 00000000 ____D C:\Program Files\Canon
2013-06-30 18:17 - 2013-06-30 18:17 - 00546732 _____ C:\Users\Leon\AppData\Local\CloneOnSpeederbike.blend
2013-06-30 14:36 - 2013-06-30 14:37 - 00000000 ____D C:\Users\Leon\Desktop\Star Wars Republic Commando II Development Files
2013-06-29 23:50 - 2013-07-09 11:05 - 00000000 ____D C:\Fraps
2013-06-29 23:50 - 2013-06-29 23:50 - 00000568 _____ C:\Users\Public\Desktop\Fraps.lnk
2013-06-29 23:16 - 2013-06-29 23:16 - 00990472 _____ C:\Users\Leon\AppData\Local\CloneTrooper.blend
==================== One Month Modified Files and Folders =======
2013-07-14 14:35 - 2013-07-14 14:35 - 00000000 ____D C:\FRST
2013-07-14 14:35 - 2011-12-25 19:44 - 00000000 ___RD C:\Users\Leon\Desktop
2013-07-14 14:34 - 2013-07-14 14:34 - 01218214 _____ (Farbar) C:\Users\Leon\Desktop\FRST.exe
2013-07-14 14:34 - 2013-07-12 17:05 - 00000910 _____ C:\Users\Leon\AppData\Roaming\Safer-Networking.log
2013-07-14 14:27 - 2013-07-12 17:08 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-14 14:26 - 2013-07-13 02:15 - 00000448 _____ C:\Windows\setupact.log
2013-07-14 14:26 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-14 00:18 - 2013-07-12 17:08 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-14 00:17 - 2013-07-14 00:17 - 00000470 _____ C:\Users\Leon\Desktop\defogger_disable.log
2013-07-14 00:17 - 2011-12-25 19:44 - 00000000 ____D C:\Users\Leon
2013-07-14 00:13 - 2013-07-09 19:03 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1001UA.job
2013-07-14 00:08 - 2013-07-14 00:08 - 00044607 _____ C:\Users\Leon\Desktop\gmer.log
2013-07-14 00:04 - 2009-07-14 06:34 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-14 00:04 - 2009-07-14 06:34 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-13 23:59 - 2012-04-06 20:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-13 23:58 - 2012-11-19 17:20 - 00000000 ___RD C:\Users\Leon\Desktop\umodel_win32
2013-07-13 23:57 - 2013-07-12 17:04 - 00000000 ____D C:\Users\Leon\AppData\Local\VirtualStore
2013-07-13 23:53 - 2013-03-24 01:48 - 00000000 ____D C:\Users\Leon\Desktop\Star Wars Republic Commando II
2013-07-13 23:53 - 2013-03-10 12:39 - 00000000 ____D C:\Users\Leon\Desktop\Neuer Ordner
2013-07-13 23:46 - 2013-07-13 18:31 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-13 23:45 - 2013-07-13 18:30 - 00000000 ____D C:\Windows\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-07-13 23:44 - 2013-03-22 18:11 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1003UA.job
2013-07-13 23:35 - 2013-07-13 23:35 - 00092588 _____ C:\Users\Leon\Desktop\OTL.Txt
2013-07-13 23:25 - 2013-07-13 23:28 - 00377856 _____ C:\Users\Leon\Desktop\gmer_2.1.19163.exe
2013-07-13 23:25 - 2013-07-13 23:25 - 00377856 _____ C:\Users\Leon\Downloads\gmer_2.1.19163.exe
2013-07-13 23:23 - 2013-07-13 23:23 - 00050477 _____ C:\Users\Leon\Downloads\Defogger.exe
2013-07-13 23:23 - 2013-07-13 23:23 - 00050477 _____ C:\Users\Leon\Desktop\Defogger.exe
2013-07-13 23:15 - 2013-07-13 23:15 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Mozilla
2013-07-13 23:06 - 2013-07-13 23:24 - 00602112 _____ (OldTimer Tools) C:\Users\Leon\Desktop\OTL.exe
2013-07-13 23:06 - 2013-07-13 23:06 - 00602112 _____ (OldTimer Tools) C:\Users\Leon\Downloads\OTL.exe
2013-07-13 23:05 - 2013-07-13 23:05 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Leon\Downloads\JRT.exe
2013-07-13 23:04 - 2013-07-13 23:04 - 00662345 _____ C:\Users\Leon\Downloads\adwcleaner.exe
2013-07-13 19:04 - 2013-07-12 18:19 - 00000000 ____D C:\Program Files\Autodesk
2013-07-13 18:59 - 2013-07-13 00:12 - 00000000 ____D C:\Users\Leon\AppData\Local\CrashDumps
2013-07-13 18:56 - 2013-05-22 17:08 - 00026118 _____ C:\Windows\WindowsUpdate.log
2013-07-13 18:44 - 2013-03-22 18:11 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1003Core.job
2013-07-13 18:30 - 2012-02-21 16:41 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-07-13 18:26 - 2013-03-24 12:53 - 00238494 _____ C:\Windows\PFRO.log
2013-07-13 18:09 - 2013-07-13 18:09 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 18:07 - 2013-07-13 18:07 - 00012511 _____ C:\AdwCleaner[S1].txt
2013-07-13 18:07 - 2013-07-13 18:07 - 00000168 _____ C:\Windows\DeleteOnReboot.bat
2013-07-13 18:07 - 2013-07-13 18:06 - 00012886 _____ C:\AdwCleaner[R1].txt
2013-07-13 17:49 - 2012-09-01 17:07 - 00000000 ____D C:\Users\Leon\AppData\Local\Paint.NET
2013-07-13 17:16 - 2013-07-13 16:57 - 00323216 _____ C:\Users\Leon\Desktop\CloneTrooperWave.FBX
2013-07-13 16:22 - 2013-07-12 17:09 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-12 23:52 - 2013-07-12 23:52 - 40932318 _____ C:\Users\Leon\Downloads\blender-2.67b-windows32.exe
2013-07-12 18:53 - 2013-07-12 18:20 - 00000000 ____D C:\Users\Leon\Documents\3dsMax
2013-07-12 18:33 - 2012-04-24 20:28 - 00000000 ____D C:\ProgramData\FLEXnet
2013-07-12 18:26 - 2013-07-12 15:09 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Autodesk
2013-07-12 18:24 - 2013-07-12 18:23 - 00000000 ____D C:\Users\Leon\AppData\Local\Autodesk
2013-07-12 18:23 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-12 18:21 - 2013-07-12 18:21 - 00001980 _____ C:\Users\Public\Desktop\Autodesk 3ds Max.lnk
2013-07-12 18:21 - 2013-07-12 18:21 - 00000000 ____D C:\Users\Leon\Documents\Inventor Server x86 Autodesk 3ds Max 2012 32-bit - German
2013-07-12 18:21 - 2013-07-12 18:21 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-07-12 18:21 - 2013-07-12 18:17 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2013-07-12 18:21 - 2013-01-10 19:25 - 00000000 ____D C:\ProgramData\Autodesk
2013-07-12 18:19 - 2009-07-14 04:04 - 00017716 _____ C:\Windows\system32\Drivers\etc\services
2013-07-12 18:11 - 2013-07-12 18:11 - 00000000 ____D C:\Autodesk
2013-07-12 17:09 - 2013-07-12 17:08 - 00000000 ____D C:\Users\Leon\AppData\Local\Google
2013-07-12 17:09 - 2013-07-12 17:08 - 00000000 ____D C:\Program Files\Google
2013-07-12 17:07 - 2013-07-12 17:07 - 00800232 _____ (Google Inc.) C:\Users\Leon\Downloads\ChromeSetup.exe
2013-07-12 17:06 - 2013-07-12 17:06 - 00000000 ____D C:\Users\Leon\AppData\Local\Mozilla
2013-07-12 17:03 - 2013-07-12 17:03 - 00000000 ____D C:\Users\Leon\AppData\Local\Apps\2.0
2013-07-12 15:13 - 2013-07-09 19:03 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1001Core.job
2013-07-12 15:06 - 2011-12-25 19:47 - 01612310 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-12 13:49 - 2013-07-11 22:21 - 00001242 _____ C:\Users\Leon\Desktop\Star Wars Republic Commando.lnk
2013-07-12 12:56 - 2011-12-25 21:11 - 00000000 ____D C:\Program Files\LucasArts
2013-07-11 22:24 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2013-07-11 22:12 - 2011-12-25 21:12 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-11 21:45 - 2013-07-11 21:42 - 00000000 ____D C:\Users\Leon\Desktop\Star Wars Republic Commando II - Kopie
2013-07-11 20:56 - 2013-07-11 20:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-11 18:53 - 2012-08-29 19:09 - 00000000 ____D C:\Windows\pss
2013-07-11 15:18 - 2013-07-11 15:18 - 00001739 _____ C:\Users\Leon\Desktop\UDK.lnk
2013-07-11 15:08 - 2012-02-10 22:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-11 13:50 - 2013-07-11 13:47 - 00000000 ____D C:\Users\Leon\AppData\Roaming\.minecraft
2013-07-11 13:36 - 2013-07-11 13:36 - 00001120 _____ C:\Windows\avmacc.log
2013-07-11 13:35 - 2013-07-09 12:37 - 00000182 _____ C:\Users\Amelie.Leon-PC\AppData\Roaming\Safer-Networking.log
2013-07-11 13:35 - 2013-01-03 20:46 - 00000000 ____D C:\Users\Amelie.Leon-PC\AppData\Roaming\FRITZ!
2013-07-11 00:23 - 2013-07-10 15:44 - 00000000 ____D C:\Users\Leon\AppData\Roaming\NVIDIA
2013-07-11 00:20 - 2013-07-11 00:20 - 00000000 ____D C:\UDK
2013-07-11 00:20 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-07-11 00:18 - 2013-07-11 00:07 - 1991390952 _____ (Epic Games, Inc.) C:\Users\Leon\Downloads\UDKInstall-2013-02-BETA2.exe
2013-07-10 20:26 - 2013-07-10 19:27 - 00000000 ____D C:\Program Files\Battlefield 3
2013-07-10 20:18 - 2013-07-10 20:03 - 00000000 ____D C:\Users\Leon\Documents\Battlefield 3
2013-07-10 20:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\DriverStore
2013-07-10 20:12 - 2012-02-10 22:39 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-10 20:11 - 2013-07-10 20:11 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Startmenü
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Netzwerkumgebung
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Druckumgebung
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Musik
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-07-10 19:27 - 2013-07-10 19:27 - 00000975 _____ C:\Users\Leon\Desktop\Battlefield 3.lnk
2013-07-10 16:24 - 2012-01-09 19:56 - 00000000 ____D C:\Program Files\tamasoftware
2013-07-10 16:18 - 2012-07-08 16:29 - 00000000 ____D C:\Users\Leon\AppData\Roaming\DVDVideoSoft
2013-07-10 16:10 - 2012-01-02 23:25 - 00000000 ____D C:\Program Files\Adobe
2013-07-10 16:05 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Microsoft Games
2013-07-09 19:03 - 2013-07-09 19:03 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-07-09 18:41 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help
2013-07-09 18:21 - 2013-07-09 18:21 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-09 18:20 - 2013-07-09 18:20 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-09 18:20 - 2013-07-09 18:20 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-09 18:20 - 2013-07-09 18:20 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-09 18:20 - 2013-07-09 18:20 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-09 18:20 - 2012-08-13 19:12 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-09 18:20 - 2011-12-25 21:14 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-09 18:20 - 2011-12-25 21:14 - 00000000 ____D C:\Program Files\Java
2013-07-09 16:27 - 2013-07-09 16:27 - 00000000 ____D C:\NVIDIA
2013-07-09 15:27 - 2012-02-10 22:39 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-09 15:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-07-09 14:21 - 2013-07-09 14:21 - 00148968 _____ C:\Windows\Minidump\070913-18220-01.dmp
2013-07-09 14:21 - 2013-07-09 14:00 - 00000000 ____D C:\Windows\Minidump
2013-07-09 14:20 - 2013-07-09 14:00 - 173592306 _____ C:\Windows\MEMORY.DMP
2013-07-09 14:19 - 2013-07-09 14:19 - 00148968 _____ C:\Windows\Minidump\070913-20155-01.dmp
2013-07-09 14:09 - 2013-07-09 14:09 - 00149792 _____ C:\Windows\Minidump\070913-15740-01.dmp
2013-07-09 14:06 - 2013-07-09 14:06 - 00149744 _____ C:\Windows\Minidump\070913-19905-01.dmp
2013-07-09 14:02 - 2013-07-09 14:02 - 00148920 _____ C:\Windows\Minidump\070913-15194-01.dmp
2013-07-09 14:00 - 2013-07-09 14:00 - 00148920 _____ C:\Windows\Minidump\070913-20748-01.dmp
2013-07-09 11:30 - 2012-02-18 16:34 - 00000000 ____D C:\Users\Papa.Leon-PC.000
2013-07-09 11:30 - 2012-01-15 15:53 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-07-09 11:29 - 2012-01-15 15:53 - 00000000 ____D C:\ProgramData\CyberLink
2013-07-09 11:23 - 2013-07-01 16:58 - 00000000 ____D C:\Program Files\Canon
2013-07-09 11:20 - 2011-12-26 22:29 - 00000000 ____D C:\Users\Amelie.Leon-PC
2013-07-09 11:12 - 2013-07-09 11:11 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Apple Computer
2013-07-09 11:11 - 2013-07-09 11:11 - 00000000 ____D C:\ProgramData\Apple
2013-07-09 11:11 - 2013-03-24 01:40 - 00001228 _____ C:\Users\Leon\Desktop\Revo Uninstaller.lnk
2013-07-09 11:05 - 2013-06-29 23:50 - 00000000 ____D C:\Fraps
2013-07-09 10:50 - 2013-07-09 10:50 - 00007605 _____ C:\Users\Leon\AppData\Local\Resmon.ResmonCfg
2013-07-09 10:39 - 2013-07-09 10:39 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Canon
2013-07-03 17:25 - 2013-07-03 17:25 - 00000000 ____D C:\Users\Amelie.Leon-PC\AppData\Roaming\Canon
2013-07-01 17:21 - 2013-07-01 17:21 - 00000000 ____D C:\Users\Papa.Leon-PC.000\AppData\Roaming\Canon
2013-07-01 17:21 - 2012-02-21 16:24 - 00132752 _____ C:\Users\Papa.Leon-PC.000\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-01 17:06 - 2013-07-01 17:06 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-07-01 17:06 - 2013-07-01 17:06 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-07-01 17:03 - 2013-07-01 17:03 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-07-01 17:03 - 2013-07-01 17:03 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-07-01 17:02 - 2013-07-01 17:02 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-01 17:02 - 2013-07-01 17:02 - 00000000 ____D C:\Windows\system32\STRING
2013-07-01 16:59 - 2013-07-01 16:59 - 00000000 ___HD C:\ProgramData\CanonIJETV
2013-06-30 18:17 - 2013-06-30 18:17 - 00546732 _____ C:\Users\Leon\AppData\Local\CloneOnSpeederbike.blend
2013-06-30 14:37 - 2013-06-30 14:36 - 00000000 ____D C:\Users\Leon\Desktop\Star Wars Republic Commando II Development Files
2013-06-29 23:59 - 2012-01-04 23:36 - 00000000 ____D C:\Users\Leon\AppData\Roaming\vlc
2013-06-29 23:50 - 2013-06-29 23:50 - 00000568 _____ C:\Users\Public\Desktop\Fraps.lnk
2013-06-29 23:35 - 2012-03-28 21:37 - 00000000 ____D C:\tmp
2013-06-29 23:16 - 2013-06-29 23:16 - 00990472 _____ C:\Users\Leon\AppData\Local\CloneTrooper.blend
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-09 12:10
==================== End Of Log ============================
und hier die Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-07-2013 Ran by Leon at 2013-07-14 14:36:04 Running from C:\Users\Leon\Desktop Boot Mode: Normal ========================================================== 1.0 Adobe Flash Player 11 ActiveX (Version: 11.3.300.271) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Reader X (10.1.4) - Deutsch (Version: 10.1.4) Audacity 2.0 Autodesk 3ds Max 2012 32-bit - German (Version: 14.0) Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 Autodesk Material Library 2012 (Version: 2.5.0.8) Autodesk Material Library Base Resolution Image Library 2012 (Version: 2.5.0.8) Autodesk Material Library Medium Resolution Image Library 2012 (Version: 2.5.0.8) AVG 2012 (Version: 12.0.1913) AVG 2012 (Version: 12.0.2127) AVG 2012 (Version: 12.0.2169) AVG 2012 (Version: 12.0.2171) AVG 2012 (Version: 12.0.2176) AVG 2012 (Version: 12.0.2178) AVG 2012 (Version: 12.0.2180) AVG 2012 (Version: 12.0.2193) AVG 2012 (Version: 12.0.2195) AVG 2012 (Version: 12.0.2197) AVG 2012 (Version: 12.0.2221) AVM FRITZ!Box USB-Fernanschluss (HKCU Version: 2.2.1.0) AVM FRITZ!DSL (Version: 2.04.02) Blender (Version: 2.67b) Canon iP7200 series Printer Driver Common (Version: 14.0.0.342) Contents (Version: 14.0.0.342) Corel PaintShop Pro X4 (Version: 14.0.0.345) Corel PaintShop Pro X4 (Version: 14.2.0.1) Corel VideoStudio Pro X4 (Version: 14.0.0.342) CyberLink Power2Go (Version: 6.0.3003) DeviceIO (Version: 14.0.0.342) Far Cry (Version: 1.00.0000) Fraps GIMP 2.8.4 (Version: 2.8.4) Google Chrome (HKCU Version: 28.0.1500.71) Google Chrome (Version: 28.0.1500.72) Google Update Helper (Version: 1.3.21.153) ICA (Version: 14.0.0.342) ICA (Version: 14.0.0.345) IPM_PSP_COM (Version: 14.0.0.345) IPM_VS_Pro (Version: 13.0) ISCOM (Version: 14.0.0.342) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) JavaFX 2.1.1 (Version: 2.1.1) LeoCAD MFC RunTime files (Version: 1.0.0) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2) Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Mozilla Thunderbird 13.0.1 (x86 de) (Version: 13.0.1) MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0) MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) NVIDIA 3D Vision Controller-Treiber 285.38 (Version: 285.38) NVIDIA 3D Vision Treiber 285.38 (Version: 285.38) NVIDIA Display Control Panel (Version: 6.14.12.5896) NVIDIA Grafiktreiber 285.38 (Version: 285.38) NVIDIA HD-Audiotreiber 1.2.24.0 (Version: 1.2.24.0) NVIDIA Install Application (Version: 2.1002.45.235) NVIDIA PhysX (Version: 9.11.0621) NVIDIA PhysX-Systemsoftware 9.11.0621 (Version: 9.11.0621) NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8538) NVIDIA Systemsteuerung 285.38 (Version: 285.38) NVIDIA Update 1.5.20 (Version: 1.5.20) NVIDIA Update Components (Version: 1.5.20) OpenOffice.org 3.4.1 (Version: 3.41.9593) Paint.NET v3.5.10 (Version: 3.60.0) PSPPContent (Version: 14.0.0.345) PSPPHelp (Version: 14.0.0.345) PureHD (Version: 14.0.0.342) QuickTime (Version: 7.55.90.70) Revo Uninstaller 1.95 (Version: 1.95) Setup (Version: 14.0.0.342) Setup (Version: 14.0.0.345) Share (Version: 14.0.0.342) Spybot - Search & Destroy (Version: 2.0.12) Star Wars Empire at War (Version: 1.0) Star Wars Empire at War Forces of Corruption (Version: 1.0) Star Wars Republic Commando (Version: 1.0) Unreal Development Kit: 2013-02 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) VIO (Version: 14.0.0.342) Visual C++ 9.0 ATL (x86) WinSXS MSM (Version: 9.0) VLC media player 2.0.1 (Version: 2.0.1) VSClassic (Version: 14.0.0.342) VSPro (Version: 14.0.0.342) Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2) WinRAR 4.10 (32-Bit) (Version: 4.10.0) ==================== Restore Points ========================= 11-07-2013 20:05:43 Revo Uninstaller's restore point - Star Wars Republic Commando 11-07-2013 20:06:19 Entfernt Star Wars Republic Commando 11-07-2013 20:12:09 Installiert Star Wars Republic Commando 11-07-2013 20:25:21 Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 1.75.0.1300 12-07-2013 11:26:00 Revo Uninstaller's restore point - RayFire 1.62 - 3ds Max 2012 - 32 bit - Demo 12-07-2013 15:09:47 Revo Uninstaller's restore point - Mozilla Firefox 22.0 (x86 de) 12-07-2013 15:20:22 Revo Uninstaller's restore point - Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 12-07-2013 15:34:20 Microsoft Visual C++ 2005 Redistributable wird installiert 12-07-2013 16:17:06 DirectX wurde installiert 13-07-2013 16:30:47 Installed SpyHunter 13-07-2013 16:55:37 Revo Uninstaller's restore point - Windows Media Encoder 9 Series 13-07-2013 16:58:16 Revo Uninstaller's restore point - Composite 2012 13-07-2013 17:01:49 Revo Uninstaller's restore point - Autodesk Backburner 2012.0.0 13-07-2013 21:44:11 Revo Uninstaller's restore point - SpyHunter 13-07-2013 21:44:29 Removed SpyHunter ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0456AE96-C0B3-4977-8CDE-AC17E483055F} - System32\Tasks\{EFEA9BAA-580F-4031-BECF-931B96819A38} => C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe [2007-08-02] (Lucasfilm Entertainment Company, Ltd.) Task: {05B3B6C2-2610-431B-AEB6-605278DEEB69} - System32\Tasks\{0CEE7002-E56B-446A-BBE6-76FABC37EE85} => E:\Launcher.exe No File Task: {08BECB25-E740-48BD-A1DD-1451B36CB826} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1348207587-1662218007-360504778-1003 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {16A79DA2-E035-4CFE-93E9-1AD14BEF1B74} - System32\Tasks\{D2488E72-32A1-430B-97A9-E86FE7A614F8} => C:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\UnrealEd.exe [2005-01-25] () Task: {17A2FAEC-2360-4E1C-8979-E0791E3BBEF3} - System32\Tasks\RunAsStdUser Task => C:\Users\Leon\AppData\Local\ClickPotatoLiteSA\bin\12.0.15.0\ClickPotatoLiteSA.exe No File Task: {2536BD77-7CD7-47DC-B6BD-9BB21A68D57B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1001Core => C:\Users\Leon\AppData\Local\Google\Update\GoogleUpdate.exe No File Task: {26753835-2B47-48EE-B596-551E9F5CDE21} - System32\Tasks\{D8995A56-CCC4-4ED9-8E62-DD8F024203BE} => C:\Program Files\LucasArts\Star Wars Republic Commando\LaunchRC.exe [2004-12-10] () Task: {4B389D2E-FE11-479F-8668-7C55D5CEFEFE} - System32\Tasks\{F288E377-BBED-43A4-BFBF-6EEDFD454E5D} => C:\Program Files\LucasArts\Star Wars Republic Commando\LaunchRC.exe [2004-12-10] () Task: {52DDBA02-F762-475A-A423-6938F2DE8D21} - System32\Tasks\{02E60209-6369-4762-8295-2C2EDB23DE03} => C:\Users\Leon\Desktop\Halo 2 Windows XP-Vista-7 full game singleplayer ^^nosTEAM^^\Halo 2\play-halo2-windows-Vista-7.exe No File Task: {655144A3-2019-4476-8FCC-AC8CC6D20EBA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe No File Task: {65F3AAFC-E389-4E93-A049-D06FB65EB382} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {66B66B68-822A-43AB-8188-0FBE17C98560} - System32\Tasks\{00637589-8909-436A-A6DC-154A02D17638} => C:\Users\Leon\Desktop\umodel_win32\umodel.exe [2012-11-19] () Task: {68D95853-0AA6-44E7-BA94-4105A8550358} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1003Core => C:\Users\Amelie.Leon-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-22] (Google Inc.) Task: {6B689D84-AE23-4172-9466-B7967ED147CF} - System32\Tasks\{99261851-0C1F-4BDB-857B-7FB2DE5C2A98} => C:\Program Files\LucasArts\Star Wars Republic Commando\LaunchRC.exe [2004-12-10] () Task: {6D138550-1C0D-4271-9EE9-6AD365DE769C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1001UA => C:\Users\Leon\AppData\Local\Google\Update\GoogleUpdate.exe No File Task: {6E7DD060-8EDB-428C-A466-16471BFBB300} - System32\Tasks\{3D820937-D612-47FE-8EEB-CF1135A3BEC3} => C:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\UnrealEd.exe [2005-01-25] () Task: {7E004D56-2C8A-4804-96F2-EC4E2443B673} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation) Task: {7F9D6C30-9FD9-49F5-B09D-7E77898A9325} - System32\Tasks\YourFile Update => C:\Program Files\YourFileDownloader\YourFileUpdater.exe No File Task: {7FA8980A-6340-4D28-98CA-9EE1C84DD81B} - System32\Tasks\{54EE520B-50A1-453B-BD9F-4BD2B852A205} => C:\Program Files\LucasArts\Star Wars Republic Commando\LaunchRC.exe [2004-12-10] () Task: {81236116-5D6C-4760-9A7F-5970C1DA8AD0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.) Task: {8A1123C8-EBCF-40EF-B27E-93B1085B05CA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe No File Task: {96104AEA-5259-4B5C-AF27-2737F5BE9AFF} - System32\Tasks\{BC395E20-D2C4-47A4-B500-0C30420388D5} => C:\Users\Leon\Desktop\Halo 2 Windows XP-Vista-7 full game singleplayer ^^nosTEAM^^\Halo 2\play-halo2-windows-Vista-7.exe No File Task: {A19FAD19-8B9C-4334-8AAF-06F0C6B3D001} - System32\Tasks\Express Files Updater => C:\Program Files\ExpressFiles\EFupdater.exe No File Task: {A460D7EE-6C1B-4C95-AA0E-C19C934ED038} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe No File Task: {AA144376-97DE-41DD-9356-7947C62EB200} - System32\Tasks\{A34C2115-A6C4-40F7-BA4A-D9516C6C1A8D} => C:\Program Files\LucasArts\Star Wars Republic Commando\LaunchRC.exe [2004-12-10] () Task: {AE626ADE-5BD0-4B77-9F3D-A3F63703F849} - System32\Tasks\{B1B72BDA-9270-4858-8AB5-34F689B9661F} => C:\Program Files\LucasArts\Star Wars Republic Commando\LaunchRC.exe [2004-12-10] () Task: {B88F8C1E-92B8-43CF-A4CC-D3108736C5B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {B99F89AB-8238-4BD0-B76C-EF711ED10AF6} - System32\Tasks\{E16A9F8D-48E6-40D1-B0FC-15AFEEFB6FC1} => C:\Users\Leon\Desktop\Star Wars Republic Commando Direct-Play{Dotcom1}\Star Wars Republic Commando\GameData\System\START_Dotcom1_Rip.exe No File Task: {C7141E80-229F-4B7D-9239-613249EA465D} - System32\Tasks\{84593651-BF7D-4227-8665-7C3E43252E87} => C:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\UnrealEd.exe [2005-01-25] () Task: {C7239465-638D-47BB-997E-807FF140CEE2} - System32\Tasks\{8BE343E0-4D06-45CB-8AE9-291FB81FA328} => C:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\UnrealEd.exe [2005-01-25] () Task: {D237CACA-131D-4CD7-AA44-D4A8E44B2D9B} - System32\Tasks\{8B08CE0F-F33F-4E9D-B8CC-4EE72B995051} => C:\Program Files\LucasArts\Star Wars Republic Commando\GameData\System\UnrealEd.exe [2005-01-25] () Task: {E040DF5C-C8E3-441C-B374-DA78CA5435D1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1003UA => C:\Users\Amelie.Leon-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-22] (Google Inc.) Task: {F750D812-8CBE-48B7-B0C7-988199F83192} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-12] (Google Inc.) Task: {FA92FA5B-9F01-4044-9F43-A9F5B5A82379} - System32\Tasks\{116B4B91-4709-4110-9D07-49622FFF74B0} => C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe [2007-08-02] (Lucasfilm Entertainment Company, Ltd.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1001Core.job => C:\Users\Leon\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1001UA.job => C:\Users\Leon\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1003Core.job => C:\Users\Amelie.Leon-PC\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1003UA.job => C:\Users\Amelie.Leon-PC\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: MpKslf78d58f6 Description: MpKslf78d58f6 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: MpKslf78d58f6 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/13/2013 07:06:40 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: nvcplui.exe, Version: 3.9.730.0, Zeitstempel: 0x4e7b6a18 Name des fehlerhaften Moduls: NVCPL.DLL_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4e7b7394 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6bd4f5ba ID des fehlerhaften Prozesses: 0x810 Startzeit der fehlerhaften Anwendung: 0xnvcplui.exe0 Pfad der fehlerhaften Anwendung: nvcplui.exe1 Pfad des fehlerhaften Moduls: nvcplui.exe2 Berichtskennung: nvcplui.exe3 Error: (07/13/2013 07:03:47 PM) (Source: MsiInstaller) (User: Leon-PC) Description: Produkt: Autodesk Backburner 2012.0.0 --Fehler 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action StopBBManagerService, location: C:\Program Files\Autodesk\Backburner\managersvc.exe, command: -r Error: (07/13/2013 06:59:41 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: nvcplui.exe, Version: 3.9.730.0, Zeitstempel: 0x4e7b6a18 Name des fehlerhaften Moduls: NVCPL.DLL_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4e7b7394 Ausnahmecode: 0xc0000005 Fehleroffset: 0x681e3c15 ID des fehlerhaften Prozesses: 0x164 Startzeit der fehlerhaften Anwendung: 0xnvcplui.exe0 Pfad der fehlerhaften Anwendung: nvcplui.exe1 Pfad des fehlerhaften Moduls: nvcplui.exe2 Berichtskennung: nvcplui.exe3 Error: (07/13/2013 06:59:41 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: nvcplui.exe, Version: 3.9.730.0, Zeitstempel: 0x4e7b6a18 Name des fehlerhaften Moduls: NVCPL.DLL_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4e7b7394 Ausnahmecode: 0xc0000005 Fehleroffset: 0x681e3c15 ID des fehlerhaften Prozesses: 0x9ac Startzeit der fehlerhaften Anwendung: 0xnvcplui.exe0 Pfad der fehlerhaften Anwendung: nvcplui.exe1 Pfad des fehlerhaften Moduls: nvcplui.exe2 Berichtskennung: nvcplui.exe3 Error: (07/13/2013 06:59:41 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: nvcplui.exe, Version: 3.9.730.0, Zeitstempel: 0x4e7b6a18 Name des fehlerhaften Moduls: NVCPL.DLL_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4e7b7394 Ausnahmecode: 0xc0000005 Fehleroffset: 0x67bb3c15 ID des fehlerhaften Prozesses: 0xecc Startzeit der fehlerhaften Anwendung: 0xnvcplui.exe0 Pfad der fehlerhaften Anwendung: nvcplui.exe1 Pfad des fehlerhaften Moduls: nvcplui.exe2 Berichtskennung: nvcplui.exe3 Error: (07/13/2013 06:59:32 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: nvcplui.exe, Version: 3.9.730.0, Zeitstempel: 0x4e7b6a18 Name des fehlerhaften Moduls: NVCPL.DLL_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4e7b7394 Ausnahmecode: 0xc0000005 Fehleroffset: 0x67e8f5ba ID des fehlerhaften Prozesses: 0x874 Startzeit der fehlerhaften Anwendung: 0xnvcplui.exe0 Pfad der fehlerhaften Anwendung: nvcplui.exe1 Pfad des fehlerhaften Moduls: nvcplui.exe2 Berichtskennung: nvcplui.exe3 Error: (07/13/2013 06:59:09 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: nvcplui.exe, Version: 3.9.730.0, Zeitstempel: 0x4e7b6a18 Name des fehlerhaften Moduls: NVCPL.DLL_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4e7b7394 Ausnahmecode: 0xc0000005 Fehleroffset: 0x684bf5ba ID des fehlerhaften Prozesses: 0xf64 Startzeit der fehlerhaften Anwendung: 0xnvcplui.exe0 Pfad der fehlerhaften Anwendung: nvcplui.exe1 Pfad des fehlerhaften Moduls: nvcplui.exe2 Berichtskennung: nvcplui.exe3 System errors: ============= Error: (07/14/2013 02:26:50 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060 Error: (07/13/2013 11:57:50 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060 Error: (07/13/2013 11:43:16 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060 Error: (07/13/2013 10:57:09 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060 Error: (07/13/2013 06:26:45 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060 Microsoft Office Sessions: ========================= Error: (07/13/2013 07:06:40 PM) (Source: Application Error)(User: ) Description: nvcplui.exe3.9.730.04e7b6a18NVCPL.DLL_unloaded0.0.0.04e7b7394c00000056bd4f5ba81001ce7feb576c4cb4C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeNVCPL.DLL95970074-ebde-11e2-aed8-003067a4b1fc Error: (07/13/2013 07:03:47 PM) (Source: MsiInstaller)(User: Leon-PC) Description: Produkt: Autodesk Backburner 2012.0.0 --Fehler 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action StopBBManagerService, location: C:\Program Files\Autodesk\Backburner\managersvc.exe, command: -r (NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/13/2013 06:59:41 PM) (Source: Application Error)(User: ) Description: nvcplui.exe3.9.730.04e7b6a18NVCPL.DLL_unloaded0.0.0.04e7b7394c0000005681e3c1516401ce7fea5c0ccc54C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeNVCPL.DLL9b5311d4-ebdd-11e2-aed8-003067a4b1fc Error: (07/13/2013 06:59:41 PM) (Source: Application Error)(User: ) Description: nvcplui.exe3.9.730.04e7b6a18NVCPL.DLL_unloaded0.0.0.04e7b7394c0000005681e3c159ac01ce7fea5d52e8b4C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeNVCPL.DLL9b52eac4-ebdd-11e2-aed8-003067a4b1fc Error: (07/13/2013 06:59:41 PM) (Source: Application Error)(User: ) Description: nvcplui.exe3.9.730.04e7b6a18NVCPL.DLL_unloaded0.0.0.04e7b7394c000000567bb3c15ecc01ce7fea5c732774C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeNVCPL.DLL9b52c3b4-ebdd-11e2-aed8-003067a4b1fc Error: (07/13/2013 06:59:32 PM) (Source: Application Error)(User: ) Description: nvcplui.exe3.9.730.04e7b6a18NVCPL.DLL_unloaded0.0.0.04e7b7394c000000567e8f5ba87401ce7fea589fd084C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeNVCPL.DLL966a5344-ebdd-11e2-aed8-003067a4b1fc Error: (07/13/2013 06:59:09 PM) (Source: Application Error)(User: ) Description: nvcplui.exe3.9.730.04e7b6a18NVCPL.DLL_unloaded0.0.0.04e7b7394c0000005684bf5baf6401ce7fea472af914C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exeNVCPL.DLL88be43a4-ebdd-11e2-aed8-003067a4b1fc ==================== Memory info =========================== Percentage of memory in use: 45% Total physical RAM: 2046.62 MB Available physical RAM: 1113.04 MB Total Pagefile: 4093.23 MB Available Pagefile: 3091.45 MB Total Virtual: 2047.88 MB Available Virtual: 1892.17 MB ==================== Drives ================================ Drive c: (Volume) (Fixed) (Total:465.76 GB) (Free:346.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:465.75 GB) (Free:324.86 GB) NTFS Drive e: (COMMANDO_1) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS Drive h: (LEON) (Removable) (Total:3.66 GB) (Free:0.55 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 66855E42) Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 3C727B5D) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 4 GB) (Disk ID: 232CA66D) Partition 1: (Not Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ |
|
14.07.2013, 18:36
| #4 | |
| /// the machine /// TB-Ausbilder | Click to Continue entfernenCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.07.2013, 21:06
| #5 |
| | Click to Continue entfernen hier die Logdatei: Code:
ATTFilter ComboFix 13-07-14.01 - Leon 14.07.2013 21:44:45.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2047.1383 [GMT 2:00]
ausgeführt von:: c:\users\Leon\AppData\Local\Temp\nsl698C.tmp\setup.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DefaultTab
c:\program files\DefaultTab\DefaultTab.crx
c:\program files\DefaultTab\DefaultTabSearch.exe
c:\program files\DefaultTab\uid
c:\users\Leon\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Leon\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Leon\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Leon\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\Leon\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\Leon\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\users\Leon\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\Leon\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\Leon\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\users\Leon\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Leon\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\Leon\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Leon\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\windows\$NtUninstallKB35896$
c:\windows\$NtUninstallKB35896$\678143598
c:\windows\$NtUninstallKB35896$\824491292\@
c:\windows\$NtUninstallKB35896$\824491292\Desktop.ini
c:\windows\$NtUninstallKB35896$\824491292\L\00000004.@
c:\windows\$NtUninstallKB35896$\824491292\L\1afb2d56
c:\windows\$NtUninstallKB35896$\824491292\L\201d3dde
c:\windows\$NtUninstallKB35896$\824491292\L\4cce1f70
c:\windows\$NtUninstallKB35896$\824491292\L\6715e287
c:\windows\$NtUninstallKB35896$\824491292\L\76603ac3
c:\windows\$NtUninstallKB35896$\824491292\L\xadqgnnk
c:\windows\$NtUninstallKB35896$\824491292\U\00000004.@
c:\windows\$NtUninstallKB35896$\824491292\U\00000008.@
c:\windows\$NtUninstallKB35896$\824491292\U\000000cb.@
c:\windows\$NtUninstallKB35896$\824491292\U\80000000.@
c:\windows\$NtUninstallKB35896$\824491292\U\80000032.@
c:\windows\IsUn0407.exe
c:\windows\system32\frapsvid.dll
c:\windows\system32\logs
c:\windows\system32\logs\svchost.log
.
Infizierte Kopie von c:\windows\system32\drivers\afd.sys wurde gefunden und desinfiziert
Kopie von - The cat found it :) wurde wiederhergestellt
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabSearch
-------\Service_WsysSvc
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-14 bis 2013-07-14 ))))))))))))))))))))))))))))))
.
.
2013-07-14 19:54 . 2013-07-14 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-14 19:54 . 2013-07-14 19:54 -------- d-----w- c:\users\Papa\AppData\Local\temp
2013-07-14 19:54 . 2013-07-14 19:54 -------- d-----w- c:\users\Papa.Leon-PC\AppData\Local\temp
2013-07-14 19:54 . 2013-07-14 19:54 -------- d-----w- c:\users\Amelie.Leon-PC\AppData\Local\temp
2013-07-14 19:54 . 2013-07-14 19:54 -------- d-----w- c:\users\Amelie\AppData\Local\temp
2013-07-14 19:44 . 2013-07-14 19:56 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A71D912-565B-48C7-8347-47E5133CC039}\offreg.dll
2013-07-14 19:41 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-07-14 19:33 . 2013-07-14 19:33 -------- d-----w- c:\users\Leon\AppData\Local\Smartbar
2013-07-14 19:32 . 2013-07-14 19:48 -------- d-----w- c:\programdata\eSafe
2013-07-14 19:32 . 2013-07-14 19:56 -------- d-----w- c:\program files\Desk 365
2013-07-14 19:32 . 2013-07-14 19:33 -------- d-----w- c:\users\Leon\AppData\Roaming\Desk 365
2013-07-14 19:32 . 2013-07-14 19:57 -------- d-----w- c:\users\Leon\AppData\Roaming\WebCake
2013-07-14 19:32 . 2013-07-14 19:32 -------- d-----w- c:\program files\WebCake
2013-07-14 19:32 . 2013-07-14 19:32 -------- d-----w- c:\program files\PriceGong
2013-07-14 19:32 . 2013-07-14 19:32 -------- d-----w- c:\programdata\Tarma Installer
2013-07-14 19:32 . 2013-07-14 19:54 -------- d-----w- c:\users\Leon\AppData\Roaming\DefaultTab
2013-07-14 12:42 . 2013-07-14 13:16 -------- d-----w- c:\programdata\boost_interprocess
2013-07-14 12:35 . 2013-07-14 12:35 -------- d-----w- C:\FRST
2013-07-13 16:31 . 2013-07-13 21:46 -------- d-----w- c:\program files\Enigma Software Group
2013-07-13 16:30 . 2013-07-13 21:45 -------- d-----w- c:\windows\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-07-13 16:09 . 2013-07-13 16:09 -------- d-----w- c:\windows\ERUNT
2013-07-13 16:07 . 2013-07-13 16:07 168 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-12 22:12 . 2013-07-13 16:59 -------- d-----w- c:\users\Leon\AppData\Local\CrashDumps
2013-07-12 16:23 . 2013-07-12 16:24 -------- d-----w- c:\users\Leon\AppData\Local\Autodesk
2013-07-12 16:21 . 2013-07-12 16:21 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2013-07-12 16:19 . 2013-07-13 17:04 -------- d-----w- c:\program files\Autodesk
2013-07-12 16:17 . 2013-07-12 16:21 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2013-07-12 16:11 . 2013-07-12 16:11 -------- d-----w- C:\Autodesk
2013-07-12 15:08 . 2013-07-12 15:09 -------- d-----w- c:\program files\Google
2013-07-12 15:08 . 2013-07-12 15:09 -------- d-----w- c:\users\Leon\AppData\Local\Google
2013-07-12 15:06 . 2013-07-12 15:06 -------- d-----w- c:\users\Leon\AppData\Local\Mozilla
2013-07-12 15:04 . 2013-07-14 13:37 -------- d-----w- c:\users\Leon\AppData\Local\VirtualStore
2013-07-12 15:03 . 2013-07-12 15:03 -------- d-----w- c:\users\Leon\AppData\Local\Apps
2013-07-12 13:09 . 2013-07-12 16:26 -------- d-----w- c:\users\Leon\AppData\Roaming\Autodesk
2013-07-11 20:08 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2013-07-11 20:08 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2013-07-11 20:08 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2013-07-11 20:08 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2013-07-11 20:08 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2013-07-11 20:08 . 2013-07-11 20:08 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2013-07-11 20:08 . 2013-07-11 20:08 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2013-07-11 18:56 . 2013-07-11 18:56 -------- d-----w- c:\programdata\Malwarebytes
2013-07-11 11:47 . 2013-07-11 11:50 -------- d-----w- c:\users\Leon\AppData\Roaming\.minecraft
2013-07-10 22:20 . 2013-07-10 22:20 -------- d-----w- C:\UDK
2013-07-10 18:11 . 2013-07-10 18:11 -------- d-----w- c:\users\UpdatusUser
2013-07-10 18:11 . 2011-09-22 22:40 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2013-07-10 18:11 . 2011-09-22 22:40 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2013-07-10 17:27 . 2013-07-10 18:26 -------- d-----w- c:\program files\Battlefield 3
2013-07-10 13:44 . 2013-07-10 22:23 -------- d-----w- c:\users\Leon\AppData\Roaming\NVIDIA
2013-07-09 16:40 . 2011-09-22 22:40 7183168 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-07-09 16:40 . 2010-07-09 22:37 314984 ----a-w- c:\windows\system32\nvdecodemft.dll
2013-07-09 16:40 . 2011-09-22 22:40 2458432 ----a-w- c:\windows\system32\nvapi.dll
2013-07-09 16:40 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod1922.dll
2013-07-09 16:40 . 2010-07-09 22:37 236136 ----a-w- c:\windows\system32\nvcod.dll
2013-07-09 16:21 . 2013-07-09 16:21 -------- d-----w- c:\program files\Common Files\Java
2013-07-09 16:20 . 2013-07-09 16:20 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-09 16:16 . 2012-07-26 14:05 17024 ----a-w- c:\windows\system32\drivers\BSMEM.sys
2013-07-09 14:27 . 2013-07-09 14:27 -------- d-----w- C:\NVIDIA
2013-07-09 09:11 . 2013-07-09 09:12 -------- d-----w- c:\users\Leon\AppData\Roaming\Apple Computer
2013-07-09 09:11 . 2013-07-09 09:11 -------- d-----w- c:\programdata\Apple
2013-07-09 08:39 . 2013-07-09 08:39 -------- d-----w- c:\users\Leon\AppData\Roaming\Canon
2013-07-03 15:25 . 2013-07-03 15:25 -------- d-----w- c:\users\Amelie.Leon-PC\AppData\Roaming\Canon
2013-07-01 15:21 . 2013-07-01 15:21 -------- d-----w- c:\users\Papa.Leon-PC.000\AppData\Roaming\Canon
2013-07-01 15:06 . 2013-07-01 15:06 -------- d-----w- c:\program files\Common Files\CANON
2013-07-01 15:06 . 2013-07-01 15:06 -------- d-----w- c:\programdata\CanonIJWSpt
2013-07-01 15:03 . 2013-07-01 15:03 -------- d--h--w- c:\programdata\CanonBJ
2013-07-01 15:03 . 2012-04-16 03:00 85504 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPBA.DLL
2013-07-01 15:03 . 2012-04-16 03:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDBA.DLL
2013-07-01 15:03 . 2013-07-01 15:03 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2013-07-01 15:03 . 2012-04-16 03:00 314880 ----a-w- c:\windows\system32\CNMLMBA.DLL
2013-07-01 15:02 . 2013-07-01 15:02 -------- d-----w- c:\windows\system32\STRING
2013-07-01 15:02 . 2012-03-28 17:00 35840 ----a-w- c:\windows\system32\CNMNPUI.DLL
2013-07-01 14:59 . 2013-07-01 14:59 -------- d--h--w- c:\programdata\CanonIJETV
2013-07-01 14:58 . 2013-07-09 09:23 -------- d-----w- c:\program files\Canon
2013-06-29 21:50 . 2013-07-09 09:05 -------- d-----w- C:\Fraps
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-14 19:32 . 2011-02-19 21:03 420944 ----a-w- c:\windows\system32\msvcp100.dll
2013-07-14 19:32 . 2011-02-18 22:40 773712 ----a-w- c:\windows\system32\msvcr100.dll
2013-07-09 16:20 . 2012-08-13 17:12 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-09 16:20 . 2011-12-25 19:14 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-11 19:49 . 2012-04-06 18:04 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 19:49 . 2011-12-25 18:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9B6B03F1-16CF-4491-BBBB-E872802DD717}]
2013-02-02 14:41 111616 ----a-w- c:\programdata\DNSErrorHelper\bho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
"WebCake Desktop"="c:\users\Leon\AppData\Roaming\WebCake\WebCakeDesktop.exe" [2013-06-21 47896]
"Desk 365"="c:\program files\Desk 365\desk365.exe" [2013-07-14 916048]
"Browser Infrastructure Helper"="c:\users\Leon\AppData\Local\Smartbar\Application\SnapDo.exe" [2013-06-09 20992]
.
c:\users\Amelie.Leon-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Protect.lnk - c:\program files\FRITZ!DSL\FwebProt.exe [2007-9-7 1070384]
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\users\Papa.Leon-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Protect.lnk - c:\program files\FRITZ!DSL\FwebProt.exe [2007-9-7 1070384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FRITZ!DSL Startcenter.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
backup=c:\windows\pss\FRITZ!DSL Startcenter.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Leon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FRITZ!DSL Protect.lnk]
path=c:\users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
backup=c:\windows\pss\FRITZ!DSL Protect.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Leon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Leon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2012-11-13 13:08 3825176 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot-S&D Cleaning]
2012-11-13 13:07 3713032 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 MpKsl27a6719c;MpKsl27a6719c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F45C2DA3-4E9C-48A6-A3F2-9E0501F87490}\MpKsl27a6719c.sys [x]
R1 MpKslf78d58f6;MpKslf78d58f6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85710821-D163-42ED-85CC-3995B8456DBE}\MpKslf78d58f6.sys [x]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\Drivers\Lycosa.sys [2008-01-18 16128]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run [x]
R4 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344]
R4 mi-raysat_3dsmax2012_32;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 32-bit - German 32-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [2011-02-23 86016]
R4 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
R4 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
R4 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-22 381248]
S1 BSMEM;BSMEM;c:\windows\system32\drivers\BSMEM.sys [2012-07-26 17024]
S2 desksvc;Desk 365 service;c:\program files\Desk 365\deskSvc.exe [2013-07-14 424016]
S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files\WebCake\WebCakeDesktop.Updater.exe [2013-06-21 23552]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2012-01-17 101248]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2013-01-03 105728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 14:18 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 19:49]
.
2013-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-12 15:08]
.
2013-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-12 15:08]
.
2013-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1003Core.job
- c:\users\Amelie.Leon-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-22 16:10]
.
2013-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1003UA.job
- c:\users\Amelie.Leon-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-22 16:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://feed.snapdo.com/?publisher=SoftPublisherYB&dpid=SoftPublisherYB&co=DE&userid=ded7b02f-3620-42a0-b196-f38a5e898d74&searchtype=hp&installDate=14/07/2013
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=SoftPublisherYB&dpid=SoftPublisherYB&co=DE&userid=ded7b02f-3620-42a0-b196-f38a5e898d74&searchtype=ds&q={searchTerms}&installDate=14/07/2013
LSP: c:\program files\FRITZ!DSL\\sarah.dll
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-CanonQuickMenu - c:\program files\Canon\Quick Menu\CNQMMAIN.EXE
MSConfigStartUp-CLMLServer - c:\program files\CyberLink\Power2Go\CLMLSvc.exe
MSConfigStartUp-Google Update - c:\users\Leon\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-PDVD8LanguageShortcut - c:\program files\CyberLink\PowerDVD8\Language\Language.exe
MSConfigStartUp-RemoteControl8 - c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
MSConfigStartUp-TrayServer - c:\program files\MAGIX\Video_deluxe_MX_Plus_Download-Version\TrayServer_de.exe
MSConfigStartUp-UpdateLBPShortCut - c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdateP2GoShortCut - c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-UpdatePDRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
AddRemove-DefaultTab - c:\users\Leon\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-Google Chrome - c:\users\Leon\AppData\Local\Google\Chrome\Application\28.0.1500.71\Installer\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\msiexec.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-14 22:01:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-14 20:01
.
Vor Suchlauf: 19 Verzeichnis(se), 371.596.615.680 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 372.919.844.864 Bytes frei
.
- - End Of File - - 78E9EDC329003244B0EAE8F225C62500
A36C5E4F47E84449FF07ED3517B43A31
|
|
14.07.2013, 21:47
| #6 |
| /// the machine /// TB-Ausbilder | Click to Continue entfernen Hi, Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Click to Continue entfernen |
|
14.07.2013, 23:13
| #7 |
| | Click to Continue entfernen AdwCleaner: Code:
ATTFilter # AdwCleaner v2.305 - Datei am 15/07/2013 um 00:05:42 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Leon - LEON-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Leon\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Leon\AppData\Roaming\DefaultTab
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DefaultTab
Schlüssel Gelöscht : HKCU\Software\Default Tab
Schlüssel Gelöscht : HKCU\Software\DefaultTab
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Schlüssel Gelöscht : HKLM\Software\Default Tab
Schlüssel Gelöscht : HKLM\Software\DefaultTab
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\Software\V9
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v28.0.1500.72
Datei : C:\Users\Leon\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.36] : keyword = "search.snap.do",
Datei : C:\Users\Amelie.Leon-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S2].txt - [2893 octets] - [15/07/2013 00:05:42]
########## EOF - C:\AdwCleaner[S2].txt - [2953 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows 7 Home Premium x86
Ran by Leon on 15.07.2013 at 0:09:53,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1348207587-1662218007-360504778-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.07.2013 at 0:11:11,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-07-2013
Ran by Leon (administrator) on 15-07-2013 00:11:33
Running from C:\Users\Leon\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
==================== Registry (Whitelisted) ==================
HKCU\...\Run: [Spybot-S&D Cleaning] - "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\Amelie.Leon-PC\...\Run: [AVMUSBFernanschluss] - "C:\Users\Amelie.Leon-PC\AppData\Local\Apps\2.0\QTXPAWG8.BNG\X6B89DC9.4OD\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe" [x]
HKU\Amelie.Leon-PC\...\Run: [Google Update] - "C:\Users\Amelie.Leon-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2013-03-22] (Google Inc.)
HKU\Amelie.Leon-PC\...\Run: [Spybot-S&D Cleaning] - "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation)
HKU\Papa\...\Run: [AVMUSBFernanschluss] - "C:\Users\Papa\AppData\Local\Apps\2.0\WN3DQ72K.X8X\4EKHOQBD.D4Z\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [x]
HKU\Papa.Leon-PC.000\...\Run: [Spybot-S&D Cleaning] - "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Papa.Leon-PC.000\...\Run: [Google Update] - "C:\Users\Leon\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]
HKU\Papa.Leon-PC.000\...\RunOnce: [RunCanonMsetUp] - C:\Program Files\Canon\IJ_MSetup4\MCDCHK2.EXE [ 2011-03-10] (CANON INC.)
Startup: C:\Users\Amelie.Leon-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\Amelie.Leon-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Papa.Leon-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DNS Error Helper - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 14 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR DefaultSearchURL: (Web) - hxxp://feed.snapdo.com/?publisher=SoftPublisherYB&dpid=SoftPublisherYB&co=DE&userid=ded7b02f-3620-42a0-b196-f38a5e898d74&searchtype=ds&q={searchTerms}&installDate=14/07/2013
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
========================== Services (Whitelisted) =================
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-07-12] (Flexera Software, Inc.)
S4 hasplms; C:\Windows\system32\hasplms.exe [4889032 2011-12-30] (SafeNet Inc.)
S4 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
S4 mi-raysat_3dsmax2012_32; C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [86016 2011-02-23] ()
S4 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [367560 2011-10-04] (SafeNet Inc.)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [101248 2012-01-17] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [105728 2013-01-03] (AVM Berlin)
R1 BSMEM; C:\Windows\system32\drivers\BSMEM.sys [17024 2012-07-26] (BIOSTAR Group)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [596424 2011-08-10] (SafeNet Inc.)
S3 LycoFltr; C:\Windows\System32\Drivers\Lycosa.sys [16128 2008-01-18] (Razer USA Ltd.)
S3 catchme; \??\C:\Users\Leon\AppData\Local\Temp\catchme.sys [x]
S1 MpKsl27a6719c; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F45C2DA3-4E9C-48A6-A3F2-9E0501F87490}\MpKsl27a6719c.sys [x]
S1 MpKslf78d58f6; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85710821-D163-42ED-85CC-3995B8456DBE}\MpKslf78d58f6.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-15 00:11 - 2013-07-15 00:11 - 00001928 _____ C:\Users\Leon\Desktop\JRT.txt
2013-07-15 00:05 - 2013-07-15 00:06 - 00003022 _____ C:\AdwCleaner[S2].txt
2013-07-15 00:04 - 2013-07-15 00:05 - 179164720 _____ (NVIDIA Corporation) C:\Users\Leon\Downloads\Nicht bestätigt 63283.crdownload
2013-07-15 00:04 - 2013-07-15 00:04 - 01218214 _____ (Farbar) C:\Users\Leon\Desktop\FRST.exe
2013-07-14 23:50 - 2012-12-16 16:13 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-07-14 23:50 - 2012-12-16 16:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-07-14 23:34 - 2013-07-14 23:36 - 00402102 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-07-14 23:24 - 2012-07-26 05:39 - 00526952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-07-14 23:24 - 2012-07-26 05:39 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-07-14 23:24 - 2012-07-26 05:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-07-14 23:24 - 2012-07-26 05:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-07-14 23:24 - 2012-07-26 05:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-07-14 23:24 - 2012-07-26 05:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-07-14 23:24 - 2012-07-26 05:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-07-14 23:24 - 2012-07-26 04:46 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-07-14 23:24 - 2012-07-26 04:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-07-14 23:24 - 2012-07-26 04:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-07-14 23:24 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-07-14 23:24 - 2012-06-02 16:34 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-07-14 23:19 - 2013-01-18 16:20 - 02953448 _____ C:\Windows\system32\nvcoproc.bin
2013-07-14 23:09 - 2013-07-14 23:09 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-14 23:09 - 2013-07-14 23:09 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-14 23:09 - 2013-07-14 23:09 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-14 23:09 - 2013-07-14 23:09 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-14 23:09 - 2013-07-14 23:09 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-14 23:09 - 2013-07-14 23:09 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-14 23:09 - 2013-07-14 23:09 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-14 23:09 - 2013-07-14 23:09 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-14 23:09 - 2013-07-14 23:09 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-14 23:09 - 2013-07-14 23:09 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-14 23:09 - 2013-07-14 23:09 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-14 23:09 - 2013-07-14 23:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-14 23:09 - 2013-07-14 23:09 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-14 23:09 - 2013-07-14 23:09 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-14 23:08 - 2013-07-14 23:08 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-07-14 23:07 - 2013-07-14 23:07 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-14 23:06 - 2013-07-14 23:11 - 00012673 _____ C:\Windows\IE10_main.log
2013-07-14 22:18 - 2013-07-14 22:18 - 00000000 ____D C:\Users\Leon\Desktop\None
2013-07-14 22:18 - 2013-07-14 22:18 - 00000000 ____D C:\Users\Leon\Desktop\HudArmsTextures
2013-07-14 22:18 - 2013-07-14 22:18 - 00000000 ____D C:\Users\Leon\Desktop\HudArms
2013-07-14 22:16 - 2013-04-12 15:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-07-14 22:16 - 2012-11-22 06:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-07-14 22:16 - 2012-02-11 07:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-07-14 22:15 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-07-14 22:15 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-07-14 22:15 - 2013-03-19 06:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-07-14 22:15 - 2013-03-19 05:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-07-14 22:15 - 2013-02-12 05:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-07-14 22:15 - 2013-01-24 06:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-07-14 22:15 - 2012-11-02 07:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-07-14 22:15 - 2012-08-24 18:57 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-07-14 22:15 - 2012-08-22 19:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-07-14 22:15 - 2012-08-21 22:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-07-14 22:15 - 2012-07-04 21:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-07-14 22:14 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-14 22:14 - 2013-05-13 06:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-07-14 22:14 - 2013-05-13 06:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-07-14 22:14 - 2013-05-13 06:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-07-14 22:14 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-07-14 22:14 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-07-14 22:14 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-14 22:14 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-07-14 22:14 - 2013-02-15 06:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-07-14 22:14 - 2013-02-15 06:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-07-14 22:14 - 2013-02-15 05:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-07-14 22:14 - 2012-11-30 06:47 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-07-14 22:14 - 2012-11-30 06:47 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 04:55 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-07-14 22:14 - 2012-11-30 04:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 04:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 04:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 04:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-14 22:14 - 2012-11-30 01:17 - 00420064 _____ C:\Windows\system32\locale.nls
2013-07-14 22:14 - 2012-11-01 06:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-07-14 22:14 - 2012-10-03 18:42 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-07-14 22:14 - 2012-10-03 18:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-07-14 22:14 - 2012-10-03 18:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-07-14 22:14 - 2012-10-03 18:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-07-14 22:14 - 2012-10-03 18:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-07-14 22:14 - 2012-10-03 18:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-07-14 22:14 - 2012-10-03 17:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-07-14 22:13 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-14 22:13 - 2012-08-11 01:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-07-14 22:13 - 2012-07-04 23:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-07-14 22:13 - 2012-07-04 23:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-07-14 22:13 - 2012-07-04 23:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-07-14 22:13 - 2012-05-05 09:46 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-07-14 22:03 - 2013-05-06 07:06 - 03968872 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-07-14 22:03 - 2013-05-06 07:06 - 03913576 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-14 22:03 - 2013-03-19 06:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-07-14 22:03 - 2013-03-19 04:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-07-14 22:02 - 2013-05-08 07:38 - 01293672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-14 22:02 - 2013-04-10 07:18 - 00728424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-07-14 22:02 - 2013-04-10 07:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-07-14 22:02 - 2013-01-04 06:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-07-14 22:02 - 2013-01-03 07:04 - 00187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-07-14 22:02 - 2012-12-07 14:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-07-14 22:02 - 2012-12-07 14:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-07-14 22:02 - 2012-12-07 12:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-07-14 22:02 - 2012-12-07 12:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-07-14 22:02 - 2012-12-07 12:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-07-14 22:02 - 2012-12-07 12:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-07-14 22:02 - 2012-12-07 12:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-07-14 22:02 - 2012-12-07 12:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-07-14 22:02 - 2012-12-07 12:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-07-14 22:02 - 2012-12-07 12:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-07-14 22:02 - 2012-12-07 12:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-07-14 22:02 - 2012-12-07 12:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-07-14 22:02 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-07-14 22:02 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-07-14 22:02 - 2012-12-07 12:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-07-14 22:02 - 2012-12-07 12:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-07-14 22:02 - 2012-11-20 06:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-07-14 22:02 - 2012-11-09 06:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-14 22:02 - 2012-10-09 19:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-07-14 22:02 - 2012-10-09 19:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-07-14 22:02 - 2012-09-26 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-07-14 22:02 - 2012-08-22 19:16 - 00240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-07-14 22:02 - 2012-05-14 06:33 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-07-14 21:55 - 2013-02-27 07:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-07-14 21:55 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-07-14 21:55 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-07-14 21:55 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-07-14 21:55 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-07-14 21:41 - 2011-04-25 04:18 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-07-14 21:36 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-14 21:36 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-14 21:36 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-14 21:36 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-14 21:36 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-14 21:36 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-14 21:36 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-14 21:36 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-14 21:34 - 2013-07-14 22:01 - 00000000 ____D C:\Qoobox
2013-07-14 21:33 - 2013-07-14 22:00 - 00000000 ____D C:\Windows\erdnt
2013-07-14 21:32 - 2013-07-14 21:32 - 00000306 __RSH C:\Users\Leon\ntuser.pol
2013-07-14 14:35 - 2013-07-14 14:35 - 00000000 ____D C:\FRST
2013-07-13 23:25 - 2013-07-13 23:25 - 00377856 _____ C:\Users\Leon\Downloads\gmer_2.1.19163.exe
2013-07-13 23:23 - 2013-07-13 23:23 - 00050477 _____ C:\Users\Leon\Downloads\Defogger.exe
2013-07-13 23:15 - 2013-07-14 21:32 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Mozilla
2013-07-13 23:06 - 2013-07-13 23:06 - 00602112 _____ (OldTimer Tools) C:\Users\Leon\Downloads\OTL.exe
2013-07-13 23:05 - 2013-07-13 23:05 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Leon\Desktop\JRT.exe
2013-07-13 23:04 - 2013-07-13 23:04 - 00662345 _____ C:\Users\Leon\Desktop\adwcleaner.exe
2013-07-13 18:31 - 2013-07-13 23:46 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-13 18:30 - 2013-07-13 23:45 - 00000000 ____D C:\Windows\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-07-13 18:09 - 2013-07-13 18:09 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 18:07 - 2013-07-13 18:07 - 00000168 _____ C:\Windows\DeleteOnReboot.bat
2013-07-13 02:15 - 2013-07-15 00:07 - 00001008 _____ C:\Windows\setupact.log
2013-07-13 00:12 - 2013-07-13 18:59 - 00000000 ____D C:\Users\Leon\AppData\Local\CrashDumps
2013-07-12 23:52 - 2013-07-12 23:52 - 40932318 _____ C:\Users\Leon\Downloads\blender-2.67b-windows32.exe
2013-07-12 18:23 - 2013-07-12 18:24 - 00000000 ____D C:\Users\Leon\AppData\Local\Autodesk
2013-07-12 18:21 - 2013-07-12 18:21 - 00001980 _____ C:\Users\Public\Desktop\Autodesk 3ds Max.lnk
2013-07-12 18:21 - 2013-07-12 18:21 - 00000000 ____D C:\Users\Leon\Documents\Inventor Server x86 Autodesk 3ds Max 2012 32-bit - German
2013-07-12 18:21 - 2013-07-12 18:21 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-07-12 18:20 - 2013-07-12 18:53 - 00000000 ____D C:\Users\Leon\Documents\3dsMax
2013-07-12 18:19 - 2013-07-13 19:04 - 00000000 ____D C:\Program Files\Autodesk
2013-07-12 18:17 - 2013-07-12 18:21 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2013-07-12 18:11 - 2013-07-12 18:11 - 00000000 ____D C:\Autodesk
2013-07-12 17:09 - 2013-07-13 16:22 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-12 17:08 - 2013-07-15 00:08 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-12 17:08 - 2013-07-14 23:18 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-12 17:08 - 2013-07-12 17:09 - 00000000 ____D C:\Users\Leon\AppData\Local\Google
2013-07-12 17:08 - 2013-07-12 17:09 - 00000000 ____D C:\Program Files\Google
2013-07-12 17:07 - 2013-07-12 17:07 - 00800232 _____ (Google Inc.) C:\Users\Leon\Downloads\ChromeSetup.exe
2013-07-12 17:06 - 2013-07-12 17:06 - 00000000 ____D C:\Users\Leon\AppData\Local\Mozilla
2013-07-12 17:05 - 2013-07-15 00:05 - 00001183 _____ C:\Users\Leon\AppData\Roaming\Safer-Networking.log
2013-07-12 17:04 - 2013-07-14 15:37 - 00000000 ____D C:\Users\Leon\AppData\Local\VirtualStore
2013-07-12 17:03 - 2013-07-12 17:03 - 00000000 ____D C:\Users\Leon\AppData\Local\Apps\2.0
2013-07-12 15:09 - 2013-07-12 18:26 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Autodesk
2013-07-11 22:21 - 2013-07-12 13:49 - 00001242 _____ C:\Users\Leon\Desktop\Star Wars Republic Commando.lnk
2013-07-11 21:42 - 2013-07-11 21:45 - 00000000 ____D C:\Users\Leon\Desktop\Star Wars Republic Commando II - Kopie
2013-07-11 20:56 - 2013-07-11 20:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-11 15:18 - 2013-07-11 15:18 - 00001739 _____ C:\Users\Leon\Desktop\UDK.lnk
2013-07-11 13:47 - 2013-07-11 13:50 - 00000000 ____D C:\Users\Leon\AppData\Roaming\.minecraft
2013-07-11 13:36 - 2013-07-11 13:36 - 00001120 _____ C:\Windows\avmacc.log
2013-07-11 00:20 - 2013-07-11 00:20 - 00000000 ____D C:\UDK
2013-07-11 00:07 - 2013-07-11 00:18 - 1991390952 _____ (Epic Games, Inc.) C:\Users\Leon\Downloads\UDKInstall-2013-02-BETA2.exe
2013-07-10 20:11 - 2013-07-10 20:11 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Startmenü
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Netzwerkumgebung
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Druckumgebung
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Musik
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-07-10 20:11 - 2013-01-26 16:17 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\TuneUp Software
2013-07-10 20:11 - 2013-01-18 16:20 - 02557728 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-07-10 20:11 - 2012-01-02 23:25 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2013-07-10 20:11 - 2009-07-14 04:04 - 00000000 ___RD C:\Users\UpdatusUser\Desktop
2013-07-10 20:10 - 2013-02-26 00:22 - 01017120 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco32.dll
2013-07-10 20:10 - 2011-09-23 00:40 - 00877376 _____ (NVIDIA Corporation) C:\Windows\system32\nvgenco32.dll
2013-07-10 20:10 - 2011-09-23 00:40 - 00061248 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2013-07-10 20:10 - 2011-07-08 01:21 - 00876136 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco3220102.dll
2013-07-10 20:10 - 2011-07-08 01:21 - 00139880 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys
2013-07-10 20:10 - 2011-07-08 01:21 - 00026216 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll
2013-07-10 20:03 - 2013-07-10 20:18 - 00000000 ____D C:\Users\Leon\Documents\Battlefield 3
2013-07-10 19:27 - 2013-07-10 20:26 - 00000000 ____D C:\Program Files\Battlefield 3
2013-07-10 19:27 - 2013-07-10 19:27 - 00000975 _____ C:\Users\Leon\Desktop\Battlefield 3.lnk
2013-07-10 15:44 - 2013-07-11 00:23 - 00000000 ____D C:\Users\Leon\AppData\Roaming\NVIDIA
2013-07-09 19:03 - 2013-07-09 19:03 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-07-09 18:40 - 2010-07-10 00:37 - 00314984 _____ (NVIDIA Corporation) C:\Windows\system32\nvdecodemft.dll
2013-07-09 18:40 - 2010-07-10 00:37 - 00236136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod1922.dll
2013-07-09 18:40 - 2010-07-10 00:37 - 00236136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcod.dll
2013-07-09 18:40 - 2010-07-10 00:37 - 00010920 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvBridge.kmd
2013-07-09 18:21 - 2013-07-09 18:21 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-09 18:20 - 2013-07-09 18:20 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-09 18:20 - 2013-07-09 18:20 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-09 18:20 - 2013-07-09 18:20 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-09 18:20 - 2013-07-09 18:20 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-09 18:16 - 2012-07-26 16:05 - 00017024 _____ (BIOSTAR Group) C:\Windows\system32\Drivers\BSMEM.sys
2013-07-09 16:27 - 2013-07-09 16:27 - 00000000 ____D C:\NVIDIA
2013-07-09 14:21 - 2013-07-09 14:21 - 00148968 _____ C:\Windows\Minidump\070913-18220-01.dmp
2013-07-09 14:19 - 2013-07-09 14:19 - 00148968 _____ C:\Windows\Minidump\070913-20155-01.dmp
2013-07-09 14:09 - 2013-07-09 14:09 - 00149792 _____ C:\Windows\Minidump\070913-15740-01.dmp
2013-07-09 14:06 - 2013-07-09 14:06 - 00149744 _____ C:\Windows\Minidump\070913-19905-01.dmp
2013-07-09 14:02 - 2013-07-09 14:02 - 00148920 _____ C:\Windows\Minidump\070913-15194-01.dmp
2013-07-09 14:00 - 2013-07-09 14:21 - 00000000 ____D C:\Windows\Minidump
2013-07-09 14:00 - 2013-07-09 14:20 - 173592306 _____ C:\Windows\MEMORY.DMP
2013-07-09 14:00 - 2013-07-09 14:00 - 00148920 _____ C:\Windows\Minidump\070913-20748-01.dmp
2013-07-09 12:37 - 2013-07-11 13:35 - 00000182 _____ C:\Users\Amelie.Leon-PC\AppData\Roaming\Safer-Networking.log
2013-07-09 11:11 - 2013-07-09 11:12 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Apple Computer
2013-07-09 11:11 - 2013-07-09 11:11 - 00000000 ____D C:\ProgramData\Apple
2013-07-09 10:50 - 2013-07-09 10:50 - 00007605 _____ C:\Users\Leon\AppData\Local\Resmon.ResmonCfg
2013-07-09 10:39 - 2013-07-09 10:39 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Canon
2013-07-03 17:25 - 2013-07-03 17:25 - 00000000 ____D C:\Users\Amelie.Leon-PC\AppData\Roaming\Canon
2013-07-01 17:21 - 2013-07-01 17:21 - 00000000 ____D C:\Users\Papa.Leon-PC.000\AppData\Roaming\Canon
2013-07-01 17:06 - 2013-07-01 17:06 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-07-01 17:06 - 2013-07-01 17:06 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-07-01 17:03 - 2013-07-01 17:03 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-07-01 17:03 - 2013-07-01 17:03 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-07-01 17:03 - 2012-04-16 05:00 - 00314880 _____ (CANON INC.) C:\Windows\system32\CNMLMBA.DLL
2013-07-01 17:02 - 2013-07-01 17:02 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-01 17:02 - 2013-07-01 17:02 - 00000000 ____D C:\Windows\system32\STRING
2013-07-01 17:02 - 2012-03-28 19:00 - 00035840 _____ (CANON INC.) C:\Windows\system32\CNMNPUI.DLL
2013-07-01 16:59 - 2013-07-01 16:59 - 00000000 ___HD C:\ProgramData\CanonIJETV
2013-07-01 16:58 - 2013-07-09 11:23 - 00000000 ____D C:\Program Files\Canon
2013-06-30 18:17 - 2013-06-30 18:17 - 00546732 _____ C:\Users\Leon\AppData\Local\CloneOnSpeederbike.blend
2013-06-30 14:36 - 2013-06-30 14:37 - 00000000 ____D C:\Users\Leon\Desktop\Star Wars Republic Commando II Development Files
2013-06-29 23:50 - 2013-07-09 11:05 - 00000000 ____D C:\Fraps
2013-06-29 23:50 - 2013-06-29 23:50 - 00000568 _____ C:\Users\Public\Desktop\Fraps.lnk
2013-06-29 23:16 - 2013-06-29 23:16 - 00990472 _____ C:\Users\Leon\AppData\Local\CloneTrooper.blend
==================== One Month Modified Files and Folders =======
2013-07-15 00:11 - 2013-07-15 00:11 - 00001928 _____ C:\Users\Leon\Desktop\JRT.txt
2013-07-15 00:11 - 2011-12-25 19:44 - 00000000 ___RD C:\Users\Leon\Desktop
2013-07-15 00:08 - 2013-07-12 17:08 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-15 00:07 - 2013-07-13 02:15 - 00001008 _____ C:\Windows\setupact.log
2013-07-15 00:07 - 2013-03-24 12:53 - 00241536 _____ C:\Windows\PFRO.log
2013-07-15 00:07 - 2012-02-10 22:41 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-15 00:07 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-15 00:06 - 2013-07-15 00:05 - 00003022 _____ C:\AdwCleaner[S2].txt
2013-07-15 00:06 - 2013-05-22 17:08 - 01115234 _____ C:\Windows\WindowsUpdate.log
2013-07-15 00:06 - 2009-07-14 06:34 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 00:06 - 2009-07-14 06:34 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 00:05 - 2013-07-15 00:04 - 179164720 _____ (NVIDIA Corporation) C:\Users\Leon\Downloads\Nicht bestätigt 63283.crdownload
2013-07-15 00:05 - 2013-07-12 17:05 - 00001183 _____ C:\Users\Leon\AppData\Roaming\Safer-Networking.log
2013-07-15 00:04 - 2013-07-15 00:04 - 01218214 _____ (Farbar) C:\Users\Leon\Desktop\FRST.exe
2013-07-15 00:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-15 00:01 - 2011-12-25 19:32 - 00000000 ____D C:\Windows\Panther
2013-07-15 00:00 - 2009-07-14 06:33 - 02377272 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-14 23:59 - 2012-04-06 20:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-14 23:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-07-14 23:58 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-14 23:58 - 2009-07-14 10:47 - 00000000 ____D C:\Windows\system32\Drivers\de-DE
2013-07-14 23:58 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-HK
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\tr-TR
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ru-RU
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nb-NO
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ko-KR
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ja-JP
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\it-IT
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\hu-HU
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fr-FR
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fi-FI
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\el-GR
2013-07-14 23:58 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\DriverStore
2013-07-14 23:52 - 2011-12-25 19:47 - 01633366 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-14 23:44 - 2013-03-22 18:11 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1003UA.job
2013-07-14 23:36 - 2013-07-14 23:34 - 00402102 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-07-14 23:20 - 2012-02-10 22:39 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-14 23:18 - 2013-07-12 17:08 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-14 23:11 - 2013-07-14 23:06 - 00012673 _____ C:\Windows\IE10_main.log
2013-07-14 23:09 - 2013-07-14 23:09 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-14 23:09 - 2013-07-14 23:09 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-14 23:09 - 2013-07-14 23:09 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-14 23:09 - 2013-07-14 23:09 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-14 23:09 - 2013-07-14 23:09 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-14 23:09 - 2013-07-14 23:09 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-14 23:09 - 2013-07-14 23:09 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-14 23:09 - 2013-07-14 23:09 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-14 23:09 - 2013-07-14 23:09 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-14 23:09 - 2013-07-14 23:09 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-14 23:09 - 2013-07-14 23:09 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-14 23:09 - 2013-07-14 23:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-14 23:09 - 2013-07-14 23:09 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-14 23:09 - 2013-07-14 23:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-14 23:09 - 2013-07-14 23:09 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-14 23:08 - 2013-07-14 23:08 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-07-14 23:07 - 2013-07-14 23:07 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-14 23:07 - 2013-07-14 23:07 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-14 22:18 - 2013-07-14 22:18 - 00000000 ____D C:\Users\Leon\Desktop\None
2013-07-14 22:18 - 2013-07-14 22:18 - 00000000 ____D C:\Users\Leon\Desktop\HudArmsTextures
2013-07-14 22:18 - 2013-07-14 22:18 - 00000000 ____D C:\Users\Leon\Desktop\HudArms
2013-07-14 22:01 - 2013-07-14 21:34 - 00000000 ____D C:\Qoobox
2013-07-14 22:01 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-07-14 22:01 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-14 22:00 - 2013-07-14 21:33 - 00000000 ____D C:\Windows\erdnt
2013-07-14 21:57 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-07-14 21:55 - 2009-07-14 04:03 - 52150272 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-07-14 21:55 - 2009-07-14 04:03 - 25952256 _____ C:\Windows\system32\config\COMPON~1.bak
2013-07-14 21:55 - 2009-07-14 04:03 - 19136512 _____ C:\Windows\system32\config\SYSTEM.bak
2013-07-14 21:55 - 2009-07-14 04:03 - 04964352 _____ C:\Windows\system32\config\DEFAULT.bak
2013-07-14 21:55 - 2009-07-14 04:03 - 00135168 _____ C:\Windows\system32\config\SAM.bak
2013-07-14 21:55 - 2009-07-14 04:03 - 00028672 _____ C:\Windows\system32\config\SECURITY.bak
2013-07-14 21:42 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-14 21:32 - 2013-07-14 21:32 - 00000306 __RSH C:\Users\Leon\ntuser.pol
2013-07-14 21:32 - 2013-07-13 23:15 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Mozilla
2013-07-14 21:32 - 2011-12-25 19:44 - 00000000 ____D C:\Users\Leon
2013-07-14 21:32 - 2011-02-19 23:03 - 00420944 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2013-07-14 21:32 - 2011-02-19 00:40 - 00773712 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2013-07-14 21:32 - 2009-07-14 04:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-07-14 15:37 - 2013-07-12 17:04 - 00000000 ____D C:\Users\Leon\AppData\Local\VirtualStore
2013-07-14 14:46 - 2013-03-10 12:39 - 00000000 ____D C:\Users\Leon\Desktop\Neuer Ordner
2013-07-14 14:42 - 2013-03-24 01:48 - 00000000 ____D C:\Users\Leon\Desktop\Star Wars Republic Commando II
2013-07-14 14:35 - 2013-07-14 14:35 - 00000000 ____D C:\FRST
2013-07-13 23:58 - 2012-11-19 17:20 - 00000000 ___RD C:\Users\Leon\Desktop\umodel_win32
2013-07-13 23:46 - 2013-07-13 18:31 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-07-13 23:45 - 2013-07-13 18:30 - 00000000 ____D C:\Windows\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-07-13 23:25 - 2013-07-13 23:25 - 00377856 _____ C:\Users\Leon\Downloads\gmer_2.1.19163.exe
2013-07-13 23:23 - 2013-07-13 23:23 - 00050477 _____ C:\Users\Leon\Downloads\Defogger.exe
2013-07-13 23:06 - 2013-07-13 23:06 - 00602112 _____ (OldTimer Tools) C:\Users\Leon\Downloads\OTL.exe
2013-07-13 23:05 - 2013-07-13 23:05 - 00559441 _____ (Oleg N. Scherbakov) C:\Users\Leon\Desktop\JRT.exe
2013-07-13 23:04 - 2013-07-13 23:04 - 00662345 _____ C:\Users\Leon\Desktop\adwcleaner.exe
2013-07-13 19:04 - 2013-07-12 18:19 - 00000000 ____D C:\Program Files\Autodesk
2013-07-13 18:59 - 2013-07-13 00:12 - 00000000 ____D C:\Users\Leon\AppData\Local\CrashDumps
2013-07-13 18:44 - 2013-03-22 18:11 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1348207587-1662218007-360504778-1003Core.job
2013-07-13 18:30 - 2012-02-21 16:41 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-07-13 18:09 - 2013-07-13 18:09 - 00000000 ____D C:\Windows\ERUNT
2013-07-13 18:07 - 2013-07-13 18:07 - 00000168 _____ C:\Windows\DeleteOnReboot.bat
2013-07-13 17:49 - 2012-09-01 17:07 - 00000000 ____D C:\Users\Leon\AppData\Local\Paint.NET
2013-07-13 16:22 - 2013-07-12 17:09 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-12 23:52 - 2013-07-12 23:52 - 40932318 _____ C:\Users\Leon\Downloads\blender-2.67b-windows32.exe
2013-07-12 18:53 - 2013-07-12 18:20 - 00000000 ____D C:\Users\Leon\Documents\3dsMax
2013-07-12 18:33 - 2012-04-24 20:28 - 00000000 ____D C:\ProgramData\FLEXnet
2013-07-12 18:26 - 2013-07-12 15:09 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Autodesk
2013-07-12 18:24 - 2013-07-12 18:23 - 00000000 ____D C:\Users\Leon\AppData\Local\Autodesk
2013-07-12 18:23 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-12 18:21 - 2013-07-12 18:21 - 00001980 _____ C:\Users\Public\Desktop\Autodesk 3ds Max.lnk
2013-07-12 18:21 - 2013-07-12 18:21 - 00000000 ____D C:\Users\Leon\Documents\Inventor Server x86 Autodesk 3ds Max 2012 32-bit - German
2013-07-12 18:21 - 2013-07-12 18:21 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2013-07-12 18:21 - 2013-07-12 18:17 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2013-07-12 18:21 - 2013-01-10 19:25 - 00000000 ____D C:\ProgramData\Autodesk
2013-07-12 18:19 - 2009-07-14 04:04 - 00017716 _____ C:\Windows\system32\Drivers\etc\services
2013-07-12 18:11 - 2013-07-12 18:11 - 00000000 ____D C:\Autodesk
2013-07-12 17:09 - 2013-07-12 17:08 - 00000000 ____D C:\Users\Leon\AppData\Local\Google
2013-07-12 17:09 - 2013-07-12 17:08 - 00000000 ____D C:\Program Files\Google
2013-07-12 17:07 - 2013-07-12 17:07 - 00800232 _____ (Google Inc.) C:\Users\Leon\Downloads\ChromeSetup.exe
2013-07-12 17:06 - 2013-07-12 17:06 - 00000000 ____D C:\Users\Leon\AppData\Local\Mozilla
2013-07-12 17:03 - 2013-07-12 17:03 - 00000000 ____D C:\Users\Leon\AppData\Local\Apps\2.0
2013-07-12 13:49 - 2013-07-11 22:21 - 00001242 _____ C:\Users\Leon\Desktop\Star Wars Republic Commando.lnk
2013-07-12 12:56 - 2011-12-25 21:11 - 00000000 ____D C:\Program Files\LucasArts
2013-07-11 22:24 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2013-07-11 22:12 - 2011-12-25 21:12 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-11 21:45 - 2013-07-11 21:42 - 00000000 ____D C:\Users\Leon\Desktop\Star Wars Republic Commando II - Kopie
2013-07-11 20:56 - 2013-07-11 20:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-11 18:53 - 2012-08-29 19:09 - 00000000 ____D C:\Windows\pss
2013-07-11 15:18 - 2013-07-11 15:18 - 00001739 _____ C:\Users\Leon\Desktop\UDK.lnk
2013-07-11 13:50 - 2013-07-11 13:47 - 00000000 ____D C:\Users\Leon\AppData\Roaming\.minecraft
2013-07-11 13:36 - 2013-07-11 13:36 - 00001120 _____ C:\Windows\avmacc.log
2013-07-11 13:35 - 2013-07-09 12:37 - 00000182 _____ C:\Users\Amelie.Leon-PC\AppData\Roaming\Safer-Networking.log
2013-07-11 13:35 - 2013-01-03 20:46 - 00000000 ____D C:\Users\Amelie.Leon-PC\AppData\Roaming\FRITZ!
2013-07-11 00:23 - 2013-07-10 15:44 - 00000000 ____D C:\Users\Leon\AppData\Roaming\NVIDIA
2013-07-11 00:20 - 2013-07-11 00:20 - 00000000 ____D C:\UDK
2013-07-11 00:20 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-07-11 00:18 - 2013-07-11 00:07 - 1991390952 _____ (Epic Games, Inc.) C:\Users\Leon\Downloads\UDKInstall-2013-02-BETA2.exe
2013-07-10 20:26 - 2013-07-10 19:27 - 00000000 ____D C:\Program Files\Battlefield 3
2013-07-10 20:18 - 2013-07-10 20:03 - 00000000 ____D C:\Users\Leon\Documents\Battlefield 3
2013-07-10 20:11 - 2013-07-10 20:11 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Startmenü
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Netzwerkumgebung
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Druckumgebung
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Musik
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Eigene Bilder
2013-07-10 20:11 - 2013-07-10 20:11 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Verlauf
2013-07-10 19:27 - 2013-07-10 19:27 - 00000975 _____ C:\Users\Leon\Desktop\Battlefield 3.lnk
2013-07-10 16:24 - 2012-01-09 19:56 - 00000000 ____D C:\Program Files\tamasoftware
2013-07-10 16:18 - 2012-07-08 16:29 - 00000000 ____D C:\Users\Leon\AppData\Roaming\DVDVideoSoft
2013-07-10 16:10 - 2012-01-02 23:25 - 00000000 ____D C:\Program Files\Adobe
2013-07-10 16:05 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Microsoft Games
2013-07-09 19:03 - 2013-07-09 19:03 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-07-09 18:41 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help
2013-07-09 18:21 - 2013-07-09 18:21 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-09 18:20 - 2013-07-09 18:20 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-09 18:20 - 2013-07-09 18:20 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-09 18:20 - 2013-07-09 18:20 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-09 18:20 - 2013-07-09 18:20 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-09 18:20 - 2012-08-13 19:12 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-09 18:20 - 2011-12-25 21:14 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-09 18:20 - 2011-12-25 21:14 - 00000000 ____D C:\Program Files\Java
2013-07-09 16:27 - 2013-07-09 16:27 - 00000000 ____D C:\NVIDIA
2013-07-09 15:27 - 2012-02-10 22:39 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-09 15:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-07-09 14:21 - 2013-07-09 14:21 - 00148968 _____ C:\Windows\Minidump\070913-18220-01.dmp
2013-07-09 14:21 - 2013-07-09 14:00 - 00000000 ____D C:\Windows\Minidump
2013-07-09 14:20 - 2013-07-09 14:00 - 173592306 _____ C:\Windows\MEMORY.DMP
2013-07-09 14:19 - 2013-07-09 14:19 - 00148968 _____ C:\Windows\Minidump\070913-20155-01.dmp
2013-07-09 14:09 - 2013-07-09 14:09 - 00149792 _____ C:\Windows\Minidump\070913-15740-01.dmp
2013-07-09 14:06 - 2013-07-09 14:06 - 00149744 _____ C:\Windows\Minidump\070913-19905-01.dmp
2013-07-09 14:02 - 2013-07-09 14:02 - 00148920 _____ C:\Windows\Minidump\070913-15194-01.dmp
2013-07-09 14:00 - 2013-07-09 14:00 - 00148920 _____ C:\Windows\Minidump\070913-20748-01.dmp
2013-07-09 11:30 - 2012-02-18 16:34 - 00000000 ____D C:\Users\Papa.Leon-PC.000
2013-07-09 11:30 - 2012-01-15 15:53 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2013-07-09 11:29 - 2012-01-15 15:53 - 00000000 ____D C:\ProgramData\CyberLink
2013-07-09 11:23 - 2013-07-01 16:58 - 00000000 ____D C:\Program Files\Canon
2013-07-09 11:20 - 2011-12-26 22:29 - 00000000 ____D C:\Users\Amelie.Leon-PC
2013-07-09 11:12 - 2013-07-09 11:11 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Apple Computer
2013-07-09 11:11 - 2013-07-09 11:11 - 00000000 ____D C:\ProgramData\Apple
2013-07-09 11:11 - 2013-03-24 01:40 - 00001228 _____ C:\Users\Leon\Desktop\Revo Uninstaller.lnk
2013-07-09 11:05 - 2013-06-29 23:50 - 00000000 ____D C:\Fraps
2013-07-09 10:50 - 2013-07-09 10:50 - 00007605 _____ C:\Users\Leon\AppData\Local\Resmon.ResmonCfg
2013-07-09 10:39 - 2013-07-09 10:39 - 00000000 ____D C:\Users\Leon\AppData\Roaming\Canon
2013-07-03 17:25 - 2013-07-03 17:25 - 00000000 ____D C:\Users\Amelie.Leon-PC\AppData\Roaming\Canon
2013-07-01 17:21 - 2013-07-01 17:21 - 00000000 ____D C:\Users\Papa.Leon-PC.000\AppData\Roaming\Canon
2013-07-01 17:21 - 2012-02-21 16:24 - 00132752 _____ C:\Users\Papa.Leon-PC.000\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-01 17:06 - 2013-07-01 17:06 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-07-01 17:06 - 2013-07-01 17:06 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-07-01 17:03 - 2013-07-01 17:03 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2013-07-01 17:03 - 2013-07-01 17:03 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-07-01 17:02 - 2013-07-01 17:02 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-01 17:02 - 2013-07-01 17:02 - 00000000 ____D C:\Windows\system32\STRING
2013-07-01 16:59 - 2013-07-01 16:59 - 00000000 ___HD C:\ProgramData\CanonIJETV
2013-06-30 18:17 - 2013-06-30 18:17 - 00546732 _____ C:\Users\Leon\AppData\Local\CloneOnSpeederbike.blend
2013-06-30 14:37 - 2013-06-30 14:36 - 00000000 ____D C:\Users\Leon\Desktop\Star Wars Republic Commando II Development Files
2013-06-29 23:59 - 2012-01-04 23:36 - 00000000 ____D C:\Users\Leon\AppData\Roaming\vlc
2013-06-29 23:50 - 2013-06-29 23:50 - 00000568 _____ C:\Users\Public\Desktop\Fraps.lnk
2013-06-29 23:35 - 2012-03-28 21:37 - 00000000 ____D C:\tmp
2013-06-29 23:16 - 2013-06-29 23:16 - 00990472 _____ C:\Users\Leon\AppData\Local\CloneTrooper.blend
2013-06-24 00:16 - 2012-01-02 20:17 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-09 12:10
==================== End Of Log ============================
|
|
15.07.2013, 08:09
| #8 |
| /// the machine /// TB-Ausbilder | Click to Continue entfernenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.07.2013, 20:45
| #9 |
| | Click to Continue entfernen Ist alles weg, keine infizierten dateien mehr. hab ich mir durch verschiedene scanner und einen fachmann bestätigen lassen. auf jeden fall vielen dank für die hilfe, alleine hätte ich das echt nicht wegbekommen |
|
16.07.2013, 06:48
| #10 |
| /// the machine /// TB-Ausbilder | Click to Continue entfernen also willst Du den Rest nicht abarbeiten? Was für ein Fachmann?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Click to Continue entfernen |
| adblock, adobe, adobe flash player, autorun, avg, bho, classpnp.sys, continue, dsl, entfernen, error, esgscanner.sys, explorer, firefox, flash player, format, google, home, logfile, maus, ntdll.dll, nvidia, object, plug-in, problem, programme, registry, scan, software, unterstrichen, windows, wmp, wörter, wörter unterstrichen |
Linear-Darstellung
